jlp439 Posted June 25, 2012 ID:564142 Share Posted June 25, 2012 Hi,My parents called me the other day and said their computer was playing a random ad in the background. I didn't believe them so I waited until yesterday to go look at their computer. I turned it on and for ten minutes the computer seemed to be ok and then the ad started playing. They have Norton Internet Security on their computer and it doesn't pick up the virus. I put malwarebytes on the computer and scanned and it found a trojan so I chose to fix the problem. I restarted the computer and thought that would have done it but to my surprise its still on the computer. I saw another forum where they used RSIT which generated some logs so I decided I would try that. Here are the logs. Logfile of random's system information tool 1.09 (written by random/random)Run by Steve Petruso at 2012-06-25 07:52:22Microsoft Windows 7 Home Premium Service Pack 1System drive C: has 546 GB (92%) free of 594 GBTotal RAM: 6092 MB (57% free)Logfile of Trend Micro HijackThis v2.0.4Scan saved at 7:52:38 AM, on 6/25/2012Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v9.00 (9.00.8112.16446)Boot mode: NormalRunning processes:C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exeC:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files\trend micro\Steve Petruso.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.google.com/mail/?shva=1#inboxR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dllO2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLLO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllO2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllO3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeO4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDEDO4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [CarMD] C:\Program Files (x86)\CarMD\CarMD.exeO4 - HKCU\..\Run: [Facebook Update] "C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserverO4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exeO23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exeO23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exeO23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exeO23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exeO23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exeO23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeO23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 12056 bytes======Listing Processes======\SystemRoot\System32\smss.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16wininit.exe%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\windows\system32\services.exeC:\windows\system32\lsass.exeC:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchwinlogon.exeC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\system32\WLANExt.exe 27346720C:\windows\System32\spoolsv.exe\??\C:\windows\system32\conhost.exe "1620387087-589614863142652796174828742013758048691802004493-1513016729-578510830C:\windows\system32\svchost.exe -k LocalServiceNoNetwork"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation"C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1C:\windows\system32\svchost.exe -k imgsvcC:\Windows\system32\TODDSrv.exe"C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe""C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"WLIDSvcM.exe 2024"C:\Program Files\TOSHIBA\TECO\TecoService.exe"C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted-netsvcs\??\C:\windows\system32\conhost.exe "-740113850-1041399657113861242410953134321287194221-18998899641235486413-2094937580"taskhost.exe""C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /c /a /s UserSession2"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /c /a /s UserSession"C:\windows\system32\Dwm.exe"C:\windows\Explorer.EXEC:\windows\system32\SearchIndexer.exe /Embedding"C:\Windows\System32\igfxtray.exe""C:\Windows\System32\hkcmd.exe""C:\Windows\System32\igfxpers.exe""C:\Program Files\Toshiba\Power Saver\TPwrMain.exe""C:\Program Files\Toshiba\FlashCards\TCrdMain.exe""C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe""C:\Program Files\Synaptics\SynTP\SynTPEnh.exe""C:\Program Files\Toshiba\TECO\Teco.exe" /r"C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe""C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe""C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""C:\Program Files (x86)\CarMD\CarMD.exe""C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun"C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60"C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe""C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"C:\windows\System32\svchost.exe -k LocalServicePeerNet"C:\Program Files\Windows Media Player\wmpnetwk.exe"C:\windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe""C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe" /s"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe""C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe""C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe""C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe""C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe""C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe""C:\windows\system32\wuauclt.exe""C:\Program Files (x86)\Internet Explorer\iexplore.exe""C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:203009"C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe"C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -EmbeddingC:\windows\system32\wbem\wmiprvse.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:4576 CREDAT:137478taskeng.exe {429EF3F5-AE0F-4079-8C22-9DB2A6E31222}"C:\Users\Steve Petruso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8IUMSYAF\RSITx64.exe"C:\windows\system32\wbem\wmiprvse.exe======Scheduled tasks folder======C:\windows\tasks\Adobe Flash Player Updater.jobC:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.jobC:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.jobC:\windows\tasks\GoogleUpdateTaskMachineCore.jobC:\windows\tasks\GoogleUpdateTaskMachineUA.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2011-07-12 700800][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04 63912][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]Norton Identity Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]Norton Vulnerability Protection - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL [2012-03-29 210360][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]Java Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-08-01 41760][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2011-07-12 534400][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2012-03-19 253040][HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll [2012-05-09 502200]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2012-03-19 192112][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]""= []"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-04-07 167256]"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-07 391000]"Persistence"=C:\windows\system32\igfxpers.exe [2011-04-07 418136]"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-05-17 590256]"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824]"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2011-04-27 972672]"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2011-03-24 310912]"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [2011-06-30 562304]"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-03 2679592]"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-05-24 1544624]"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2011-07-01 712096]"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2011-06-10 710560]"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-07-27 597936]"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2011-06-28 38824][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-09-24 39408]"CarMD"=C:\Program Files (x86)\CarMD\CarMD.exe [2010-04-07 796672]"Facebook Update"=C:\Users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 137536]"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-06-05 17345712][HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-04 252792]"ToshibaServiceStation"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [2011-07-11 1298816]"NortonOnlineBackupReminder"=C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [2011-06-22 3218864]"ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960]"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09 49208]"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]C:\windows\system32\igfxdev.dll [2011-04-04 385024][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]"SecurityProviders"=credssp.dll[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"ConsentPromptBehaviorAdmin"=5"ConsentPromptBehaviorUser"=3"EnableUIADesktopToggle"=0"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoActiveDesktop"=1"NoActiveDesktopChanges"=1"ForceActiveDesktopOn"=0[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list][HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]"vidc.mrle"=msrle32.dll"vidc.msvc"=msvidc32.dll"msacm.imaadpcm"=imaadp32.acm"msacm.msg711"=msg711.acm"msacm.msgsm610"=msgsm32.acm"msacm.msadpcm"=msadp32.acm"midimapper"=midimap.dll"wavemapper"=msacm32.drv"VIDC.UYVY"=msyuv.dll"VIDC.YUY2"=msyuv.dll"VIDC.YVYU"=msyuv.dll"VIDC.IYUV"=iyuv_32.dll"vidc.i420"=iyuv_32.dll"VIDC.YVU9"=tsbyuv.dll"msacm.l3acm"=C:\Windows\System32\l3codeca.acm"MSVideo8"=VfWWDM32.dll"wave1"=wdmaud.drv"midi1"=wdmaud.drv"mixer1"=wdmaud.drv"aux1"=wdmaud.drv"wave"=wdmaud.drv"midi"=wdmaud.drv"mixer"=wdmaud.drv"aux"=wdmaud.drv======File associations======.js - edit - C:\Windows\System32\Notepad.exe %1.js - open - C:\Windows\System32\WScript.exe "%1" %*======List of files/folders created in the last 1 month======2012-06-25 07:52:22 ----D---- C:\rsit2012-06-25 07:52:22 ----D---- C:\Program Files\trend micro2012-06-25 07:36:29 ----N---- C:\windows\svchost.exe2012-06-24 21:48:37 ----D---- C:\Program Files\CCleaner2012-06-24 19:21:24 ----D---- C:\Program Files (x86)\Trend Micro2012-06-24 16:32:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Malwarebytes2012-06-24 16:32:42 ----D---- C:\ProgramData\Malwarebytes2012-06-24 16:32:41 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware2012-06-24 16:32:41 ----A---- C:\windows\system32\drivers\mbam.sys2012-06-24 16:30:00 ----D---- C:\Program Files (x86)\1ClickDownload2012-06-24 16:22:12 ----D---- C:\ProgramData\Conexant2012-06-24 16:21:34 ----A---- C:\Program Files (x86)\64res.dll2012-06-24 15:47:25 ----A---- C:\windows\SYSWOW64\qdvd.dll2012-06-24 15:47:25 ----A---- C:\windows\system32\qdvd.dll2012-06-23 06:43:49 ----D---- C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller2012-06-22 06:01:10 ----A---- C:\windows\system32\wups2.dll2012-06-22 06:01:10 ----A---- C:\windows\system32\wucltux.dll2012-06-22 06:01:10 ----A---- C:\windows\system32\wuaueng.dll2012-06-22 06:01:10 ----A---- C:\windows\system32\wuauclt.exe2012-06-22 06:00:48 ----A---- C:\windows\system32\wups.dll2012-06-22 06:00:48 ----A---- C:\windows\system32\wudriver.dll2012-06-22 06:00:48 ----A---- C:\windows\system32\wuapi.dll2012-06-22 06:00:40 ----A---- C:\windows\system32\wuwebv.dll2012-06-22 06:00:40 ----A---- C:\windows\system32\wuapp.exe2012-06-14 14:38:16 ----A---- C:\windows\SYSWOW64\mshtmled.dll2012-06-14 14:38:16 ----A---- C:\windows\system32\mshtmled.dll2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\urlmon.dll2012-06-14 14:38:15 ----A---- C:\windows\SYSWOW64\url.dll2012-06-14 14:38:15 ----A---- C:\windows\system32\urlmon.dll2012-06-14 14:38:15 ----A---- C:\windows\system32\url.dll2012-06-14 14:38:15 ----A---- C:\windows\system32\iertutil.dll2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\ieui.dll2012-06-14 14:38:14 ----A---- C:\windows\SYSWOW64\iertutil.dll2012-06-14 14:38:14 ----A---- C:\windows\system32\ieui.dll2012-06-14 14:38:13 ----A---- C:\windows\SYSWOW64\ieUnatt.exe2012-06-14 14:38:13 ----A---- C:\windows\system32\ieUnatt.exe2012-06-14 14:38:12 ----A---- C:\windows\SYSWOW64\wininet.dll2012-06-14 14:38:12 ----A---- C:\windows\system32\wininet.dll2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jsproxy.dll2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript9.dll2012-06-14 14:38:11 ----A---- C:\windows\SYSWOW64\jscript.dll2012-06-14 14:38:11 ----A---- C:\windows\system32\jsproxy.dll2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript9.dll2012-06-14 14:38:11 ----A---- C:\windows\system32\jscript.dll2012-06-14 14:38:10 ----A---- C:\windows\SYSWOW64\mshtml.dll2012-06-14 14:38:09 ----A---- C:\windows\system32\mshtml.dll2012-06-14 14:38:08 ----A---- C:\windows\system32\ieframe.dll2012-06-14 14:38:06 ----A---- C:\windows\SYSWOW64\ieframe.dll2012-06-14 06:34:44 ----A---- C:\windows\system32\rdrmemptylst.exe2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpwsx.dll2012-06-14 06:34:44 ----A---- C:\windows\system32\rdpcorekmts.dll2012-06-14 06:34:32 ----A---- C:\windows\system32\profsvc.dll2012-06-14 06:34:26 ----A---- C:\windows\system32\win32k.sys2012-06-14 06:34:20 ----A---- C:\windows\system32\drivers\rdpwd.sys2012-06-14 06:34:19 ----A---- C:\windows\SYSWOW64\msi.dll2012-06-14 06:34:19 ----A---- C:\windows\system32\msi.dll2012-06-14 06:34:07 ----A---- C:\windows\system32\crypt32.dll2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptsvc.dll2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\cryptnet.dll2012-06-14 06:34:06 ----A---- C:\windows\SYSWOW64\crypt32.dll2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptsvc.dll2012-06-14 06:34:06 ----A---- C:\windows\system32\cryptnet.dll======List of files/folders modified in the last 1 month======2012-06-25 07:52:37 ----D---- C:\windows\Temp2012-06-25 07:52:22 ----RD---- C:\Program Files2012-06-25 07:41:46 ----AD---- C:\windows\System322012-06-25 07:41:45 ----D---- C:\windows\inf2012-06-25 07:41:45 ----A---- C:\windows\system32\PerfStringBackup.INI2012-06-25 07:39:29 ----D---- C:\windows\system32\config2012-06-25 07:38:47 ----D---- C:\Users\Steve Petruso\AppData\Roaming\Skype2012-06-25 07:38:17 ----A---- C:\windows\SYSWOW64\log.txt2012-06-25 07:37:32 ----SHD---- C:\System Volume Information2012-06-25 07:36:29 ----AD---- C:\Windows2012-06-25 05:30:17 ----D---- C:\windows\Panther2012-06-25 05:30:16 ----D---- C:\windows\Minidump2012-06-25 05:30:16 ----D---- C:\windows\Logs2012-06-25 05:30:16 ----D---- C:\windows\debug2012-06-24 19:21:24 ----RD---- C:\Program Files (x86)2012-06-24 16:32:42 ----HD---- C:\ProgramData2012-06-24 16:32:41 ----D---- C:\windows\system32\drivers2012-06-24 16:19:19 ----SHD---- C:\windows\Installer2012-06-24 16:19:18 ----D---- C:\Program Files (x86)\Microsoft2012-06-24 16:18:55 ----SD---- C:\ProgramData\Microsoft2012-06-24 16:17:25 ----D---- C:\windows\SoftwareDistribution2012-06-24 16:15:51 ----D---- C:\windows\SysWOW642012-06-24 16:15:51 ----D---- C:\windows\Downloaded Program Files2012-06-24 15:48:01 ----D---- C:\windows\winsxs2012-06-24 15:46:37 ----D---- C:\windows\system32\catroot2012-06-24 15:30:30 ----D---- C:\windows\Microsoft.NET2012-06-24 15:30:29 ----RSD---- C:\windows\assembly2012-06-24 15:13:41 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe2012-06-23 06:43:49 ----D---- C:\windows\system32\Tasks2012-06-22 14:56:16 ----D---- C:\windows\system32\en-US2012-06-22 06:01:01 ----D---- C:\windows\system32\catroot22012-06-14 14:46:51 ----D---- C:\windows\SYSWOW64\en-US2012-06-14 14:46:50 ----D---- C:\windows\SYSWOW64\migration2012-06-14 14:46:50 ----D---- C:\Program Files (x86)\Internet Explorer2012-06-14 14:46:49 ----D---- C:\windows\system32\migration2012-06-14 14:46:49 ----D---- C:\Program Files\Internet Explorer2012-06-14 06:43:38 ----A---- C:\windows\system32\MRT.INI2012-06-14 06:39:53 ----A---- C:\windows\system32\MRT.exe2012-06-08 05:53:23 ----D---- C:\ProgramData\Skype2012-06-04 05:48:38 ----D---- C:\windows\Prefetch======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-12 439320]R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]R0 SymDS;Symantec Data Store; C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192]R0 SymEFA;Symantec Extended File Attributes; C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-14 26840]R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-18 1161376]R1 ccSet_NIS;Norton Internet Security Settings Manager; C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2012-05-31 484512]R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120622.001\IDSvia64.sys [2012-06-18 509088]R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [2012-03-29 37496]R1 SymIRON;Symantec Iron Driver; C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]R1 SymNetS;Symantec Network Security WFP Driver; C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-12-17 2675712]R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\CHDRT64.sys [2011-07-07 1576576]R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-04-04 12262624]R3 IntcDAud;Intel® Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]R3 MEIx64;Intel® Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\ENG64.SYS [2012-06-24 120440]R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120624.008\EX64.SYS [2012-06-24 2068600]R3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 38096]R3 QIOMem;Generic IO & Memory Access; C:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]R3 SRTSP;Symantec Real Time Storage Protection x64; C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [2012-03-29 737912]R3 StillCam;Still Serial Digital Camera Driver; C:\windows\system32\DRIVERS\serscan.sys [2009-07-13 12288]R3 SymEvent;SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [2012-03-27 175736]R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-03 1413680]R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-30 27784]R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-18 18872]R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]S3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-12-01 250984]S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RTSUVSTOR.sys [2011-07-08 307304]S3 SrvHsfHDA;SrvHsfHDA; C:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]S3 SrvHsfV92;SrvHsfV92; C:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]S3 SrvHsfWinac;SrvHsfWinac; C:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384]S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-20 325656]R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608]R2 PCCUJobMgr;Common Client Job Manager Service; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2010-10-20 138656]R2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [2011-05-17 574896]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]R3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-11 57216]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]R3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-24 182768]S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2011-04-01 198064]S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]-----------------EOF----------------- info.txt logfile of random's system information tool 1.09 2012-06-25 07:52:41======Uninstall list======-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - genres\Uninstall.exe"-->"C:\Program Files (x86)\TOSHIBA Games\Game Explorer Categories - main\Uninstall.exe"-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Club Penguin\Uninstall.exe"-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Dark Orbit\Uninstall.exe"-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Seafight\Uninstall.exe"-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - Shaiya\Uninstall.exe"-->"C:\Program Files (x86)\TOSHIBA Games\Web Link - World of Warcraft\Uninstall.exe"-->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16-->C:\Program Files\CONEXANT\cMA3Preset\SETUP64.EXE -U -IcMA3Preset ,16-->C:\Program Files\Conexant\MaxxAudio\SETUP64.EXE -U -IMaxxAudio-->C:\Program Files\Conexant\MaxxGadget\SETUP64.EXE -U -IMaxxGadget ,16-->C:\Program Files\Conexant\SAII\SETUP64.EXE -U -ISAII -SM=SmartAudio.EXE,1801-->C:\Program Files\TOSHIBA\TVAP\setup.exeAdobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstallAdobe AIR-->MsiExec.exe /I{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}Adobe Flash Player 11 ActiveX-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe -maintain activexAdobe Flash Player 11 Plugin-->C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe -maintain pluginAdobe Reader X (10.1.3) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}Atheros Bluetooth Filter Driver Package-->MsiExec.exe /X{65486209-5C54-439C-8383-8AC9BBE25932}Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonlyAtheros Driver Installation Program-->"C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -l0x0409Bejeweled 3-->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 3\uninstall\uninstaller.exe"Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}Canon Inkjet Printer Driver Add-On Module-->C:\Program Files\Common Files\Canon\IJ\InboxPrnV100\SETUP.EXE -RCarMD-->MsiExec.exe /I{251C65C0-15FF-4603-98BB-E4A61C7DA424}CCleaner-->"C:\Program Files\CCleaner\uninst.exe"Chuzzle Deluxe-->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\uninstall\uninstaller.exe"Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -ITE7Pebwa.infCoupon Printer for Windows-->"C:\Program Files (x86)\Coupons\uninstall.exe" "/U:C:\Program Files (x86)\Coupons\Uninstall\uninstall.xml"D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}DriverTuner 3.0.1.0-->"C:\Program Files\DriverTuner\unins000.exe"Facebook Video Calling 1.2.0.159-->MsiExec.exe /X{7CAC6A44-C3DE-4153-ACA6-7524602C789E}FATE - The Traitor Soul-->"C:\Program Files (x86)\TOSHIBA Games\FATE - The Traitor Soul\uninstall\uninstaller.exe"Fishdom 2-->"C:\Program Files (x86)\TOSHIBA Games\Fishdom 2\uninstall\uninstaller.exe"Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\Installer\setup.exe" --uninstall --multi-install --chrome --system-levelGoogle Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F91D44FAA5479127.exe" /uninstallGoogle Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}HijackThis 2.0.2-->"C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstallHP Photo Creations-->C:\Program Files (x86)\HP Photo Creations\uninst.exeHP Photosmart Plus B210 series Basic Device Software-->MsiExec.exe /I{F4330A8B-3610-4483-975E-69789B70A764}HP Photosmart Plus B210 series Help-->MsiExec.exe /I{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}HP Photosmart Plus B210 series Product Improvement Study-->MsiExec.exe /I{7C1C9924-3755-483C-87B1-8371B7454B1A}HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstallIntel® Processor Graphics-->C:\Program Files (x86)\Intel\Intel® Processor Graphics\Uninstall\setup.exe -uninstallIntel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstallJava 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022F0}Java 6 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216025FF}Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}Label@Once 1.0-->MsiExec.exe /I{0D795777-9D60-4692-8386-F2B3F2B5E5BF}Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}Microsoft .NET Framework 4 Client Profile-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder ClientMicrosoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}Netwaiting-->MsiExec.exe /I{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\19.7.1.5\InstStub.exe /X /ARPOpenOffice.org 3.3-->MsiExec.exe /I{3E171899-0175-47CC-84C4-562ACDD4C021}Penguins!