Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

only some sites blocked - please help [Solved]


  • This topic is locked This topic is locked

#1
wmpendle

wmpendle

    Member

  • Member
  • PipPip
  • 74 posts
Some of my normal websites are blocked (pinterest, facebook, si.com, and others) while other sites seem to be just fine (google - including gmail). Amazon and a few others don't display correctly, but the content is there. I have run full scan with malware bytes 2+hours later, no threats found. TDSSKiller found a few tracking cookies, but that is all. Browser is Firefox, but same results in google chrome. I have tried to check for a proxy server but that looked ok to me (marked no proxy). I also have Norton security. I did notice 2 files that appear to be in a foreign language which I can move but not delete (even with malware bytes file assassin). I have also tried Hitman Pro. I ran OTL and am attaching the files.

OTL logfile created on: 7/7/2012 6:58:20 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Wendi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.32 Mb Total Physical Memory | 188.38 Mb Available Physical Memory | 18.59% Memory free
2.23 Gb Paging File | 1.10 Gb Available in Paging File | 49.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 60.42 Gb Free Space | 54.77% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: WENDI-PC | User Name: Wendi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 18:54:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Wendi\Downloads\OTL.exe
PRC - [2012/06/23 11:38:05 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/04/20 18:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/23 11:38:04 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/04/20 18:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Users\Wendi\AppData\Local\Temp\KIGMH.exe -- (KIGMH)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2012/07/05 21:57:13 | 000,105,832 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2012/06/23 11:40:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/18 17:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/18 11:26:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120705.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/06/09 12:30:53 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/09 12:30:53 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/19 10:39:36 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120706.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/19 10:39:36 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120706.036\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/28 12:58:34 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/28 23:28:37 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012/03/28 23:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012/03/28 23:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012/03/28 23:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/28 23:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/29 15:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/08/15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys -- (SymDS)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/01/15 14:53:22 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/15 14:53:22 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/01/26 17:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/12/19 09:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {8D696207-519C-4F98-8ED2-F93E23EBF025}
IE - HKLM\..\SearchScopes\{8D696207-519C-4F98-8ED2-F93E23EBF025}: "URL" = http://www.google.co...ge={startPage};
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {FD756FFD-B48D-4DA3-A84D-DB1A984128CB}
IE - HKCU\..\SearchScopes\{4834BA29-26E5-4AEB-918A-A35EB9AD180C}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{FD756FFD-B48D-4DA3-A84D-DB1A984128CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mediaforge.com/MRP: C:\Windows\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Wendi\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wendi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wendi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/04/28 13:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/07/07 15:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 19:59:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/14 12:11:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Wendi\AppData\Roaming\Move Networks

[2012/05/05 19:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendi\AppData\Roaming\Mozilla\Extensions
[2012/05/19 17:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendi\AppData\Roaming\Mozilla\Firefox\Profiles\ydvm5i2g.default\extensions
[2012/05/05 19:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/16 11:22:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wendi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\Windows\system32\npmirage.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/05 22:03:32 | 000,000,726 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Protection Bar) - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}: DhcpNameServer = 10.100.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wendi\Documents\Pictures\Sample Pictures\Waterfall.jpg
O24 - Desktop BackupWallPaper: C:\Users\Wendi\Documents\Pictures\Sample Pictures\Waterfall.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 15:22:16 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{17f922f4-7c6b-11dc-86c3-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{240a6551-2e7a-11dc-abd2-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\{47b0004e-a0e4-11dc-91a8-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{770e2d48-095e-11dd-bdb6-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{7fb11717-90ec-11dd-90dc-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{a55a7707-7d40-11dc-a904-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{b53d792d-491a-11dd-9314-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{b7735b39-8c04-11dc-bfe0-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\{b7735b51-8c04-11dc-bfe0-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\{ccafc791-f9da-11db-8c63-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/07 15:07:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/05 22:31:15 | 000,000,000 | ---D | C] -- C:\Users\Wendi\Documents\Regdelnull
[2012/07/05 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Wendi\Desktop\RK_Quarantine
[2012/07/05 21:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/07/05 21:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/05 21:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/02 20:01:46 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wendi\Desktop\TDSSKiller.exe
[2012/07/01 12:15:09 | 000,000,000 | ---D | C] -- C:\Users\Wendi\Documents\GameFly
[2012/07/01 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Wendi\AppData\Roaming\GameFly
[2012/07/01 12:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameFly
[2012/07/01 12:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\GameFly
[2012/07/01 12:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/06/30 13:11:50 | 000,000,000 | ---D | C] -- C:\Users\Wendi\AppData\Local\Macromedia
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/07 17:10:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 17:10:25 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 16:35:52 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/07 16:11:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1776382662-2522565114-3704666072-1000UA.job
[2012/07/07 15:09:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 15:09:44 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/05 22:20:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wendi\Desktop\TDSSKiller.exe
[2012/07/05 21:57:13 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/01 12:28:11 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\The 80 Classic Games.lnk
[2012/07/01 12:14:58 | 000,001,621 | ---- | M] () -- C:\Users\Public\Desktop\GameFly.lnk
[2012/07/01 01:39:18 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1776382662-2522565114-3704666072-1000Core.job
[2012/06/30 13:23:29 | 000,002,053 | ---- | M] () -- C:\Users\Wendi\Desktop\Google Chrome.lnk
[2012/06/30 13:23:29 | 000,002,015 | ---- | M] () -- C:\Users\Wendi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 22:07:08 | 1063,313,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/05 21:57:13 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/01 12:28:09 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\The 80 Classic Games.lnk
[2012/07/01 12:14:58 | 000,001,621 | ---- | C] () -- C:\Users\Public\Desktop\GameFly.lnk
[2012/05/26 13:01:35 | 039,901,656 | ---- | C] () -- C:\Users\Wendi\Daniel.wmv
[2012/05/19 18:03:50 | 000,003,584 | ---- | C] () -- C:\Users\Wendi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 21:01:55 | 000,270,786 | ---- | C] () -- C:\Users\Wendi\AppData\Local\census.cache
[2012/05/05 21:01:12 | 000,174,575 | ---- | C] () -- C:\Users\Wendi\AppData\Local\ars.cache
[2012/05/05 20:43:43 | 000,000,036 | ---- | C] () -- C:\Users\Wendi\AppData\Local\housecall.guid.cache
[2012/04/21 18:54:49 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/22 21:13:52 | 012,869,942 | ---- | C] () -- C:\Users\Wendi\Eagle___March_17_004.AVI
[2011/12/10 14:47:46 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/10 14:47:46 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/30 13:42:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/30 13:40:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/30 13:40:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/24 20:20:16 | 000,010,326 | --S- | C] () -- C:\Users\Wendi\AppData\Local\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011/03/24 20:20:16 | 000,010,326 | --S- | C] () -- C:\ProgramData\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2008/12/28 20:11:31 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/01/23 00:34:00 | 001,502,666 | ---- | C] () -- C:\Users\Wendi\graduate.xps
[2007/11/10 01:28:25 | 000,265,395 | ---- | C] () -- C:\Users\Wendi\battery.xps
[2007/10/07 20:37:01 | 000,342,312 | ---- | C] () -- C:\Users\Wendi\www.courtinfo.ca.gov-forms-fillable-mc0500001.mdi
[2007/09/02 19:42:06 | 000,193,158 | ---- | C] () -- C:\Users\Wendi\schedule.xps
[2007/09/02 19:17:06 | 000,227,214 | ---- | C] () -- C:\Users\Wendi\norco directions.xps
[2007/06/23 22:26:19 | 000,058,803 | ---- | C] () -- C:\Users\Wendi\covenants_puzzle.gif

========== LOP Check ==========

[2012/07/01 12:15:08 | 000,000,000 | ---D | M] -- C:\Users\Wendi\AppData\Roaming\GameFly
[2012/07/07 15:08:36 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:44DAF2F1

< End of report >

Edited by wmpendle, 07 July 2012 - 08:24 PM.

  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello wmpendle, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

We apologize for the delay in responding to your request for help. Here at GeeksToGo we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same.
Because of this, you must reply within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please let me know if you are using a computer with multiple accounts, as this can affect the instructions given.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
    I would recommend printing them out, if you can, so you can check off each step as you complete it.
    Also, part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!
  • If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!
  • All tools must be run from an account with Administrator privileges.
  • Do not do things I do not ask for, such as running a spyware scan on your computer, installing/uninstall programs, deleting files, modifying the registry or running any tools, unless instructed to do so. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date (if possible)!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.
In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.


I am currently reviewing your OTL log. There should be an Extras.txt log in the C:\Users\Wendi\Downloads folder. Please copy and paste that in a reply to this and I will be back to you when I've had a chance to review it.

