mbam & hijackthis logs

[zombine210]

so this toshiba laptop wont boot normally, sometimes it blue screens with 0x01E and sometimes it just returns a toshiba error f3-f100-010 and to turn off the machine.

of course when i was commissioned to look at it, all they said was it can't go to the internet. right...

so i managed to boot into safe mode and get the logs. would appreciate any input.

btw, i did fix all infections found by malwarebytes, but not from hijackthis.
still can't boot normally, i think the drive might be a goner. what free tool can i use to check it?




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.06

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

6/8/2012 4:52:44 PM
mbam-log-2012-06-08 (16-52-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445383
Time elapsed: 1 hour(s), 5 minute(s), 31 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1628 -> Delete on reboot.

Memory Modules Detected: 1
C:\Users\Diana\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Detected: 8
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^"^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Diana\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
C:\Users\Diana\AppData\Local\Apps\2.0\Y7CQ027J.HWD\ED46AH84.KCD\coup...exe_cd8a3367a11d8867_07db.0200_none_155418a0309f7a4f\EI_CouponAlert.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Diana\AppData\Local\Apps\2.0\Y7CQ027J.HWD\ED46AH84.KCD\coup..lert_cd8a3367a11d8867_07db.0200_2e0f0980113956c1\EI_CouponAlert.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Diana\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\21339135.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:13 PM, on 6/8/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
E:\tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: ShopAtHome.com Toolbar - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120318205029.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [Easy Dock] C:\Users\Diana\Documents\RCA easyRip\EZDock.exe
O4 - HKCU\..\Run: [TOSHIBA] rundll32.exe C:\Users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll,m4OutVideoInit
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: RCA Detective.lnk = Diana\Documents\RCA Detective\RCADetective.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14508 bytes

 

[zombine210]

it just blue screened with 0x050 and then with 0x0A
i'm booting into safe mode and removing the video drivers and installing fresh ones from MS.

 

[zombine210]

after rebooting and going into desktop, it blue screened with 0x1E
it all points to a hardware issues, maybe a driver, but can't pinpoint to it because it keeps rebooting on me.

 

[zombine210]

here's the bsod history using bluescreenview:


==================================================
Dump File : 060812-29140-01.dmp
Crash Time : 6/8/2012 8:56:11 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`8d351e00
Parameter 2 : 00000000`00000001
Parameter 3 : fffffa80`05a0e2e6
Parameter 4 : 00000000`00000005
Caused By Driver : hal.dll
Caused By Address : hal.dll+7ae7
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060812-29140-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 276,552
==================================================

==================================================
Dump File : 060812-23946-01.dmp
Crash Time : 6/8/2012 8:38:23 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02eb1117
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`7efa0000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060812-23946-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 270,528
==================================================

==================================================
Dump File : 060812-21855-01.dmp
Crash Time : 6/8/2012 8:27:31 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`000000dc
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e54995
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060812-21855-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060812-34507-01.dmp
Crash Time : 6/8/2012 8:22:15 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`8b062800
Parameter 2 : 00000000`00000001
Parameter 3 : fffffa80`05b972e6
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060812-34507-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060812-25162-01.dmp
Crash Time : 6/8/2012 8:04:28 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`8d741c00
Parameter 2 : 00000000`00000001
Parameter 3 : fffffa80`05b7e2e6
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060812-25162-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060812-21153-01.dmp
Crash Time : 6/8/2012 4:21:34 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`8e296200
Parameter 2 : 00000000`00000001
Parameter 3 : fffffa80`05b982e6
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060812-21153-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060812-24024-01.dmp
Crash Time : 6/8/2012 3:41:18 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02ea9117
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`7efa0000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060812-24024-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060112-34569-01.dmp
Crash Time : 6/1/2012 10:31:45 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`000000dc
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e6a995
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060112-34569-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060112-22776-01.dmp
Crash Time : 6/1/2012 10:24:05 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 00000000`0000000e
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000001
Parameter 4 : fffff800`02e78034
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060112-22776-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060112-23914-01.dmp
Crash Time : 6/1/2012 10:18:28 PM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02e96995
Parameter 3 : 00000000`00000000
Parameter 4 : ffffffff`ffffffff
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060112-23914-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060112-24351-01.dmp
Crash Time : 6/1/2012 10:09:25 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`8bf09400
Parameter 2 : 00000000`00000001
Parameter 3 : fffffa80`05c4d2e6
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060112-24351-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 060112-24382-01.dmp
Crash Time : 6/1/2012 10:06:56 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff880`94a83600
Parameter 2 : 00000000`00000001
Parameter 3 : fffffa80`05b582e6
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70040
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\060112-24382-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 081311-28828-01.dmp
Crash Time : 8/13/2011 8:44:20 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a1`103dcff2
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`02e7a510
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+705c0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+705c0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\081311-28828-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 033111-24523-01.dmp
Crash Time : 3/31/2011 6:29:22 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a1`0f441fec
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`02ebc680
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\033111-24523-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

==================================================
Dump File : 122410-20950-01.dmp
Crash Time : 12/24/2010 9:06:55 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff8a1`17eb20ec
Parameter 2 : 00000000`00000000
Parameter 3 : fffff800`02eae209
Parameter 4 : 00000000`00000005
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor : x64
Crash Address : ntoskrnl.exe+70740
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\windows\Minidump\122410-20950-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7600
Dump File Size : 277,080
==================================================

 

[johnb35]

This seems mainly a memory issue. But first lets run combofix as I'm sure there are more infection and more cleanup to do. First of all, please uninstall all norton and mcafee software and then use their removal tools.

mcafee - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

norton - ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Then run combofix

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  Combofix
  
  
• When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
• Save the file to your windows desktop. The combofix icon will look like this when it has downloaded to your desktop.
  
  
  
• We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
  
  
• Close all open Windows including this one.
  
• Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found here.
  Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.
  
• Please click on I agree on the disclaimer window.
• ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.
  
  
  
  
  
• ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.
  
  
  
  
  
• Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:
  
  
  
  
  
• At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.
  
• Please click on yes in the next window to continue scanning for malware.
  
• ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.
  
• ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.
  
• While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.
  
  
  
  
  
• When ComboFix has finished running, you will see a screen stating that it is preparing the log report.
  
• This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.
  
• When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.
  
• Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy. Then come to the forum in your reply and right click on your mouse and click on paste.
  

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[zombine210]

thanks for teh reply john.
i just finished 2 passes with memtest 86+ (1.5 hrs) and it didn't report any errors.
i also re-seated the modules before the test.

so this laptop blue screens in normal mode as soon as i try to do anything. i have to work in safe mode.

i uninstalled mcafee and norton, but i could not run the mcafee tool with message: error obtaining full permissions for cleanup. see log file for details. when i clicked on 'see log' i got another error: the process cannot access the fiel because it is being used by another process.
i did try running as admin and still got the same messages.

anyways, as soon as i started combofix, the computer blue screened with 0x0A. which is weird because i have been able to work in safe mode without any issues.

stumped...

*edit: tried again, combofix runs halfway then blue screened with 0x1E

 

[johnb35]

So have you ran combofix in safemode or not? If not then do it in safe mode. I'm at work right now and will check back when I get home.

 

[zombine210]

So have you ran combofix in safemode or not? If not then do it in safe mode. I'm at work right now and will check back when I get home.

yes. both times it blue screened while running combofix in safemode.

i was able to run ccleaner in normal mode. it seems to stabilize little, but combofix still causes it to blue screen.

 

[johnb35]

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.

To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.

If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it. Please open the log and copy and paste it back here.

Then lets get an online scan going.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates, install and then start scanning your system.
When the scan is done, push list of found threats
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply.
If no threats are found then it won't produce a log.

 

[zombine210]

thanks for your help, the tdss killer log is too long to post so i broke it up

16:22:11.0494 1664 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:22:11.0541 1664 ============================================================
16:22:11.0541 1664 Current date / time: 2012/06/09 16:22:11.0541
16:22:11.0541 1664 SystemInfo:
16:22:11.0541 1664
16:22:11.0541 1664 OS Version: 6.1.7600 ServicePack: 0.0
16:22:11.0541 1664 Product type: Workstation
16:22:11.0541 1664 ComputerName: DIANA-PC
16:22:11.0541 1664 UserName: Diana
16:22:11.0541 1664 Windows directory: C:\windows
16:22:11.0541 1664 System windows directory: C:\windows
16:22:11.0541 1664 Running under WOW64
16:22:11.0541 1664 Processor architecture: Intel x64
16:22:11.0541 1664 Number of processors: 2
16:22:11.0541 1664 Page size: 0x1000
16:22:11.0541 1664 Boot type: Safe boot
16:22:11.0541 1664 ============================================================
16:22:12.0258 1664 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:12.0258 1664 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:22:12.0274 1664 ============================================================
16:22:12.0274 1664 \Device\Harddisk0\DR0:
16:22:12.0274 1664 MBR partitions:
16:22:12.0274 1664 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F63800
16:22:12.0274 1664 \Device\Harddisk1\DR1:
16:22:12.0274 1664 MBR partitions:
16:22:12.0274 1664 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x30, BlocksNum 0x777FD0
16:22:12.0274 1664 ============================================================
16:22:12.0290 1664 C: <-> \Device\Harddisk0\DR0\Partition0
16:22:12.0290 1664 ============================================================
16:22:12.0290 1664 Initialize success
16:22:12.0290 1664 ============================================================
16:22:16.0704 1692 ============================================================
16:22:16.0704 1692 Scan started
16:22:16.0704 1692 Mode: Manual;
16:22:16.0704 1692 ============================================================
16:22:17.0157 1692 0262681339213887mcinstcleanup - ok
16:22:17.0282 1692 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
16:22:17.0282 1692 1394ohci - ok
16:22:17.0328 1692 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
16:22:17.0328 1692 ACPI - ok
16:22:17.0375 1692 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
16:22:17.0375 1692 AcpiPmi - ok
16:22:17.0500 1692 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:22:17.0500 1692 AdobeARMservice - ok
16:22:17.0547 1692 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:22:17.0562 1692 adp94xx - ok
16:22:17.0640 1692 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:22:17.0640 1692 adpahci - ok
16:22:17.0672 1692 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:22:17.0672 1692 adpu320 - ok
16:22:17.0703 1692 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:22:17.0718 1692 AeLookupSvc - ok
16:22:17.0765 1692 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
16:22:17.0781 1692 AFD - ok
16:22:17.0812 1692 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
16:22:17.0812 1692 agp440 - ok
16:22:17.0843 1692 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:22:17.0843 1692 ALG - ok
16:22:17.0874 1692 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
16:22:17.0874 1692 aliide - ok
16:22:17.0890 1692 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
16:22:17.0890 1692 amdide - ok
16:22:17.0906 1692 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:22:17.0906 1692 AmdK8 - ok
16:22:17.0952 1692 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:22:17.0952 1692 AmdPPM - ok
16:22:17.0999 1692 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
16:22:17.0999 1692 amdsata - ok
16:22:18.0030 1692 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:22:18.0030 1692 amdsbs - ok
16:22:18.0062 1692 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
16:22:18.0062 1692 amdxata - ok
16:22:18.0093 1692 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
16:22:18.0093 1692 AppID - ok
16:22:18.0124 1692 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:22:18.0124 1692 AppIDSvc - ok
16:22:18.0140 1692 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
16:22:18.0140 1692 Appinfo - ok
16:22:18.0249 1692 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:22:18.0249 1692 Apple Mobile Device - ok
16:22:18.0311 1692 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:22:18.0311 1692 arc - ok
16:22:18.0342 1692 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:22:18.0342 1692 arcsas - ok
16:22:18.0483 1692 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:22:18.0514 1692 aspnet_state - ok
16:22:18.0561 1692 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:22:18.0561 1692 AsyncMac - ok
16:22:18.0576 1692 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
16:22:18.0592 1692 atapi - ok
16:22:18.0670 1692 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:22:18.0670 1692 AudioEndpointBuilder - ok
16:22:18.0686 1692 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:22:18.0686 1692 AudioSrv - ok
16:22:18.0732 1692 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
16:22:18.0732 1692 AxInstSV - ok
16:22:18.0795 1692 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:22:18.0795 1692 b06bdrv - ok
16:22:18.0842 1692 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:22:18.0842 1692 b57nd60a - ok
16:22:18.0873 1692 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:22:18.0873 1692 BDESVC - ok
16:22:18.0904 1692 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:22:18.0904 1692 Beep - ok
16:22:18.0966 1692 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
16:22:18.0982 1692 BITS - ok
16:22:19.0013 1692 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:22:19.0013 1692 blbdrive - ok
16:22:19.0091 1692 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:22:19.0107 1692 Bonjour Service - ok
16:22:19.0154 1692 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
16:22:19.0154 1692 bowser - ok
16:22:19.0185 1692 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:22:19.0185 1692 BrFiltLo - ok
16:22:19.0216 1692 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:22:19.0216 1692 BrFiltUp - ok
16:22:19.0232 1692 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
16:22:19.0232 1692 BridgeMP - ok
16:22:19.0263 1692 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
16:22:19.0263 1692 Browser - ok
16:22:19.0294 1692 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:22:19.0310 1692 Brserid - ok
16:22:19.0341 1692 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:22:19.0341 1692 BrSerWdm - ok
16:22:19.0356 1692 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:22:19.0356 1692 BrUsbMdm - ok
16:22:19.0356 1692 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:22:19.0356 1692 BrUsbSer - ok
16:22:19.0388 1692 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:22:19.0388 1692 BTHMODEM - ok
16:22:19.0419 1692 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:22:19.0419 1692 bthserv - ok
16:22:19.0450 1692 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:22:19.0450 1692 cdfs - ok
16:22:19.0497 1692 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
16:22:19.0497 1692 cdrom - ok
16:22:19.0528 1692 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
16:22:19.0528 1692 CertPropSvc - ok
16:22:19.0575 1692 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:22:19.0575 1692 circlass - ok
16:22:19.0606 1692 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:22:19.0606 1692 CLFS - ok
16:22:19.0684 1692 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:22:19.0700 1692 clr_optimization_v2.0.50727_32 - ok
16:22:19.0746 1692 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:22:19.0746 1692 clr_optimization_v2.0.50727_64 - ok
16:22:19.0856 1692 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:22:20.0043 1692 clr_optimization_v4.0.30319_32 - ok
16:22:20.0121 1692 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:22:20.0183 1692 clr_optimization_v4.0.30319_64 - ok
16:22:20.0230 1692 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:22:20.0230 1692 CmBatt - ok
16:22:20.0246 1692 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
16:22:20.0246 1692 cmdide - ok
16:22:20.0292 1692 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
16:22:20.0292 1692 CNG - ok
16:22:20.0370 1692 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
16:22:20.0370 1692 CnxtHdAudService - ok
16:22:20.0417 1692 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:22:20.0417 1692 Compbatt - ok
16:22:20.0448 1692 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
16:22:20.0448 1692 CompositeBus - ok
16:22:20.0448 1692 COMSysApp - ok
16:22:20.0495 1692 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:22:20.0495 1692 crcdisk - ok
16:22:20.0542 1692 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
16:22:20.0542 1692 CryptSvc - ok
16:22:20.0604 1692 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
16:22:20.0604 1692 DcomLaunch - ok
16:22:20.0667 1692 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:22:20.0667 1692 defragsvc - ok
16:22:20.0714 1692 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
16:22:20.0714 1692 DfsC - ok
16:22:20.0760 1692 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
16:22:20.0760 1692 Dhcp - ok
16:22:20.0792 1692 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:22:20.0792 1692 discache - ok
16:22:20.0823 1692 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:22:20.0823 1692 Disk - ok
16:22:20.0870 1692 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
16:22:20.0870 1692 Dnscache - ok
16:22:20.0916 1692 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
16:22:20.0916 1692 dot3svc - ok
16:22:20.0932 1692 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
16:22:20.0932 1692 DPS - ok
16:22:20.0979 1692 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:22:20.0979 1692 drmkaud - ok
16:22:21.0041 1692 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
16:22:21.0057 1692 DXGKrnl - ok
16:22:21.0072 1692 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:22:21.0072 1692 EapHost - ok
16:22:21.0291 1692 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:22:21.0322 1692 ebdrv - ok
16:22:21.0400 1692 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
16:22:21.0400 1692 EFS - ok
16:22:21.0478 1692 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
16:22:21.0478 1692 ehRecvr - ok
16:22:21.0509 1692 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:22:21.0509 1692 ehSched - ok
16:22:21.0587 1692 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:22:21.0587 1692 elxstor - ok
16:22:21.0603 1692 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
16:22:21.0603 1692 ErrDev - ok
16:22:21.0634 1692 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:22:21.0650 1692 EventSystem - ok
16:22:21.0681 1692 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:22:21.0681 1692 exfat - ok
16:22:21.0712 1692 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:22:21.0712 1692 fastfat - ok
16:22:21.0759 1692 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
16:22:21.0774 1692 Fax - ok
16:22:21.0790 1692 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:22:21.0790 1692 fdc - ok
16:22:21.0806 1692 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:22:21.0821 1692 fdPHost - ok
16:22:21.0821 1692 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:22:21.0821 1692 FDResPub - ok
16:22:21.0852 1692 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:22:21.0852 1692 FileInfo - ok
16:22:21.0868 1692 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:22:21.0868 1692 Filetrace - ok
16:22:21.0884 1692 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:22:21.0884 1692 flpydisk - ok
16:22:21.0915 1692 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
16:22:21.0915 1692 FltMgr - ok
16:22:21.0977 1692 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
16:22:21.0993 1692 FontCache - ok
16:22:22.0071 1692 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:22:22.0071 1692 FontCache3.0.0.0 - ok
16:22:22.0102 1692 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:22:22.0102 1692 FsDepends - ok
16:22:22.0149 1692 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
16:22:22.0149 1692 Fs_Rec - ok
16:22:22.0196 1692 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
16:22:22.0196 1692 fvevol - ok
16:22:22.0227 1692 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:22:22.0227 1692 gagp30kx - ok
16:22:22.0320 1692 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
16:22:22.0320 1692 GameConsoleService - ok
16:22:22.0367 1692 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:22:22.0367 1692 GEARAspiWDM - ok
16:22:22.0398 1692 GoToAssist - ok
16:22:22.0445 1692 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
16:22:22.0461 1692 gpsvc - ok
16:22:22.0554 1692 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:22:22.0554 1692 gupdate - ok
16:22:22.0570 1692 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:22:22.0570 1692 gupdatem - ok
16:22:22.0601 1692 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:22:22.0601 1692 gusvc - ok
16:22:22.0632 1692 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:22:22.0632 1692 hcw85cir - ok
16:22:22.0679 1692 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
16:22:22.0679 1692 HdAudAddService - ok
16:22:22.0710 1692 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:22:22.0710 1692 HDAudBus - ok
16:22:22.0726 1692 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
16:22:22.0742 1692 HidBatt - ok
16:22:22.0742 1692 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
16:22:22.0742 1692 HidBth - ok
16:22:22.0757 1692 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
16:22:22.0773 1692 HidIr - ok
16:22:22.0788 1692 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
16:22:22.0788 1692 hidserv - ok
16:22:22.0835 1692 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
16:22:22.0835 1692 HidUsb - ok
16:22:22.0851 1692 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
16:22:22.0851 1692 hkmsvc - ok
16:22:22.0866 1692 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
16:22:22.0882 1692 HomeGroupListener - ok
16:22:22.0913 1692 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
16:22:22.0913 1692 HomeGroupProvider - ok
16:22:22.0944 1692 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
16:22:22.0944 1692 HpSAMD - ok
16:22:22.0991 1692 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
16:22:23.0007 1692 HTTP - ok
16:22:23.0007 1692 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
16:22:23.0007 1692 hwpolicy - ok
16:22:23.0054 1692 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:22:23.0054 1692 i8042prt - ok
16:22:23.0100 1692 iaStor (be7d72fcf442c26975942007e0831241) C:\windows\system32\DRIVERS\iaStor.sys
16:22:23.0100 1692 iaStor - ok
16:22:23.0147 1692 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
16:22:23.0163 1692 iaStorV - ok
16:22:23.0225 1692 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:22:23.0241 1692 IDriverT - ok
16:22:23.0350 1692 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:22:23.0366 1692 idsvc - ok
16:22:23.0678 1692 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
16:22:23.0818 1692 igfx - ok
16:22:23.0943 1692 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
16:22:23.0943 1692 iirsp - ok
16:22:24.0005 1692 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
16:22:24.0005 1692 IKEEXT - ok
16:22:24.0036 1692 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
16:22:24.0036 1692 intelide - ok
16:22:24.0068 1692 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:22:24.0068 1692 intelppm - ok
16:22:24.0083 1692 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:22:24.0083 1692 IPBusEnum - ok
16:22:24.0114 1692 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:22:24.0114 1692 IpFilterDriver - ok
16:22:24.0177 1692 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
16:22:24.0177 1692 iphlpsvc - ok
16:22:24.0208 1692 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
16:22:24.0208 1692 IPMIDRV - ok
16:22:24.0239 1692 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:22:24.0239 1692 IPNAT - ok
16:22:24.0348 1692 iPod Service (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
16:22:24.0364 1692 iPod Service - ok
16:22:24.0395 1692 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:22:24.0395 1692 IRENUM - ok
16:22:24.0411 1692 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
16:22:24.0411 1692 isapnp - ok
16:22:24.0426 1692 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
16:22:24.0426 1692 iScsiPrt - ok
16:22:24.0473 1692 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:22:24.0473 1692 kbdclass - ok
16:22:24.0489 1692 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
16:22:24.0489 1692 kbdhid - ok
16:22:24.0520 1692 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:24.0520 1692 KeyIso - ok
16:22:24.0551 1692 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
16:22:24.0551 1692 KSecDD - ok
16:22:24.0567 1692 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
16:22:24.0567 1692 KSecPkg - ok
16:22:24.0614 1692 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:22:24.0614 1692 ksthunk - ok
16:22:24.0660 1692 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:22:24.0660 1692 KtmRm - ok
16:22:24.0707 1692 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
16:22:24.0707 1692 L1C - ok
16:22:24.0754 1692 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
16:22:24.0754 1692 LanmanServer - ok
16:22:24.0785 1692 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
16:22:24.0785 1692 LanmanWorkstation - ok
16:22:24.0848 1692 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:22:24.0848 1692 lltdio - ok
16:22:24.0894 1692 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:22:24.0894 1692 lltdsvc - ok
16:22:24.0910 1692 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:22:24.0910 1692 lmhosts - ok
16:22:24.0957 1692 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
16:22:24.0957 1692 LSI_FC - ok
16:22:24.0972 1692 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
16:22:24.0972 1692 LSI_SAS - ok
16:22:25.0019 1692 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:22:25.0019 1692 LSI_SAS2 - ok
16:22:25.0035 1692 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:22:25.0035 1692 LSI_SCSI - ok
16:22:25.0066 1692 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:22:25.0066 1692 luafv - ok
16:22:25.0097 1692 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
16:22:25.0097 1692 Mcx2Svc - ok
16:22:25.0113 1692 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
16:22:25.0113 1692 megasas - ok
16:22:25.0160 1692 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
16:22:25.0160 1692 MegaSR - ok
16:22:25.0191 1692 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:22:25.0191 1692 MMCSS - ok
16:22:25.0206 1692 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:22:25.0206 1692 Modem - ok
16:22:25.0238 1692 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:22:25.0238 1692 monitor - ok
16:22:25.0269 1692 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:22:25.0269 1692 mouclass - ok
16:22:25.0300 1692 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:22:25.0300 1692 mouhid - ok
16:22:25.0316 1692 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
16:22:25.0316 1692 mountmgr - ok
16:22:25.0347 1692 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
16:22:25.0347 1692 mpio - ok
16:22:25.0378 1692 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:22:25.0378 1692 mpsdrv - ok
16:22:25.0394 1692 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
16:22:25.0394 1692 MRxDAV - ok
16:22:25.0440 1692 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
16:22:25.0440 1692 mrxsmb - ok
16:22:25.0487 1692 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:22:25.0487 1692 mrxsmb10 - ok
16:22:25.0534 1692 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:22:25.0534 1692 mrxsmb20 - ok
16:22:25.0550 1692 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
16:22:25.0550 1692 msahci - ok
16:22:25.0565 1692 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
16:22:25.0581 1692 msdsm - ok
16:22:25.0612 1692 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:22:25.0612 1692 MSDTC - ok
16:22:25.0643 1692 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:22:25.0643 1692 Msfs - ok
16:22:25.0659 1692 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:22:25.0659 1692 mshidkmdf - ok
16:22:25.0659 1692 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
16:22:25.0674 1692 msisadrv - ok
16:22:25.0690 1692 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:22:25.0690 1692 MSiSCSI - ok
16:22:25.0690 1692 msiserver - ok
16:22:25.0737 1692 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:22:25.0737 1692 MSKSSRV - ok
16:22:25.0752 1692 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:22:25.0752 1692 MSPCLOCK - ok
16:22:25.0768 1692 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:22:25.0768 1692 MSPQM - ok
16:22:25.0799 1692 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
16:22:25.0799 1692 MsRPC - ok
16:22:25.0815 1692 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:22:25.0815 1692 mssmbios - ok
16:22:25.0830 1692 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:22:25.0830 1692 MSTEE - ok
16:22:25.0862 1692 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
16:22:25.0862 1692 MTConfig - ok
16:22:25.0908 1692 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:22:25.0908 1692 Mup - ok
16:22:25.0940 1692 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
16:22:25.0940 1692 napagent - ok
16:22:25.0986 1692 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:22:26.0002 1692 NativeWifiP - ok
16:22:26.0049 1692 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
16:22:26.0064 1692 NDIS - ok
16:22:26.0096 1692 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:22:26.0096 1692 NdisCap - ok
16:22:26.0111 1692 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:22:26.0127 1692 NdisTapi - ok
16:22:26.0142 1692 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
16:22:26.0142 1692 Ndisuio - ok
16:22:26.0174 1692 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
16:22:26.0174 1692 NdisWan - ok
16:22:26.0189 1692 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
16:22:26.0189 1692 NDProxy - ok
16:22:26.0205 1692 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:22:26.0205 1692 NetBIOS - ok
16:22:26.0220 1692 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
16:22:26.0220 1692 NetBT - ok
16:22:26.0252 1692 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:26.0267 1692 Netlogon - ok
16:22:26.0298 1692 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:22:26.0314 1692 Netman - ok
16:22:26.0454 1692 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0486 1692 NetMsmqActivator - ok
16:22:26.0501 1692 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0501 1692 NetPipeActivator - ok
16:22:26.0548 1692 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:22:26.0548 1692 netprofm - ok
16:22:26.0564 1692 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0564 1692 NetTcpActivator - ok
16:22:26.0579 1692 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0579 1692 NetTcpPortSharing - ok
16:22:26.0626 1692 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
16:22:26.0626 1692 nfrd960 - ok
16:22:26.0657 1692 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
16:22:26.0673 1692 NlaSvc - ok
16:22:26.0720 1692 Norton PC Checkup Application Launcher - ok
16:22:26.0735 1692 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:22:26.0735 1692 Npfs - ok
16:22:26.0766 1692 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:22:26.0766 1692 nsi - ok
16:22:26.0766 1692 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:22:26.0766 1692 nsiproxy - ok
16:22:26.0860 1692 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
16:22:26.0876 1692 Ntfs - ok
16:22:26.0985 1692 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:22:26.0985 1692 Null - ok
16:22:27.0032 1692 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
16:22:27.0032 1692 nvraid - ok
16:22:27.0047 1692 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
16:22:27.0047 1692 nvstor - ok
16:22:27.0063 1692 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
16:22:27.0063 1692 nv_agp - ok
16:22:27.0203 1692 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:22:27.0203 1692 odserv - ok
16:22:27.0234 1692 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
16:22:27.0250 1692 ohci1394 - ok
16:22:27.0281 1692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:22:27.0281 1692 ose - ok
16:22:27.0312 1692 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:22:27.0328 1692 p2pimsvc - ok
16:22:27.0344 1692 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:22:27.0344 1692 p2psvc - ok
16:22:27.0375 1692 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
16:22:27.0375 1692 Parport - ok
16:22:27.0422 1692 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
16:22:27.0422 1692 partmgr - ok
16:22:27.0453 1692 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:22:27.0453 1692 PcaSvc - ok
16:22:27.0484 1692 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
16:22:27.0484 1692 PCCUJobMgr - ok
16:22:27.0515 1692 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
16:22:27.0515 1692 pci - ok
16:22:27.0515 1692 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:22:27.0515 1692 pciide - ok
16:22:27.0562 1692 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
16:22:27.0562 1692 pcmcia - ok
16:22:27.0578 1692 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:22:27.0578 1692 pcw - ok
16:22:27.0609 1692 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:22:27.0624 1692 PEAUTH - ok
16:22:27.0671 1692 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:22:27.0687 1692 PerfHost - ok
16:22:27.0921 1692 PEVSystemStart (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
16:22:27.0921 1692 PEVSystemStart - ok
16:22:28.0030 1692 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
16:22:28.0030 1692 PGEffect - ok
16:22:28.0108 1692 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
16:22:28.0124 1692 pla - ok
16:22:28.0170 1692 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
16:22:28.0170 1692 PlugPlay - ok
16:22:28.0202 1692 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:22:28.0202 1692 PNRPAutoReg - ok
16:22:28.0233 1692 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:22:28.0233 1692 PNRPsvc - ok
16:22:28.0264 1692 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
16:22:28.0280 1692 PolicyAgent - ok
16:22:28.0295 1692 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:22:28.0295 1692 Power - ok
16:22:28.0358 1692 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
16:22:28.0358 1692 PptpMiniport - ok
16:22:28.0389 1692 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
16:22:28.0389 1692 Processor - ok
16:22:28.0420 1692 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
16:22:28.0420 1692 ProfSvc - ok
16:22:28.0467 1692 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:28.0467 1692 ProtectedStorage - ok
16:22:28.0498 1692 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
16:22:28.0498 1692 Psched - ok
16:22:28.0529 1692 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
16:22:28.0529 1692 QIOMem - ok
16:22:28.0623 1692 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
16:22:28.0638 1692 ql2300 - ok
16:22:28.0748 1692 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
16:22:28.0748 1692 ql40xx - ok
16:22:28.0779 1692 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:22:28.0779 1692 QWAVE - ok
16:22:28.0794 1692 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:22:28.0794 1692 QWAVEdrv - ok
16:22:28.0857 1692 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\windows\WindowsMobile\rapimgr.dll
16:22:28.0857 1692 RapiMgr - ok
16:22:28.0872 1692 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:22:28.0872 1692 RasAcd - ok
16:22:28.0904 1692 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:22:28.0904 1692 RasAgileVpn - ok
16:22:28.0935 1692 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:22:28.0935 1692 RasAuto - ok
16:22:28.0950 1692 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
16:22:28.0950 1692 Rasl2tp - ok
16:22:28.0966 1692 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
16:22:28.0982 1692 RasMan - ok
16:22:28.0997 1692 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:22:28.0997 1692 RasPppoe - ok
16:22:29.0013 1692 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:22:29.0013 1692 RasSstp - ok
16:22:29.0028 1692 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
16:22:29.0044 1692 rdbss - ok
16:22:29.0060 1692 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
16:22:29.0060 1692 rdpbus - ok
16:22:29.0091 1692 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:22:29.0091 1692 RDPCDD - ok
16:22:29.0106 1692 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:22:29.0106 1692 RDPENCDD - ok
16:22:29.0122 1692 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:22:29.0122 1692 RDPREFMP - ok
16:22:29.0153 1692 RDPWD (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
16:22:29.0169 1692 RDPWD - ok
16:22:29.0169 1692 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
16:22:29.0184 1692 rdyboost - ok
16:22:29.0200 1692 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:22:29.0216 1692 RemoteAccess - ok
16:22:29.0247 1692 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:22:29.0247 1692 RemoteRegistry - ok
16:22:29.0262 1692 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:22:29.0262 1692 RpcEptMapper - ok
16:22:29.0278 1692 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:22:29.0278 1692 RpcLocator - ok
16:22:29.0309 1692 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
16:22:29.0309 1692 RpcSs - ok
16:22:29.0340 1692 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:22:29.0340 1692 rspndr - ok
16:22:29.0387 1692 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys

 

[zombine210]

here's the rest:


16:22:29.0387 1692 RSUSBSTOR - ok
16:22:29.0465 1692 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
16:22:29.0465 1692 rtl8192se - ok
16:22:29.0496 1692 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:29.0512 1692 SamSs - ok
16:22:29.0528 1692 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
16:22:29.0528 1692 sbp2port - ok
16:22:29.0559 1692 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:22:29.0559 1692 SCardSvr - ok
16:22:29.0574 1692 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
16:22:29.0590 1692 scfilter - ok
16:22:29.0652 1692 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
16:22:29.0668 1692 Schedule - ok
16:22:29.0699 1692 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
16:22:29.0699 1692 SCPolicySvc - ok
16:22:29.0730 1692 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
16:22:29.0730 1692 SDRSVC - ok
16:22:29.0777 1692 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:22:29.0777 1692 secdrv - ok
16:22:29.0793 1692 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
16:22:29.0793 1692 seclogon - ok
16:22:29.0808 1692 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
16:22:29.0808 1692 SENS - ok
16:22:29.0824 1692 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:22:29.0824 1692 SensrSvc - ok
16:22:29.0840 1692 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
16:22:29.0840 1692 Serenum - ok
16:22:29.0871 1692 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
16:22:29.0871 1692 Serial - ok
16:22:29.0886 1692 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
16:22:29.0886 1692 sermouse - ok
16:22:29.0918 1692 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
16:22:29.0933 1692 SessionEnv - ok
16:22:29.0949 1692 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
16:22:29.0949 1692 sffdisk - ok
16:22:29.0980 1692 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
16:22:29.0980 1692 sffp_mmc - ok
16:22:29.0996 1692 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
16:22:29.0996 1692 sffp_sd - ok
16:22:30.0011 1692 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
16:22:30.0011 1692 sfloppy - ok
16:22:30.0042 1692 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
16:22:30.0058 1692 ShellHWDetection - ok
16:22:30.0089 1692 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:22:30.0089 1692 SiSRaid2 - ok
16:22:30.0105 1692 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
16:22:30.0105 1692 SiSRaid4 - ok
16:22:30.0136 1692 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:22:30.0152 1692 Smb - ok
16:22:30.0198 1692 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:22:30.0198 1692 SNMPTRAP - ok
16:22:30.0230 1692 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:22:30.0230 1692 spldr - ok
16:22:30.0276 1692 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
16:22:30.0276 1692 Spooler - ok
16:22:30.0401 1692 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
16:22:30.0448 1692 sppsvc - ok
16:22:30.0510 1692 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:22:30.0510 1692 sppuinotify - ok
16:22:30.0604 1692 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
16:22:30.0604 1692 srv - ok
16:22:30.0620 1692 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
16:22:30.0620 1692 srv2 - ok
16:22:30.0666 1692 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
16:22:30.0666 1692 srvnet - ok
16:22:30.0713 1692 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:22:30.0713 1692 SSDPSRV - ok
16:22:30.0729 1692 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:22:30.0729 1692 SstpSvc - ok
16:22:30.0744 1692 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
16:22:30.0744 1692 stexstor - ok
16:22:30.0807 1692 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
16:22:30.0807 1692 stisvc - ok
16:22:30.0822 1692 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:22:30.0822 1692 swenum - ok
16:22:30.0869 1692 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:22:30.0869 1692 swprv - ok
16:22:30.0932 1692 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
16:22:30.0932 1692 SynTP - ok
16:22:31.0025 1692 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
16:22:31.0041 1692 SysMain - ok
16:22:31.0119 1692 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
16:22:31.0119 1692 TabletInputService - ok
16:22:31.0134 1692 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
16:22:31.0134 1692 TapiSrv - ok
16:22:31.0150 1692 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:22:31.0150 1692 TBS - ok
16:22:31.0290 1692 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
16:22:31.0306 1692 Tcpip - ok
16:22:31.0524 1692 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
16:22:31.0524 1692 TCPIP6 - ok
16:22:31.0634 1692 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
16:22:31.0634 1692 tcpipreg - ok
16:22:31.0680 1692 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:22:31.0680 1692 tdcmdpst - ok
16:22:31.0696 1692 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:22:31.0696 1692 TDPIPE - ok
16:22:31.0727 1692 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
16:22:31.0727 1692 TDTCP - ok
16:22:31.0743 1692 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
16:22:31.0743 1692 tdx - ok
16:22:31.0758 1692 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
16:22:31.0758 1692 TermDD - ok
16:22:31.0805 1692 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
16:22:31.0821 1692 TermService - ok
16:22:31.0836 1692 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:22:31.0836 1692 Themes - ok
16:22:31.0868 1692 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:22:31.0868 1692 THREADORDER - ok
16:22:31.0946 1692 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:22:31.0946 1692 TMachInfo - ok
16:22:31.0992 1692 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
16:22:31.0992 1692 TODDSrv - ok
16:22:32.0070 1692 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:22:32.0070 1692 TosCoSrv - ok
16:22:32.0117 1692 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:22:32.0117 1692 TOSHIBA eco Utility Service - ok
16:22:32.0180 1692 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:22:32.0180 1692 TOSHIBA HDD SSD Alert Service - ok
16:22:32.0258 1692 TPCHSrv (570080ad1278381b066848ffe72973cd) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:22:32.0273 1692 TPCHSrv - ok
16:22:32.0351 1692 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:22:32.0351 1692 TrkWks - ok
16:22:32.0382 1692 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
16:22:32.0382 1692 TrustedInstaller - ok
16:22:32.0445 1692 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
16:22:32.0445 1692 tssecsrv - ok
16:22:32.0460 1692 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
16:22:32.0460 1692 tunnel - ok
16:22:32.0507 1692 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:22:32.0507 1692 TVALZ - ok
16:22:32.0523 1692 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:22:32.0523 1692 TVALZFL - ok
16:22:32.0538 1692 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
16:22:32.0538 1692 uagp35 - ok
16:22:32.0570 1692 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
16:22:32.0570 1692 udfs - ok
16:22:32.0601 1692 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:22:32.0601 1692 UI0Detect - ok
16:22:32.0601 1692 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
16:22:32.0601 1692 uliagpkx - ok
16:22:32.0632 1692 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
16:22:32.0632 1692 umbus - ok
16:22:32.0648 1692 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
16:22:32.0648 1692 UmPass - ok
16:22:32.0679 1692 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:22:32.0679 1692 upnphost - ok
16:22:32.0710 1692 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
16:22:32.0710 1692 USBAAPL64 - ok
16:22:32.0741 1692 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
16:22:32.0741 1692 usbccgp - ok
16:22:32.0772 1692 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
16:22:32.0772 1692 usbcir - ok
16:22:32.0804 1692 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
16:22:32.0804 1692 usbehci - ok
16:22:32.0835 1692 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
16:22:32.0835 1692 usbhub - ok
16:22:32.0866 1692 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
16:22:32.0866 1692 usbohci - ok
16:22:32.0897 1692 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:22:32.0897 1692 usbprint - ok
16:22:32.0928 1692 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:22:32.0928 1692 USBSTOR - ok
16:22:32.0960 1692 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
16:22:32.0960 1692 usbuhci - ok
16:22:33.0006 1692 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
16:22:33.0022 1692 usbvideo - ok
16:22:33.0053 1692 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
16:22:33.0053 1692 usb_rndisx - ok
16:22:33.0069 1692 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:22:33.0084 1692 UxSms - ok
16:22:33.0116 1692 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:33.0116 1692 VaultSvc - ok
16:22:33.0147 1692 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
16:22:33.0147 1692 vdrvroot - ok
16:22:33.0162 1692 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
16:22:33.0178 1692 vds - ok
16:22:33.0194 1692 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:22:33.0194 1692 vga - ok
16:22:33.0209 1692 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:22:33.0209 1692 VgaSave - ok
16:22:33.0240 1692 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
16:22:33.0240 1692 vhdmp - ok
16:22:33.0240 1692 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
16:22:33.0240 1692 viaide - ok
16:22:33.0272 1692 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
16:22:33.0272 1692 volmgr - ok
16:22:33.0303 1692 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
16:22:33.0303 1692 volmgrx - ok
16:22:33.0318 1692 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
16:22:33.0318 1692 volsnap - ok
16:22:33.0365 1692 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
16:22:33.0365 1692 vsmraid - ok
16:22:33.0428 1692 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
16:22:33.0459 1692 VSS - ok
16:22:33.0568 1692 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:22:33.0568 1692 vwifibus - ok
16:22:33.0584 1692 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:22:33.0584 1692 vwififlt - ok
16:22:33.0615 1692 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
16:22:33.0615 1692 vwifimp - ok
16:22:33.0646 1692 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:22:33.0646 1692 W32Time - ok
16:22:33.0677 1692 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
16:22:33.0677 1692 WacomPen - ok
16:22:33.0693 1692 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
16:22:33.0693 1692 WANARP - ok
16:22:33.0708 1692 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
16:22:33.0708 1692 Wanarpv6 - ok
16:22:33.0786 1692 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:22:33.0802 1692 WatAdminSvc - ok
16:22:33.0880 1692 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
16:22:33.0896 1692 wbengine - ok
16:22:33.0974 1692 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:22:33.0974 1692 WbioSrvc - ok
16:22:34.0052 1692 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\windows\WindowsMobile\wcescomm.dll
16:22:34.0052 1692 WcesComm - ok
16:22:34.0098 1692 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
16:22:34.0114 1692 wcncsvc - ok
16:22:34.0130 1692 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:22:34.0130 1692 WcsPlugInService - ok
16:22:34.0176 1692 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
16:22:34.0176 1692 Wd - ok
16:22:34.0208 1692 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:22:34.0223 1692 Wdf01000 - ok
16:22:34.0254 1692 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:22:34.0254 1692 WdiServiceHost - ok
16:22:34.0254 1692 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:22:34.0254 1692 WdiSystemHost - ok
16:22:34.0301 1692 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
16:22:34.0301 1692 WebClient - ok
16:22:34.0317 1692 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:22:34.0317 1692 Wecsvc - ok
16:22:34.0348 1692 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:22:34.0348 1692 wercplsupport - ok
16:22:34.0364 1692 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:22:34.0364 1692 WerSvc - ok
16:22:34.0410 1692 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:22:34.0410 1692 WfpLwf - ok
16:22:34.0426 1692 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:22:34.0426 1692 WIMMount - ok
16:22:34.0488 1692 WinDefend - ok
16:22:34.0504 1692 WinHttpAutoProxySvc - ok
16:22:34.0566 1692 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:22:34.0566 1692 Winmgmt - ok
16:22:34.0660 1692 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
16:22:34.0676 1692 WinRM - ok
16:22:34.0816 1692 WINUSB (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUSB.SYS
16:22:34.0816 1692 WINUSB - ok
16:22:34.0878 1692 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:22:34.0878 1692 Wlansvc - ok
16:22:34.0925 1692 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
16:22:34.0925 1692 WmiAcpi - ok
16:22:34.0972 1692 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:22:34.0972 1692 wmiApSrv - ok
16:22:35.0019 1692 WMPNetworkSvc - ok
16:22:35.0066 1692 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:22:35.0066 1692 WPCSvc - ok
16:22:35.0081 1692 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
16:22:35.0081 1692 WPDBusEnum - ok
16:22:35.0112 1692 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:22:35.0112 1692 ws2ifsl - ok
16:22:35.0159 1692 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
16:22:35.0159 1692 wscsvc - ok
16:22:35.0159 1692 WSearch - ok
16:22:35.0284 1692 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
16:22:35.0315 1692 wuauserv - ok
16:22:35.0424 1692 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
16:22:35.0424 1692 WudfPf - ok
16:22:35.0440 1692 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
16:22:35.0440 1692 wudfsvc - ok
16:22:35.0456 1692 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:22:35.0456 1692 WwanSvc - ok
16:22:35.0502 1692 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:22:35.0565 1692 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:22:35.0565 1692 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:22:35.0565 1692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:22:38.0076 1692 \Device\Harddisk1\DR1 - ok
16:22:38.0108 1692 Boot (0x1200) (aff6170ddc74f7884e1370d55838cbbd) \Device\Harddisk0\DR0\Partition0
16:22:38.0108 1692 \Device\Harddisk0\DR0\Partition0 - ok
16:22:38.0108 1692 Boot (0x1200) (ee682a07cb4b451dfffa107642164c6f) \Device\Harddisk1\DR1\Partition0
16:22:38.0108 1692 \Device\Harddisk1\DR1\Partition0 - ok
16:22:38.0108 1692 ============================================================
16:22:38.0108 1692 Scan finished
16:22:38.0108 1692 ============================================================
16:22:38.0123 1684 Detected object count: 1
16:22:38.0123 1684 Actual detected object count: 1
16:29:30.0775 1684 \Device\Harddisk0\DR0\# - copied to quarantine
16:29:30.0775 1684 \Device\Harddisk0\DR0 - copied to quarantine
16:29:30.0822 1684 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:29:30.0822 1684 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:29:30.0837 1684 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:29:30.0837 1684 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:29:30.0837 1684 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:29:30.0837 1684 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:29:30.0837 1684 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:29:30.0837 1684 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:29:30.0853 1684 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:29:30.0853 1684 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:29:30.0853 1684 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:29:30.0853 1684 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:29:30.0900 1684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:29:30.0900 1684 \Device\Harddisk0\DR0 - ok
16:29:31.0103 1684 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:29:48.0013 1660 Deinitialize success


and the eset log:

C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll a variant of Win32/Kryptik.AFTW trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n Win64/Sirefef.W trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\L\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@ Win64/Sirefef.AE trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@ Win64/Sirefef.AE trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n Win64/Sirefef.W trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@ Win64/Agent.BA trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@ Win64/Sirefef.AE trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@ Win64/Sirefef.AE trojan
Operating memory multiple threats

 

[johnb35]

Ok, you should be able to run combofix now...hopefully. Please try doing so and post the logfile if it completes.

Also, please do not put your logs inside Code tags as it makes it hard to read the logs.

 

[zombine210]

Ok, you should be able to run combofix now...hopefully. Please try doing so and post the logfile if it completes.

Also, please do not put your logs inside Code tags as it makes it hard to read the logs.

ok. so the flash player updater pops up continuously, i have about 4 of the same windows open.

combofix runs, but does just closes out. i do not see any of the other windows you posted before.

 

[johnb35]

i have about 4 of the same windows open.

i do not see any of the other windows you posted before.

Please explain what you are talking about here. Have you tried running combofix again in safe mode after rebooting the machine?

Manually delete these files/folders. You will need to enable hidden files and folders to be able to see these.

C:\Users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\L\80000032.@
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@

 

[zombine210]

ok, i was able to run combofix successfully.
the machine has not blue screened lately and is running in normal mode.

ComboFix 12-06-08.02 - Diana 06/09/2012 21:17:01.1.2 - x64 MINIMAL
Running from: c:\users\Diana\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\users\Diana\GoToAssistDownloadHelper.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-10 to 2012-06-10 )))))))))))))))))))))))))))))))
.
.
2012-06-10 02:22 . 2012-06-10 02:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-09 04:21 . 2012-06-09 04:21 -------- d-----w- c:\programdata\McAfee
2012-06-09 04:20 . 2012-06-09 04:20 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-06-08 21:25 . 2012-06-08 21:25 -------- d-----w- c:\users\Diana\AppData\Roaming\Malwarebytes
2012-06-08 21:25 . 2012-06-08 21:25 -------- d-----w- c:\programdata\Malwarebytes
2012-06-08 21:25 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-08 21:25 . 2012-06-08 21:25 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-25 02:20 . 2012-05-25 02:20 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-12 18:51 . 2012-05-12 18:51 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 05:34 . 2012-05-10 20:57 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-10 20:57 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-10 20:57 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01 . 2012-05-10 20:57 3143680 ----a-w- c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-10 20:57 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:55 . 2012-05-10 20:57 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-03-16 13:59 . 2012-03-16 13:59 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 13:59 . 2012-03-16 13:59 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 13:59 . 2012-03-16 13:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 13:59 . 2012-03-16 13:59 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 13:59 . 2012-03-16 13:59 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 13:59 . 2012-03-16 13:59 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 13:59 . 2012-03-16 13:59 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 13:59 . 2012-03-16 13:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 13:59 . 2012-03-16 13:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 13:59 . 2012-03-16 13:59 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 13:59 . 2012-03-16 13:59 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 13:59 . 2012-03-16 13:59 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 13:59 . 2012-03-16 13:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 13:59 . 2012-03-16 13:59 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 13:59 . 2012-03-16 13:59 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 13:59 . 2012-03-16 13:59 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 13:59 . 2012-03-16 13:59 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 13:59 . 2012-03-16 13:59 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 13:59 . 2012-03-16 13:59 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 13:59 . 2012-03-16 13:59 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 13:59 . 2012-03-16 13:59 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 13:59 . 2012-03-16 13:59 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 13:59 . 2012-03-16 13:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 13:59 . 2012-03-16 13:59 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 13:59 . 2012-03-16 13:59 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 13:59 . 2012-03-16 13:59 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 13:59 . 2012-03-16 13:59 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 13:59 . 2012-03-16 13:59 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 13:59 . 2012-03-16 13:59 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 13:59 . 2012-03-16 13:59 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 13:59 . 2012-03-16 13:59 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 13:59 . 2012-03-16 13:59 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 13:59 . 2012-03-16 13:59 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 13:59 . 2012-03-16 13:59 160256 ----a-w- c:\windows\system32\wextract.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0262681339213887mcinstcleanup;McAfee Application Installer Cleanup (0262681339213887);c:\users\Diana\AppData\Local\Temp\026268~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-03-31 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-12-06 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 01:17]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-TOSHIBA - c:\users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll
Wow6432Node-HKLM-Run-Easy Dock - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-reaps - c:\users\Diana\AppData\Local\Temp\reaps.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-09 21:29:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-10 02:29
.
Pre-Run: 252,575,739,904 bytes free
Post-Run: 252,406,636,544 bytes free
.
- - End Of File - - A8CA41A652236F297FF6CC6E612875A2

 

[zombine210]

i also deleted the folders you mentioned and ran hijackthis again

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:03 PM, on 6/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Users\Diana\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1334461615-2743005552-1439053795-1001\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: McAfee Application Installer Cleanup (0262681339213887) (0262681339213887mcinstcleanup) - Unknown owner - C:\Users\Diana\AppData\Local\Temp\026268~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10590 bytes

 

[johnb35]

Good. Now, I need you to post a log that combofix created but didn't show you. Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt Open that file and copy and paste the contents back here.

 

[zombine210]

add-remove programs log:


Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2)
Amazon Links
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 2 Deluxe
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Escape Rosecliff Island
ESET Online Scanner v3
FATE - The Traitor Soul
Garmin Lifetime Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest 3
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
Penguins!
Polar Bowler
Quickbooks Financial Center
RCA Detective™ 3.0.3.0
RCA easyRip 2.5.7.0
RCA Updater 2.1.7.0
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Launcher
The Weather Channel App
The Weather Channel Toolbar
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Watchtower Library 2009 - English
Watchtower Library 2010 - English
Watchtower Library 2011 - English
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge

 

[johnb35]

Uninstall the following programs.

Adobe Flash Player 10 ActiveX
Ask Toolbar
Ask Toolbar Updater
Coupon Printer for Windows
Java Auto Updater
Java(TM) 6 Update 20

Then update flash player and java from these links.

http://get.adobe.com/flashplayer/?promoid=BUIGP

http://www.java.com/en/download/ie_manual.jsp?locale=en

I also need you to rerun both of the removal tools again(norton and mcafee) There are still remnants on your system.

Then do another full scan of malwarebytes so we can make sure your clean. Then post its log along with a new hijackthis log.

I would then install either AVAST or MSE for your virus program.

 

[zombine210]

thanks for your help sir.
here's malwarebytes log:
i removed that one item, seems like a remnant from tdsskiller

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

6/9/2012 11:32:31 PM
mbam-log-2012-06-09 (23-32-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372696
Time elapsed: 39 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0000.dta (Trojan.Agent.CR) -> Quarantined and deleted successfully.

(end)


and hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:20 AM, on 6/10/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: McAfee Application Installer Cleanup (0262681339213887) (0262681339213887mcinstcleanup) - Unknown owner - C:\Users\Diana\AppData\Local\Temp\026268~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10364 bytes