-->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\uninstall\uninstaller.exe"Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\TOSHIBA Games\Plants vs Zombies - Game of the Year\uninstall\uninstaller.exe"PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}Polar Bowler-->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\uninstall\uninstaller.exe"QuickTime-->C:\windows\unvise32qt.exe C:\windows\system32\QuickTime\Uninstall.logRealtek USB 2.0 Reader Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{62BBB2F0-E220-4821-A564-730807D2C34D}\setup.exe" -runfromtemp -removeonlySecurity Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder ClientSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder ClientSkype Click to Call-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}Skype Launcher-->C:\Program Files (x86)\InstallShield Installation Information\{DA84ECBF-4B79-47F2-B34C-95C38484C058}\setup.exe -runfromtemp -l0x0009 -removeonlySkype™ 5.9-->MsiExec.exe /X{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstallTom Clancy's Splinter Cell-->"C:\Program Files (x86)\TOSHIBA Games\Tom Clancys Splinter Cell\uninstall\uninstaller.exe"Toshiba App Place-->MsiExec.exe /I{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}TOSHIBA Application Installer-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}\setup.exe" -l0x9 -removeonlyTOSHIBA Assist-->C:\Program Files (x86)\InstallShield Installation Information\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}\setup.exe -runfromtemp -removeonlyToshiba Book Place-->MsiExec.exe /X{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}TOSHIBA Bulletin Board-->"C:\Program Files (x86)\InstallShield Installation Information\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}\setup.exe" -runfromtemp -l0x0409 -removeonlyTOSHIBA Bulletin Board-->MsiExec.exe /X{1C8C049A-145F-4A6E-8290-B5C245EBE39D}TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}TOSHIBA eco Utility-->MsiExec.exe /X{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonlyTOSHIBA Face Recognition-->MsiExec.exe /X{F67FA545-D8E5-4209-86B1-AEE045D1003F}TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} /l1033TOSHIBA HDD/SSD Alert-->MsiExec.exe /X{D4322448-B6AF-4316-B859-D8A0E84DCB38}Toshiba Laptop Checkup-->C:\Program Files (x86)\NortonInstaller\{170fa89a-6886-4c9e-b17b-12bccdd80788}\NortonPCCheckup\LicenseType\2.0.13.11\InstStub.exe /XTOSHIBA Media Controller Plug-in-->MsiExec.exe /X{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}TOSHIBA Media Controller-->C:\Program Files (x86)\InstallShield Installation Information\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}\setup.exe -runfromtemp -removeonlyToshiba Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}TOSHIBA PC Health Monitor-->MsiExec.exe /X{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}TOSHIBA Quality Application-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E69992ED-A7F6-406C-9280-1C156417BC49}\setup.exe" -l0x9 -removeonlyTOSHIBA Recovery Media Creator-->C:\Program Files (x86)\InstallShield Installation Information\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}\Setup.exe -runfromtemp -removeonlyTOSHIBA ReelTime-->"C:\Program Files (x86)\InstallShield Installation Information\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}\setup.exe" -runfromtemp -l0x0409 -removeonlyTOSHIBA ReelTime-->MsiExec.exe /X{24811C12-F4A9-4D0F-8494-A7B8FE46123C}TOSHIBA Resolution+ Plug-in for Windows Media Player-->"C:\Program Files (x86)\InstallShield Installation Information\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}\setup.exe" -runfromtemp -l0x0409 -removeonlyTOSHIBA Service Station-->C:\Program Files (x86)\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonlyTOSHIBA Sleep Utility-->C:\Program Files (x86)\InstallShield Installation Information\{654F7484-88C5-46DC-AB32-C66BCB0E2102}\Setup.exe -runfromtemp -removeonlyTOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{CBD6B23D-41D5-4A46-8019-6208516C9712} /l1033TOSHIBA Value Added Package-->C:\Program Files\TOSHIBA\TVAP\Setup.exeTOSHIBA Web Camera Application-->"C:\Program Files (x86)\InstallShield Installation Information\{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}\setup.exe" -runfromtemp -l0x0409 -removeonlyTOSHIBA Web Camera Application-->MsiExec.exe /I{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}TOSHIBA Wireless LAN Indicator-->MsiExec.exe /X{5B01BCB7-A5D3-476F-AF11-E515BA206591}TOSHIBARegistration-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5AF550B4-BB67-4E7E-82F1-2C4300279050}\setup.exe" -l0x9 -removeonlyUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder ClientUpdate for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder ClientUpdate for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder ClientUpdate Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"Virtual Villagers 5 - New Believers-->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers 5 - New Believers\uninstall\uninstaller.exe"WildTangent Games App (Toshiba Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\toshiba\Uninstall.exe"WildTangent Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exeWindows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}Windows Live Language Selector-->MsiExec.exe /I{180C8888-50F1-426B-A9DC-AB83A1989C65}Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}Zuma's Revenge-->"C:\Program Files (x86)\TOSHIBA Games\Zumas Revenge\uninstall\uninstaller.exe"======System event log======Computer Name: StevePetruso-PCEvent Code: 10002Message: WLAN Extensibility Module has stopped.Module Path: C:\windows\system32\athihvs.dllRecord Number: 91597Source Name: Microsoft-Windows-WLAN-AutoConfigTime Written: 20120310183531.403135-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: StevePetruso-PCEvent Code: 4001Message: WLAN AutoConfig service has successfully stopped.Record Number: 91417Source Name: Microsoft-Windows-WLAN-AutoConfigTime Written: 20120310174423.044669-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: StevePetruso-PCEvent Code: 10002Message: WLAN Extensibility Module has stopped.Module Path: C:\windows\system32\athihvs.dllRecord Number: 91416Source Name: Microsoft-Windows-WLAN-AutoConfigTime Written: 20120310174423.042669-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: StevePetruso-PCEvent Code: 4001Message: WLAN AutoConfig service has successfully stopped.Record Number: 91238Source Name: Microsoft-Windows-WLAN-AutoConfigTime Written: 20120310164516.796027-000Event Type: WarningUser: NT AUTHORITY\SYSTEMComputer Name: StevePetruso-PCEvent Code: 10002Message: WLAN Extensibility Module has stopped.Module Path: C:\windows\system32\athihvs.dllRecord Number: 91237Source Name: Microsoft-Windows-WLAN-AutoConfigTime Written: 20120310164516.786027-000Event Type: WarningUser: NT AUTHORITY\SYSTEM=====Application event log=====Computer Name: StevePetruso-PCEvent Code: 4107Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file..Record Number: 1323Source Name: Microsoft-Windows-CAPI2Time Written: 20111105124526.884006-000Event Type: ErrorUser:Computer Name: StevePetruso-PCEvent Code: 4107Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file..Record Number: 1322Source Name: Microsoft-Windows-CAPI2Time Written: 20111105124526.868406-000Event Type: ErrorUser:Computer Name: StevePetruso-PCEvent Code: 11Message: Possible Memory Leak. Application (C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID: 448) has passed a non-NULL pointer to RPC for an [out] parameter marked [allocate(all_nodes)]. [allocate(all_nodes)] parameters are always reallocated; if the original pointer contained the address of valid memory, that memory will be leaked. The call originated on the interface with UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Method number (20). User Action: Contact your application vendor for an updated version of the application.Record Number: 1318Source Name: Microsoft-Windows-RPC-EventsTime Written: 20111105124522.250798-000Event Type: WarningUser: NT AUTHORITY\LOCAL SERVICEComputer Name: StevePetruso-PCEvent Code: 1008Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.Record Number: 1305Source Name: Microsoft-Windows-SearchTime Written: 20111105124435.000000-000Event Type: WarningUser:Computer Name: StevePetruso-PCEvent Code: 10Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.Record Number: 1300Source Name: Microsoft-Windows-WMITime Written: 20111105114043.000000-000Event Type: ErrorUser:=====Security event log=====Computer Name: StevePetruso-PCEvent Code: 4608Message: Windows is starting up.This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.Record Number: 3478Source Name: Microsoft-Windows-Security-AuditingTime Written: 20111126150204.059620-000Event Type: Audit SuccessUser:Computer Name: StevePetruso-PCEvent Code: 1100Message: The event logging service has shut down.Record Number: 3477Source Name: Microsoft-Windows-EventlogTime Written: 20111126005701.128832-000Event Type: Audit SuccessUser:Computer Name: StevePetruso-PCEvent Code: 4672Message: Special privileges assigned to new logon.Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilegeRecord Number: 3476Source Name: Microsoft-Windows-Security-AuditingTime Written: 20111126005659.693629-000Event Type: Audit SuccessUser:Computer Name: StevePetruso-PCEvent Code: 4624Message: An account was successfully logged on.Subject: Security ID: S-1-5-18 Account Name: STEVEPETRUSO-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7Logon Type: 5New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000}Process Information: Process ID: 0x244 Process Name: C:\Windows\System32\services.exeNetwork Information: Workstation Name: Source Network Address: - Source Port: -Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0This event is generated when a logon session is created. It is generated on the computer that was accessed.The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.Record Number: 3475Source Name: Microsoft-Windows-Security-AuditingTime Written: 20111126005659.693629-000Event Type: Audit SuccessUser:Computer Name: StevePetruso-PCEvent Code: 4647Message: User initiated logoff:Subject: Security ID: S-1-5-21-2726610858-437048973-2726063162-1000 Account Name: Steve Petruso Account Domain: StevePetruso-PC Logon ID: 0x43ed5This event is generated when a logoff is initiated. No further user-initiated activity can occur. This event can be interpreted as a logoff event.Record Number: 3474Source Name: Microsoft-Windows-Security-AuditingTime Written: 20111126005659.366029-000Event Type: Audit SuccessUser:======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\;C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC"PROCESSOR_ARCHITECTURE"=AMD64"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"USERNAME"=SYSTEM"windir"=%SystemRoot%"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\"NUMBER_OF_PROCESSORS"=4"PROCESSOR_LEVEL"=6"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel"PROCESSOR_REVISION"=2a07"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log"windows_tracing_flags"=3-----------------EOF-----------------I work second shift so I won't respond right away until tomorrow morning but I would appreciate the help Ive tried eveything I could think of to get it off. Link to post Share on other sites More sharing options...
MrCharlie Posted June 25, 2012 ID:564158 Share Posted June 25, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system (don't run any other options, they're not all bad!!!!!!!)Post back the report.MrC Link to post Share on other sites More sharing options...
MrCharlie Posted June 27, 2012 ID:564695 Share Posted June 27, 2012 How are we doing??Do you still need help or can I close this post??MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 28, 2012 ID:565008 Share Posted June 28, 2012 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 28, 2012 ID:565029 Share Posted June 28, 2012 Re-opened per member request.If you will be delayed, always please give advance/timely notice in your topic. Link to post Share on other sites More sharing options...