Please do not run Hitman Pro.
  • 0

#3
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Thanks for agreeing to help me. I did save that extras file also, I am not on that computer right now but I will post it tonight.
  • 0

#4
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here is the Extras file

OTL Extras logfile created on: 7/7/2012 6:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Wendi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.32 Mb Total Physical Memory | 188.38 Mb Available Physical Memory | 18.59% Memory free
2.23 Gb Paging File | 1.10 Gb Available in Paging File | 49.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 60.42 Gb Free Space | 54.77% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: WENDI-PC | User Name: Wendi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1776382662-2522565114-3704666072-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2220D95D-FFEA-42E1-B1BF-C29C99DD808D}" = rport=137 | protocol=17 | dir=out | app=system |
"{32AB8E2F-0F80-4E21-A70C-DE3DFDD6F6F4}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{4653ACEC-0B56-497E-B329-F6DFC1229016}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B616E00-8A95-477D-92A5-617159FD198F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4D025583-446D-427E-8FA9-ECECA8D571ED}" = lport=137 | protocol=17 | dir=in | app=system |
"{6662270F-48F5-4F85-B241-C9ED93CA65A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{912756AA-2569-4331-A9BC-A327298FCC56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{952AB60A-C233-494C-90EC-675AF9E6AEA5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BDE6B463-32D1-4055-8757-931CDC0712AD}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{C3A4F98F-DDA0-4DFB-B6B8-6645A48DC708}" = lport=138 | protocol=17 | dir=in | app=system |
"{CBE30DA9-B443-4CA0-A13B-27FC2A8DEC87}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE3E0FEB-DD71-43CC-B333-BF3F3893C677}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D03B9FF3-7585-4FA7-ABF3-64CA47777902}" = rport=138 | protocol=17 | dir=out | app=system |
"{D54729E8-72F4-4D33-AF89-29956D5C76AD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{DC0921B6-E396-4458-B2FE-FDB168DC6001}" = rport=2869 | protocol=6 | dir=out | app=system |
"{FA72F43E-BF94-4051-96E0-9F324F2348FA}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2E04832B-FBE0-458A-9950-B77C54B139B6}" = protocol=58 | dir=in | [email protected],-28545 |
"{663C317A-92B7-448A-9EE1-B04712751253}" = protocol=58 | dir=out | [email protected],-28546 |
"{6678E1BB-1FEB-43B9-9065-B67B10ACD073}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{706757A0-8ABF-4784-9504-C5E4BBF6B7A3}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{926EC168-B1C8-47C5-B803-4CA8748C7DAA}" = protocol=58 | dir=in | [email protected],-148 |
"{99A25D56-8102-4BA9-BB84-8E3F3415CF77}" = protocol=1 | dir=out | [email protected],-28544 |
"{BC03B2EB-853C-4460-8B95-F1470C9CC4F1}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{D094003A-47E4-4DAE-9033-099B7C35E5DB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F10D51DF-1383-4E6F-93AE-66E9EE1414DD}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1FC8FA02-F843-9FAD-9CB9-682A0D1176B2}" = GameFly
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{2727FBEF-3155-11D4-8F73-0050DA0F6297}" = The Sims Livin' Large
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}" = bodybugg Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F10D1D8F-C20C-4F0D-B243-688C0C6873F6}" = CutePDF Professional 3.5
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EADM" = EA Download Manager
"FormMax Filler_is1" = FormMax Filler 3.5
"GameFly" = GameFly
"Happyland Adventures - Xmas Edition_is1" = Happyland Adventures - Xmas Edition v1.3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HitmanPro36" = HitmanPro 3.6
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for TOSHIBA
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{CB706270-54EA-4E48-9FFB-0B95FA04DBE6}" = bodybugg Software
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Money2007b" = Microsoft Money Essentials
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)
"NIS" = Norton Internet Security
"SimSafariUninstall" = SimSafari
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The 80 Classic Games" = The 80 Classic Games
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/12/2012 5:53:59 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/12/2012 5:54:03 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/12/2012 8:40:50 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/12/2012 8:40:55 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/12/2012 11:07:39 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/12/2012 11:07:43 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/12/2012 11:49:06 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/12/2012 11:49:12 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/19/2012 6:42:00 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/19/2012 6:42:06 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 5/19/2012 7:05:14 PM | Computer Name = Wendi-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 7/7/2012 4:47:05 PM | Computer Name = Wendi-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/7/2012 4:47:05 PM | Computer Name = Wendi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/7/2012 4:47:08 PM | Computer Name = Wendi-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 7/7/2012 4:47:08 PM | Computer Name = Wendi-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 10.100.2.3, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 7/7/2012 6:10:06 PM | Computer Name = Wendi-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =

Error - 7/7/2012 6:10:28 PM | Computer Name = Wendi-PC | Source = ipnathlp | ID = 34001
Description = The ICS_IPV6 failed to configure IPv6 stack.

Error - 7/7/2012 6:10:28 PM | Computer Name = Wendi-PC | Source = ipnathlp | ID = 30013
Description = The DHCP allocator has disabled itself on IP address 10.100.2.3, since
the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses
are being allocated to DHCP clients. To enable the DHCP allocator on this IP address,
change the scope to include the IP address, or change the IP address to fall within
the scope.

Error - 7/7/2012 6:11:23 PM | Computer Name = Wendi-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 7/7/2012 6:11:23 PM | Computer Name = Wendi-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/7/2012 6:13:25 PM | Computer Name = Wendi-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >
  • 0

#5
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Also thought I should mention that you said not to run Hitman Pro but it did try to automatically scan when I first booted up the computer. I canceled it, but it did scan some files.
  • 0

#6
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi wmpendle,

Also thought I should mention that you said not to run Hitman Pro but it did try to automatically scan when I first booted up the computer. I canceled it, but it did scan some files.

Thank you. If you could disable the automatic scanning until we are done, that would be great. HitmanPro has been known to produce false positives on some files, and when they are fixed you aren't able to log into Windows. I haven't seen it recently, but I would just like to avoid the possibility. ;)

1. Is your Norton Internet Security turned on? I don't see it loading at start up.

2. Are you using the Norton firewall? Is it turned on?

3. Do you have McAfee AntiSpyware installed?

I see that you have TDSSKiller on the computer. If you ran it, I would like you to post that log. The report should be in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt"

I also see the RK_Quarantine folder on the desktop. Did you run RogueKiller? If you did, please copy and paste all of the RKreport.txt files on the desktop in your next reply.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

To disable MBAM
Open the scanner and select the Protection tab
Remove the tick from "Start with Windows"
Reboot and start with number 1. below to run the OTL fix.
Posted Image

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - File not found [Disabled | Stopped] -- C:\Users\Wendi\AppData\Local\Temp\KIGMH.exe -- (KIGMH)
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392
O3 - HKCU\..\Toolbar\WebBrowser: (Protection Bar) - {CC18AE76-7E65-4258-A193-9EA0C52DA6B8} - Reg Error: Value error. File not found
O33 - MountPoints2\{17f922f4-7c6b-11dc-86c3-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{240a6551-2e7a-11dc-abd2-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\{47b0004e-a0e4-11dc-91a8-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{770e2d48-095e-11dd-bdb6-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{7fb11717-90ec-11dd-90dc-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{a55a7707-7d40-11dc-a904-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{b53d792d-491a-11dd-9314-00a0d1733b0f}\Shell - "" = AutoRun
O33 - MountPoints2\{b7735b39-8c04-11dc-bfe0-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\{b7735b51-8c04-11dc-bfe0-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\{ccafc791-f9da-11db-8c63-0019d2b8b1b8}\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell - "" = AutoRun
[2011/03/24 20:20:16 | 000,010,326 | --S- | C] () -- C:\Users\Wendi\AppData\Local\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv
[2011/03/24 20:20:16 | 000,010,326 | --S- | C] () -- C:\ProgramData\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv

:FILES
ipconfig /flushdns /c

:COMMANDS
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Things For Your Next Post:
1. The OTL Fixes log
2. The new OTL.txt log
3. The aswMBR log
4. The TDSSKiller log
5. All RKreport.txt logs
5. Answer my questions above.
6. Tell me how the system is running now.
  • 0

#7
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
ok, I will look for and post the logs tonight. thanks,
  • 0

#8
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here is the log for TDSKiller:

15:05:53.0647 3192 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
15:05:54.0255 3192 ============================================================
15:05:54.0255 3192 Current date / time: 2012/07/07 15:05:54.0255
15:05:54.0255 3192 SystemInfo:
15:05:54.0255 3192
15:05:54.0255 3192 OS Version: 6.0.6002 ServicePack: 2.0
15:05:54.0255 3192 Product type: Workstation
15:05:54.0255 3192 ComputerName: WENDI-PC
15:05:54.0255 3192 UserName: Wendi
15:05:54.0255 3192 Windows directory: C:\Windows
15:05:54.0255 3192 System windows directory: C:\Windows
15:05:54.0255 3192 Processor architecture: Intel x86
15:05:54.0255 3192 Number of processors: 2
15:05:54.0255 3192 Page size: 0x1000
15:05:54.0255 3192 Boot type: Normal boot
15:05:54.0255 3192 ============================================================
15:05:57.0500 3192 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:05:57.0625 3192 ============================================================
15:05:57.0625 3192 \Device\Harddisk0\DR0:
15:05:57.0640 3192 MBR partitions:
15:05:57.0640 3192 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA4800
15:05:57.0640 3192 ============================================================
15:05:57.0672 3192 C: <-> \Device\Harddisk0\DR0\Partition0
15:05:57.0812 3192 ============================================================
15:05:57.0812 3192 Initialize success
15:05:57.0812 3192 ============================================================
15:06:24.0706 1300 ============================================================
15:06:24.0706 1300 Scan started
15:06:24.0706 1300 Mode: Manual; SigCheck; TDLFS;
15:06:24.0706 1300 ============================================================
15:06:26.0376 1300 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:06:27.0483 1300 ACPI - ok
15:06:27.0592 1300 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:06:27.0624 1300 AdobeFlashPlayerUpdateSvc - ok
15:06:27.0686 1300 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:06:27.0717 1300 adp94xx - ok
15:06:27.0733 1300 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:06:27.0764 1300 adpahci - ok
15:06:27.0780 1300 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:06:27.0795 1300 adpu160m - ok
15:06:27.0858 1300 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:06:27.0873 1300 adpu320 - ok
15:06:27.0920 1300 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:06:28.0341 1300 AeLookupSvc - ok
15:06:28.0404 1300 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:06:28.0482 1300 AFD - ok
15:06:28.0528 1300 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
15:06:28.0575 1300 AgereModemAudio - ok
15:06:28.0684 1300 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
15:06:28.0840 1300 AgereSoftModem - ok
15:06:28.0903 1300 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:06:28.0918 1300 agp440 - ok
15:06:28.0934 1300 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:06:28.0950 1300 aic78xx - ok
15:06:28.0981 1300 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:06:29.0184 1300 ALG - ok
15:06:29.0215 1300 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:06:29.0230 1300 aliide - ok
15:06:29.0262 1300 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:06:29.0277 1300 amdagp - ok
15:06:29.0293 1300 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:06:29.0308 1300 amdide - ok
15:06:29.0324 1300 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:06:29.0511 1300 AmdK7 - ok
15:06:29.0527 1300 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:06:29.0620 1300 AmdK8 - ok
15:06:29.0683 1300 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:06:29.0745 1300 Appinfo - ok
15:06:29.0808 1300 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:06:29.0823 1300 arc - ok
15:06:29.0839 1300 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:06:29.0854 1300 arcsas - ok
15:06:29.0886 1300 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:06:29.0948 1300 AsyncMac - ok
15:06:29.0979 1300 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:06:29.0995 1300 atapi - ok
15:06:30.0026 1300 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:06:30.0073 1300 AudioEndpointBuilder - ok
15:06:30.0088 1300 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:06:30.0120 1300 Audiosrv - ok
15:06:30.0182 1300 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:06:30.0229 1300 Beep - ok
15:06:30.0291 1300 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:06:30.0338 1300 BFE - ok
15:06:30.0541 1300 BHDrvx86 (a9e111a358ac5f7eba7ac61e43fc6725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120619.001\BHDrvx86.sys
15:06:30.0775 1300 BHDrvx86 - ok
15:06:30.0853 1300 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:06:30.0962 1300 BITS - ok
15:06:31.0024 1300 blbdrive - ok
15:06:31.0056 1300 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:06:31.0102 1300 bowser - ok
15:06:31.0149 1300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:06:31.0196 1300 BrFiltLo - ok
15:06:31.0227 1300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:06:31.0290 1300 BrFiltUp - ok
15:06:31.0336 1300 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:06:31.0399 1300 Browser - ok
15:06:31.0430 1300 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:06:31.0508 1300 Brserid - ok
15:06:31.0524 1300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:06:31.0602 1300 BrSerWdm - ok
15:06:31.0633 1300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:06:31.0742 1300 BrUsbMdm - ok
15:06:31.0758 1300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:06:31.0820 1300 BrUsbSer - ok
15:06:31.0851 1300 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:06:31.0914 1300 BTHMODEM - ok
15:06:31.0976 1300 ccSet_NIS (599e7f6259a127c174c49938d2aa6a60) C:\Windows\system32\drivers\NIS\1307010.005\ccSetx86.sys
15:06:31.0992 1300 ccSet_NIS - ok
15:06:32.0007 1300 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:06:32.0054 1300 cdfs - ok
15:06:32.0085 1300 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:06:32.0148 1300 cdrom - ok
15:06:32.0194 1300 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:06:32.0241 1300 CertPropSvc - ok
15:06:32.0319 1300 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:06:32.0335 1300 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
15:06:32.0335 1300 CFSvcs - detected UnsignedFile.Multi.Generic (1)
15:06:32.0350 1300 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:06:32.0413 1300 circlass - ok
15:06:32.0428 1300 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:06:32.0460 1300 CLFS - ok
15:06:32.0538 1300 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:06:32.0553 1300 clr_optimization_v2.0.50727_32 - ok
15:06:32.0631 1300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:06:32.0647 1300 clr_optimization_v4.0.30319_32 - ok
15:06:32.0678 1300 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:06:32.0740 1300 CmBatt - ok
15:06:32.0756 1300 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:06:32.0772 1300 cmdide - ok
15:06:32.0803 1300 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:06:32.0818 1300 Compbatt - ok
15:06:32.0818 1300 COMSysApp - ok
15:06:32.0834 1300 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:06:32.0850 1300 crcdisk - ok
15:06:32.0881 1300 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:06:32.0959 1300 Crusoe - ok
15:06:33.0021 1300 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
15:06:33.0068 1300 CryptSvc - ok
15:06:33.0146 1300 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:06:33.0208 1300 DcomLaunch - ok
15:06:33.0255 1300 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:06:33.0286 1300 DfsC - ok
15:06:33.0458 1300 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:06:33.0848 1300 DFSR - ok
15:06:34.0051 1300 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:06:34.0113 1300 Dhcp - ok
15:06:34.0160 1300 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:06:34.0191 1300 disk - ok
15:06:34.0238 1300 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:06:34.0285 1300 Dnscache - ok
15:06:34.0332 1300 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:06:34.0363 1300 dot3svc - ok
15:06:34.0394 1300 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:06:34.0425 1300 DPS - ok
15:06:34.0456 1300 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:06:34.0519 1300 drmkaud - ok
15:06:34.0581 1300 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:06:34.0644 1300 DXGKrnl - ok
15:06:34.0722 1300 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:06:34.0800 1300 E1G60 - ok
15:06:34.0971 1300 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:06:35.0049 1300 EapHost - ok
15:06:35.0268 1300 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:06:35.0283 1300 Ecache - ok
15:06:35.0673 1300 eeCtrl (fce87ba643d5e9a8b6e0378508d1b22d) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
15:06:35.0798 1300 eeCtrl - ok
15:06:35.0938 1300 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:06:35.0985 1300 ehRecvr - ok
15:06:36.0016 1300 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:06:36.0094 1300 ehSched - ok
15:06:36.0126 1300 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:06:36.0157 1300 ehstart - ok
15:06:36.0235 1300 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:06:36.0266 1300 elxstor - ok
15:06:36.0297 1300 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:06:36.0422 1300 EMDMgmt - ok
15:06:36.0750 1300 EraserUtilRebootDrv (115dc729465a8c386615207f28875255) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
15:06:36.0765 1300 EraserUtilRebootDrv - ok
15:06:37.0202 1300 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:06:37.0311 1300 EventSystem - ok
15:06:37.0561 1300 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:06:37.0623 1300 exfat - ok
15:06:37.0670 1300 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:06:37.0701 1300 fastfat - ok
15:06:37.0732 1300 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:06:37.0795 1300 fdc - ok
15:06:37.0826 1300 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:06:37.0857 1300 fdPHost - ok
15:06:37.0873 1300 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:06:37.0935 1300 FDResPub - ok
15:06:37.0966 1300 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:06:37.0982 1300 FileInfo - ok
15:06:37.0998 1300 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:06:38.0060 1300 Filetrace - ok
15:06:38.0091 1300 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:06:38.0169 1300 flpydisk - ok
15:06:38.0200 1300 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:06:38.0232 1300 FltMgr - ok
15:06:38.0310 1300 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:06:38.0403 1300 FontCache - ok
15:06:38.0481 1300 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:06:38.0497 1300 FontCache3.0.0.0 - ok
15:06:38.0544 1300 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
15:06:38.0590 1300 Fs_Rec - ok
15:06:38.0637 1300 FTDIBUS (a36e8beedb3aaca09bf55a1d17904bc8) C:\Windows\system32\drivers\ftdibus.sys
15:06:38.0653 1300 FTDIBUS - ok
15:06:38.0684 1300 FTSER2K (a14a1f4bb391df9c233cb5dbd05feb70) C:\Windows\system32\drivers\ftser2k.sys
15:06:38.0700 1300 FTSER2K - ok
15:06:38.0715 1300 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
15:06:38.0778 1300 FwLnk - ok
15:06:38.0793 1300 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:06:38.0809 1300 gagp30kx - ok
15:06:38.0840 1300 getPlusHelper - ok
15:06:38.0902 1300 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:06:39.0027 1300 gpsvc - ok
15:06:39.0090 1300 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:06:39.0183 1300 HdAudAddService - ok
15:06:39.0246 1300 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:06:39.0324 1300 HDAudBus - ok
15:06:39.0370 1300 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:06:39.0433 1300 HidBth - ok
15:06:39.0464 1300 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:06:39.0526 1300 HidIr - ok
15:06:39.0558 1300 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:06:39.0604 1300 hidserv - ok
15:06:39.0636 1300 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:06:39.0682 1300 HidUsb - ok
15:06:39.0729 1300 HitmanProScheduler (da53819fbb21e6ff91d377283597a6c6) C:\Program Files\HitmanPro\hmpsched.exe
15:06:39.0745 1300 HitmanProScheduler - ok
15:06:39.0776 1300 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:06:39.0807 1300 hkmsvc - ok
15:06:39.0838 1300 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:06:39.0854 1300 HpCISSs - ok
15:06:39.0901 1300 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:06:40.0010 1300 HTTP - ok
15:06:40.0057 1300 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:06:40.0072 1300 i2omp - ok
15:06:40.0135 1300 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:06:40.0182 1300 i8042prt - ok
15:06:40.0384 1300 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:06:40.0618 1300 ialm - ok
15:06:40.0743 1300 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:06:40.0759 1300 iaStorV - ok
15:06:40.0884 1300 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:06:40.0962 1300 idsvc - ok
15:06:41.0133 1300 IDSVix86 (6262c22a913bd255a0795d070b82aa47) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120705.001\IDSvix86.sys
15:06:41.0164 1300 IDSVix86 - ok
15:06:41.0430 1300 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:06:41.0835 1300 igfx - ok
15:06:41.0960 1300 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:06:41.0976 1300 iirsp - ok
15:06:42.0022 1300 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:06:42.0132 1300 IKEEXT - ok
15:06:42.0319 1300 IntcAzAudAddService (f92f433a1b38041b365bfd4b021e42d2) C:\Windows\system32\drivers\RTKVHDA.sys
15:06:42.0428 1300 IntcAzAudAddService - ok
15:06:42.0600 1300 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:06:42.0631 1300 intelide - ok
15:06:42.0678 1300 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:06:42.0740 1300 intelppm - ok
15:06:42.0787 1300 IO_Memory - ok
15:06:42.0818 1300 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:06:42.0880 1300 IPBusEnum - ok
15:06:42.0912 1300 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:06:42.0974 1300 IpFilterDriver - ok
15:06:43.0005 1300 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:06:43.0083 1300 iphlpsvc - ok
15:06:43.0083 1300 IpInIp - ok
15:06:43.0114 1300 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:06:43.0192 1300 IPMIDRV - ok
15:06:43.0208 1300 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:06:43.0255 1300 IPNAT - ok
15:06:43.0286 1300 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:06:43.0333 1300 IRENUM - ok
15:06:43.0364 1300 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:06:43.0380 1300 isapnp - ok
15:06:43.0426 1300 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:06:43.0442 1300 iScsiPrt - ok
15:06:43.0473 1300 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:06:43.0489 1300 iteatapi - ok
15:06:43.0520 1300 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:06:43.0536 1300 iteraid - ok
15:06:43.0551 1300 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:06:43.0567 1300 kbdclass - ok
15:06:43.0598 1300 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:06:43.0645 1300 kbdhid - ok
15:06:43.0676 1300 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:06:43.0723 1300 KeyIso - ok
15:06:43.0816 1300 KIGMH - ok
15:06:43.0848 1300 KR10I (1e0d65f7ffeb4e99b2eec1ccb5754cc8) C:\Windows\system32\drivers\kr10i.sys
15:06:43.0879 1300 KR10I ( UnsignedFile.Multi.Generic ) - warning
15:06:43.0879 1300 KR10I - detected UnsignedFile.Multi.Generic (1)
15:06:43.0894 1300 KR10N (a1963360e74931222a67356c8ad48378) C:\Windows\system32\drivers\kr10n.sys
15:06:43.0926 1300 KR10N ( UnsignedFile.Multi.Generic ) - warning
15:06:43.0926 1300 KR10N - detected UnsignedFile.Multi.Generic (1)
15:06:43.0988 1300 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
15:06:44.0050 1300 KR3NPXP ( UnsignedFile.Multi.Generic ) - warning
15:06:44.0050 1300 KR3NPXP - detected UnsignedFile.Multi.Generic (1)
15:06:44.0097 1300 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:06:44.0128 1300 KSecDD - ok
15:06:44.0191 1300 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:06:44.0253 1300 KtmRm - ok
15:06:44.0300 1300 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:06:44.0347 1300 LanmanServer - ok
15:06:44.0378 1300 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:06:44.0440 1300 LanmanWorkstation - ok
15:06:44.0487 1300 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:06:44.0534 1300 lltdio - ok
15:06:44.0565 1300 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:06:44.0628 1300 lltdsvc - ok
15:06:44.0659 1300 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:06:44.0721 1300 lmhosts - ok
15:06:44.0737 1300 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:06:44.0752 1300 LSI_FC - ok
15:06:44.0784 1300 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:06:44.0799 1300 LSI_SAS - ok
15:06:44.0830 1300 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:06:44.0846 1300 LSI_SCSI - ok
15:06:44.0877 1300 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:06:44.0924 1300 luafv - ok
15:06:44.0955 1300 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
15:06:44.0971 1300 MBAMProtector - ok
15:06:45.0049 1300 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
15:06:45.0080 1300 MBAMService - ok
15:06:45.0111 1300 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:06:45.0142 1300 Mcx2Svc - ok
15:06:45.0236 1300 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
15:06:45.0267 1300 MDM - ok
15:06:45.0314 1300 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:06:45.0330 1300 megasas - ok
15:06:45.0345 1300 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:06:45.0408 1300 MMCSS - ok
15:06:45.0423 1300 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:06:45.0486 1300 Modem - ok
15:06:45.0532 1300 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:06:45.0579 1300 monitor - ok
15:06:45.0610 1300 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:06:45.0642 1300 mouclass - ok
15:06:45.0657 1300 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:06:45.0688 1300 mouhid - ok
15:06:45.0766 1300 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:06:45.0782 1300 MountMgr - ok
15:06:45.0844 1300 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:06:45.0860 1300 mpio - ok
15:06:45.0907 1300 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:06:45.0938 1300 mpsdrv - ok
15:06:46.0000 1300 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:06:46.0047 1300 MpsSvc - ok
15:06:46.0078 1300 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:06:46.0094 1300 Mraid35x - ok
15:06:46.0110 1300 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:06:46.0156 1300 MRxDAV - ok
15:06:46.0203 1300 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:06:46.0250 1300 mrxsmb - ok
15:06:46.0297 1300 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:06:46.0344 1300 mrxsmb10 - ok
15:06:46.0359 1300 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:06:46.0406 1300 mrxsmb20 - ok
15:06:46.0453 1300 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
15:06:46.0468 1300 msahci - ok
15:06:46.0484 1300 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:06:46.0500 1300 msdsm - ok
15:06:46.0531 1300 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:06:46.0562 1300 MSDTC - ok
15:06:46.0578 1300 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:06:46.0640 1300 Msfs - ok
15:06:46.0687 1300 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:06:46.0702 1300 msisadrv - ok
15:06:46.0734 1300 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:06:46.0780 1300 MSiSCSI - ok
15:06:46.0780 1300 msiserver - ok
15:06:46.0812 1300 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:06:46.0858 1300 MSKSSRV - ok
15:06:47.0030 1300 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:06:47.0077 1300 MSPCLOCK - ok
15:06:47.0108 1300 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:06:47.0155 1300 MSPQM - ok
15:06:47.0186 1300 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:06:47.0202 1300 MsRPC - ok
15:06:47.0233 1300 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:06:47.0248 1300 mssmbios - ok
15:06:47.0248 1300 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:06:47.0311 1300 MSTEE - ok
15:06:47.0311 1300 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:06:47.0342 1300 Mup - ok
15:06:47.0373 1300 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:06:47.0451 1300 napagent - ok
15:06:47.0529 1300 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:06:47.0560 1300 NativeWifiP - ok
15:06:47.0701 1300 NAVENG (f11033730b38260b6892e837c457fb4b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120706.036\NAVENG.SYS
15:06:47.0716 1300 NAVENG - ok
15:06:47.0841 1300 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120706.036\NAVEX15.SYS
15:06:47.0935 1300 NAVEX15 - ok
15:06:48.0122 1300 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:06:48.0184 1300 NDIS - ok
15:06:48.0231 1300 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:06:48.0294 1300 NdisTapi - ok
15:06:48.0325 1300 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:06:48.0418 1300 Ndisuio - ok
15:06:48.0434 1300 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:06:48.0481 1300 NdisWan - ok
15:06:48.0512 1300 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:06:48.0559 1300 NDProxy - ok
15:06:48.0590 1300 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:06:48.0637 1300 NetBIOS - ok
15:06:48.0684 1300 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:06:48.0715 1300 netbt - ok
15:06:48.0730 1300 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:06:48.0762 1300 Netlogon - ok
15:06:48.0793 1300 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:06:48.0840 1300 Netman - ok
15:06:48.0871 1300 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:06:48.0902 1300 netprofm - ok
15:06:48.0964 1300 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:06:48.0980 1300 NetTcpPortSharing - ok
15:06:49.0120 1300 NETw3v32 (ea30bd026a7d1b745a37516880c4ac1b) C:\Windows\system32\DRIVERS\NETw3v32.sys
15:06:49.0308 1300 NETw3v32 - ok
15:06:49.0573 1300 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
15:06:49.0807 1300 NETw4v32 - ok
15:06:50.0150 1300 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys
15:06:50.0368 1300 NETw5v32 - ok
15:06:50.0478 1300 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:06:50.0509 1300 nfrd960 - ok
15:06:50.0587 1300 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
15:06:50.0602 1300 NIS - ok
15:06:50.0634 1300 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:06:50.0665 1300 NlaSvc - ok
15:06:50.0696 1300 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:06:50.0743 1300 Npfs - ok
15:06:50.0790 1300 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:06:50.0883 1300 nsi - ok
15:06:50.0899 1300 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:06:50.0961 1300 nsiproxy - ok
15:06:51.0055 1300 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:06:51.0133 1300 Ntfs - ok
15:06:51.0211 1300 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:06:51.0289 1300 ntrigdigi - ok
15:06:51.0304 1300 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:06:51.0336 1300 Null - ok
15:06:51.0367 1300 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:06:51.0382 1300 nvraid - ok
15:06:51.0398 1300 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:06:51.0414 1300 nvstor - ok
15:06:51.0429 1300 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:06:51.0445 1300 nv_agp - ok
15:06:51.0460 1300 NwlnkFlt - ok
15:06:51.0460 1300 NwlnkFwd - ok
15:06:51.0507 1300 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
15:06:51.0554 1300 ohci1394 - ok
15:06:51.0632 1300 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:06:51.0648 1300 ose - ok
15:06:51.0726 1300 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:06:51.0850 1300 p2pimsvc - ok
15:06:51.0850 1300 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:06:51.0913 1300 p2psvc - ok
15:06:51.0960 1300 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:06:52.0053 1300 Parport - ok
15:06:52.0084 1300 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
15:06:52.0100 1300 partmgr - ok
15:06:52.0116 1300 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:06:52.0178 1300 Parvdm - ok
15:06:52.0225 1300 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:06:52.0256 1300 PcaSvc - ok
15:06:52.0303 1300 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:06:52.0318 1300 pci - ok
15:06:52.0334 1300 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
15:06:52.0350 1300 pciide - ok
15:06:52.0381 1300 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
15:06:52.0396 1300 pcmcia - ok
15:06:52.0474 1300 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:06:52.0615 1300 PEAUTH - ok
15:06:52.0693 1300 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
15:06:52.0724 1300 pinger - ok
15:06:52.0849 1300 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:06:52.0942 1300 pla - ok
15:06:53.0114 1300 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:06:53.0145 1300 PlugPlay - ok
15:06:53.0208 1300 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:06:53.0270 1300 PNRPAutoReg - ok
15:06:53.0286 1300 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:06:53.0348 1300 PNRPsvc - ok
15:06:53.0426 1300 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:06:53.0520 1300 PolicyAgent - ok
15:06:53.0613 1300 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:06:53.0660 1300 PptpMiniport - ok
15:06:53.0707 1300 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:06:53.0785 1300 Processor - ok
15:06:53.0800 1300 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:06:53.0847 1300 ProfSvc - ok
15:06:53.0878 1300 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:06:53.0910 1300 ProtectedStorage - ok
15:06:53.0941 1300 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:06:53.0988 1300 PSched - ok
15:06:54.0034 1300 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
15:06:54.0050 1300 PxHelp20 - ok
15:06:54.0128 1300 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:06:54.0175 1300 ql2300 - ok
15:06:54.0206 1300 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:06:54.0237 1300 ql40xx - ok
15:06:54.0300 1300 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:06:54.0346 1300 QWAVE - ok
15:06:54.0362 1300 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:06:54.0378 1300 QWAVEdrv - ok
15:06:54.0393 1300 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:06:54.0440 1300 RasAcd - ok
15:06:54.0471 1300 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:06:54.0518 1300 RasAuto - ok
15:06:54.0549 1300 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:06:54.0580 1300 Rasl2tp - ok
15:06:54.0612 1300 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:06:54.0658 1300 RasMan - ok
15:06:54.0690 1300 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:06:54.0736 1300 RasPppoe - ok
15:06:54.0752 1300 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:06:54.0799 1300 RasSstp - ok
15:06:54.0830 1300 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:06:54.0861 1300 rdbss - ok
15:06:54.0877 1300 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:06:54.0908 1300 RDPCDD - ok
15:06:54.0955 1300 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:06:55.0017 1300 rdpdr - ok
15:06:55.0033 1300 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:06:55.0080 1300 RDPENCDD - ok
15:06:55.0142 1300 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
15:06:55.0173 1300 RDPWD - ok
15:06:55.0220 1300 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:06:55.0267 1300 RemoteAccess - ok
15:06:55.0282 1300 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:06:55.0329 1300 RemoteRegistry - ok
15:06:55.0392 1300 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
15:06:55.0423 1300 RimUsb - ok
15:06:55.0454 1300 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:06:55.0516 1300 RpcLocator - ok
15:06:55.0563 1300 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:06:55.0610 1300 RpcSs - ok
15:06:55.0641 1300 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:06:55.0672 1300 rspndr - ok
15:06:55.0704 1300 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:06:55.0719 1300 SamSs - ok
15:06:55.0782 1300 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:06:55.0797 1300 sbp2port - ok
15:06:55.0828 1300 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:06:55.0875 1300 SCardSvr - ok
15:06:55.0953 1300 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:06:56.0078 1300 Schedule - ok
15:06:56.0125 1300 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:06:56.0156 1300 SCPolicySvc - ok
15:06:56.0203 1300 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
15:06:56.0218 1300 sdbus - ok
15:06:56.0250 1300 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:06:56.0312 1300 SDRSVC - ok
15:06:56.0343 1300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:06:56.0390 1300 secdrv - ok
15:06:56.0406 1300 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:06:56.0452 1300 seclogon - ok
15:06:56.0484 1300 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:06:56.0530 1300 SENS - ok
15:06:56.0530 1300 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
15:06:56.0608 1300 Serenum - ok
15:06:56.0640 1300 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:06:56.0686 1300 Serial - ok
15:06:56.0718 1300 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:06:56.0749 1300 sermouse - ok
15:06:56.0764 1300 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:06:56.0811 1300 SessionEnv - ok
15:06:56.0827 1300 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
15:06:56.0874 1300 sffdisk - ok
15:06:56.0905 1300 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:06:56.0983 1300 sffp_mmc - ok
15:06:57.0014 1300 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:06:57.0045 1300 sffp_sd - ok
15:06:57.0061 1300 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:06:57.0123 1300 sfloppy - ok
15:06:57.0154 1300 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:06:57.0217 1300 SharedAccess - ok
15:06:57.0264 1300 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:06:57.0342 1300 ShellHWDetection - ok
15:06:57.0373 1300 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:06:57.0388 1300 sisagp - ok
15:06:57.0404 1300 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:06:57.0420 1300 SiSRaid2 - ok
15:06:57.0451 1300 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:06:57.0466 1300 SiSRaid4 - ok
15:06:58.0168 1300 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:06:58.0527 1300 slsvc - ok
15:06:58.0636 1300 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:06:58.0683 1300 SLUINotify - ok
15:06:58.0714 1300 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:06:58.0746 1300 Smb - ok
15:06:58.0777 1300 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:06:58.0792 1300 SNMPTRAP - ok
15:06:58.0824 1300 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:06:58.0839 1300 spldr - ok
15:06:58.0870 1300 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:06:58.0948 1300 Spooler - ok
15:06:59.0011 1300 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\Windows\System32\Drivers\NIS\1307010.005\SRTSP.SYS
15:06:59.0073 1300 SRTSP - ok
15:06:59.0120 1300 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\Windows\system32\drivers\NIS\1307010.005\SRTSPX.SYS
15:06:59.0136 1300 SRTSPX - ok
15:06:59.0198 1300 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:06:59.0292 1300 srv - ok
15:06:59.0338 1300 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:06:59.0401 1300 srv2 - ok
15:06:59.0448 1300 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:06:59.0463 1300 srvnet - ok
15:06:59.0494 1300 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:06:59.0526 1300 SSDPSRV - ok
15:06:59.0557 1300 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:06:59.0588 1300 SstpSvc - ok
15:06:59.0619 1300 StillCam (7a95b5deb594616f1693486b8161411e) C:\Windows\system32\DRIVERS\serscan.sys
15:06:59.0697 1300 StillCam - ok
15:06:59.0775 1300 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:06:59.0822 1300 stisvc - ok
15:06:59.0869 1300 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:06:59.0884 1300 swenum - ok
15:06:59.0931 1300 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:06:59.0978 1300 swprv - ok
15:07:00.0025 1300 Swupdtmr (327786c5d6bcf284fab14c2b5751f514) c:\Toshiba\IVP\swupdate\swupdtmr.exe
15:07:00.0025 1300 Swupdtmr - ok
15:07:00.0056 1300 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:07:00.0072 1300 Symc8xx - ok
15:07:00.0134 1300 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\Windows\system32\drivers\NIS\1307010.005\SYMDS.SYS
15:07:00.0165 1300 SymDS - ok
15:07:00.0243 1300 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\Windows\system32\drivers\NIS\1307010.005\SYMEFA.SYS
15:07:00.0337 1300 SymEFA - ok
15:07:00.0399 1300 SymEvent (74e2521e96176a4449570e50be91954d) C:\Windows\system32\Drivers\SYMEVENT.SYS
15:07:00.0415 1300 SymEvent - ok
15:07:00.0430 1300 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\Windows\system32\drivers\NIS\1307010.005\Ironx86.SYS
15:07:00.0446 1300 SymIRON - ok
15:07:00.0462 1300 SYMTDIv (40c6e6417c8b7d7fcf82cfbe71525795) C:\Windows\System32\Drivers\NIS\1307010.005\SYMTDIV.SYS
15:07:00.0493 1300 SYMTDIv - ok
15:07:00.0524 1300 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:07:00.0571 1300 Sym_hi - ok
15:07:00.0602 1300 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:07:00.0618 1300 Sym_u3 - ok
15:07:00.0649 1300 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
15:07:00.0664 1300 SynTP - ok
15:07:00.0711 1300 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:07:00.0774 1300 SysMain - ok
15:07:00.0820 1300 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:07:00.0852 1300 TabletInputService - ok
15:07:00.0883 1300 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:07:00.0930 1300 TapiSrv - ok
15:07:00.0961 1300 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:07:00.0992 1300 TBS - ok
15:07:01.0070 1300 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
15:07:01.0117 1300 Tcpip - ok
15:07:01.0132 1300 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
15:07:01.0164 1300 Tcpip6 - ok
15:07:01.0226 1300 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:07:01.0273 1300 tcpipreg - ok
15:07:01.0304 1300 TcUsb (009aede9fe870c247014450dc1e01d5d) C:\Windows\system32\Drivers\tcusb.sys
15:07:01.0320 1300 TcUsb - ok
15:07:01.0366 1300 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:07:01.0398 1300 tdcmdpst - ok
15:07:01.0429 1300 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:07:01.0476 1300 TDPIPE - ok
15:07:01.0491 1300 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:07:01.0554 1300 TDTCP - ok
15:07:01.0585 1300 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:07:01.0647 1300 tdx - ok
15:07:01.0678 1300 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:07:01.0694 1300 TermDD - ok
15:07:01.0741 1300 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:07:01.0772 1300 TermService - ok
15:07:01.0819 1300 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:07:01.0850 1300 Themes - ok
15:07:01.0897 1300 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:07:01.0944 1300 THREADORDER - ok
15:07:01.0975 1300 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
15:07:01.0990 1300 tifm21 ( UnsignedFile.Multi.Generic ) - warning
15:07:01.0990 1300 tifm21 - detected UnsignedFile.Multi.Generic (1)
15:07:02.0022 1300 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
15:07:02.0053 1300 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
15:07:02.0053 1300 TODDSrv - detected UnsignedFile.Multi.Generic (1)
15:07:02.0146 1300 TosCoSrv (af41337c08d1c240af14ba4cab02bf02) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
15:07:02.0209 1300 TosCoSrv - ok
15:07:02.0287 1300 TOSHIBA Bluetooth Service (5480abfc2c6b19972d2871f576ebcaa3) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
15:07:02.0287 1300 TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - warning
15:07:02.0287 1300 TOSHIBA Bluetooth Service - detected UnsignedFile.Multi.Generic (1)
15:07:02.0334 1300 Tosrfcom - ok
15:07:02.0365 1300 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:07:02.0427 1300 TrkWks - ok
15:07:02.0474 1300 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:07:02.0521 1300 TrustedInstaller - ok
15:07:02.0552 1300 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:07:02.0583 1300 tssecsrv - ok
15:07:02.0630 1300 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:07:02.0661 1300 tunmp - ok
15:07:02.0692 1300 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:07:02.0708 1300 tunnel - ok
15:07:02.0724 1300 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:07:02.0739 1300 TVALZ - ok
15:07:02.0770 1300 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:07:02.0786 1300 uagp35 - ok
15:07:02.0817 1300 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:07:02.0848 1300 udfs - ok
15:07:02.0895 1300 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:07:02.0926 1300 UI0Detect - ok
15:07:02.0958 1300 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:07:02.0973 1300 uliagpkx - ok
15:07:02.0989 1300 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:07:03.0020 1300 uliahci - ok
15:07:03.0036 1300 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:07:03.0051 1300 UlSata - ok
15:07:03.0082 1300 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:07:03.0098 1300 ulsata2 - ok
15:07:03.0114 1300 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:07:03.0176 1300 umbus - ok
15:07:03.0223 1300 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:07:03.0270 1300 upnphost - ok
15:07:03.0301 1300 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:07:03.0348 1300 usbccgp - ok
15:07:03.0379 1300 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:07:03.0441 1300 usbcir - ok
15:07:03.0472 1300 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:07:03.0519 1300 usbehci - ok
15:07:03.0550 1300 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:07:03.0597 1300 usbhub - ok
15:07:03.0628 1300 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:07:03.0691 1300 usbohci - ok
15:07:03.0706 1300 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:07:03.0738 1300 usbprint - ok
15:07:03.0784 1300 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:07:03.0831 1300 usbscan - ok
15:07:03.0847 1300 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:07:03.0894 1300 USBSTOR - ok
15:07:03.0925 1300 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:07:03.0972 1300 usbuhci - ok
15:07:04.0018 1300 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:07:04.0112 1300 usbvideo - ok
15:07:04.0159 1300 UVCFTR (0d09f77f46dd3be73c3e5949428d6995) C:\Windows\system32\DRIVERS\UVCFTR_S.SYS
15:07:04.0159 1300 UVCFTR - ok
15:07:04.0190 1300 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:07:04.0237 1300 UxSms - ok
15:07:04.0268 1300 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:07:04.0377 1300 vds - ok
15:07:04.0440 1300 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:07:04.0502 1300 vga - ok
15:07:04.0533 1300 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:07:04.0580 1300 VgaSave - ok
15:07:04.0611 1300 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:07:04.0627 1300 viaagp - ok
15:07:04.0642 1300 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:07:04.0720 1300 ViaC7 - ok
15:07:04.0736 1300 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:07:04.0752 1300 viaide - ok
15:07:04.0798 1300 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:07:04.0830 1300 volmgr - ok
15:07:04.0876 1300 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:07:04.0892 1300 volmgrx - ok
15:07:04.0923 1300 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:07:04.0939 1300 volsnap - ok
15:07:04.0970 1300 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:07:04.0986 1300 vsmraid - ok
15:07:05.0079 1300 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:07:05.0157 1300 VSS - ok
15:07:05.0235 1300 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:07:05.0298 1300 W32Time - ok
15:07:05.0360 1300 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:07:05.0422 1300 WacomPen - ok
15:07:05.0454 1300 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:07:05.0500 1300 Wanarp - ok
15:07:05.0500 1300 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:07:05.0532 1300 Wanarpv6 - ok
15:07:05.0578 1300 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:07:05.0641 1300 wcncsvc - ok
15:07:05.0688 1300 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:07:05.0734 1300 WcsPlugInService - ok
15:07:05.0781 1300 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:07:05.0797 1300 Wd - ok
15:07:05.0844 1300 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:07:05.0890 1300 Wdf01000 - ok
15:07:05.0906 1300 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:07:05.0968 1300 WdiServiceHost - ok
15:07:05.0984 1300 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:07:06.0015 1300 WdiSystemHost - ok
15:07:06.0062 1300 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:07:06.0078 1300 WebClient - ok
15:07:06.0109 1300 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:07:06.0171 1300 Wecsvc - ok
15:07:06.0202 1300 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:07:06.0265 1300 wercplsupport - ok
15:07:06.0296 1300 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:07:06.0343 1300 WerSvc - ok
15:07:06.0421 1300 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:07:06.0436 1300 WinDefend - ok
15:07:06.0452 1300 WinHttpAutoProxySvc - ok
15:07:06.0514 1300 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:07:06.0530 1300 Winmgmt - ok
15:07:06.0624 1300 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:07:06.0951 1300 WinRM - ok
15:07:07.0029 1300 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:07:07.0076 1300 Wlansvc - ok
15:07:07.0138 1300 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
15:07:07.0201 1300 WmiAcpi - ok
15:07:07.0263 1300 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:07:07.0279 1300 wmiApSrv - ok
15:07:07.0404 1300 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:07:07.0560 1300 WMPNetworkSvc - ok
15:07:07.0606 1300 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:07:07.0716 1300 WPCSvc - ok
15:07:07.0762 1300 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:07:07.0856 1300 WPDBusEnum - ok
15:07:07.0996 1300 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:07:08.0028 1300 WPFFontCache_v0400 - ok
15:07:08.0074 1300 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:07:08.0106 1300 ws2ifsl - ok
15:07:08.0137 1300 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:07:08.0184 1300 wscsvc - ok
15:07:08.0184 1300 WSearch - ok
15:07:08.0324 1300 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
15:07:08.0527 1300 wuauserv - ok
15:07:08.0652 1300 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:07:08.0698 1300 WUDFRd - ok
15:07:08.0714 1300 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:07:08.0776 1300 wudfsvc - ok
15:07:08.0823 1300 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
15:07:08.0886 1300 yukonwlh - ok
15:07:08.0917 1300 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:07:09.0244 1300 \Device\Harddisk0\DR0 - ok
15:07:09.0244 1300 Boot (0x1200) (35cd2fdedb820416032f59034238e60b) \Device\Harddisk0\DR0\Partition0
15:07:09.0244 1300 \Device\Harddisk0\DR0\Partition0 - ok
15:07:09.0244 1300 ============================================================
15:07:09.0244 1300 Scan finished
15:07:09.0244 1300 ============================================================
15:07:09.0260 1280 Detected object count: 7
15:07:09.0260 1280 Actual detected object count: 7
15:07:41.0474 1280 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - copied to quarantine
15:07:41.0474 1280 HKLM\SYSTEM\ControlSet001\services\CFSvcs - will be deleted on reboot
15:07:41.0505 1280 HKLM\SYSTEM\ControlSet002\services\CFSvcs - will be deleted on reboot
15:07:41.0536 1280 C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe - will be deleted on reboot
15:07:41.0536 1280 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:07:41.0599 1280 C:\Windows\system32\drivers\kr10i.sys - copied to quarantine
15:07:41.0599 1280 HKLM\SYSTEM\ControlSet001\services\KR10I - will be deleted on reboot
15:07:41.0614 1280 HKLM\SYSTEM\ControlSet002\services\KR10I - will be deleted on reboot
15:07:41.0630 1280 C:\Windows\system32\drivers\kr10i.sys - will be deleted on reboot
15:07:41.0630 1280 KR10I ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:07:41.0661 1280 C:\Windows\system32\drivers\kr10n.sys - copied to quarantine
15:07:41.0661 1280 HKLM\SYSTEM\ControlSet001\services\KR10N - will be deleted on reboot
15:07:41.0661 1280 HKLM\SYSTEM\ControlSet002\services\KR10N - will be deleted on reboot
15:07:41.0661 1280 C:\Windows\system32\drivers\kr10n.sys - will be deleted on reboot
15:07:41.0661 1280 KR10N ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:07:41.0739 1280 C:\Windows\system32\drivers\kr3npxp.sys - copied to quarantine
15:07:41.0739 1280 HKLM\SYSTEM\ControlSet001\services\KR3NPXP - will be deleted on reboot
15:07:41.0739 1280 HKLM\SYSTEM\ControlSet002\services\KR3NPXP - will be deleted on reboot
15:07:41.0739 1280 C:\Windows\system32\drivers\kr3npxp.sys - will be deleted on reboot
15:07:41.0739 1280 KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:07:41.0802 1280 C:\Windows\system32\drivers\tifm21.sys - copied to quarantine
15:07:41.0817 1280 HKLM\SYSTEM\ControlSet001\services\tifm21 - will be deleted on reboot
15:07:41.0848 1280 HKLM\SYSTEM\ControlSet002\services\tifm21 - will be deleted on reboot
15:07:41.0848 1280 C:\Windows\system32\drivers\tifm21.sys - will be deleted on reboot
15:07:41.0848 1280 tifm21 ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:07:41.0942 1280 C:\Windows\system32\TODDSrv.exe - copied to quarantine
15:07:41.0942 1280 HKLM\SYSTEM\ControlSet001\services\TODDSrv - will be deleted on reboot
15:07:41.0942 1280 HKLM\SYSTEM\ControlSet002\services\TODDSrv - will be deleted on reboot
15:07:41.0942 1280 C:\Windows\system32\TODDSrv.exe - will be deleted on reboot
15:07:41.0942 1280 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:07:42.0051 1280 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - copied to quarantine
15:07:42.0051 1280 HKLM\SYSTEM\ControlSet001\services\TOSHIBA Bluetooth Service - will be deleted on reboot
15:07:42.0051 1280 HKLM\SYSTEM\ControlSet002\services\TOSHIBA Bluetooth Service - will be deleted on reboot
15:07:42.0051 1280 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe - will be deleted on reboot
15:07:42.0051 1280 TOSHIBA Bluetooth Service ( UnsignedFile.Multi.Generic ) - User select action: Delete
15:07:48.0666 3956 Deinitialize success
  • 0

#9
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I found this one for RKill...

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 07/05/2012 at 22:11:04.
Operating System: Windows Vista ™ Home Premium


Processes terminated by Rkill or while it was running:



Rkill completed on 07/05/2012 at 22:11:35.
  • 0

#10
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here is the first OTL Log after the custom scan/fix:

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Service KIGMH stopped successfully!
Service KIGMH deleted successfully!
File C:\Users\Wendi\AppData\Local\Temp\KIGMH.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{17f922f4-7c6b-11dc-86c3-00a0d1733b0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{17f922f4-7c6b-11dc-86c3-00a0d1733b0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{240a6551-2e7a-11dc-abd2-0019d2b8b1b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{240a6551-2e7a-11dc-abd2-0019d2b8b1b8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{47b0004e-a0e4-11dc-91a8-00a0d1733b0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47b0004e-a0e4-11dc-91a8-00a0d1733b0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73cd4813-e0f5-11db-ae4e-806e6f6e6963}\ not found.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{770e2d48-095e-11dd-bdb6-00a0d1733b0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{770e2d48-095e-11dd-bdb6-00a0d1733b0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fb11717-90ec-11dd-90dc-00a0d1733b0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fb11717-90ec-11dd-90dc-00a0d1733b0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a55a7707-7d40-11dc-a904-00a0d1733b0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a55a7707-7d40-11dc-a904-00a0d1733b0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b53d792d-491a-11dd-9314-00a0d1733b0f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b53d792d-491a-11dd-9314-00a0d1733b0f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7735b39-8c04-11dc-bfe0-0019d2b8b1b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7735b39-8c04-11dc-bfe0-0019d2b8b1b8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b7735b51-8c04-11dc-bfe0-0019d2b8b1b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7735b51-8c04-11dc-bfe0-0019d2b8b1b8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ccafc791-f9da-11db-8c63-0019d2b8b1b8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ccafc791-f9da-11db-8c63-0019d2b8b1b8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
C:\Users\Wendi\AppData\Local\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv moved successfully.
C:\ProgramData\6o1fpxf5dlxq47de5jb1600yp8m4cy5xnp3yiv moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Wendi\Downloads\cmd.bat deleted successfully.
C:\Users\Wendi\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Wendi
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 5232287 bytes
->FireFox cache emptied: 103615883 bytes
->Google Chrome cache emptied: 16202752 bytes
->Flash cache emptied: 57563 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 24064 bytes

Total Files Cleaned = 119.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07112012_194820

Files\Folders moved on Reboot...
File move failed. D:\Autorun.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2009/04/29 19:57:16 | 000,054,544 | R--- | M] (Electronic Arts) D:\Autorun.exe : MD5=8A0E320A9D0211A122EE4BF813554DE7

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here is the OTL log after I ran "Quick Scan"

OTL logfile created on: 7/11/2012 7:55:18 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Wendi\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.32 Mb Total Physical Memory | 147.83 Mb Available Physical Memory | 14.59% Memory free
2.23 Gb Paging File | 1.33 Gb Available in Paging File | 59.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 110.32 Gb Total Space | 60.61 Gb Free Space | 54.94% Space Free | Partition Type: NTFS

Computer Name: WENDI-PC | User Name: Wendi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/07 18:54:58 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Wendi\Downloads\OTL.exe
PRC - [2012/04/20 18:18:58 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/20 18:19:01 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2012/07/11 19:39:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/27 16:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/25 18:50:26 | 000,063,096 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 18:47:50 | 000,136,816 | ---- | M] () [Disabled | Stopped] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/12/20 00:15:44 | 000,428,152 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2006/10/05 12:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Disabled | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (Tosrfcom)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys -- (IO_Memory)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/06/18 17:01:14 | 000,821,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120619.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/06/18 11:26:26 | 000,382,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120705.001\IDSvix86.sys -- (IDSVix86)
DRV - [2012/06/09 12:30:53 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/09 12:30:53 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/05/19 10:39:36 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120706.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/05/19 10:39:36 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120706.036\NAVENG.SYS -- (NAVENG)
DRV - [2012/04/28 12:58:34 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/28 23:28:37 | 000,345,208 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys -- (SYMTDIv)
DRV - [2012/03/28 23:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012/03/28 23:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012/03/28 23:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012/03/28 23:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/11/29 15:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys -- (ccSet_NIS)
DRV - [2011/08/15 23:51:40 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys -- (SymDS)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/01/15 14:53:22 | 000,071,488 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/15 14:53:22 | 000,053,184 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2007/11/09 05:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/09/26 14:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/01/26 17:13:40 | 000,017,712 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2006/12/19 09:12:22 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/11/28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/19 23:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/10/18 12:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {8D696207-519C-4F98-8ED2-F93E23EBF025}
IE - HKLM\..\SearchScopes\{8D696207-519C-4F98-8ED2-F93E23EBF025}: "URL" = http://www.google.co...ge={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {FD756FFD-B48D-4DA3-A84D-DB1A984128CB}
IE - HKCU\..\SearchScopes\{4834BA29-26E5-4AEB-918A-A35EB9AD180C}: "URL" = http://search.yahoo....=utf-8&fr=b2ie7
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\..\SearchScopes\{FD756FFD-B48D-4DA3-A84D-DB1A984128CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mediaforge.com/MRP: C:\Windows\system32\npmirage.dll (XMLAuthor Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Wendi\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Wendi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Wendi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\IPSFFPlgn\ [2012/04/28 13:00:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\coFFPlgn\ [2012/07/11 19:53:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/05 19:59:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/14 12:11:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Wendi\AppData\Roaming\Move Networks

[2012/05/05 19:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendi\AppData\Roaming\Mozilla\Extensions
[2012/05/19 17:45:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wendi\AppData\Roaming\Mozilla\Firefox\Profiles\ydvm5i2g.default\extensions
[2012/05/05 19:59:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/20 18:19:34 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/07/16 11:22:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/20 18:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/20 18:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Wendi\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\Windows\system32\npmirage.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Norton Identity Protection = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\
CHR - Extension: Gmail = C:\Users\Wendi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/05 22:03:32 | 000,000,726 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.100.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CF63800-A8B9-4061-BFD6-E01C4FF176F2}: DhcpNameServer = 10.100.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Wendi\Documents\Pictures\Sample Pictures\Waterfall.jpg
O24 - Desktop BackupWallPaper: C:\Users\Wendi\Documents\Pictures\Sample Pictures\Waterfall.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/11 19:48:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/07 19:11:21 | 000,000,000 | ---D | C] -- C:\Users\Wendi\Desktop\annoying files
[2012/07/07 15:07:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/05 22:31:15 | 000,000,000 | ---D | C] -- C:\Users\Wendi\Documents\Regdelnull
[2012/07/05 21:57:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/07/05 21:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/07/05 21:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/07/02 20:01:46 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Wendi\Desktop\TDSSKiller.exe
[2012/07/01 12:15:09 | 000,000,000 | ---D | C] -- C:\Users\Wendi\Documents\GameFly
[2012/07/01 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Wendi\AppData\Roaming\GameFly
[2012/07/01 12:14:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameFly
[2012/07/01 12:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\GameFly
[2012/07/01 12:13:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/06/30 13:11:50 | 000,000,000 | ---D | C] -- C:\Users\Wendi\AppData\Local\Macromedia

========== Files - Modified Within 30 Days ==========

[2012/07/11 20:11:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1776382662-2522565114-3704666072-1000UA.job
[2012/07/11 20:10:46 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1776382662-2522565114-3704666072-1000Core.job
[2012/07/11 19:51:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 19:51:22 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/11 19:51:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/11 19:50:58 | 1063,313,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/11 19:43:43 | 000,327,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/11 19:43:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/11 19:29:26 | 000,002,569 | ---- | M] () -- C:\Users\Wendi\Desktop\Microsoft Office Word 2003.lnk
[2012/07/05 22:20:10 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Wendi\Desktop\TDSSKiller.exe
[2012/07/05 21:57:13 | 000,001,703 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/01 12:28:11 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\The 80 Classic Games.lnk
[2012/07/01 12:14:58 | 000,001,621 | ---- | M] () -- C:\Users\Public\Desktop\GameFly.lnk
[2012/06/30 13:23:29 | 000,002,053 | ---- | M] () -- C:\Users\Wendi\Desktop\Google Chrome.lnk
[2012/06/30 13:23:29 | 000,002,015 | ---- | M] () -- C:\Users\Wendi\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/07/11 19:21:44 | 1063,313,408 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/10 19:56:20 | 000,327,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/05 21:57:13 | 000,001,703 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/07/01 12:28:09 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\The 80 Classic Games.lnk
[2012/07/01 12:14:58 | 000,001,621 | ---- | C] () -- C:\Users\Public\Desktop\GameFly.lnk
[2012/05/26 13:01:35 | 039,901,656 | ---- | C] () -- C:\Users\Wendi\Daniel.wmv
[2012/05/19 18:03:50 | 000,003,584 | ---- | C] () -- C:\Users\Wendi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/05 21:01:55 | 000,270,786 | ---- | C] () -- C:\Users\Wendi\AppData\Local\census.cache
[2012/05/05 21:01:12 | 000,174,575 | ---- | C] () -- C:\Users\Wendi\AppData\Local\ars.cache
[2012/05/05 20:43:43 | 000,000,036 | ---- | C] () -- C:\Users\Wendi\AppData\Local\housecall.guid.cache
[2012/04/21 18:54:49 | 000,000,258 | R-S- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/22 21:13:52 | 012,869,942 | ---- | C] () -- C:\Users\Wendi\Eagle___March_17_004.AVI
[2011/12/10 14:47:46 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/12/10 14:47:46 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/07/30 13:42:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/07/30 13:40:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/07/30 13:40:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/12/28 20:11:31 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/01/23 00:34:00 | 001,502,666 | ---- | C] () -- C:\Users\Wendi\graduate.xps
[2007/11/10 01:28:25 | 000,265,395 | ---- | C] () -- C:\Users\Wendi\battery.xps
[2007/10/07 20:37:01 | 000,342,312 | ---- | C] () -- C:\Users\Wendi\www.courtinfo.ca.gov-forms-fillable-mc0500001.mdi
[2007/09/02 19:42:06 | 000,193,158 | ---- | C] () -- C:\Users\Wendi\schedule.xps
[2007/09/02 19:17:06 | 000,227,214 | ---- | C] () -- C:\Users\Wendi\norco directions.xps
[2007/06/23 22:26:19 | 000,058,803 | ---- | C] () -- C:\Users\Wendi\covenants_puzzle.gif

========== LOP Check ==========

[2012/07/01 12:15:08 | 000,000,000 | ---D | M] -- C:\Users\Wendi\AppData\Roaming\GameFly
[2012/07/11 19:49:55 | 000,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:44DAF2F1

< End of report >
  • 0

#12
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
"aswMBR" log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-11 20:17:35
-----------------------------
20:17:35.500 OS Version: Windows 6.0.6002 Service Pack 2
20:17:35.500 Number of processors: 2 586 0xE0C
20:17:35.500 ComputerName: WENDI-PC UserName: Wendi
20:17:59.352 Initialize success
20:21:20.534 AVAST engine defs: 12071102
20:21:51.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:21:51.594 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC7DP Size: 114473MB BusType: 3
20:21:51.625 Disk 0 MBR read successfully
20:21:51.625 Disk 0 MBR scan
20:21:51.703 Disk 0 Windows VISTA default MBR code
20:21:51.719 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:21:51.750 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112969 MB offset 3074048
20:21:51.750 Disk 0 scanning sectors +234434560
20:21:51.843 Disk 0 scanning C:\Windows\system32\drivers
20:22:05.322 Service scanning
20:22:38.675 Modules scanning
20:22:49.704 Disk 0 trace - called modules:
20:22:49.735 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys
20:22:49.735 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854bfac8]
20:22:49.751 3 CLASSPNP.SYS[872b48b3] -> nt!IofCallDriver -> [0x842634b0]
20:22:49.766 5 acpi.sys[86a4b6bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84263678]
20:22:50.765 AVAST engine scan C:\Windows
20:22:54.899 AVAST engine scan C:\Windows\system32
20:30:06.379 AVAST engine scan C:\Windows\system32\drivers
20:30:28.328 AVAST engine scan C:\Users\Wendi
20:33:45.138 AVAST engine scan C:\ProgramData
20:36:32.978 Scan finished successfully
20:37:13.096 Disk 0 MBR has been saved successfully to "C:\Users\Wendi\Desktop\MBR.dat"
20:37:13.096 The log file has been saved successfully to "C:\Users\Wendi\Desktop\aswMBR.txt"
  • 0

#13
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I am uncertain of the Norton settings so I too a screen shot of them.

Attached Thumbnails

  • Norton.jpg

  • 0

#14
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi wmpendle,

1. Please tell me how the system is running now.

The good news is that the aswMBR log doesn't show any sign of a rootkit.

The not so good news is you shouldn't have quarantined the files that you did with TDSSKiller. They are all system files and Toshiba drivers that the system needs.

The System Restore srevice is not running. We will address that shortly.

The OTL log shows that almost all of your available RAM is being used, but you only have one program, MalwareBytes, loading when the system starts. We need to see what is going on there.

But the first things we need to address are the files that were quarantined and the AntiVirus and Firewall.

2. Please navigate to the C:\TDSSKiller_Quarantine folder and see if there is a file in it. If there is, copy and paste it's contents in your next reply. If there isn't a file there, we will look for the deleted files another way.

3. The screenshot of your Norton Internet Security does not show that your system is protected. At the top of the screen beside Norton Internet Security it should say System Status: Protected.
  • In the notification area on the taskbar (where the clock is), right-click the Norton Internet Security icon:
  • Click Enable AntiVirus Auto Protect
If you want to use the Firewall, click Enable Smart Firewall.
OK any prompts you may get and restart the computer.

You will need to read the operation instructions to set the firewall to allow the programs you want to be able to connect to the internet.
Basically, if you have a program that can't connect to the internet after you turn the firewall on you should check the Firewall settings to make sure that the program is allowed access through the firewall to the internet.

If you don't use the Norton firewall you must turn the Windows firewall on.

Tell me if you got the Norton Anti Virus Auto Protect turned on, and what you decided about the firewall.
  • 0

#15
wmpendle

wmpendle

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I tried to change the Norton settings, it shows "Secure" and that "Smart Firewall" are on. Also in the corner of the taskbar (by the clock) it has the norton symbol with a green check mark.

Attached Thumbnails

  • norton2.jpg
  • norton3.jpg

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP