# mbam & hijackthis logs



## zombine210

so this toshiba laptop wont boot normally, sometimes it blue screens with 0x01E and sometimes it just returns a toshiba error f3-f100-010 and to turn off the machine.

of course when i was commissioned to look at it, all they said was it can't go to the internet. right...

so i managed to boot into safe mode and get the logs. would appreciate any input.

btw, i did fix all infections found by malwarebytes, but not from hijackthis.
still can't boot normally, i think the drive might be a goner. what free tool can i use to check it?




Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.06

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

6/8/2012 4:52:44 PM
mbam-log-2012-06-08 (16-52-44).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445383
Time elapsed: 1 hour(s), 5 minute(s), 31 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 1628 -> Delete on reboot.

Memory Modules Detected: 1
C:\Users\Diana\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Detected: 8
HKCR\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09971cee-01b8-42bc-9d91-456b1faad6be} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B9F8C21-46EC-4C0B-8683-E755EF84577A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKLM\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved|{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data: sp -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Data:  -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^"^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Users\Diana\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
C:\Users\Diana\AppData\Local\Apps\2.0\Y7CQ027J.HWD\ED46AH84.KCD\coup...exe_cd8a3367a11d8867_07db.0200_none_155418a0309f7a4f\EI_CouponAlert.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Diana\AppData\Local\Apps\2.0\Y7CQ027J.HWD\ED46AH84.KCD\coup..lert_cd8a3367a11d8867_07db.0200_2e0f0980113956c1\EI_CouponAlert.exe (PUP.FunWebProducts) -> Quarantined and deleted successfully.
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Users\Diana\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\21339135.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:08:13 PM, on 6/8/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
E:\tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O2 - BHO: ShopAtHome.com Toolbar - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120318205029.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Program Files (x86)\ShopAtHome\tbcore3U.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
O4 - HKCU\..\Run: [Easy Dock] C:\Users\Diana\Documents\RCA easyRip\EZDock.exe
O4 - HKCU\..\Run: [TOSHIBA] rundll32.exe C:\Users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll,m4OutVideoInit
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: RCA Detective.lnk = Diana\Documents\RCA Detective\RCADetective.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14508 bytes


----------



## zombine210

it just blue screened with 0x050 and then with 0x0A
i'm booting into safe mode and removing the video drivers and installing fresh ones from MS.


----------



## zombine210

after rebooting and going into desktop, it blue screened with 0x1E
it all points to a hardware issues, maybe a driver, but can't pinpoint to it because it keeps rebooting on me.


----------



## zombine210

here's the bsod history using bluescreenview:


==================================================
Dump File         : 060812-29140-01.dmp
Crash Time        : 6/8/2012 8:56:11 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff880`8d351e00
Parameter 2       : 00000000`00000001
Parameter 3       : fffffa80`05a0e2e6
Parameter 4       : 00000000`00000005
Caused By Driver  : hal.dll
Caused By Address : hal.dll+7ae7
File Description  : 
Product Name      : 
Company           : 
File Version      : 
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060812-29140-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 276,552
==================================================

==================================================
Dump File         : 060812-23946-01.dmp
Crash Time        : 6/8/2012 8:38:23 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`02eb1117
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060812-23946-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 270,528
==================================================

==================================================
Dump File         : 060812-21855-01.dmp
Crash Time        : 6/8/2012 8:27:31 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`000000dc
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`02e54995
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060812-21855-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060812-34507-01.dmp
Crash Time        : 6/8/2012 8:22:15 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff880`8b062800
Parameter 2       : 00000000`00000001
Parameter 3       : fffffa80`05b972e6
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060812-34507-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060812-25162-01.dmp
Crash Time        : 6/8/2012 8:04:28 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff880`8d741c00
Parameter 2       : 00000000`00000001
Parameter 3       : fffffa80`05b7e2e6
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060812-25162-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060812-21153-01.dmp
Crash Time        : 6/8/2012 4:21:34 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff880`8e296200
Parameter 2       : 00000000`00000001
Parameter 3       : fffffa80`05b982e6
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060812-21153-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060812-24024-01.dmp
Crash Time        : 6/8/2012 3:41:18 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`02ea9117
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`7efa0000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060812-24024-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060112-34569-01.dmp
Crash Time        : 6/1/2012 10:31:45 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`000000dc
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`02e6a995
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060112-34569-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060112-22776-01.dmp
Crash Time        : 6/1/2012 10:24:05 PM
Bug Check String  : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code    : 0x0000000a
Parameter 1       : 00000000`0000000e
Parameter 2       : 00000000`00000002
Parameter 3       : 00000000`00000001
Parameter 4       : fffff800`02e78034
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060112-22776-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060112-23914-01.dmp
Crash Time        : 6/1/2012 10:18:28 PM
Bug Check String  : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code    : 0x0000001e
Parameter 1       : ffffffff`c0000005
Parameter 2       : fffff800`02e96995
Parameter 3       : 00000000`00000000
Parameter 4       : ffffffff`ffffffff
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060112-23914-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060112-24351-01.dmp
Crash Time        : 6/1/2012 10:09:25 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff880`8bf09400
Parameter 2       : 00000000`00000001
Parameter 3       : fffffa80`05c4d2e6
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060112-24351-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 060112-24382-01.dmp
Crash Time        : 6/1/2012 10:06:56 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff880`94a83600
Parameter 2       : 00000000`00000001
Parameter 3       : fffffa80`05b582e6
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70040
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70040
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\060112-24382-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 081311-28828-01.dmp
Crash Time        : 8/13/2011 8:44:20 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a1`103dcff2
Parameter 2       : 00000000`00000000
Parameter 3       : fffff800`02e7a510
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+705c0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+705c0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\081311-28828-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 033111-24523-01.dmp
Crash Time        : 3/31/2011 6:29:22 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a1`0f441fec
Parameter 2       : 00000000`00000000
Parameter 3       : fffff800`02ebc680
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\033111-24523-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================

==================================================
Dump File         : 122410-20950-01.dmp
Crash Time        : 12/24/2010 9:06:55 PM
Bug Check String  : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code    : 0x00000050
Parameter 1       : fffff8a1`17eb20ec
Parameter 2       : 00000000`00000000
Parameter 3       : fffff800`02eae209
Parameter 4       : 00000000`00000005
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+70740
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.1.7600.16988 (win7_gdr.120401-1505)
Processor         : x64
Crash Address     : ntoskrnl.exe+70740
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\windows\Minidump\122410-20950-01.dmp
Processors Count  : 2
Major Version     : 15
Minor Version     : 7600
Dump File Size    : 277,080
==================================================


----------



## johnb35

This seems mainly a memory issue.  But first lets run combofix as I'm sure there are more infection and more cleanup to do.  First of all, please uninstall all norton and mcafee software and then use their removal tools.

mcafee - http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe

norton - ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe

Then run combofix

*Download and Run ComboFix*
*If you already have Combofix, please delete this copy and download it again as it's being updated regularly.*

*Download this file* here :

*Combofix*


When the page loads click on the blue combofix download link next to the BleepingComputer Mirror.
Save the file to your windows desktop.  The combofix icon will look like this when it has downloaded to your desktop.





We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:


Close all open Windows including this one. 

Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found *here*.
Once these two steps have been completed, double-click on the ComboFix icon found on your desktop. Please note, that once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

Please click on I agree on the disclaimer window.
ComboFix will now install itself on to your computer. When it is done, a blue screen will appear as shown below.





ComboFix is now preparing to run. When it has finished ComboFix will automatically attempt to create a System Restore point so that if any problems occur while using the program you can restore back to your previous configuration. When ComboFix has finished creating the restore point, it will then backup your Windows Registry as shown in the image below.





Once the Windows Registry has finished being backed up, ComboFix will attempt to detect if you have the Windows Recovery Console installed. If you already have it installed, you can skip to this section and continue reading. Otherwise you will see the following message as shown below:





At the above message box, please click on the Yes button in order for ComboFix to continue. Please follow the steps and instructions given by ComboFix in order to finish the installation of the Recovery Console.

Please click on yes in the next window to continue scanning for malware.

ComboFix will now disconnect your computer from the Internet, so do not be surprised or concerned if you receive any warnings stating that you are no longer on the Internet. When ComboFix has finished it will automatically restore your Internet connection.

ComboFix will now start scanning your computer for known infections. This procedure can take some time, so please be patient.

While the program is scanning your computer, it will change your clock format, so do not be concerned when you see this happen. When ComboFix is finished it will restore your clock settings to their previous settings. You will also see the text in the ComboFix window being updated as it goes through the various stages of its scan. An example of this can be seen below.





When ComboFix has finished running, you will see a screen stating that it is preparing the log report.

This can take a while, so please be patient. If you see your Windows desktop disappear, do not worry. This is normal and ComboFix will restore your desktop before it is finished. Eventually you will see a new screen that states the program is almost finished and telling you the programs log file, or report, will be located at C:\ComboFix.txt.

When ComboFix has finished, it will automatically close the program and change your clock back to its original format. It will then display the log file automatically for you.  

Now you just click on the edit menu and click on select all, then click on the edit menu again and click on copy.  Then come to the forum in your reply and right click on your mouse and click on paste.  



In your next reply please post:

The ComboFix log
A fresh HiJackThis log
An update on how your computer is running


----------



## zombine210

thanks for teh reply john.
i just finished 2 passes with memtest 86+ (1.5 hrs) and it didn't report any errors.
i also re-seated the modules before the test.

so this laptop blue screens in normal mode as soon as i try to do anything. i have to work in safe mode.

i uninstalled mcafee and norton, but i could not run the mcafee tool with message: error obtaining full permissions for cleanup. see log file for details. when i clicked on 'see log' i got another error: the process cannot access the fiel because it is being used by another process.
i did try running as admin and still got the same messages.

anyways, as soon as i started combofix, the computer blue screened with 0x0A. which is weird because i have been able to work in safe mode without any issues.

stumped...

*edit: tried again, combofix runs halfway then blue screened with 0x1E


----------



## johnb35

So have you ran combofix in safemode or not?  If not then do it in safe mode.  I'm at work right now and will check back when I get home.


----------



## zombine210

johnb35 said:


> So have you ran combofix in safemode or not?  If not then do it in safe mode.  I'm at work right now and will check back when I get home.



yes. both times it blue screened while running combofix in safemode.

i was able to run ccleaner in normal mode. it seems to stabilize little, but combofix still causes it to blue screen.


----------



## johnb35

Please download and run TDSSkiller

When the program opens, click on the start scan button.

TDSSKiller will now scan your computer for the TDSS infection. When the scan has finished it will display a result screen stating whether or not the infection was found on your computer. If it was found it will display a screen similar to the one below.






To remove the infection simply click on the Continue button and TDSSKiller will attempt to clean the infection.

When it has finished cleaning the infection you will see a report stating whether or not it was successful as shown below.






If the log says will be cured after reboot, please reboot the system by pressing the reboot now button.

After running there will be a log that will be located at the root of your c:\ drive labeled tdsskiller with a series of numbers after it.  Please open the log and copy and paste it back here.

Then lets get an online scan going.

Please download and run the ESET Online Scanner
Disable any antivirus/security programs.
IMPORTANT! UN-check Remove found threats 
Accept any security warnings from your browser. 
Check Scan archives 
Click Start 
ESET will then download updates, install and then start scanning your system. 
When the scan is done, push list of found threats 
Click on Export to text file , and save the file to your desktop using a file name, such as ESETlog. Include the contents of this report in your next reply. 
If no threats are found then it won't produce a log.


----------



## zombine210

thanks for your help, the tdss killer log is too long to post so i broke it up

16:22:11.0494 1664	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
16:22:11.0541 1664	============================================================
16:22:11.0541 1664	Current date / time: 2012/06/09 16:22:11.0541
16:22:11.0541 1664	SystemInfo:
16:22:11.0541 1664	
16:22:11.0541 1664	OS Version: 6.1.7600 ServicePack: 0.0
16:22:11.0541 1664	Product type: Workstation
16:22:11.0541 1664	ComputerName: DIANA-PC
16:22:11.0541 1664	UserName: Diana
16:22:11.0541 1664	Windows directory: C:\windows
16:22:11.0541 1664	System windows directory: C:\windows
16:22:11.0541 1664	Running under WOW64
16:22:11.0541 1664	Processor architecture: Intel x64
16:22:11.0541 1664	Number of processors: 2
16:22:11.0541 1664	Page size: 0x1000
16:22:11.0541 1664	Boot type: Safe boot
16:22:11.0541 1664	============================================================
16:22:12.0258 1664	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:22:12.0258 1664	Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:22:12.0274 1664	============================================================
16:22:12.0274 1664	\Device\Harddisk0\DR0:
16:22:12.0274 1664	MBR partitions:
16:22:12.0274 1664	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F63800
16:22:12.0274 1664	\Device\Harddisk1\DR1:
16:22:12.0274 1664	MBR partitions:
16:22:12.0274 1664	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x30, BlocksNum 0x777FD0
16:22:12.0274 1664	============================================================
16:22:12.0290 1664	C: <-> \Device\Harddisk0\DR0\Partition0
16:22:12.0290 1664	============================================================
16:22:12.0290 1664	Initialize success
16:22:12.0290 1664	============================================================
16:22:16.0704 1692	============================================================
16:22:16.0704 1692	Scan started
16:22:16.0704 1692	Mode: Manual; 
16:22:16.0704 1692	============================================================
16:22:17.0157 1692	0262681339213887mcinstcleanup - ok
16:22:17.0282 1692	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
16:22:17.0282 1692	1394ohci - ok
16:22:17.0328 1692	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
16:22:17.0328 1692	ACPI - ok
16:22:17.0375 1692	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
16:22:17.0375 1692	AcpiPmi - ok
16:22:17.0500 1692	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:22:17.0500 1692	AdobeARMservice - ok
16:22:17.0547 1692	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
16:22:17.0562 1692	adp94xx - ok
16:22:17.0640 1692	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
16:22:17.0640 1692	adpahci - ok
16:22:17.0672 1692	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
16:22:17.0672 1692	adpu320 - ok
16:22:17.0703 1692	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:22:17.0718 1692	AeLookupSvc - ok
16:22:17.0765 1692	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
16:22:17.0781 1692	AFD - ok
16:22:17.0812 1692	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
16:22:17.0812 1692	agp440 - ok
16:22:17.0843 1692	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:22:17.0843 1692	ALG - ok
16:22:17.0874 1692	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
16:22:17.0874 1692	aliide - ok
16:22:17.0890 1692	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
16:22:17.0890 1692	amdide - ok
16:22:17.0906 1692	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
16:22:17.0906 1692	AmdK8 - ok
16:22:17.0952 1692	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
16:22:17.0952 1692	AmdPPM - ok
16:22:17.0999 1692	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
16:22:17.0999 1692	amdsata - ok
16:22:18.0030 1692	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
16:22:18.0030 1692	amdsbs - ok
16:22:18.0062 1692	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
16:22:18.0062 1692	amdxata - ok
16:22:18.0093 1692	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
16:22:18.0093 1692	AppID - ok
16:22:18.0124 1692	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:22:18.0124 1692	AppIDSvc - ok
16:22:18.0140 1692	Appinfo         (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
16:22:18.0140 1692	Appinfo - ok
16:22:18.0249 1692	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:22:18.0249 1692	Apple Mobile Device - ok
16:22:18.0311 1692	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
16:22:18.0311 1692	arc - ok
16:22:18.0342 1692	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
16:22:18.0342 1692	arcsas - ok
16:22:18.0483 1692	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:22:18.0514 1692	aspnet_state - ok
16:22:18.0561 1692	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:22:18.0561 1692	AsyncMac - ok
16:22:18.0576 1692	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
16:22:18.0592 1692	atapi - ok
16:22:18.0670 1692	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:22:18.0670 1692	AudioEndpointBuilder - ok
16:22:18.0686 1692	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
16:22:18.0686 1692	AudioSrv - ok
16:22:18.0732 1692	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
16:22:18.0732 1692	AxInstSV - ok
16:22:18.0795 1692	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
16:22:18.0795 1692	b06bdrv - ok
16:22:18.0842 1692	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:22:18.0842 1692	b57nd60a - ok
16:22:18.0873 1692	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:22:18.0873 1692	BDESVC - ok
16:22:18.0904 1692	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:22:18.0904 1692	Beep - ok
16:22:18.0966 1692	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\System32\qmgr.dll
16:22:18.0982 1692	BITS - ok
16:22:19.0013 1692	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
16:22:19.0013 1692	blbdrive - ok
16:22:19.0091 1692	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:22:19.0107 1692	Bonjour Service - ok
16:22:19.0154 1692	bowser          (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
16:22:19.0154 1692	bowser - ok
16:22:19.0185 1692	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
16:22:19.0185 1692	BrFiltLo - ok
16:22:19.0216 1692	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
16:22:19.0216 1692	BrFiltUp - ok
16:22:19.0232 1692	BridgeMP        (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
16:22:19.0232 1692	BridgeMP - ok
16:22:19.0263 1692	Browser         (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
16:22:19.0263 1692	Browser - ok
16:22:19.0294 1692	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:22:19.0310 1692	Brserid - ok
16:22:19.0341 1692	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:22:19.0341 1692	BrSerWdm - ok
16:22:19.0356 1692	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:22:19.0356 1692	BrUsbMdm - ok
16:22:19.0356 1692	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:22:19.0356 1692	BrUsbSer - ok
16:22:19.0388 1692	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
16:22:19.0388 1692	BTHMODEM - ok
16:22:19.0419 1692	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:22:19.0419 1692	bthserv - ok
16:22:19.0450 1692	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:22:19.0450 1692	cdfs - ok
16:22:19.0497 1692	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
16:22:19.0497 1692	cdrom - ok
16:22:19.0528 1692	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
16:22:19.0528 1692	CertPropSvc - ok
16:22:19.0575 1692	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
16:22:19.0575 1692	circlass - ok
16:22:19.0606 1692	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:22:19.0606 1692	CLFS - ok
16:22:19.0684 1692	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:22:19.0700 1692	clr_optimization_v2.0.50727_32 - ok
16:22:19.0746 1692	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:22:19.0746 1692	clr_optimization_v2.0.50727_64 - ok
16:22:19.0856 1692	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:22:20.0043 1692	clr_optimization_v4.0.30319_32 - ok
16:22:20.0121 1692	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:22:20.0183 1692	clr_optimization_v4.0.30319_64 - ok
16:22:20.0230 1692	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
16:22:20.0230 1692	CmBatt - ok
16:22:20.0246 1692	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
16:22:20.0246 1692	cmdide - ok
16:22:20.0292 1692	CNG             (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
16:22:20.0292 1692	CNG - ok
16:22:20.0370 1692	CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
16:22:20.0370 1692	CnxtHdAudService - ok
16:22:20.0417 1692	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
16:22:20.0417 1692	Compbatt - ok
16:22:20.0448 1692	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
16:22:20.0448 1692	CompositeBus - ok
16:22:20.0448 1692	COMSysApp - ok
16:22:20.0495 1692	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
16:22:20.0495 1692	crcdisk - ok
16:22:20.0542 1692	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
16:22:20.0542 1692	CryptSvc - ok
16:22:20.0604 1692	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
16:22:20.0604 1692	DcomLaunch - ok
16:22:20.0667 1692	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:22:20.0667 1692	defragsvc - ok
16:22:20.0714 1692	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
16:22:20.0714 1692	DfsC - ok
16:22:20.0760 1692	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
16:22:20.0760 1692	Dhcp - ok
16:22:20.0792 1692	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:22:20.0792 1692	discache - ok
16:22:20.0823 1692	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
16:22:20.0823 1692	Disk - ok
16:22:20.0870 1692	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
16:22:20.0870 1692	Dnscache - ok
16:22:20.0916 1692	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
16:22:20.0916 1692	dot3svc - ok
16:22:20.0932 1692	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
16:22:20.0932 1692	DPS - ok
16:22:20.0979 1692	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:22:20.0979 1692	drmkaud - ok
16:22:21.0041 1692	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
16:22:21.0057 1692	DXGKrnl - ok
16:22:21.0072 1692	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:22:21.0072 1692	EapHost - ok
16:22:21.0291 1692	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
16:22:21.0322 1692	ebdrv - ok
16:22:21.0400 1692	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
16:22:21.0400 1692	EFS - ok
16:22:21.0478 1692	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
16:22:21.0478 1692	ehRecvr - ok
16:22:21.0509 1692	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:22:21.0509 1692	ehSched - ok
16:22:21.0587 1692	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
16:22:21.0587 1692	elxstor - ok
16:22:21.0603 1692	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
16:22:21.0603 1692	ErrDev - ok
16:22:21.0634 1692	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:22:21.0650 1692	EventSystem - ok
16:22:21.0681 1692	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:22:21.0681 1692	exfat - ok
16:22:21.0712 1692	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:22:21.0712 1692	fastfat - ok
16:22:21.0759 1692	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
16:22:21.0774 1692	Fax - ok
16:22:21.0790 1692	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
16:22:21.0790 1692	fdc - ok
16:22:21.0806 1692	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:22:21.0821 1692	fdPHost - ok
16:22:21.0821 1692	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:22:21.0821 1692	FDResPub - ok
16:22:21.0852 1692	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:22:21.0852 1692	FileInfo - ok
16:22:21.0868 1692	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:22:21.0868 1692	Filetrace - ok
16:22:21.0884 1692	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
16:22:21.0884 1692	flpydisk - ok
16:22:21.0915 1692	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
16:22:21.0915 1692	FltMgr - ok
16:22:21.0977 1692	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
16:22:21.0993 1692	FontCache - ok
16:22:22.0071 1692	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:22:22.0071 1692	FontCache3.0.0.0 - ok
16:22:22.0102 1692	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:22:22.0102 1692	FsDepends - ok
16:22:22.0149 1692	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\windows\system32\drivers\Fs_Rec.sys
16:22:22.0149 1692	Fs_Rec - ok
16:22:22.0196 1692	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
16:22:22.0196 1692	fvevol - ok
16:22:22.0227 1692	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
16:22:22.0227 1692	gagp30kx - ok
16:22:22.0320 1692	GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
16:22:22.0320 1692	GameConsoleService - ok
16:22:22.0367 1692	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
16:22:22.0367 1692	GEARAspiWDM - ok
16:22:22.0398 1692	GoToAssist - ok
16:22:22.0445 1692	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
16:22:22.0461 1692	gpsvc - ok
16:22:22.0554 1692	gupdate         (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:22:22.0554 1692	gupdate - ok
16:22:22.0570 1692	gupdatem        (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:22:22.0570 1692	gupdatem - ok
16:22:22.0601 1692	gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:22:22.0601 1692	gusvc - ok
16:22:22.0632 1692	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:22:22.0632 1692	hcw85cir - ok
16:22:22.0679 1692	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
16:22:22.0679 1692	HdAudAddService - ok
16:22:22.0710 1692	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
16:22:22.0710 1692	HDAudBus - ok
16:22:22.0726 1692	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
16:22:22.0742 1692	HidBatt - ok
16:22:22.0742 1692	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
16:22:22.0742 1692	HidBth - ok
16:22:22.0757 1692	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
16:22:22.0773 1692	HidIr - ok
16:22:22.0788 1692	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
16:22:22.0788 1692	hidserv - ok
16:22:22.0835 1692	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
16:22:22.0835 1692	HidUsb - ok
16:22:22.0851 1692	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
16:22:22.0851 1692	hkmsvc - ok
16:22:22.0866 1692	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
16:22:22.0882 1692	HomeGroupListener - ok
16:22:22.0913 1692	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
16:22:22.0913 1692	HomeGroupProvider - ok
16:22:22.0944 1692	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
16:22:22.0944 1692	HpSAMD - ok
16:22:22.0991 1692	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
16:22:23.0007 1692	HTTP - ok
16:22:23.0007 1692	hwpolicy        (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
16:22:23.0007 1692	hwpolicy - ok
16:22:23.0054 1692	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
16:22:23.0054 1692	i8042prt - ok
16:22:23.0100 1692	iaStor          (be7d72fcf442c26975942007e0831241) C:\windows\system32\DRIVERS\iaStor.sys
16:22:23.0100 1692	iaStor - ok
16:22:23.0147 1692	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
16:22:23.0163 1692	iaStorV - ok
16:22:23.0225 1692	IDriverT        (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
16:22:23.0241 1692	IDriverT - ok
16:22:23.0350 1692	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:22:23.0366 1692	idsvc - ok
16:22:23.0678 1692	igfx            (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys
16:22:23.0818 1692	igfx - ok
16:22:23.0943 1692	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
16:22:23.0943 1692	iirsp - ok
16:22:24.0005 1692	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
16:22:24.0005 1692	IKEEXT - ok
16:22:24.0036 1692	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
16:22:24.0036 1692	intelide - ok
16:22:24.0068 1692	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:22:24.0068 1692	intelppm - ok
16:22:24.0083 1692	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:22:24.0083 1692	IPBusEnum - ok
16:22:24.0114 1692	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:22:24.0114 1692	IpFilterDriver - ok
16:22:24.0177 1692	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
16:22:24.0177 1692	iphlpsvc - ok
16:22:24.0208 1692	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
16:22:24.0208 1692	IPMIDRV - ok
16:22:24.0239 1692	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:22:24.0239 1692	IPNAT - ok
16:22:24.0348 1692	iPod Service    (4472c8825b5e41d8697d5962f47ab1c9) C:\Program Files\iPod\bin\iPodService.exe
16:22:24.0364 1692	iPod Service - ok
16:22:24.0395 1692	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:22:24.0395 1692	IRENUM - ok
16:22:24.0411 1692	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
16:22:24.0411 1692	isapnp - ok
16:22:24.0426 1692	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
16:22:24.0426 1692	iScsiPrt - ok
16:22:24.0473 1692	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:22:24.0473 1692	kbdclass - ok
16:22:24.0489 1692	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
16:22:24.0489 1692	kbdhid - ok
16:22:24.0520 1692	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:24.0520 1692	KeyIso - ok
16:22:24.0551 1692	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
16:22:24.0551 1692	KSecDD - ok
16:22:24.0567 1692	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
16:22:24.0567 1692	KSecPkg - ok
16:22:24.0614 1692	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:22:24.0614 1692	ksthunk - ok
16:22:24.0660 1692	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:22:24.0660 1692	KtmRm - ok
16:22:24.0707 1692	L1C             (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
16:22:24.0707 1692	L1C - ok
16:22:24.0754 1692	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
16:22:24.0754 1692	LanmanServer - ok
16:22:24.0785 1692	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
16:22:24.0785 1692	LanmanWorkstation - ok
16:22:24.0848 1692	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:22:24.0848 1692	lltdio - ok
16:22:24.0894 1692	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:22:24.0894 1692	lltdsvc - ok
16:22:24.0910 1692	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:22:24.0910 1692	lmhosts - ok
16:22:24.0957 1692	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
16:22:24.0957 1692	LSI_FC - ok
16:22:24.0972 1692	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
16:22:24.0972 1692	LSI_SAS - ok
16:22:25.0019 1692	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
16:22:25.0019 1692	LSI_SAS2 - ok
16:22:25.0035 1692	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
16:22:25.0035 1692	LSI_SCSI - ok
16:22:25.0066 1692	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:22:25.0066 1692	luafv - ok
16:22:25.0097 1692	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
16:22:25.0097 1692	Mcx2Svc - ok
16:22:25.0113 1692	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
16:22:25.0113 1692	megasas - ok
16:22:25.0160 1692	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
16:22:25.0160 1692	MegaSR - ok
16:22:25.0191 1692	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:22:25.0191 1692	MMCSS - ok
16:22:25.0206 1692	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:22:25.0206 1692	Modem - ok
16:22:25.0238 1692	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:22:25.0238 1692	monitor - ok
16:22:25.0269 1692	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:22:25.0269 1692	mouclass - ok
16:22:25.0300 1692	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:22:25.0300 1692	mouhid - ok
16:22:25.0316 1692	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
16:22:25.0316 1692	mountmgr - ok
16:22:25.0347 1692	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
16:22:25.0347 1692	mpio - ok
16:22:25.0378 1692	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:22:25.0378 1692	mpsdrv - ok
16:22:25.0394 1692	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
16:22:25.0394 1692	MRxDAV - ok
16:22:25.0440 1692	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
16:22:25.0440 1692	mrxsmb - ok
16:22:25.0487 1692	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:22:25.0487 1692	mrxsmb10 - ok
16:22:25.0534 1692	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:22:25.0534 1692	mrxsmb20 - ok
16:22:25.0550 1692	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
16:22:25.0550 1692	msahci - ok
16:22:25.0565 1692	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
16:22:25.0581 1692	msdsm - ok
16:22:25.0612 1692	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:22:25.0612 1692	MSDTC - ok
16:22:25.0643 1692	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:22:25.0643 1692	Msfs - ok
16:22:25.0659 1692	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:22:25.0659 1692	mshidkmdf - ok
16:22:25.0659 1692	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
16:22:25.0674 1692	msisadrv - ok
16:22:25.0690 1692	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:22:25.0690 1692	MSiSCSI - ok
16:22:25.0690 1692	msiserver - ok
16:22:25.0737 1692	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:22:25.0737 1692	MSKSSRV - ok
16:22:25.0752 1692	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:22:25.0752 1692	MSPCLOCK - ok
16:22:25.0768 1692	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:22:25.0768 1692	MSPQM - ok
16:22:25.0799 1692	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
16:22:25.0799 1692	MsRPC - ok
16:22:25.0815 1692	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
16:22:25.0815 1692	mssmbios - ok
16:22:25.0830 1692	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:22:25.0830 1692	MSTEE - ok
16:22:25.0862 1692	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
16:22:25.0862 1692	MTConfig - ok
16:22:25.0908 1692	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:22:25.0908 1692	Mup - ok
16:22:25.0940 1692	napagent        (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
16:22:25.0940 1692	napagent - ok
16:22:25.0986 1692	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:22:26.0002 1692	NativeWifiP - ok
16:22:26.0049 1692	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
16:22:26.0064 1692	NDIS - ok
16:22:26.0096 1692	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:22:26.0096 1692	NdisCap - ok
16:22:26.0111 1692	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:22:26.0127 1692	NdisTapi - ok
16:22:26.0142 1692	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
16:22:26.0142 1692	Ndisuio - ok
16:22:26.0174 1692	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
16:22:26.0174 1692	NdisWan - ok
16:22:26.0189 1692	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
16:22:26.0189 1692	NDProxy - ok
16:22:26.0205 1692	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:22:26.0205 1692	NetBIOS - ok
16:22:26.0220 1692	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
16:22:26.0220 1692	NetBT - ok
16:22:26.0252 1692	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:26.0267 1692	Netlogon - ok
16:22:26.0298 1692	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:22:26.0314 1692	Netman - ok
16:22:26.0454 1692	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0486 1692	NetMsmqActivator - ok
16:22:26.0501 1692	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0501 1692	NetPipeActivator - ok
16:22:26.0548 1692	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:22:26.0548 1692	netprofm - ok
16:22:26.0564 1692	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0564 1692	NetTcpActivator - ok
16:22:26.0579 1692	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:22:26.0579 1692	NetTcpPortSharing - ok
16:22:26.0626 1692	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
16:22:26.0626 1692	nfrd960 - ok
16:22:26.0657 1692	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
16:22:26.0673 1692	NlaSvc - ok
16:22:26.0720 1692	Norton PC Checkup Application Launcher - ok
16:22:26.0735 1692	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:22:26.0735 1692	Npfs - ok
16:22:26.0766 1692	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:22:26.0766 1692	nsi - ok
16:22:26.0766 1692	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:22:26.0766 1692	nsiproxy - ok
16:22:26.0860 1692	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
16:22:26.0876 1692	Ntfs - ok
16:22:26.0985 1692	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:22:26.0985 1692	Null - ok
16:22:27.0032 1692	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
16:22:27.0032 1692	nvraid - ok
16:22:27.0047 1692	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
16:22:27.0047 1692	nvstor - ok
16:22:27.0063 1692	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
16:22:27.0063 1692	nv_agp - ok
16:22:27.0203 1692	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:22:27.0203 1692	odserv - ok
16:22:27.0234 1692	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
16:22:27.0250 1692	ohci1394 - ok
16:22:27.0281 1692	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:22:27.0281 1692	ose - ok
16:22:27.0312 1692	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:22:27.0328 1692	p2pimsvc - ok
16:22:27.0344 1692	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:22:27.0344 1692	p2psvc - ok
16:22:27.0375 1692	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
16:22:27.0375 1692	Parport - ok
16:22:27.0422 1692	partmgr         (90061b1acfe8ccaa5345750ffe08d8b8) C:\windows\system32\drivers\partmgr.sys
16:22:27.0422 1692	partmgr - ok
16:22:27.0453 1692	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:22:27.0453 1692	PcaSvc - ok
16:22:27.0484 1692	PCCUJobMgr      (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
16:22:27.0484 1692	PCCUJobMgr - ok
16:22:27.0515 1692	pci             (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
16:22:27.0515 1692	pci - ok
16:22:27.0515 1692	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:22:27.0515 1692	pciide - ok
16:22:27.0562 1692	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
16:22:27.0562 1692	pcmcia - ok
16:22:27.0578 1692	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:22:27.0578 1692	pcw - ok
16:22:27.0609 1692	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:22:27.0624 1692	PEAUTH - ok
16:22:27.0671 1692	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:22:27.0687 1692	PerfHost - ok
16:22:27.0921 1692	PEVSystemStart  (f042ee4c8d66248d9b86dcf52abae416) C:\32788R22FWJFW\pev.3XE
16:22:27.0921 1692	PEVSystemStart - ok
16:22:28.0030 1692	PGEffect        (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
16:22:28.0030 1692	PGEffect - ok
16:22:28.0108 1692	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
16:22:28.0124 1692	pla - ok
16:22:28.0170 1692	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
16:22:28.0170 1692	PlugPlay - ok
16:22:28.0202 1692	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:22:28.0202 1692	PNRPAutoReg - ok
16:22:28.0233 1692	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:22:28.0233 1692	PNRPsvc - ok
16:22:28.0264 1692	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
16:22:28.0280 1692	PolicyAgent - ok
16:22:28.0295 1692	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:22:28.0295 1692	Power - ok
16:22:28.0358 1692	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
16:22:28.0358 1692	PptpMiniport - ok
16:22:28.0389 1692	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
16:22:28.0389 1692	Processor - ok
16:22:28.0420 1692	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
16:22:28.0420 1692	ProfSvc - ok
16:22:28.0467 1692	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:28.0467 1692	ProtectedStorage - ok
16:22:28.0498 1692	Psched          (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
16:22:28.0498 1692	Psched - ok
16:22:28.0529 1692	QIOMem          (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
16:22:28.0529 1692	QIOMem - ok
16:22:28.0623 1692	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
16:22:28.0638 1692	ql2300 - ok
16:22:28.0748 1692	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
16:22:28.0748 1692	ql40xx - ok
16:22:28.0779 1692	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:22:28.0779 1692	QWAVE - ok
16:22:28.0794 1692	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:22:28.0794 1692	QWAVEdrv - ok
16:22:28.0857 1692	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\windows\WindowsMobile\rapimgr.dll
16:22:28.0857 1692	RapiMgr - ok
16:22:28.0872 1692	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:22:28.0872 1692	RasAcd - ok
16:22:28.0904 1692	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:22:28.0904 1692	RasAgileVpn - ok
16:22:28.0935 1692	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:22:28.0935 1692	RasAuto - ok
16:22:28.0950 1692	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
16:22:28.0950 1692	Rasl2tp - ok
16:22:28.0966 1692	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
16:22:28.0982 1692	RasMan - ok
16:22:28.0997 1692	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:22:28.0997 1692	RasPppoe - ok
16:22:29.0013 1692	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:22:29.0013 1692	RasSstp - ok
16:22:29.0028 1692	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
16:22:29.0044 1692	rdbss - ok
16:22:29.0060 1692	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
16:22:29.0060 1692	rdpbus - ok
16:22:29.0091 1692	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:22:29.0091 1692	RDPCDD - ok
16:22:29.0106 1692	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:22:29.0106 1692	RDPENCDD - ok
16:22:29.0122 1692	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:22:29.0122 1692	RDPREFMP - ok
16:22:29.0153 1692	RDPWD           (074ac702d8b8b660b0e1371555995386) C:\windows\system32\drivers\RDPWD.sys
16:22:29.0169 1692	RDPWD - ok
16:22:29.0169 1692	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
16:22:29.0184 1692	rdyboost - ok
16:22:29.0200 1692	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:22:29.0216 1692	RemoteAccess - ok
16:22:29.0247 1692	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:22:29.0247 1692	RemoteRegistry - ok
16:22:29.0262 1692	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:22:29.0262 1692	RpcEptMapper - ok
16:22:29.0278 1692	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:22:29.0278 1692	RpcLocator - ok
16:22:29.0309 1692	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
16:22:29.0309 1692	RpcSs - ok
16:22:29.0340 1692	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:22:29.0340 1692	rspndr - ok
16:22:29.0387 1692	RSUSBSTOR       (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys


----------



## zombine210

here's the rest:


16:22:29.0387 1692	RSUSBSTOR - ok
16:22:29.0465 1692	rtl8192se       (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
16:22:29.0465 1692	rtl8192se - ok
16:22:29.0496 1692	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:29.0512 1692	SamSs - ok
16:22:29.0528 1692	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
16:22:29.0528 1692	sbp2port - ok
16:22:29.0559 1692	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:22:29.0559 1692	SCardSvr - ok
16:22:29.0574 1692	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
16:22:29.0590 1692	scfilter - ok
16:22:29.0652 1692	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
16:22:29.0668 1692	Schedule - ok
16:22:29.0699 1692	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
16:22:29.0699 1692	SCPolicySvc - ok
16:22:29.0730 1692	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
16:22:29.0730 1692	SDRSVC - ok
16:22:29.0777 1692	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:22:29.0777 1692	secdrv - ok
16:22:29.0793 1692	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
16:22:29.0793 1692	seclogon - ok
16:22:29.0808 1692	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
16:22:29.0808 1692	SENS - ok
16:22:29.0824 1692	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:22:29.0824 1692	SensrSvc - ok
16:22:29.0840 1692	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
16:22:29.0840 1692	Serenum - ok
16:22:29.0871 1692	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
16:22:29.0871 1692	Serial - ok
16:22:29.0886 1692	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
16:22:29.0886 1692	sermouse - ok
16:22:29.0918 1692	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
16:22:29.0933 1692	SessionEnv - ok
16:22:29.0949 1692	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
16:22:29.0949 1692	sffdisk - ok
16:22:29.0980 1692	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
16:22:29.0980 1692	sffp_mmc - ok
16:22:29.0996 1692	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
16:22:29.0996 1692	sffp_sd - ok
16:22:30.0011 1692	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
16:22:30.0011 1692	sfloppy - ok
16:22:30.0042 1692	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
16:22:30.0058 1692	ShellHWDetection - ok
16:22:30.0089 1692	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
16:22:30.0089 1692	SiSRaid2 - ok
16:22:30.0105 1692	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
16:22:30.0105 1692	SiSRaid4 - ok
16:22:30.0136 1692	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:22:30.0152 1692	Smb - ok
16:22:30.0198 1692	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:22:30.0198 1692	SNMPTRAP - ok
16:22:30.0230 1692	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:22:30.0230 1692	spldr - ok
16:22:30.0276 1692	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
16:22:30.0276 1692	Spooler - ok
16:22:30.0401 1692	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
16:22:30.0448 1692	sppsvc - ok
16:22:30.0510 1692	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:22:30.0510 1692	sppuinotify - ok
16:22:30.0604 1692	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
16:22:30.0604 1692	srv - ok
16:22:30.0620 1692	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
16:22:30.0620 1692	srv2 - ok
16:22:30.0666 1692	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
16:22:30.0666 1692	srvnet - ok
16:22:30.0713 1692	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:22:30.0713 1692	SSDPSRV - ok
16:22:30.0729 1692	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:22:30.0729 1692	SstpSvc - ok
16:22:30.0744 1692	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
16:22:30.0744 1692	stexstor - ok
16:22:30.0807 1692	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
16:22:30.0807 1692	stisvc - ok
16:22:30.0822 1692	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
16:22:30.0822 1692	swenum - ok
16:22:30.0869 1692	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:22:30.0869 1692	swprv - ok
16:22:30.0932 1692	SynTP           (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
16:22:30.0932 1692	SynTP - ok
16:22:31.0025 1692	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
16:22:31.0041 1692	SysMain - ok
16:22:31.0119 1692	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
16:22:31.0119 1692	TabletInputService - ok
16:22:31.0134 1692	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
16:22:31.0134 1692	TapiSrv - ok
16:22:31.0150 1692	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:22:31.0150 1692	TBS - ok
16:22:31.0290 1692	Tcpip           (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\drivers\tcpip.sys
16:22:31.0306 1692	Tcpip - ok
16:22:31.0524 1692	TCPIP6          (624c5b3aa4c99b3184bb922d9ece3ff0) C:\windows\system32\DRIVERS\tcpip.sys
16:22:31.0524 1692	TCPIP6 - ok
16:22:31.0634 1692	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
16:22:31.0634 1692	tcpipreg - ok
16:22:31.0680 1692	tdcmdpst        (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:22:31.0680 1692	tdcmdpst - ok
16:22:31.0696 1692	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:22:31.0696 1692	TDPIPE - ok
16:22:31.0727 1692	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\windows\system32\drivers\tdtcp.sys
16:22:31.0727 1692	TDTCP - ok
16:22:31.0743 1692	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
16:22:31.0743 1692	tdx - ok
16:22:31.0758 1692	TermDD          (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
16:22:31.0758 1692	TermDD - ok
16:22:31.0805 1692	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
16:22:31.0821 1692	TermService - ok
16:22:31.0836 1692	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:22:31.0836 1692	Themes - ok
16:22:31.0868 1692	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:22:31.0868 1692	THREADORDER - ok
16:22:31.0946 1692	TMachInfo       (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:22:31.0946 1692	TMachInfo - ok
16:22:31.0992 1692	TODDSrv         (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
16:22:31.0992 1692	TODDSrv - ok
16:22:32.0070 1692	TosCoSrv        (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:22:32.0070 1692	TosCoSrv - ok
16:22:32.0117 1692	TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:22:32.0117 1692	TOSHIBA eco Utility Service - ok
16:22:32.0180 1692	TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:22:32.0180 1692	TOSHIBA HDD SSD Alert Service - ok
16:22:32.0258 1692	TPCHSrv         (570080ad1278381b066848ffe72973cd) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:22:32.0273 1692	TPCHSrv - ok
16:22:32.0351 1692	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:22:32.0351 1692	TrkWks - ok
16:22:32.0382 1692	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
16:22:32.0382 1692	TrustedInstaller - ok
16:22:32.0445 1692	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
16:22:32.0445 1692	tssecsrv - ok
16:22:32.0460 1692	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
16:22:32.0460 1692	tunnel - ok
16:22:32.0507 1692	TVALZ           (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:22:32.0507 1692	TVALZ - ok
16:22:32.0523 1692	TVALZFL         (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:22:32.0523 1692	TVALZFL - ok
16:22:32.0538 1692	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
16:22:32.0538 1692	uagp35 - ok
16:22:32.0570 1692	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
16:22:32.0570 1692	udfs - ok
16:22:32.0601 1692	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:22:32.0601 1692	UI0Detect - ok
16:22:32.0601 1692	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
16:22:32.0601 1692	uliagpkx - ok
16:22:32.0632 1692	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
16:22:32.0632 1692	umbus - ok
16:22:32.0648 1692	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
16:22:32.0648 1692	UmPass - ok
16:22:32.0679 1692	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:22:32.0679 1692	upnphost - ok
16:22:32.0710 1692	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
16:22:32.0710 1692	USBAAPL64 - ok
16:22:32.0741 1692	usbccgp         (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
16:22:32.0741 1692	usbccgp - ok
16:22:32.0772 1692	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
16:22:32.0772 1692	usbcir - ok
16:22:32.0804 1692	usbehci         (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
16:22:32.0804 1692	usbehci - ok
16:22:32.0835 1692	usbhub          (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
16:22:32.0835 1692	usbhub - ok
16:22:32.0866 1692	usbohci         (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
16:22:32.0866 1692	usbohci - ok
16:22:32.0897 1692	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
16:22:32.0897 1692	usbprint - ok
16:22:32.0928 1692	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:22:32.0928 1692	USBSTOR - ok
16:22:32.0960 1692	usbuhci         (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\DRIVERS\usbuhci.sys
16:22:32.0960 1692	usbuhci - ok
16:22:33.0006 1692	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
16:22:33.0022 1692	usbvideo - ok
16:22:33.0053 1692	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
16:22:33.0053 1692	usb_rndisx - ok
16:22:33.0069 1692	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:22:33.0084 1692	UxSms - ok
16:22:33.0116 1692	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
16:22:33.0116 1692	VaultSvc - ok
16:22:33.0147 1692	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
16:22:33.0147 1692	vdrvroot - ok
16:22:33.0162 1692	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
16:22:33.0178 1692	vds - ok
16:22:33.0194 1692	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:22:33.0194 1692	vga - ok
16:22:33.0209 1692	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:22:33.0209 1692	VgaSave - ok
16:22:33.0240 1692	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
16:22:33.0240 1692	vhdmp - ok
16:22:33.0240 1692	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
16:22:33.0240 1692	viaide - ok
16:22:33.0272 1692	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
16:22:33.0272 1692	volmgr - ok
16:22:33.0303 1692	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
16:22:33.0303 1692	volmgrx - ok
16:22:33.0318 1692	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
16:22:33.0318 1692	volsnap - ok
16:22:33.0365 1692	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
16:22:33.0365 1692	vsmraid - ok
16:22:33.0428 1692	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
16:22:33.0459 1692	VSS - ok
16:22:33.0568 1692	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:22:33.0568 1692	vwifibus - ok
16:22:33.0584 1692	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:22:33.0584 1692	vwififlt - ok
16:22:33.0615 1692	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
16:22:33.0615 1692	vwifimp - ok
16:22:33.0646 1692	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:22:33.0646 1692	W32Time - ok
16:22:33.0677 1692	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
16:22:33.0677 1692	WacomPen - ok
16:22:33.0693 1692	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
16:22:33.0693 1692	WANARP - ok
16:22:33.0708 1692	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
16:22:33.0708 1692	Wanarpv6 - ok
16:22:33.0786 1692	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:22:33.0802 1692	WatAdminSvc - ok
16:22:33.0880 1692	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
16:22:33.0896 1692	wbengine - ok
16:22:33.0974 1692	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:22:33.0974 1692	WbioSrvc - ok
16:22:34.0052 1692	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\windows\WindowsMobile\wcescomm.dll
16:22:34.0052 1692	WcesComm - ok
16:22:34.0098 1692	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
16:22:34.0114 1692	wcncsvc - ok
16:22:34.0130 1692	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:22:34.0130 1692	WcsPlugInService - ok
16:22:34.0176 1692	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
16:22:34.0176 1692	Wd - ok
16:22:34.0208 1692	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:22:34.0223 1692	Wdf01000 - ok
16:22:34.0254 1692	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:22:34.0254 1692	WdiServiceHost - ok
16:22:34.0254 1692	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:22:34.0254 1692	WdiSystemHost - ok
16:22:34.0301 1692	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
16:22:34.0301 1692	WebClient - ok
16:22:34.0317 1692	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:22:34.0317 1692	Wecsvc - ok
16:22:34.0348 1692	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:22:34.0348 1692	wercplsupport - ok
16:22:34.0364 1692	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:22:34.0364 1692	WerSvc - ok
16:22:34.0410 1692	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:22:34.0410 1692	WfpLwf - ok
16:22:34.0426 1692	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:22:34.0426 1692	WIMMount - ok
16:22:34.0488 1692	WinDefend - ok
16:22:34.0504 1692	WinHttpAutoProxySvc - ok
16:22:34.0566 1692	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:22:34.0566 1692	Winmgmt - ok
16:22:34.0660 1692	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
16:22:34.0676 1692	WinRM - ok
16:22:34.0816 1692	WINUSB          (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUSB.SYS
16:22:34.0816 1692	WINUSB - ok
16:22:34.0878 1692	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:22:34.0878 1692	Wlansvc - ok
16:22:34.0925 1692	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
16:22:34.0925 1692	WmiAcpi - ok
16:22:34.0972 1692	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:22:34.0972 1692	wmiApSrv - ok
16:22:35.0019 1692	WMPNetworkSvc - ok
16:22:35.0066 1692	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:22:35.0066 1692	WPCSvc - ok
16:22:35.0081 1692	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
16:22:35.0081 1692	WPDBusEnum - ok
16:22:35.0112 1692	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:22:35.0112 1692	ws2ifsl - ok
16:22:35.0159 1692	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
16:22:35.0159 1692	wscsvc - ok
16:22:35.0159 1692	WSearch - ok
16:22:35.0284 1692	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
16:22:35.0315 1692	wuauserv - ok
16:22:35.0424 1692	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
16:22:35.0424 1692	WudfPf - ok
16:22:35.0440 1692	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
16:22:35.0440 1692	wudfsvc - ok
16:22:35.0456 1692	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:22:35.0456 1692	WwanSvc - ok
16:22:35.0502 1692	MBR (0x1B8)     (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:22:35.0565 1692	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:22:35.0565 1692	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:22:35.0565 1692	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
16:22:38.0076 1692	\Device\Harddisk1\DR1 - ok
16:22:38.0108 1692	Boot (0x1200)   (aff6170ddc74f7884e1370d55838cbbd) \Device\Harddisk0\DR0\Partition0
16:22:38.0108 1692	\Device\Harddisk0\DR0\Partition0 - ok
16:22:38.0108 1692	Boot (0x1200)   (ee682a07cb4b451dfffa107642164c6f) \Device\Harddisk1\DR1\Partition0
16:22:38.0108 1692	\Device\Harddisk1\DR1\Partition0 - ok
16:22:38.0108 1692	============================================================
16:22:38.0108 1692	Scan finished
16:22:38.0108 1692	============================================================
16:22:38.0123 1684	Detected object count: 1
16:22:38.0123 1684	Actual detected object count: 1
16:29:30.0775 1684	\Device\Harddisk0\DR0\# - copied to quarantine
16:29:30.0775 1684	\Device\Harddisk0\DR0 - copied to quarantine
16:29:30.0822 1684	\Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:29:30.0822 1684	\Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:29:30.0837 1684	\Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:29:30.0837 1684	\Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:29:30.0837 1684	\Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:29:30.0837 1684	\Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:29:30.0837 1684	\Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:29:30.0837 1684	\Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:29:30.0853 1684	\Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:29:30.0853 1684	\Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:29:30.0853 1684	\Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:29:30.0853 1684	\Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:29:30.0900 1684	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:29:30.0900 1684	\Device\Harddisk0\DR0 - ok
16:29:31.0103 1684	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 
16:29:48.0013 1660	Deinitialize success


and the eset log:

C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0000.dta	a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0001.dta	Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0002.dta	Win32/Olmarik.AWO trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0003.dta	Win64/Olmarik.AK trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0007.dta	Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0008.dta	Win64/Olmarik.AK trojan
C:\Users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll	a variant of Win32/Kryptik.AFTW trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n	Win64/Sirefef.W trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\L\80000032.@	probably a variant of Win32/Sirefef.EU trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@	Win64/Sirefef.AE trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@	probably a variant of Win32/Sirefef.EU trojan
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@	Win64/Sirefef.AE trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n	Win64/Sirefef.W trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@	Win64/Agent.BA trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@	Win64/Sirefef.AE trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@	probably a variant of Win32/Sirefef.EU trojan
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@	Win64/Sirefef.AE trojan
Operating memory	multiple threats


----------



## johnb35

Ok, you should be able to run combofix now...hopefully.  Please try doing so and post the logfile if it completes.

Also, please do not put your logs inside Code tags as it makes it hard to read the logs.


----------



## zombine210

johnb35 said:


> Ok, you should be able to run combofix now...hopefully.  Please try doing so and post the logfile if it completes.
> 
> Also, please do not put your logs inside Code tags as it makes it hard to read the logs.



ok. so the flash player updater pops up continuously, i have about 4 of the same windows open.

combofix runs, but does just closes out. i do not see any of the other windows you posted before.


----------



## johnb35

zombine210 said:


> i have about 4 of the same windows open.
> 
> i do not see any of the other windows you posted before.



Please explain what you are talking about here.  Have you tried running combofix again in safe mode after rebooting the machine?

Manually delete these files/folders.  You will need to enable hidden files and folders to be able to see these.

C:\Users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n 
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\L\80000032.@
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@ 
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@ 
C:\Users\Diana\AppData\Local\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@ 
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\n 
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\00000008.@ 
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000000.@ 
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000032.@ 
C:\Windows\Installer\{e9bd3301-3f4e-7baf-68bc-12c3dfcc38d3}\U\80000064.@


----------



## zombine210

ok, i was able to run combofix successfully.
the machine has not blue screened lately and is running in normal mode.

ComboFix 12-06-08.02 - Diana 06/09/2012  21:17:01.1.2 - x64 MINIMAL
Running from: c:\users\Diana\Desktop\ComboFix.exe
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\users\Diana\GoToAssistDownloadHelper.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\svchost.exe
c:\windows\system32\Thumbs.db
.
.
(((((((((((((((((((((((((   Files Created from 2012-05-10 to 2012-06-10  )))))))))))))))))))))))))))))))
.
.
2012-06-10 02:22 . 2012-06-10 02:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-09 04:21 . 2012-06-09 04:21	--------	d-----w-	c:\programdata\McAfee
2012-06-09 04:20 . 2012-06-09 04:20	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2012-06-08 21:25 . 2012-06-08 21:25	--------	d-----w-	c:\users\Diana\AppData\Roaming\Malwarebytes
2012-06-08 21:25 . 2012-06-08 21:25	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-08 21:25 . 2012-04-04 20:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-08 21:25 . 2012-06-08 21:25	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-25 02:20 . 2012-05-25 02:20	163048	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-12 18:51 . 2012-05-12 18:51	--------	d-----w-	c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-02 05:34 . 2012-05-10 20:57	5504880	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-02 04:46 . 2012-05-10 20:57	3958128	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-04-02 04:46 . 2012-05-10 20:57	3902320	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-04-02 03:01 . 2012-05-10 20:57	3143680	----a-w-	c:\windows\system32\win32k.sys
2012-03-30 11:09 . 2012-05-10 20:57	1895280	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-03-17 07:55 . 2012-05-10 20:57	75632	----a-w-	c:\windows\system32\drivers\partmgr.sys
2012-03-16 13:59 . 2012-03-16 13:59	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 13:59 . 2012-03-16 13:59	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-03-16 13:59 . 2012-03-16 13:59	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 13:59 . 2012-03-16 13:59	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 13:59 . 2012-03-16 13:59	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-03-16 13:59 . 2012-03-16 13:59	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-03-16 13:59 . 2012-03-16 13:59	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-03-16 13:59 . 2012-03-16 13:59	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-03-16 13:59 . 2012-03-16 13:59	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-03-16 13:59 . 2012-03-16 13:59	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-03-16 13:59 . 2012-03-16 13:59	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-03-16 13:59 . 2012-03-16 13:59	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-03-16 13:59 . 2012-03-16 13:59	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-03-16 13:59 . 2012-03-16 13:59	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-03-16 13:59 . 2012-03-16 13:59	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-03-16 13:59 . 2012-03-16 13:59	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 13:59 . 2012-03-16 13:59	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-03-16 13:59 . 2012-03-16 13:59	222208	----a-w-	c:\windows\system32\msls31.dll
2012-03-16 13:59 . 2012-03-16 13:59	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-03-16 13:59 . 2012-03-16 13:59	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 13:59 . 2012-03-16 13:59	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-03-16 13:59 . 2012-03-16 13:59	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-03-16 13:59 . 2012-03-16 13:59	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-16 13:59 . 2012-03-16 13:59	448512	----a-w-	c:\windows\system32\html.iec
2012-03-16 13:59 . 2012-03-16 13:59	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-16 13:59 . 2012-03-16 13:59	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-16 13:59 . 2012-03-16 13:59	12288	----a-w-	c:\windows\system32\mshta.exe
2012-03-16 13:59 . 2012-03-16 13:59	114176	----a-w-	c:\windows\system32\admparse.dll
2012-03-16 13:59 . 2012-03-16 13:59	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-16 13:59 . 2012-03-16 13:59	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-03-16 13:59 . 2012-03-16 13:59	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-03-16 13:59 . 2012-03-16 13:59	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-16 13:59 . 2012-03-16 13:59	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-03-16 13:59 . 2012-03-16 13:59	160256	----a-w-	c:\windows\system32\wextract.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 21:31	1514152	----a-w-	c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 0262681339213887mcinstcleanup;McAfee Application Installer Cleanup (0262681339213887);c:\users\Diana\AppData\Local\Temp\026268~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-03-31 835952]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-12-06 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 01:17]
.
2012-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-28 01:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-TOSHIBA - c:\users\Diana\AppData\Local\TOSHIBA\dpkkinxd.dll
Wow6432Node-HKLM-Run-Easy Dock - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-reaps - c:\users\Diana\AppData\Local\Temp\reaps.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-06-09  21:29:43 - machine was rebooted
ComboFix-quarantined-files.txt  2012-06-10 02:29
.
Pre-Run: 252,575,739,904 bytes free
Post-Run: 252,406,636,544 bytes free
.
- - End Of File - - A8CA41A652236F297FF6CC6E612875A2


----------



## zombine210

i also deleted the folders you mentioned and ran hijackthis again

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:31:03 PM, on 6/9/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Users\Diana\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-21-1334461615-2743005552-1439053795-1001\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: McAfee Application Installer Cleanup (0262681339213887) (0262681339213887mcinstcleanup) - Unknown owner - C:\Users\Diana\AppData\Local\Temp\026268~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10590 bytes


----------



## johnb35

Good.  Now, I need you to post a log that combofix created but didn't show you.  Please navigate to C:\Qoobox and in that folder will be a file named add-remove programs.txt  Open that file and copy and paste the contents back here.


----------



## zombine210

add-remove programs log:


Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.2)
Amazon Links
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 2 Deluxe
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Escape Rosecliff Island
ESET Online Scanner v3
FATE - The Traitor Soul
Garmin Lifetime Updater
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 20
Jewel Quest 3
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
Penguins!
Polar Bowler
Quickbooks Financial Center
RCA Detective™ 3.0.3.0
RCA easyRip 2.5.7.0
RCA Updater 2.1.7.0
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition 
Skype Launcher
The Weather Channel App
The Weather Channel Toolbar
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Watchtower Library 2009 - English
Watchtower Library 2010 - English
Watchtower Library 2011 - English
WildTangent Games
WildTangent ORB Game Console
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Zuma's Revenge


----------



## johnb35

Uninstall the following programs.

Adobe Flash Player 10 ActiveX
Ask Toolbar
Ask Toolbar Updater
Coupon Printer for Windows
Java Auto Updater
Java(TM) 6 Update 20

Then update flash player and java from these links.

http://get.adobe.com/flashplayer/?promoid=BUIGP

http://www.java.com/en/download/ie_manual.jsp?locale=en

I also need you to rerun both of the removal tools again(norton and mcafee)  There are still remnants on your system.  

Then do another full scan of malwarebytes so we can make sure your clean.  Then post its log along with a new hijackthis log.

I would then install either AVAST or MSE for your virus program.


----------



## zombine210

thanks for your help sir.
here's malwarebytes log:
i removed that one item, seems like a remnant from tdsskiller

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.08.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Diana :: DIANA-PC [administrator]

6/9/2012 11:32:31 PM
mbam-log-2012-06-09 (23-32-31).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372696
Time elapsed: 39 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\TDSSKiller_Quarantine\09.06.2012_16.22.11\mbr0000\tdlfs0000\tsk0000.dta (Trojan.Agent.CR) -> Quarantined and deleted successfully.

(end)


and hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:16:20 AM, on 6/10/2012
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
E:\tools\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: McAfee Application Installer Cleanup (0262681339213887) (0262681339213887mcinstcleanup) - Unknown owner - C:\Users\Diana\AppData\Local\Temp\026268~1.EXE (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Unknown owner - C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Toshiba Laptop Checkup Application Launcher (Norton PC Checkup Application Launcher) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
O23 - Service: Common Client Job Manager Service (PCCUJobMgr) - Symantec Corporation - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10364 bytes


----------



## johnb35

It looks like you still have norton pc checkup installed and running.

Running processes:
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe


Look to see if norton pc checkup is listing in your start menu programs and see if there is a uninstall entry in its menu.  If not, you may have to download and run revo uninstaller.  From what I've searched, their removal tool won't get rid of this.  

Also, click on start, type services.msc in the search box and hit enter.  Find McAfee Application Installer Cleanup and change the startup type to disabled if it appears in the list.


----------



## zombine210

don't see anything related to norton in programs menu or using revo. i know this toshiba has an application to check for issues, do you think that's what this is?

using hunter mode on the exe file reports no installation package found!

can i stop the process and manually delete the folder??

* ok, it is listed as Toshiba laptop checkup application launcher. it's part of a whole suite of bloatware that came with the laptop. can we leave it?


----------



## zombine210

ok, so the laptop looks good except at boot, i get the following error:

there was a problem starting
C:\Users\Diana\AppData\Local\Temp\reaps.dll

the specified module could not be found.

can i remove this using ccleaner??

* it's listed in startup list as steamapi_restartappifnecessary
unknown mnft. online search indicates something to do with megaupload

i simply unchecked it and will run ccleaner again.


----------



## johnb35

So is everything figured out now?  Its very possible the norton pc checkup could be included with the toshiba utilities.


----------



## zombine210

yes, everything looks good.
i freaked a little at first because as soon as i tried to do anything, it would blue screen.
but it's stable and running pretty good now.

thanks for all your help


----------