MrCharlie Posted June 28, 2012 ID:565034 Share Posted June 28, 2012 OK, please run RogueKiller and post the log, MrC------->Logs will be closed if you haven't replied within 3 days!<-------- Link to post Share on other sites More sharing options...
jlp439 Posted June 29, 2012 Author ID:565302 Share Posted June 29, 2012 Here is the Rogue killer log.RogueKiller V7.6.1 [06/28/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Steve Petruso [Admin rights]Mode: Scan -- Date: 06/28/2012 09:32:17¤¤¤ Bad processes: 1 ¤¤¤[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]¤¤¤ Registry Entries: 3 ¤¤¤[sUSP PATH] Norton PC Checkup Setup.job @ : C:\Users\Steve Petruso\AppData\Roaming\PCCUStubInstaller\SymcPCCUInstaller.exe -> FOUND[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : Root.MBR ¤¤¤¤¤¤ HOSTS File: ¤¤¤¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK6465GSXN +++++--- User ---[MBR] e53f066e582225cab607d72a71b8bbc9[bSP] a8936ce11f18d4f178bb4c27e2c2e297 : Windows Vista MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 MoUser != LL1 ... KO!--- LL1 ---[MBR] 172862e594acae003ef4e7a109dd00b0[bSP] 38d84099ea592b3e2c7581475b3353e7 : PiHar MBR Code!Partition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 MoUser != LL2 ... KO!--- LL2 ---[MBR] 172862e594acae003ef4e7a109dd00b0[bSP] 38d84099ea592b3e2c7581475b3353e7 : PiHar MBR Code!Partition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 594104 Mo2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1219799040 | Size: 14875 Mo+++++ PhysicalDrive1: OPTI3 Flash Disk USB Device +++++--- User ---[MBR] 984127579d7e23a360be5c90cafe2965[bSP] 7208b105e661849d4a48c279d3177d8d : Standard MBR CodePartition table:0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 124 MoUser = LL1 ... OK!Error reading LL2 MBR!Finished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted June 29, 2012 ID:565306 Share Posted June 29, 2012 Please run RogueKiller again and click Scan > when it completes it should automatically kill this one:¤¤¤ Bad processes: 1 ¤¤¤[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]Now........Please make sure system restore is running and create a new restore point before continuing.XP <===> Vista & W7XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueAny entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
jlp439 Posted June 29, 2012 Author ID:565313 Share Posted June 29, 2012 Here is the TDSS Killer log07:49:28.0659 4788 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:4407:49:29.0283 4788 ============================================================07:49:29.0283 4788 Current date / time: 2012/06/29 07:49:29.028307:49:29.0283 4788 SystemInfo:07:49:29.0283 4788 07:49:29.0283 4788 OS Version: 6.1.7601 ServicePack: 1.007:49:29.0283 4788 Product type: Workstation07:49:29.0283 4788 ComputerName: STEVEPETRUSO-PC07:49:29.0283 4788 UserName: Steve Petruso07:49:29.0283 4788 Windows directory: C:\windows07:49:29.0283 4788 System windows directory: C:\windows07:49:29.0283 4788 Running under WOW6407:49:29.0283 4788 Processor architecture: Intel x6407:49:29.0283 4788 Number of processors: 407:49:29.0283 4788 Page size: 0x100007:49:29.0283 4788 Boot type: Normal boot07:49:29.0283 4788 ============================================================07:49:29.0605 4788 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004007:49:29.0615 4788 Drive \Device\Harddisk1\DR2 - Size: 0x7C80000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'07:49:29.0615 4788 ============================================================07:49:29.0615 4788 \Device\Harddisk0\DR0:07:49:29.0615 4788 MBR partitions:07:49:29.0615 4788 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x4885C00007:49:29.0615 4788 \Device\Harddisk1\DR2:07:49:29.0615 4788 MBR partitions:07:49:29.0615 4788 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0x3E3E007:49:29.0615 4788 ============================================================07:49:29.0645 4788 C: <-> \Device\Harddisk0\DR0\Partition007:49:29.0645 4788 ============================================================07:49:29.0645 4788 Initialize success07:49:29.0645 4788 ============================================================07:50:28.0390 4220 ============================================================07:50:28.0390 4220 Scan started07:50:28.0390 4220 Mode: Manual; SigCheck; TDLFS;07:50:28.0390 4220 ============================================================07:50:32.0322 4220 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys07:50:32.0782 4220 1394ohci - ok07:50:32.0912 4220 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys07:50:32.0962 4220 ACPI - ok07:50:33.0012 4220 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys07:50:33.0152 4220 AcpiPmi - ok07:50:33.0362 4220 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe07:50:33.0434 4220 AdobeARMservice - ok07:50:33.0764 4220 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe07:50:33.0864 4220 AdobeFlashPlayerUpdateSvc - ok07:50:34.0014 4220 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys07:50:34.0054 4220 adp94xx - ok07:50:34.0154 4220 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys07:50:34.0184 4220 adpahci - ok07:50:34.0254 4220 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys07:50:34.0284 4220 adpu320 - ok07:50:34.0314 4220 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll07:50:34.0644 4220 AeLookupSvc - ok07:50:34.0724 4220 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys07:50:34.0904 4220 AFD - ok07:50:34.0974 4220 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys07:50:35.0004 4220 agp440 - ok07:50:35.0044 4220 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe07:50:35.0124 4220 ALG - ok07:50:35.0194 4220 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys07:50:35.0214 4220 aliide - ok07:50:35.0264 4220 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys07:50:35.0294 4220 amdide - ok07:50:35.0364 4220 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys07:50:35.0414 4220 AmdK8 - ok07:50:35.0434 4220 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys07:50:35.0464 4220 AmdPPM - ok07:50:35.0524 4220 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys07:50:35.0554 4220 amdsata - ok07:50:35.0584 4220 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys07:50:35.0620 4220 amdsbs - ok07:50:35.0656 4220 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys07:50:35.0686 4220 amdxata - ok07:50:35.0746 4220 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys07:50:36.0176 4220 AppID - ok07:50:36.0216 4220 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll07:50:36.0306 4220 AppIDSvc - ok07:50:36.0376 4220 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll07:50:36.0486 4220 Appinfo - ok07:50:36.0556 4220 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys07:50:36.0576 4220 arc - ok07:50:36.0626 4220 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys07:50:36.0646 4220 arcsas - ok07:50:36.0716 4220 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys07:50:36.0816 4220 AsyncMac - ok07:50:36.0856 4220 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys07:50:36.0876 4220 atapi - ok07:50:37.0456 4220 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys07:50:37.0546 4220 athr - ok07:50:37.0766 4220 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll07:50:37.0846 4220 AudioEndpointBuilder - ok07:50:37.0856 4220 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll07:50:37.0958 4220 AudioSrv - ok07:50:38.0010 4220 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll07:50:38.0130 4220 AxInstSV - ok07:50:38.0340 4220 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys07:50:38.0410 4220 b06bdrv - ok07:50:38.0480 4220 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys07:50:38.0550 4220 b57nd60a - ok07:50:38.0610 4220 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll07:50:38.0670 4220 BDESVC - ok07:50:38.0710 4220 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys07:50:38.0790 4220 Beep - ok07:50:39.0040 4220 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll07:50:39.0150 4220 BFE - ok07:50:39.0560 4220 BHDrvx64 (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys07:50:39.0640 4220 BHDrvx64 - ok07:50:39.0810 4220 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll07:50:39.0920 4220 BITS - ok07:50:39.0970 4220 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys07:50:40.0030 4220 blbdrive - ok07:50:40.0070 4220 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys07:50:40.0140 4220 bowser - ok07:50:40.0180 4220 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys07:50:40.0230 4220 BrFiltLo - ok07:50:40.0260 4220 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys07:50:40.0290 4220 BrFiltUp - ok07:50:40.0350 4220 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll07:50:40.0450 4220 Browser - ok07:50:40.0510 4220 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys07:50:40.0570 4220 Brserid - ok07:50:40.0590 4220 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys07:50:40.0620 4220 BrSerWdm - ok07:50:40.0780 4220 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys07:50:40.0810 4220 BrUsbMdm - ok07:50:40.0880 4220 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys07:50:40.0910 4220 BrUsbSer - ok07:50:41.0030 4220 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys07:50:41.0050 4220 BtFilter - ok07:50:41.0100 4220 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys07:50:41.0180 4220 BTHMODEM - ok07:50:41.0230 4220 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll07:50:41.0330 4220 bthserv - ok07:50:41.0440 4220 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys07:50:41.0470 4220 ccSet_NIS - ok07:50:41.0530 4220 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys07:50:41.0610 4220 cdfs - ok07:50:41.0680 4220 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys07:50:41.0740 4220 cdrom - ok07:50:41.0810 4220 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll07:50:41.0900 4220 CertPropSvc - ok07:50:41.0980 4220 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys07:50:42.0020 4220 circlass - ok07:50:42.0070 4220 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys07:50:42.0110 4220 CLFS - ok07:50:42.0200 4220 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe07:50:42.0250 4220 clr_optimization_v2.0.50727_32 - ok07:50:42.0320 4220 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe07:50:42.0350 4220 clr_optimization_v2.0.50727_64 - ok07:50:42.0550 4220 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe07:50:42.0590 4220 clr_optimization_v4.0.30319_32 - ok07:50:42.0700 4220 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe07:50:42.0720 4220 clr_optimization_v4.0.30319_64 - ok07:50:42.0790 4220 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys07:50:42.0880 4220 CmBatt - ok07:50:42.0910 4220 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys07:50:42.0940 4220 cmdide - ok07:50:43.0030 4220 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys07:50:43.0160 4220 CNG - ok07:50:43.0390 4220 CnxtHdAudService (20506f12afad3db588d007ea9325fbbc) C:\windows\system32\drivers\CHDRT64.sys07:50:43.0440 4220 CnxtHdAudService - ok07:50:43.0740 4220 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys07:50:43.0760 4220 Compbatt - ok07:50:43.0800 4220 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys07:50:43.0830 4220 CompositeBus - ok07:50:43.0850 4220 COMSysApp - ok07:50:43.0910 4220 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys07:50:43.0930 4220 crcdisk - ok07:50:44.0070 4220 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll07:50:44.0140 4220 CryptSvc - ok07:50:44.0250 4220 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll07:50:44.0430 4220 DcomLaunch - ok07:50:44.0490 4220 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll07:50:44.0550 4220 defragsvc - ok07:50:44.0710 4220 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys07:50:44.0780 4220 DfsC - ok07:50:44.0940 4220 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll07:50:45.0020 4220 Dhcp - ok07:50:45.0080 4220 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys07:50:45.0140 4220 discache - ok07:50:45.0300 4220 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys07:50:45.0320 4220 Disk - ok07:50:45.0430 4220 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll07:50:45.0520 4220 Dnscache - ok07:50:45.0560 4220 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll07:50:45.0650 4220 dot3svc - ok07:50:45.0810 4220 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll07:50:45.0870 4220 DPS - ok07:50:45.0980 4220 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys07:50:46.0030 4220 drmkaud - ok07:50:46.0210 4220 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys07:50:46.0260 4220 DXGKrnl - ok07:50:46.0440 4220 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll07:50:46.0520 4220 EapHost - ok07:50:47.0580 4220 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys07:50:47.0700 4220 ebdrv - ok07:50:47.0910 4220 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys07:50:47.0960 4220 eeCtrl - ok07:50:48.0110 4220 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe07:50:48.0180 4220 EFS - ok07:50:48.0350 4220 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe07:50:48.0550 4220 ehRecvr - ok07:50:48.0600 4220 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe07:50:48.0660 4220 ehSched - ok07:50:48.0850 4220 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys07:50:48.0890 4220 elxstor - ok07:50:49.0182 4220 EraserUtilDrv11210 (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11210.sys07:50:49.0229 4220 EraserUtilDrv11210 - ok07:50:49.0284 4220 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys07:50:49.0319 4220 EraserUtilRebootDrv - ok07:50:49.0333 4220 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys07:50:49.0396 4220 ErrDev - ok07:50:49.0506 4220 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll07:50:49.0616 4220 EventSystem - ok07:50:49.0662 4220 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys07:50:49.0726 4220 exfat - ok07:50:49.0858 4220 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys07:50:49.0958 4220 fastfat - ok07:50:50.0048 4220 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe07:50:50.0178 4220 Fax - ok07:50:50.0218 4220 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys07:50:50.0238 4220 fdc - ok07:50:50.0278 4220 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll07:50:50.0348 4220 fdPHost - ok07:50:50.0398 4220 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll07:50:50.0498 4220 FDResPub - ok07:50:50.0528 4220 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys07:50:50.0568 4220 FileInfo - ok07:50:50.0598 4220 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys07:50:50.0668 4220 Filetrace - ok07:50:50.0728 4220 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys07:50:50.0798 4220 flpydisk - ok07:50:50.0858 4220 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys07:50:50.0918 4220 FltMgr - ok07:50:51.0048 4220 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll07:50:51.0168 4220 FontCache - ok07:50:51.0310 4220 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe07:50:51.0349 4220 FontCache3.0.0.0 - ok07:50:51.0392 4220 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys07:50:51.0422 4220 FsDepends - ok07:50:51.0452 4220 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys07:50:51.0472 4220 Fs_Rec - ok07:50:51.0562 4220 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys07:50:51.0602 4220 fvevol - ok07:50:51.0652 4220 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys07:50:51.0682 4220 gagp30kx - ok07:50:51.0802 4220 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe07:50:51.0925 4220 GamesAppService - ok07:50:52.0006 4220 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll07:50:52.0106 4220 gpsvc - ok07:50:52.0228 4220 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:50:52.0298 4220 gupdate - ok07:50:52.0308 4220 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:50:52.0378 4220 gupdatem - ok07:50:52.0418 4220 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe07:50:52.0488 4220 gusvc - ok07:50:52.0590 4220 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys07:50:52.0670 4220 hcw85cir - ok07:50:52.0760 4220 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys07:50:52.0814 4220 HdAudAddService - ok07:50:52.0872 4220 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys07:50:52.0930 4220 HDAudBus - ok07:50:52.0944 4220 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys07:50:52.0964 4220 HidBatt - ok07:50:53.0004 4220 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys07:50:53.0064 4220 HidBth - ok07:50:53.0094 4220 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys07:50:53.0134 4220 HidIr - ok07:50:53.0164 4220 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll07:50:53.0224 4220 hidserv - ok07:50:53.0384 4220 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys07:50:53.0404 4220 HidUsb - ok07:50:53.0434 4220 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll07:50:53.0524 4220 hkmsvc - ok07:50:53.0584 4220 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll07:50:53.0666 4220 HomeGroupListener - ok07:50:53.0726 4220 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll07:50:53.0836 4220 HomeGroupProvider - ok07:50:53.0858 4220 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys07:50:53.0888 4220 HpSAMD - ok07:50:54.0050 4220 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys07:50:54.0174 4220 HTTP - ok07:50:54.0204 4220 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys07:50:54.0234 4220 hwpolicy - ok07:50:54.0262 4220 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys07:50:54.0296 4220 i8042prt - ok07:50:54.0463 4220 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys07:50:54.0544 4220 iaStor - ok07:50:54.0640 4220 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys07:50:54.0710 4220 iaStorV - ok07:50:54.0872 4220 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe07:50:54.0978 4220 IDriverT ( UnsignedFile.Multi.Generic ) - warning07:50:54.0978 4220 IDriverT - detected UnsignedFile.Multi.Generic (1)07:50:55.0138 4220 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe07:50:55.0208 4220 idsvc - ok07:50:55.0508 4220 IDSVia64 (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120628.001\IDSvia64.sys07:50:55.0588 4220 IDSVia64 - ok07:50:57.0566 4220 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys07:50:58.0102 4220 igfx - ok07:50:58.0384 4220 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys07:50:58.0414 4220 iirsp - ok07:50:58.0494 4220 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll07:50:58.0647 4220 IKEEXT - ok07:50:58.0716 4220 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys07:50:58.0848 4220 IntcDAud - ok07:50:58.0908 4220 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys07:50:58.0938 4220 intelide - ok07:50:59.0029 4220 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys07:50:59.0090 4220 intelppm - ok07:50:59.0129 4220 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll07:50:59.0212 4220 IPBusEnum - ok07:50:59.0264 4220 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys07:50:59.0345 4220 IpFilterDriver - ok07:50:59.0637 4220 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll07:50:59.0918 4220 iphlpsvc - ok07:50:59.0948 4220 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys07:51:00.0060 4220 IPMIDRV - ok07:51:00.0086 4220 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys07:51:00.0198 4220 IPNAT - ok07:51:00.0258 4220 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys07:51:00.0301 4220 IRENUM - ok07:51:00.0330 4220 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys07:51:00.0377 4220 isapnp - ok07:51:00.0421 4220 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys07:51:00.0465 4220 iScsiPrt - ok07:51:00.0484 4220 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys07:51:00.0524 4220 kbdclass - ok07:51:00.0564 4220 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys07:51:00.0614 4220 kbdhid - ok07:51:00.0664 4220 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe07:51:00.0768 4220 KeyIso - ok07:51:00.0786 4220 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys07:51:00.0826 4220 KSecDD - ok07:51:00.0851 4220 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys07:51:00.0888 4220 KSecPkg - ok07:51:00.0938 4220 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys07:51:01.0082 4220 ksthunk - ok07:51:01.0140 4220 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll07:51:01.0230 4220 KtmRm - ok07:51:01.0322 4220 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys07:51:01.0358 4220 L1C - ok07:51:01.0426 4220 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll07:51:01.0573 4220 LanmanServer - ok07:51:01.0649 4220 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll07:51:01.0793 4220 LanmanWorkstation - ok07:51:01.0824 4220 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys07:51:01.0938 4220 lltdio - ok07:51:01.0983 4220 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll07:51:02.0136 4220 lltdsvc - ok07:51:02.0159 4220 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll07:51:02.0238 4220 lmhosts - ok07:51:02.0412 4220 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe07:51:02.0573 4220 LMS - ok07:51:02.0617 4220 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys07:51:02.0645 4220 LSI_FC - ok07:51:02.0692 4220 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys07:51:02.0714 4220 LSI_SAS - ok07:51:02.0734 4220 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys07:51:02.0776 4220 LSI_SAS2 - ok07:51:02.0836 4220 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys07:51:02.0871 4220 LSI_SCSI - ok07:51:02.0908 4220 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys07:51:03.0010 4220 luafv - ok07:51:03.0050 4220 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll07:51:03.0113 4220 Mcx2Svc - ok07:51:03.0142 4220 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys07:51:03.0173 4220 megasas - ok07:51:03.0203 4220 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys07:51:03.0252 4220 MegaSR - ok07:51:03.0284 4220 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys07:51:03.0336 4220 MEIx64 - ok07:51:03.0386 4220 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll07:51:03.0476 4220 MMCSS - ok07:51:03.0516 4220 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys07:51:03.0596 4220 Modem - ok07:51:03.0622 4220 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys07:51:03.0668 4220 monitor - ok07:51:03.0723 4220 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys07:51:03.0756 4220 mouclass - ok07:51:03.0810 4220 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys07:51:03.0862 4220 mouhid - ok07:51:03.0922 4220 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys07:51:03.0962 4220 mountmgr - ok07:51:04.0032 4220 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys07:51:04.0112 4220 MpFilter - ok07:51:04.0142 4220 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys07:51:04.0172 4220 mpio - ok07:51:04.0432 4220 MpKslbc85e27d (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\MpKslbc85e27d.sys07:51:04.0472 4220 MpKslbc85e27d - ok07:51:04.0506 4220 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys07:51:04.0586 4220 mpsdrv - ok07:51:04.0696 4220 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll07:51:04.0828 4220 MpsSvc - ok07:51:04.0858 4220 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys07:51:04.0918 4220 MRxDAV - ok07:51:04.0938 4220 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys07:51:05.0077 4220 mrxsmb - ok07:51:05.0119 4220 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys07:51:05.0180 4220 mrxsmb10 - ok07:51:05.0281 4220 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys07:51:05.0344 4220 mrxsmb20 - ok07:51:05.0384 4220 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys07:51:05.0414 4220 msahci - ok07:51:05.0434 4220 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys07:51:05.0474 4220 msdsm - ok07:51:05.0546 4220 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe07:51:05.0626 4220 MSDTC - ok07:51:05.0688 4220 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys07:51:05.0768 4220 Msfs - ok07:51:05.0778 4220 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys07:51:05.0850 4220 mshidkmdf - ok07:51:05.0890 4220 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys07:51:05.0910 4220 msisadrv - ok07:51:05.0980 4220 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll07:51:06.0072 4220 MSiSCSI - ok07:51:06.0072 4220 msiserver - ok07:51:06.0122 4220 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys07:51:06.0220 4220 MSKSSRV - ok07:51:06.0366 4220 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe07:51:06.0406 4220 MsMpSvc - ok07:51:06.0436 4220 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys07:51:06.0538 4220 MSPCLOCK - ok07:51:06.0578 4220 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys07:51:06.0668 4220 MSPQM - ok07:51:06.0705 4220 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys07:51:06.0775 4220 MsRPC - ok07:51:06.0930 4220 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys07:51:06.0987 4220 mssmbios - ok07:51:07.0012 4220 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys07:51:07.0095 4220 MSTEE - ok07:51:07.0124 4220 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys07:51:07.0154 4220 MTConfig - ok07:51:07.0174 4220 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys07:51:07.0214 4220 Mup - ok07:51:07.0276 4220 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll07:51:07.0375 4220 napagent - ok07:51:07.0458 4220 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys07:51:07.0538 4220 NativeWifiP - ok07:51:07.0808 4220 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.024\ENG64.SYS07:51:07.0874 4220 NAVENG - ok07:51:08.0070 4220 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120628.024\EX64.SYS07:51:08.0184 4220 NAVEX15 - ok07:51:08.0406 4220 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys07:51:08.0476 4220 NDIS - ok07:51:08.0526 4220 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys07:51:08.0618 4220 NdisCap - ok07:51:08.0638 4220 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys07:51:08.0720 4220 NdisTapi - ok07:51:08.0782 4220 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys07:51:08.0882 4220 Ndisuio - ok07:51:08.0934 4220 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys07:51:09.0016 4220 NdisWan - ok07:51:09.0046 4220 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys07:51:09.0138 4220 NDProxy - ok07:51:09.0178 4220 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys07:51:09.0308 4220 NetBIOS - ok07:51:09.0376 4220 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys07:51:09.0485 4220 NetBT - ok07:51:09.0514 4220 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe07:51:09.0558 4220 Netlogon - ok07:51:09.0630 4220 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll07:51:09.0764 4220 Netman - ok07:51:09.0842 4220 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll07:51:09.0957 4220 netprofm - ok07:51:10.0058 4220 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe07:51:10.0098 4220 NetTcpPortSharing - ok07:51:10.0139 4220 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys07:51:10.0167 4220 nfrd960 - ok07:51:10.0290 4220 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe07:51:10.0436 4220 NIS - ok07:51:10.0492 4220 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys07:51:10.0522 4220 NisDrv - ok07:51:10.0642 4220 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe07:51:10.0710 4220 NisSrv - ok07:51:10.0764 4220 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll07:51:10.0876 4220 NlaSvc - ok07:51:10.0919 4220 Norton PC Checkup Application Launcher - ok07:51:10.0965 4220 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys07:51:11.0028 4220 Npfs - ok07:51:11.0073 4220 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll07:51:11.0188 4220 nsi - ok07:51:11.0242 4220 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys07:51:11.0352 4220 nsiproxy - ok07:51:11.0543 4220 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys07:51:11.0680 4220 Ntfs - ok07:51:11.0898 4220 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys07:51:12.0030 4220 Null - ok07:51:12.0062 4220 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys07:51:12.0106 4220 nvraid - ok07:51:12.0144 4220 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys07:51:12.0174 4220 nvstor - ok07:51:12.0217 4220 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys07:51:12.0267 4220 nv_agp - ok07:51:12.0315 4220 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys07:51:12.0367 4220 ohci1394 - ok07:51:12.0416 4220 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll07:51:12.0488 4220 p2pimsvc - ok07:51:12.0548 4220 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll07:51:12.0631 4220 p2psvc - ok07:51:12.0708 4220 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys07:51:12.0768 4220 Parport - ok07:51:12.0809 4220 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys07:51:12.0854 4220 partmgr - ok07:51:12.0898 4220 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll07:51:12.0982 4220 PcaSvc - ok07:51:13.0082 4220 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe07:51:13.0198 4220 PCCUJobMgr - ok07:51:13.0244 4220 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys07:51:13.0284 4220 pci - ok07:51:13.0284 4220 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys07:51:13.0314 4220 pciide - ok07:51:13.0356 4220 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys07:51:13.0396 4220 pcmcia - ok07:51:13.0426 4220 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys07:51:13.0448 4220 pcw - ok07:51:13.0518 4220 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys07:51:13.0638 4220 PEAUTH - ok07:51:13.0720 4220 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe07:51:13.0760 4220 PerfHost - ok07:51:13.0833 4220 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys07:51:13.0899 4220 PGEffect - ok07:51:14.0092 4220 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll07:51:14.0259 4220 pla - ok07:51:14.0314 4220 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll07:51:14.0416 4220 PlugPlay - ok07:51:14.0446 4220 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll07:51:14.0506 4220 PNRPAutoReg - ok07:51:14.0557 4220 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll07:51:14.0618 4220 PNRPsvc - ok07:51:14.0700 4220 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll07:51:14.0892 4220 PolicyAgent - ok07:51:15.0114 4220 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll07:51:15.0236 4220 Power - ok07:51:15.0348 4220 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys07:51:15.0470 4220 PptpMiniport - ok07:51:15.0520 4220 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys07:51:15.0560 4220 Processor - ok07:51:15.0640 4220 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll07:51:15.0722 4220 ProfSvc - ok07:51:15.0742 4220 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe07:51:15.0784 4220 ProtectedStorage - ok07:51:15.0854 4220 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys07:51:15.0934 4220 Psched - ok07:51:15.0994 4220 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys07:51:16.0064 4220 QIOMem - ok07:51:16.0184 4220 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys07:51:16.0274 4220 ql2300 - ok07:51:16.0444 4220 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys07:51:16.0464 4220 ql40xx - ok07:51:16.0524 4220 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll07:51:16.0584 4220 QWAVE - ok07:51:16.0594 4220 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys07:51:16.0654 4220 QWAVEdrv - ok07:51:16.0694 4220 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys07:51:16.0754 4220 RasAcd - ok07:51:16.0824 4220 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys07:51:16.0894 4220 RasAgileVpn - ok07:51:16.0964 4220 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll07:51:17.0064 4220 RasAuto - ok07:51:17.0194 4220 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys07:51:17.0284 4220 Rasl2tp - ok07:51:17.0364 4220 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll07:51:17.0464 4220 RasMan - ok07:51:17.0566 4220 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys07:51:17.0668 4220 RasPppoe - ok07:51:17.0698 4220 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys07:51:17.0795 4220 RasSstp - ok07:51:17.0820 4220 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys07:51:17.0900 4220 rdbss - ok07:51:17.0920 4220 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys07:51:17.0980 4220 rdpbus - ok07:51:18.0000 4220 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys07:51:18.0090 4220 RDPCDD - ok07:51:18.0120 4220 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys07:51:18.0190 4220 RDPENCDD - ok07:51:18.0220 4220 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys07:51:18.0280 4220 RDPREFMP - ok07:51:18.0310 4220 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys07:51:18.0370 4220 RDPWD - ok07:51:18.0422 4220 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys07:51:18.0462 4220 rdyboost - ok07:51:18.0552 4220 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll07:51:18.0642 4220 RemoteAccess - ok07:51:18.0722 4220 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll07:51:18.0822 4220 RemoteRegistry - ok07:51:18.0962 4220 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll07:51:19.0072 4220 RpcEptMapper - ok07:51:19.0102 4220 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe07:51:19.0142 4220 RpcLocator - ok07:51:19.0252 4220 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll07:51:19.0322 4220 RpcSs - ok07:51:19.0382 4220 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys07:51:19.0472 4220 rspndr - ok07:51:19.0562 4220 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys07:51:19.0622 4220 RSUSBSTOR - ok07:51:19.0662 4220 RSUSBVSTOR (e5dc911d0feb72caff2bbdd6e7c3672f) C:\windows\system32\Drivers\RTSUVSTOR.sys07:51:19.0692 4220 RSUSBVSTOR - ok07:51:19.0722 4220 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe07:51:19.0762 4220 SamSs - ok07:51:19.0802 4220 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys07:51:19.0832 4220 sbp2port - ok07:51:19.0882 4220 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll07:51:19.0982 4220 SCardSvr - ok07:51:20.0052 4220 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys07:51:20.0122 4220 scfilter - ok07:51:20.0204 4220 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll07:51:20.0324 4220 Schedule - ok07:51:20.0354 4220 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll07:51:20.0434 4220 SCPolicySvc - ok07:51:20.0474 4220 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll07:51:20.0554 4220 SDRSVC - ok07:51:20.0624 4220 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys07:51:20.0714 4220 secdrv - ok07:51:20.0734 4220 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll07:51:20.0834 4220 seclogon - ok07:51:20.0874 4220 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll07:51:20.0974 4220 SENS - ok07:51:21.0024 4220 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll07:51:21.0104 4220 SensrSvc - ok07:51:21.0134 4220 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys07:51:21.0174 4220 Serenum - ok07:51:21.0276 4220 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys07:51:21.0316 4220 Serial - ok07:51:21.0376 4220 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys07:51:21.0416 4220 sermouse - ok07:51:21.0456 4220 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll07:51:21.0566 4220 SessionEnv - ok07:51:21.0586 4220 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys07:51:21.0627 4220 sffdisk - ok07:51:21.0678 4220 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys07:51:21.0718 4220 sffp_mmc - ok07:51:21.0738 4220 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys07:51:21.0768 4220 sffp_sd - ok07:51:21.0788 4220 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys07:51:21.0818 4220 sfloppy - ok07:51:21.0888 4220 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll07:51:21.0968 4220 SharedAccess - ok07:51:22.0028 4220 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll07:51:22.0156 4220 ShellHWDetection - ok07:51:22.0180 4220 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys07:51:22.0213 4220 SiSRaid2 - ok07:51:22.0250 4220 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys07:51:22.0305 4220 SiSRaid4 - ok07:51:22.0484 4220 SkypeUpdate (b78408ba56fa554e96128d4934ab7561) C:\Program Files (x86)\Skype\Updater\Updater.exe07:51:22.0765 4220 SkypeUpdate - ok07:51:22.0802 4220 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys07:51:22.0882 4220 Smb - ok07:51:22.0952 4220 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe07:51:22.0992 4220 SNMPTRAP - ok07:51:23.0052 4220 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys07:51:23.0072 4220 spldr - ok07:51:23.0172 4220 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe07:51:23.0272 4220 Spooler - ok07:51:23.0682 4220 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe07:51:23.0922 4220 sppsvc - ok07:51:24.0062 4220 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll07:51:24.0154 4220 sppuinotify - ok07:51:24.0344 4220 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS07:51:24.0424 4220 SRTSP - ok07:51:24.0454 4220 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS07:51:24.0484 4220 SRTSPX - ok07:51:24.0574 4220 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys07:51:24.0654 4220 srv - ok07:51:24.0716 4220 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys07:51:24.0756 4220 srv2 - ok07:51:24.0836 4220 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS07:51:24.0886 4220 SrvHsfHDA - ok07:51:25.0046 4220 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS07:51:25.0168 4220 SrvHsfV92 - ok07:51:25.0428 4220 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS07:51:25.0528 4220 SrvHsfWinac - ok07:51:25.0579 4220 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys07:51:25.0630 4220 srvnet - ok07:51:25.0720 4220 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll07:51:25.0820 4220 SSDPSRV - ok07:51:25.0870 4220 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll07:51:25.0950 4220 SstpSvc - ok07:51:25.0990 4220 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys07:51:26.0010 4220 stexstor - ok07:51:26.0050 4220 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys07:51:26.0100 4220 StillCam - ok07:51:26.0220 4220 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll07:51:26.0300 4220 stisvc - ok07:51:26.0320 4220 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys07:51:26.0357 4220 swenum - ok07:51:26.0402 4220 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll07:51:26.0536 4220 swprv - ok07:51:26.0686 4220 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS07:51:26.0790 4220 SymDS - ok07:51:27.0188 4220 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS07:51:27.0298 4220 SymEFA - ok07:51:27.0390 4220 SymEvent (894579207e39c465737e850a252ce4f2) C:\windows\system32\Drivers\SYMEVENT64x86.SYS07:51:27.0450 4220 SymEvent - ok07:51:27.0490 4220 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS07:51:27.0532 4220 SymIRON - ok07:51:27.0642 4220 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS07:51:27.0682 4220 SymNetS - ok07:51:27.0862 4220 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys07:51:27.0996 4220 SynTP - ok07:51:28.0264 4220 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll07:51:28.0386 4220 SysMain - ok07:51:28.0578 4220 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll07:51:28.0694 4220 TabletInputService - ok07:51:28.0730 4220 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll07:51:29.0122 4220 TapiSrv - ok07:51:29.0384 4220 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll07:51:29.0454 4220 TBS - ok07:51:29.0784 4220 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys07:51:29.0924 4220 Tcpip - ok07:51:30.0266 4220 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys07:51:30.0366 4220 TCPIP6 - ok07:51:30.0506 4220 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys07:51:30.0566 4220 tcpipreg - ok07:51:30.0606 4220 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys07:51:30.0626 4220 tdcmdpst - ok07:51:30.0666 4220 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys07:51:30.0696 4220 TDPIPE - ok07:51:30.0716 4220 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys07:51:30.0756 4220 TDTCP - ok07:51:30.0836 4220 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys07:51:30.0906 4220 tdx - ok07:51:30.0966 4220 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys07:51:30.0996 4220 TermDD - ok07:51:31.0086 4220 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll07:51:31.0203 4220 TermService - ok07:51:31.0258 4220 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll07:51:31.0320 4220 Themes - ok07:51:31.0350 4220 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll07:51:31.0420 4220 THREADORDER - ok07:51:31.0590 4220 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe07:51:31.0630 4220 TMachInfo - ok07:51:31.0660 4220 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\Windows\system32\TODDSrv.exe07:51:32.0162 4220 TODDSrv - ok07:51:32.0332 4220 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe07:51:32.0424 4220 TosCoSrv - ok07:51:32.0496 4220 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe07:51:32.0576 4220 TOSHIBA Bluetooth Service - ok07:51:32.0636 4220 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe07:51:32.0736 4220 TOSHIBA eco Utility Service - ok07:51:33.0036 4220 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe07:51:33.0126 4220 TOSHIBA HDD SSD Alert Service - ok07:51:33.0266 4220 Tosrfcom - ok07:51:33.0326 4220 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys07:51:33.0356 4220 tosrfec - ok07:51:33.0386 4220 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys07:51:33.0426 4220 Tosrfusb - ok07:51:33.0598 4220 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys07:51:33.0658 4220 tos_sps64 - ok07:51:33.0738 4220 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe07:51:33.0848 4220 TPCHSrv - ok07:51:33.0988 4220 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll07:51:34.0111 4220 TrkWks - ok07:51:34.0170 4220 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe07:51:34.0260 4220 TrustedInstaller - ok07:51:34.0308 4220 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys07:51:34.0382 4220 tssecsrv - ok07:51:34.0422 4220 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys07:51:34.0472 4220 TsUsbFlt - ok07:51:34.0492 4220 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys07:51:34.0542 4220 TsUsbGD - ok07:51:34.0612 4220 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys07:51:34.0682 4220 tunnel - ok07:51:34.0742 4220 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS07:51:34.0772 4220 TVALZ - ok07:51:34.0832 4220 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys07:51:34.0862 4220 TVALZFL - ok07:51:34.0882 4220 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys07:51:34.0912 4220 uagp35 - ok07:51:35.0292 4220 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys07:51:35.0372 4220 udfs - ok07:51:35.0412 4220 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe07:51:35.0452 4220 UI0Detect - ok07:51:35.0472 4220 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys07:51:35.0502 4220 uliagpkx - ok07:51:35.0562 4220 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys07:51:35.0612 4220 umbus - ok07:51:35.0632 4220 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys07:51:35.0672 4220 UmPass - ok07:51:36.0236 4220 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe07:51:36.0616 4220 UNS - ok07:51:36.0786 4220 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll07:51:36.0876 4220 upnphost - ok07:51:36.0936 4220 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys07:51:36.0986 4220 usbccgp - ok07:51:37.0036 4220 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys07:51:37.0076 4220 usbcir - ok07:51:37.0116 4220 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys07:51:37.0166 4220 usbehci - ok07:51:37.0216 4220 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys07:51:37.0296 4220 usbhub - ok07:51:37.0332 4220 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys07:51:37.0398 4220 usbohci - ok07:51:37.0448 4220 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys07:51:37.0571 4220 usbprint - ok07:51:37.0662 4220 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys07:51:37.0702 4220 usbscan - ok07:51:37.0739 4220 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS07:51:37.0814 4220 USBSTOR - ok07:51:37.0844 4220 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys07:51:37.0894 4220 usbuhci - ok07:51:37.0996 4220 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys07:51:38.0048 4220 usbvideo - ok07:51:38.0098 4220 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll07:51:38.0208 4220 UxSms - ok07:51:38.0260 4220 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe07:51:38.0300 4220 VaultSvc - ok07:51:38.0330 4220 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys07:51:38.0365 4220 vdrvroot - ok07:51:38.0452 4220 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe07:51:38.0562 4220 vds - ok07:51:38.0642 4220 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys07:51:38.0692 4220 vga - ok07:51:38.0722 4220 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys07:51:38.0782 4220 VgaSave - ok07:51:38.0844 4220 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys07:51:38.0884 4220 vhdmp - ok07:51:38.0904 4220 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys07:51:38.0934 4220 viaide - ok07:51:38.0994 4220 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys07:51:39.0044 4220 volmgr - ok07:51:39.0134 4220 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys07:51:39.0174 4220 volmgrx - ok07:51:39.0214 4220 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys07:51:39.0254 4220 volsnap - ok07:51:39.0304 4220 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys07:51:39.0334 4220 vsmraid - ok07:51:39.0486 4220 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe07:51:39.0690 4220 VSS - ok07:51:39.0854 4220 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys07:51:39.0884 4220 vwifibus - ok07:51:39.0966 4220 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys07:51:40.0016 4220 vwififlt - ok07:51:40.0068 4220 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys07:51:40.0140 4220 vwifimp - ok07:51:40.0180 4220 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll07:51:40.0290 4220 W32Time - ok07:51:40.0340 4220 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys07:51:40.0380 4220 WacomPen - ok07:51:40.0420 4220 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys07:51:40.0528 4220 WANARP - ok07:51:40.0562 4220 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys07:51:40.0674 4220 Wanarpv6 - ok07:51:40.0993 4220 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe07:51:41.0502 4220 WatAdminSvc - ok07:51:41.0624 4220 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe07:51:41.0839 4220 wbengine - ok07:51:41.0979 4220 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll07:51:42.0058 4220 WbioSrvc - ok07:51:42.0102 4220 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll07:51:42.0205 4220 wcncsvc - ok07:51:42.0246 4220 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll07:51:42.0369 4220 WcsPlugInService - ok07:51:42.0428 4220 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys07:51:42.0465 4220 Wd - ok07:51:42.0499 4220 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys07:51:42.0551 4220 Wdf01000 - ok07:51:42.0578 4220 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll07:51:42.0822 4220 WdiServiceHost - ok07:51:42.0827 4220 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll07:51:42.0891 4220 WdiSystemHost - ok07:51:42.0942 4220 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll07:51:43.0018 4220 WebClient - ok07:51:43.0078 4220 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll07:51:43.0197 4220 Wecsvc - ok07:51:43.0254 4220 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll07:51:43.0371 4220 wercplsupport - ok07:51:43.0409 4220 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll07:51:43.0552 4220 WerSvc - ok07:51:43.0646 4220 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys07:51:43.0734 4220 WfpLwf - ok07:51:43.0763 4220 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys07:51:43.0796 4220 WIMMount - ok07:51:43.0832 4220 WinDefend - ok07:51:43.0843 4220 WinHttpAutoProxySvc - ok07:51:43.0922 4220 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll07:51:44.0020 4220 Winmgmt - ok07:51:44.0172 4220 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll07:51:44.0337 4220 WinRM - ok07:51:44.0516 4220 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys07:51:44.0576 4220 WinUsb - ok07:51:44.0646 4220 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll07:51:44.0764 4220 Wlansvc - ok07:51:45.0061 4220 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe07:51:45.0142 4220 wlcrasvc - ok07:51:45.0514 4220 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE07:51:45.0827 4220 wlidsvc - ok07:51:46.0011 4220 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys07:51:46.0061 4220 WmiAcpi - ok07:51:46.0209 4220 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe07:51:46.0293 4220 wmiApSrv - ok07:51:46.0373 4220 WMPNetworkSvc - ok07:51:46.0403 4220 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll07:51:46.0505 4220 WPCSvc - ok07:51:46.0535 4220 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll07:51:46.0601 4220 WPDBusEnum - ok07:51:46.0656 4220 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys07:51:46.0749 4220 ws2ifsl - ok07:51:46.0831 4220 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll07:51:46.0937 4220 wscsvc - ok07:51:46.0956 4220 WSearch - ok07:51:47.0632 4220 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll07:51:47.0907 4220 wuauserv - ok07:51:48.0121 4220 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys07:51:48.0262 4220 WudfPf - ok07:51:48.0332 4220 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys07:51:48.0402 4220 WUDFRd - ok07:51:48.0462 4220 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll07:51:48.0532 4220 wudfsvc - ok07:51:48.0592 4220 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll07:51:48.0652 4220 WwanSvc - ok07:51:48.0692 4220 MBR (0x1B8) (b5d3b89509933463264ff7748b075c37) \Device\Harddisk0\DR007:51:48.0852 4220 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected07:51:48.0852 4220 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)07:51:48.0952 4220 \Device\Harddisk0\DR0 ( TDSS File System ) - warning07:51:48.0952 4220 \Device\Harddisk0\DR0 - detected TDSS File System (1)07:51:48.0952 4220 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR207:51:49.0102 4220 \Device\Harddisk1\DR2 - ok07:51:49.0132 4220 Boot (0x1200) (05311a8a1d22d04f7e35a969646876c4) \Device\Harddisk0\DR0\Partition007:51:49.0132 4220 \Device\Harddisk0\DR0\Partition0 - ok07:51:49.0132 4220 Boot (0x1200) (04b4ded3a84e7a136c9d1550213f7f64) \Device\Harddisk1\DR2\Partition007:51:49.0132 4220 \Device\Harddisk1\DR2\Partition0 - ok07:51:49.0132 4220 ============================================================07:51:49.0132 4220 Scan finished07:51:49.0132 4220 ============================================================07:51:49.0152 5996 Detected object count: 307:51:49.0152 5996 Actual detected object count: 307:52:52.0695 5996 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user07:52:52.0695 5996 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip07:52:54.0264 5996 \Device\Harddisk0\DR0\# - copied to quarantine07:52:54.0296 5996 \Device\Harddisk0\DR0 - copied to quarantine07:52:54.0422 5996 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine07:52:54.0468 5996 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine07:52:54.0508 5996 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine07:52:57.0383 5996 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine07:52:57.0474 5996 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine07:52:57.0480 5996 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine07:52:57.0488 5996 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine07:52:58.0183 5996 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine07:52:58.0266 5996 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine07:52:58.0339 5996 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine07:52:58.0454 5996 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine07:52:59.0169 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot07:52:59.0171 5996 \Device\Harddisk0\DR0 - ok07:52:59.0339 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip07:53:06.0480 6160 Deinitialize success Link to post Share on other sites More sharing options...
MrCharlie Posted June 29, 2012 ID:565316 Share Posted June 29, 2012 Run TDSSKiller again and delete these two:07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user07:52:59.0340 5996 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip--------------------------------Then.........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
jlp439 Posted June 29, 2012 Author ID:565323 Share Posted June 29, 2012 Here is the Combofix Log.ComboFix 12-06-28.03 - Steve Petruso 06/29/2012 8:26.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4560 [GMT -4:00]Running from: c:\users\Steve Petruso\Desktop\ComboFix.exeAV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\HeadlineAlley_29EIc:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\29EIPlug.dllc:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\29EZSETP.dllc:\program files (x86)\HeadlineAlley_29EI\Installr\1.bin\NP29EISb.dllc:\program files (x86)\TelevisionFanaticEIc:\users\Steve Petruso\AppData\Local\Temp\{08EADE67-90D8-43CB-9AB1-8FFCFB2D5D8D}\fpb.tmpc:\users\STEVEP~1\AppData\Local\Temp\{08EADE67-90D8-43CB-9AB1-8FFCFB2D5D8D}\fpb.tmpc:\windows\svchost.exe..((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))..2012-06-29 12:33 . 2012-06-29 12:33 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\offreg.dll2012-06-29 12:32 . 2012-06-29 12:32 -------- d-----w- c:\users\Lisa Petruso\AppData\Local\temp2012-06-29 11:48 . 2012-06-29 12:07 -------- d-----w- C:\TDSSKiller_Quarantine2012-06-29 11:29 . 2012-06-29 11:29 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DF53563A-6A52-4093-B400-DBBCB93BCD1F}\gapaengine.dll2012-06-29 11:29 . 2012-05-31 01:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B0D5081-52FF-4F17-A8A8-B7729E50DF5C}\mpengine.dll2012-06-28 16:24 . 2012-06-28 16:24 -------- d-----w- C:\325e4e255b7acab05e1d642012-06-28 15:22 . 2012-06-29 11:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client2012-06-28 15:21 . 2012-06-29 11:29 -------- d-----w- c:\program files\Microsoft Security Client2012-06-25 11:52 . 2012-06-25 11:52 -------- d-----w- C:\rsit2012-06-25 11:52 . 2012-06-25 11:52 -------- d-----w- c:\program files\trend micro2012-06-25 01:48 . 2012-06-25 01:48 -------- d-----w- c:\program files\CCleaner2012-06-24 23:21 . 2012-06-24 23:21 -------- d-----w- c:\program files (x86)\Trend Micro2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\users\Steve Petruso\AppData\Roaming\Malwarebytes2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\programdata\Malwarebytes2012-06-24 20:32 . 2012-06-24 20:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware2012-06-24 20:32 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-06-24 20:30 . 2012-06-25 01:53 -------- d-----w- c:\program files (x86)\1ClickDownload2012-06-24 20:22 . 2012-06-24 20:22 -------- d-----w- c:\programdata\Conexant2012-06-24 20:22 . 2012-06-24 20:22 -------- d-----w- c:\users\Steve Petruso\AppData\Local\Conexant2012-06-24 20:21 . 2011-12-06 23:54 161736 ----a-w- c:\program files (x86)\64res.dll2012-06-24 19:47 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2012-06-24 19:47 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-06-23 10:43 . 2012-06-23 10:43 -------- d-----w- c:\users\Steve Petruso\AppData\Roaming\PCCUStubInstaller2012-06-22 10:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-22 10:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-22 10:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-22 10:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-22 10:00 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll2012-06-22 10:00 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-22 10:00 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-22 10:00 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-22 10:00 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe2012-06-14 10:34 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-06-24 19:13 . 2012-04-12 20:52 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-06-24 19:13 . 2011-08-01 07:32 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-24 39408]"CarMD"="c:\program files (x86)\CarMD\CarMD.exe" [2010-04-07 796672]"Facebook Update"="c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-28 137536]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17345712].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="Service".R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 136176]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2011-07-09 307304]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-05 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-05-16 451192]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120628.001\IDSvia64.sys [2012-06-18 509088]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-02-15 135608]S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 19:13].2012-06-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000Core.job- c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 22:52].2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2726610858-437048973-2726063162-1000UA.job- c:\users\Steve Petruso\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-28 22:52].2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 06:05].2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-24 06:05]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-24 310912]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-06-30 562304]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"LoadAppInit_DLLs"=0x0.------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = https://mail.google.com/mail/?shva=1#inboxmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>;localhostTCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeSafeBoot-48583638.sysToolbar-Locked - (no file)HKLM-Run-(Default) - (no file)HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exeHKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exeHKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exeHKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe...[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2012-06-29 08:39:25 - machine was rebootedComboFix-quarantined-files.txt 2012-06-29 12:39.Pre-Run: 573,881,212,928 bytes freePost-Run: 573,931,208,704 bytes free.- - End Of File - - 6F340CEB07906E954FEDE69CCAD703C3 Link to post Share on other sites More sharing options...
MrCharlie Posted June 29, 2012 ID:565325 Share Posted June 29, 2012 Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
jlp439 Posted June 29, 2012 Author ID:565327 Share Posted June 29, 2012 I ran MBAM quick scan and it didn't find anything and the random ad isn't playing as of now. Here is the log from MBAM.Malwarebytes Anti-Malware 1.61.0.1400www.malwarebytes.orgDatabase version: v2012.06.29.07Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Steve Petruso :: STEVEPETRUSO-PC [administrator]6/29/2012 8:52:00 AMmbam-log-2012-06-29 (08-52-00).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 253641Time elapsed: 2 minute(s), 9 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)If this works thanks so much for your help I definitely couldn't have figured all this out without you. Link to post Share on other sites More sharing options...
MrCharlie Posted June 29, 2012 ID:565328 Share Posted June 29, 2012 Great A little clean up to do....Please Uninstall ComboFix:Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point---------------------------------Please download OTL from one of the links below:http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Maurice Naggar Posted June 30, 2012 ID:565640 Share Posted June 30, 2012 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts