Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trogan:JS/medfos.b


  • This topic is locked This topic is locked
26 replies to this topic

#1 Bpaka

Bpaka

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 29 November 2012 - 06:57 PM

Both MS Security Essentials and MS Safety Scanner (msert.exe)have failed to completely remove trogan:js/medfos.b. Both MS Security Essentials and MS Safety Scanner are up to date and the latest definitions have been installed. Security essentials catches the trogan:js/medfos.b every few minutes and quarantines it but neither program completely removes it and it just keeps returning. MS Safety indicates that it found the file but only partially removed it. What should I do next?
Thanks for your help.
Bpaka

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 30 November 2012 - 07:37 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Bpaka

Bpaka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 30 November 2012 - 03:21 PM

Gringo,
Thanks for helping me with this problem.I have downloaded DeFoger and run it and did not re-enable the drivers. DeFoger did not ask me to reboot.
I have run Security check but it would not download to the desktop. A message said it might damage my computer so I had to force it to run anyway trusting your advice. Following is the contents of the Checkup.txt file

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 14
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

I will continue with your instructions to download DDS next.
I am completely new to thin kind of help so I ask for your patients. I was unable to find the watch topics button to select Immediate notification. I will keep a close watch for your next reply.
Bpaka

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 30 November 2012 - 03:25 PM

right above your first post you will see three buttons "watch topic" is one of them
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Bpaka

Bpaka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 30 November 2012 - 03:46 PM

Gringo,
Here are the other two files, DDS.txt and Attach.txt.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2009 7:00:54 PM
System Uptime: 11/30/2012 3:43:15 AM (9 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™2 Duo CPU T6600 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 373.479 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP486: 11/13/2012 5:39:19 PM - Windows Modules Installer
RP487: 11/14/2012 6:00:14 AM - Windows Update
RP488: 11/14/2012 4:25:59 PM - Windows Update
RP489: 11/19/2012 3:20:08 AM - Windows Update
RP490: 11/22/2012 5:08:06 AM - Windows Update
RP491: 11/25/2012 1:41:32 PM - Windows Update
RP492: 11/28/2012 1:12:58 PM - Windows Update
RP493: 11/28/2012 5:02:17 PM - DCInstallRestorePoint
.
==== Installed Programs ======================
.
2600
2600_Help
2600Trb
64 Bit HP CIO Components Installer
Adobe Flash Player 11 ActiveX
Adobe Reader 9.5.2
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
BufferChm
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
Compatibility Pack for the 2007 Office system
Copy
D3DX10
Destinations
DeviceDiscovery
Direct DiscRecorder
DocProc
Dolby Control Center
DVD MovieFactory for TOSHIBA
e-Sword
Fax
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
HitmanPro 3.6
HP Imaging Device Functions 13.0
HP Photosmart Essential 3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
HP Product Detection
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Update
HPDiagnosticAlert
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iSEEK AnswerWorks English Runtime
Java™ 6 Update 14
Junk Mail filter update
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Interactive Training
Microsoft Mouse and Keyboard Center
Microsoft Office Live Add-in 1.5
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Works
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyToshiba
NetWaiting
Network64
NetZero Launcher
OCR Software by I.R.I.S. 13.0
PhotoScape
PlayReady PC Runtime amd64
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.06.03.02
Scan
Scrabble v2.0
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Launcher
SmartWebPrinting
SolutionCenter
Status
Synaptics Pointing Device Driver
Toolbox
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
TOSHIBA PC Health Monitor
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
TrayApp
TurboTax 2009
TurboTax 2009 widiper
TurboTax 2009 WinPerFedFormset
TurboTax 2009 WinPerReleaseEngine
TurboTax 2009 WinPerTaxSupport
TurboTax 2009 wrapper
TurboTax 2010
TurboTax 2010 widiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 widiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
Uniblue RegistryBooster
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Verizon Wireless AC30 Firmware Updates
VZAccess Manager
WebReg
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WM Owners Credit Manager
ZTE USB Drivers
.
==== Event Viewer Messages From Past Week ========
.
11/30/2012 6:31:03 AM, Error: AX88772 [17] -
11/30/2012 3:45:31 AM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/30/2012 3:44:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/27/2012 5:02:01 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.515.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/26/2012 8:19:46 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
11/26/2012 8:19:46 AM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/26/2012 8:19:12 AM, Error: Service Control Manager [7022] - The Intuit Update Service service hung on starting.
11/26/2012 4:07:45 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.407.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/25/2012 2:10:19 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.407.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/24/2012 4:30:46 PM, Error: Schannel [36887] - The following fatal alert was received: 80.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16438
Run by Len at 12:26:14 on 2012-11-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2416 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\rundll32.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\WUDFHost.exe
C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\windows\splwow64.exe
C:\Users\Len\Desktop\Defogger.exe
C:\Users\Len\Desktop\SecurityCheck.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\notepad.exe
C:\windows\System32\MsSpellCheckingFacility.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://forecast.weather.gov/MapClick.php?lat=47.81638223710274&lon=-116.70690536499023&site=otx&unit=0&lg=en&FcstType=text
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = userinit.exe
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [MyTOSHIBA] "C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" /AUTO
uRun: [{87B37C7E-4256-5697-65B9-78FF82CC321B}] C:\Users\Len\AppData\Roaming\Ries\ilheh.exe
mRun: [TUSBSleepChargeSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [CnxtCoInstallerDefer] C:\Program Files (x86)\CONEXANT\SETUP4B22818E1D8\SETUP\setup.exe -REBOOTED_FROM_NO_ENUM_INSTALL -S
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://oas.support.microsoft.com/ActiveX/MSDcode.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: Interfaces\{15C96214-3BDE-407A-8F17-54725E623A89} : NameServer = 198.224.167.135 198.224.166.135
TCP: Interfaces\{3476E306-6138-4C5B-AD77-060DA599E811} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3476E306-6138-4C5B-AD77-060DA599E811}\14364796F6E6E45647043524D22565051627B6 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{3476E306-6138-4C5B-AD77-060DA599E811}\35570756270283 : DHCPNameServer = 69.145.248.50 69.145.232.4
TCP: Interfaces\{3476E306-6138-4C5B-AD77-060DA599E811}\35570756278302140233 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{3476E306-6138-4C5B-AD77-060DA599E811}\4416973794E6E6F573 : DHCPNameServer = 24.159.193.40 68.115.71.53
TCP: Interfaces\{3476E306-6138-4C5B-AD77-060DA599E811}\8414954454E402C49424251425950223 : DHCPNameServer = 10.200.101.1
TCP: Interfaces\{3476E306-6138-4C5B-AD77-060DA599E811}\D41637F6E6E4564777F627B6 : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [mdctf] "C:\windows\System32\rundll32.exe" "C:\Users\Len\AppData\Roaming\mdctf.dll",NullImporter_Type
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-10-28 482384]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-11-29 108904]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 rimspci;rimspci;C:\windows\System32\drivers\rimspe64.sys [2009-10-28 60416]
R2 risdpcie;risdpcie;C:\windows\System32\drivers\risdpe64.sys [2009-10-28 81408]
R2 rixdpcie;rixdpcie;C:\windows\System32\drivers\rixdpe64.sys [2009-10-28 55808]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2009-10-28 9216]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\System32\drivers\IntcHdmi.sys [2009-7-10 139264]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2009-10-28 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-28 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
R3 ZTEusbgps;ZTE GPS Port;C:\windows\System32\drivers\ZTEusbgps.sys [2011-3-23 121344]
R3 ZTEusbnmeaext;ZTE NMEAExt Port;C:\windows\System32\drivers\ZTEusbnmeaext.sys [2011-3-23 121344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-4-14 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 massfilter;Mass Storage Filter Driver;C:\windows\System32\drivers\massfilter.sys [2011-3-23 11776]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-3-9 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-30 12:01:30 76232 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EACB2B11-19FF-4B6A-A4BC-F8B2A5931869}\offreg.dll
2012-11-30 11:58:48 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EACB2B11-19FF-4B6A-A4BC-F8B2A5931869}\mpengine.dll
2012-11-30 11:47:37 -------- d-----w- C:\Users\Len\AppData\Local\{7BED9FDF-A384-4C8F-9961-7A1EF6FE92B3}
2012-11-29 23:11:55 -------- d-----w- C:\Users\Len\AppData\Local\{14C8B5E1-31D0-491A-9157-4FDAF3AEFC5E}
2012-11-29 19:16:11 12872 ----a-w- C:\windows\System32\bootdelete.exe
2012-11-29 18:57:32 -------- d-----w- C:\Program Files\HitmanPro
2012-11-29 18:55:09 -------- d-----w- C:\ProgramData\HitmanPro
2012-11-29 11:11:34 -------- d-----w- C:\Users\Len\AppData\Local\{90E58841-A366-4492-A6CC-735C9E6D1867}
2012-11-29 01:02:43 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2012-11-28 22:02:24 972264 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{81A28F3B-2637-4637-A0E7-6E175FE5A728}\gapaengine.dll
2012-11-28 22:02:10 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 21:07:34 340992 ----a-w- C:\windows\System32\schannel.dll
2012-11-28 21:07:34 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2012-11-28 21:07:33 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-11-28 21:07:33 458712 ----a-w- C:\windows\System32\drivers\cng.sys
2012-11-28 21:07:33 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-11-28 21:07:33 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-11-28 21:07:33 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-11-28 21:07:33 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-11-28 21:07:33 1448448 ----a-w- C:\windows\System32\lsasrv.dll
2012-11-28 19:30:04 -------- d-----w- C:\Users\Len\AppData\Local\{FB285190-1B20-4D45-A0F9-705FF2E543EA}
2012-11-28 02:47:07 -------- d-----w- C:\Users\Len\AppData\Local\{381A06E3-ABC1-46D0-A74D-E3DFD5CECBFB}
2012-11-27 04:26:41 -------- d-----w- C:\Users\Len\AppData\Local\{B12DDCFD-7191-4092-925D-84B85A150CC6}
2012-11-26 16:26:08 -------- d-----w- C:\Users\Len\AppData\Local\{4482D30D-9E44-4A99-B6F8-DC5AAB640E32}
2012-11-25 22:06:49 -------- d-----w- C:\Users\Len\AppData\Local\{BF5E9414-E20F-41D0-B467-64242E71ABE9}
2012-11-25 12:33:45 -------- d-----w- C:\Users\Len\AppData\Local\{E56670E1-08C2-4EE3-9790-A384364FD032}
2012-11-25 00:33:03 -------- d-----w- C:\Users\Len\AppData\Local\{4B3849DE-0416-4C32-9A17-394B1262182F}
2012-11-24 12:15:22 -------- d-----w- C:\Users\Len\AppData\Local\{CAC8E240-EFE2-4F50-8E42-C61F8A8FE7A3}
2012-11-23 22:03:37 -------- d-----w- C:\Users\Len\AppData\Local\{D166361A-71DC-49B5-971B-E2593A65064C}
2012-11-23 14:50:00 -------- d-----w- C:\Users\Len\AppData\Local\{438E9F69-8DFA-4A38-B276-41BFFBBE13C7}
2012-11-23 02:49:44 -------- d-----w- C:\Users\Len\AppData\Local\{A4E72BA7-AE0E-4E7E-92CD-203CD7425461}
2012-11-22 13:00:38 -------- d-----w- C:\Users\Len\AppData\Local\{F5396FC9-2A0F-46D6-A2F3-27A6BA31946C}
2012-11-21 23:55:50 -------- d-----w- C:\Users\Len\AppData\Local\{16CF4626-24ED-477E-A1CD-652A5F0EA7A8}
2012-11-21 11:55:45 -------- d-----w- C:\Users\Len\AppData\Local\{C10C1EB2-F349-45AE-847B-28B0E8889C15}
2012-11-21 02:09:57 -------- d-----w- C:\Users\Len\AppData\Local\{7EC093E5-B1E6-4D9B-9DA4-F281FA80D4D3}
2012-11-20 14:09:57 -------- d-----w- C:\Users\Len\AppData\Local\{F0A0FB88-5714-4506-B35F-0A5EB434DCC2}
2012-11-20 02:09:26 -------- d-----w- C:\Users\Len\AppData\Local\{EED21B27-B862-4704-BA6C-A97CA4601859}
2012-11-19 14:35:55 -------- d-----w- C:\Users\Len\AppData\Local\{370545A0-43CF-4CB9-BDE4-3E4D47241A4B}
2012-11-19 02:35:35 -------- d-----w- C:\Users\Len\AppData\Local\{91783232-C464-4FDB-A7B0-24F6DB9DCA4D}
2012-11-18 14:37:52 -------- d-----w- C:\Users\Len\AppData\Local\{68FC0AE0-D52B-4E80-BC74-21A7101665E7}
2012-11-18 02:37:23 -------- d-----w- C:\Users\Len\AppData\Local\{244756FD-9D91-40D4-9687-1D84F688E6A8}
2012-11-17 12:35:56 510976 ----a-w- C:\Users\Len\AppData\Roaming\mdctf.dll
2012-11-17 11:58:46 -------- d-----w- C:\Users\Len\AppData\Local\{90E96114-6E6B-4638-92B5-350E8F9BCC10}
2012-11-17 01:10:51 -------- d-----w- C:\Users\Len\AppData\Local\{2D07DB2B-30AD-4CD0-A609-77AB30FBB2C5}
2012-11-16 13:10:46 -------- d-----w- C:\Users\Len\AppData\Local\{923FAB92-B945-4F87-9718-56B5D18AA956}
2012-11-15 17:15:30 -------- d-----w- C:\Users\Len\AppData\Local\{D76DEB7C-2117-4A79-975C-C5CCF3FBE51D}
2012-11-15 05:15:12 -------- d-----w- C:\Users\Len\AppData\Local\{BBB6197C-E6CB-42A1-A838-2B36853879EE}
2012-11-15 02:04:15 -------- d-----w- C:\Users\Len\AppData\Local\{B3EEC5C8-286A-44BF-83C2-8673FE52D4D2}
2012-11-15 00:38:38 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 00:38:37 9728 ----a-w- C:\windows\System32\Wdfres.dll
2012-11-15 00:38:37 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2012-11-15 00:38:37 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys
2012-11-14 20:33:22 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll
2012-11-14 20:33:22 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 20:33:22 226816 ----a-w- C:\windows\System32\dhcpcore6.dll
2012-11-14 20:33:22 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll
2012-11-14 20:33:13 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-14 20:00:41 569344 ----a-w- C:\windows\System32\iphlpsvc.dll
2012-11-14 20:00:41 52224 ----a-w- C:\windows\SysWow64\nlaapi.dll
2012-11-14 20:00:41 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys
2012-11-14 20:00:41 303104 ----a-w- C:\windows\System32\nlasvc.dll
2012-11-14 20:00:41 246272 ----a-w- C:\windows\System32\netcorehc.dll
2012-11-14 20:00:41 216576 ----a-w- C:\windows\System32\ncsi.dll
2012-11-14 20:00:41 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-11-14 20:00:41 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll
2012-11-14 20:00:41 156672 ----a-w- C:\windows\SysWow64\ncsi.dll
2012-11-14 20:00:40 70656 ----a-w- C:\windows\System32\nlaapi.dll
2012-11-14 20:00:40 18944 ----a-w- C:\windows\SysWow64\netevent.dll
2012-11-14 20:00:40 18944 ----a-w- C:\windows\System32\netevent.dll
2012-11-14 19:36:19 95744 ----a-w- C:\windows\System32\synceng.dll
2012-11-14 19:36:19 78336 ----a-w- C:\windows\SysWow64\synceng.dll
2012-11-14 14:20:59 -------- d-----w- C:\Users\Len\AppData\Local\{B3188528-4C42-4509-9EF3-99C9674C435A}
2012-11-14 14:00:40 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys
2012-11-14 14:00:40 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys
2012-11-14 14:00:38 84992 ----a-w- C:\windows\System32\WUDFSvc.dll
2012-11-14 14:00:38 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll
2012-11-14 14:00:33 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll
2012-11-14 14:00:32 744448 ----a-w- C:\windows\System32\WUDFx.dll
2012-11-14 14:00:32 229888 ----a-w- C:\windows\System32\WUDFHost.exe
2012-11-14 13:11:38 -------- d-----w- C:\Users\Len\AppData\Local\{EC9A4220-D792-43DA-B27A-BBBCE4620573}
2012-11-14 01:40:26 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-14 01:11:22 -------- d-----w- C:\Users\Len\AppData\Local\{E02D1141-F4BB-4A72-8474-4473107C45BF}
2012-11-13 13:11:06 -------- d-----w- C:\Users\Len\AppData\Local\{60A20929-3E97-40B6-824F-7A45534145F0}
2012-11-13 12:16:36 -------- d-----w- C:\Users\Len\AppData\Local\{E775C51C-B250-44E8-96CA-DB0F6B52D2B3}
2012-11-13 00:16:13 -------- d-----w- C:\Users\Len\AppData\Local\{D2B721AF-BC8E-462E-93A1-0AD2BBD8900A}
2012-11-12 12:15:18 -------- d-----w- C:\Users\Len\AppData\Local\{6C8D9C0A-2802-42BE-B76E-123766A970AD}
2012-11-11 23:56:02 -------- d-----w- C:\Users\Len\AppData\Local\{5C562081-7DCF-47BC-B569-2F35E483688B}
2012-11-11 11:55:57 -------- d-----w- C:\Users\Len\AppData\Local\{02912607-095E-4003-B3A1-4BD890F1C4B0}
2012-11-10 23:02:37 -------- d-----w- C:\Users\Len\AppData\Local\{AE856D0D-60D5-484E-9F46-3290B838C869}
2012-11-10 11:02:32 -------- d-----w- C:\Users\Len\AppData\Local\{2E478783-DE4B-433E-BAC8-9863231595AB}
2012-11-09 20:30:30 -------- d-----w- C:\Users\Len\AppData\Local\{4812A35E-48A8-453B-A813-C5154CDA774C}
2012-11-09 12:07:39 -------- d-----w- C:\Users\Len\AppData\Local\{AC13FFAC-3839-452B-9748-CA3DFEF0354E}
2012-11-09 00:29:07 -------- d-----w- C:\Users\Len\AppData\Local\{2101A047-76D1-4067-B181-19F4D5300482}
2012-11-08 12:29:01 -------- d-----w- C:\Users\Len\AppData\Local\{E080F1CD-71D2-410B-BC62-95C6BF4C920D}
2012-11-08 00:09:25 -------- d-----w- C:\Users\Len\AppData\Local\{E47626C8-790D-41AE-884B-C1554818DE4F}
2012-11-07 12:09:13 -------- d-----w- C:\Users\Len\AppData\Local\{971A2C50-5185-48B7-878A-7063178E080D}
2012-11-07 00:39:44 -------- d-----w- C:\Users\Len\AppData\Local\{4CD40EDB-122E-4B62-8B8F-91F762865FDD}
2012-11-06 12:39:25 -------- d-----w- C:\Users\Len\AppData\Local\{FD0F2F6E-1C3E-44CC-8E0E-CEFAAEB8DF94}
2012-11-05 16:34:38 -------- d-----w- C:\Users\Len\AppData\Local\{AD58D639-9107-418E-B07E-03EA9F632BFF}
2012-11-05 04:23:41 -------- d-----w- C:\Users\Len\AppData\Local\{8D419167-1138-48D9-BA91-17D6CFC8B94C}
2012-11-04 13:16:27 -------- d-----w- C:\Users\Len\AppData\Local\{70032D6D-266F-44D9-BBD1-A4C891FDBD10}
2012-11-03 23:33:43 -------- d-----w- C:\Users\Len\AppData\Local\{A42FFF50-CB45-479D-8D51-95C67B793ADA}
2012-11-03 11:33:36 -------- d-----w- C:\Users\Len\AppData\Local\{C228F7F2-E2EE-4DE9-BC59-2E38B203510F}
2012-11-02 23:38:36 862664 ----a-w- C:\windows\SysWow64\msvcr110.dll
2012-11-02 23:38:36 828872 ----a-w- C:\windows\System32\msvcr110.dll
2012-11-02 23:38:36 661448 ----a-w- C:\windows\System32\msvcp110.dll
2012-11-02 23:38:36 534480 ----a-w- C:\windows\SysWow64\msvcp110.dll
2012-11-02 23:38:36 354264 ----a-w- C:\windows\System32\vccorlib110.dll
2012-11-02 23:38:36 251864 ----a-w- C:\windows\SysWow64\vccorlib110.dll
2012-11-02 15:26:15 -------- d-----w- C:\Users\Len\AppData\Local\{167D5941-D8E6-49B9-A8FB-DB84E3CD5D41}
2012-11-02 03:25:58 -------- d-----w- C:\Users\Len\AppData\Local\{A92894EF-1EEE-4A4B-99C6-48896490C3C9}
2012-11-01 12:38:51 -------- d-----w- C:\Users\Len\AppData\Local\{094F7016-EDE9-4A76-A22D-FA332F1EFD83}
2012-11-01 00:38:35 -------- d-----w- C:\Users\Len\AppData\Local\{31B0900C-791C-4BC7-A25F-F062455C16E1}
.
==================== Find3M ====================
.
2012-11-22 05:25:09 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-22 05:25:09 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 01:40:26 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
2012-09-29 05:42:04 2177704 ----a-w- C:\windows\System32\coin92.dll
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
.
============= FINISH: 12:27:39.14 ===============

I believe there may be a lot of useless things loaded & running on this computer, accumulations over time. If you can also help me eliminate those it may help it to run better. MSE requires about 9+ hours to run a full scan. When I ran Microsoft Safety scan (msert.exe) it too almost 35 hours.
TNX
Bpaka

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 30 November 2012 - 03:57 PM

Hello

I will give things a good scrubbing

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Bpaka

Bpaka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 30 November 2012 - 04:50 PM

O.K.
Here are the reports from ADW cleaner and Rouge Killer.

# AdwCleaner v2.010 - Logfile created 11/30/2012 at 13:09:50
# Updated 29/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Len - LEN-PC
# Boot Mode : Normal
# Running from : C:\Users\Len\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Len\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.10.9200.16438

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=isearch --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=isearch --> hxxp://www.google.com

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\wjpd6gd0.default\prefs.js

C:\Users\Len\AppData\Roaming\Mozilla\Firefox\Profiles\wjpd6gd0.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Len\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1400 octets] - [30/11/2012 13:09:50]

########## EOF - C:\AdwCleaner[S1].txt - [1460 octets] ##########

RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Len [Admin rights]
Mode : Scan -- Date : 11/30/2012 13:26:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 15 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : {87B37C7E-4256-5697-65B9-78FF82CC321B} (C:\Users\Len\AppData\Roaming\Ries\ilheh.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-248688639-3323915360-3895735036-1000[...]\Run : {87B37C7E-4256-5697-65B9-78FF82CC321B} (C:\Users\Len\AppData\Roaming\Ries\ilheh.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[Tr.Karagany][FOLDER] plugs : C:\Users\Len\AppData\Roaming\Adobe\plugs --> FOUND
[Tr.Karagany][FOLDER] shed : C:\Users\Len\AppData\Roaming\Adobe\shed --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5055GSX +++++
--- User ---
[MBR] 616ccb5c8d03af813b6f66288efce3ae
[BSP] c91e89d55e94a91a95d9e51eb853596c : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464503 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954376192 | Size: 10936 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11302012_02d1326.txt >>
RKreport[1]_S_11302012_02d1326.txt


There was also a RKreport[2] copy below.

ogueKiller V8.3.1 [Nov 29 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Len [Admin rights]
Mode : Remove -- Date : 11/30/2012 13:27:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : {87B37C7E-4256-5697-65B9-78FF82CC321B} (C:\Users\Len\AppData\Roaming\Ries\ilheh.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) -> REPLACED (C:\windows\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤
[Del.Parent][FILE] mmc3.exe : C:\Users\Len\AppData\Roaming\Adobe\plugs\mmc3.exe --> REMOVED
[Del.Parent][FILE] mmc51.exe : C:\Users\Len\AppData\Roaming\Adobe\plugs\mmc51.exe --> REMOVED
[Del.Parent][FILE] mmc7648292.txt : C:\Users\Len\AppData\Roaming\Adobe\plugs\mmc7648292.txt --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Users\Len\AppData\Roaming\Adobe\plugs --> REMOVED
[Del.Parent][FILE] thr1.chm : C:\Users\Len\AppData\Roaming\Adobe\shed\thr1.chm --> REMOVED
[Tr.Karagany][FOLDER] ROOT : C:\Users\Len\AppData\Roaming\Adobe\shed --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

I also got an error message:
Run DDL
There was a problem starting C:/users/Len/appData/Roaming/mdctf.dll Access denied.
TNX,
Len

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 30 November 2012 - 05:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Bpaka

Bpaka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 30 November 2012 - 10:00 PM

O.K. Gringo,
Here in the report from Combofix. I no problems downloading and running Combofix. It did not restart my computer. As near as I can tell the computer is running fine. I cannot tell yet if performance has improved. Should I now restart MSE to continue to quarantine the trogan if it returns? Can I go ahead and run other programs as usual? Is there anything I should NOT do?
Tnx Again,
Bpaka

ComboFix 12-11-30.03 - Len 11/30/2012 17:51:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2544 [GMT -8:00]
Running from: c:\users\Len\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Len\AppData\Local\{7496BCB4-CAF2-40A4-BEF9-B10F51ACDB60}
c:\users\Len\AppData\Local\{7496BCB4-CAF2-40A4-BEF9-B10F51ACDB60}\chrome.manifest
c:\users\Len\AppData\Local\{7496BCB4-CAF2-40A4-BEF9-B10F51ACDB60}\chrome\content\overlay.xul
c:\users\Len\AppData\Local\{7496BCB4-CAF2-40A4-BEF9-B10F51ACDB60}\install.rdf
c:\users\Len\AppData\Local\olepulukelikuf.dll
c:\users\Len\WINDOWS
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 02:03 . 2012-12-01 02:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-30 21:14 . 2012-11-30 21:14 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EACB2B11-19FF-4B6A-A4BC-F8B2A5931869}\offreg.dll
2012-11-30 11:58 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EACB2B11-19FF-4B6A-A4BC-F8B2A5931869}\mpengine.dll
2012-11-29 19:16 . 2012-11-29 19:16 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-29 18:57 . 2012-11-29 18:57 -------- d-----w- c:\program files\HitmanPro
2012-11-29 18:55 . 2012-11-29 19:16 -------- d-----w- c:\programdata\HitmanPro
2012-11-29 01:02 . 2012-11-29 01:03 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-11-28 22:02 . 2012-11-28 22:02 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81A28F3B-2637-4637-A0E7-6E175FE5A728}\gapaengine.dll
2012-11-28 22:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 21:07 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-28 21:07 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-28 21:07 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-28 21:07 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-28 21:07 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-28 21:07 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-28 21:07 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-28 21:07 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-28 21:07 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-15 00:38 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 00:38 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 00:38 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 00:38 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 20:33 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 20:33 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 20:33 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 20:33 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 20:33 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 20:00 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 20:00 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 20:00 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 20:00 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 20:00 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 20:00 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 20:00 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 20:00 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 20:00 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 20:00 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 20:00 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 20:00 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 19:36 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 19:36 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 14:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 14:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 14:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 14:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 14:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 14:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 14:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 06:17 . 2012-11-09 08:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2012-11-14 01:40 . 2012-11-14 01:40 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-02 23:38 . 2012-11-02 23:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 23:38 . 2012-11-02 23:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 23:38 . 2012-11-02 23:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 23:38 . 2012-11-02 23:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 23:38 . 2012-11-02 23:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 23:38 . 2012-11-02 23:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 05:25 . 2012-04-20 01:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 05:25 . 2011-12-29 23:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 00:27 . 2009-12-15 17:40 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-05 04:53 . 2011-03-25 12:09 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 05:42 . 2012-09-29 05:42 2177704 ----a-w- c:\windows\system32\coin92.dll
2012-09-14 19:19 . 2012-10-17 00:44 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-17 00:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"CnxtCoInstallerDefer"="c:\program files (x86)\CONEXANT\SETUP4B22818E1D8\SETUP\setup.exe" [2008-03-18 999424]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-04-15 11776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-11-29 108904]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1103904]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [2008-04-15 121344]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-15 121344]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 05:25]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 00:29]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 00:29]
.
2012-11-30 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-07-30 16:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://forecast.weather.gov/MapClick.php?lat=47.81638223710274&lon=-116.70690536499023&site=otx&unit=0&lg=en&FcstType=text
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-30 18:40:37
ComboFix-quarantined-files.txt 2012-12-01 02:40
.
Pre-Run: 400,385,609,728 bytes free
Post-Run: 414,356,791,296 bytes free
.
- - End Of File - - A6216540A893DBEB7D8555E9D345E4B1

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 30 November 2012 - 10:07 PM

yes turn MSE back on and let me know



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Bpaka

Bpaka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 30 November 2012 - 11:20 PM

Here is the TDSSKiller report. The aswMBR report will follow.

19:20:55.0724 2148 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:20:57.0736 2148 ============================================================
19:20:57.0736 2148 Current date / time: 2012/11/30 19:20:57.0736
19:20:57.0736 2148 SystemInfo:
19:20:57.0736 2148
19:20:57.0736 2148 OS Version: 6.1.7601 ServicePack: 1.0
19:20:57.0736 2148 Product type: Workstation
19:20:57.0736 2148 ComputerName: LEN-PC
19:20:57.0736 2148 UserName: Len
19:20:57.0736 2148 Windows directory: C:\windows
19:20:57.0736 2148 System windows directory: C:\windows
19:20:57.0736 2148 Running under WOW64
19:20:57.0736 2148 Processor architecture: Intel x64
19:20:57.0736 2148 Number of processors: 2
19:20:57.0736 2148 Page size: 0x1000
19:20:57.0736 2148 Boot type: Normal boot
19:20:57.0736 2148 ============================================================
19:20:58.0610 2148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:20:58.0672 2148 ============================================================
19:20:58.0672 2148 \Device\Harddisk0\DR0:
19:20:58.0672 2148 MBR partitions:
19:20:58.0672 2148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B3B800
19:20:58.0672 2148 ============================================================
19:20:58.0703 2148 C: <-> \Device\Harddisk0\DR0\Partition1
19:20:58.0703 2148 ============================================================
19:20:58.0703 2148 Initialize success
19:20:58.0703 2148 ============================================================
19:21:07.0237 4964 ============================================================
19:21:07.0237 4964 Scan started
19:21:07.0237 4964 Mode: Manual;
19:21:07.0237 4964 ============================================================
19:21:07.0549 4964 ================ Scan system memory ========================
19:21:07.0549 4964 System memory - ok
19:21:07.0549 4964 ================ Scan services =============================
19:21:07.0720 4964 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
19:21:07.0720 4964 1394ohci - ok
19:21:07.0783 4964 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
19:21:07.0783 4964 ACPI - ok
19:21:07.0845 4964 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
19:21:07.0845 4964 AcpiPmi - ok
19:21:08.0032 4964 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:21:08.0032 4964 AdobeFlashPlayerUpdateSvc - ok
19:21:08.0126 4964 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
19:21:08.0126 4964 adp94xx - ok
19:21:08.0141 4964 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
19:21:08.0141 4964 adpahci - ok
19:21:08.0173 4964 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
19:21:08.0173 4964 adpu320 - ok
19:21:08.0204 4964 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
19:21:08.0219 4964 AeLookupSvc - ok
19:21:08.0251 4964 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
19:21:08.0251 4964 AFD - ok
19:21:08.0313 4964 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
19:21:08.0313 4964 AgereSoftModem - ok
19:21:08.0360 4964 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
19:21:08.0360 4964 agp440 - ok
19:21:08.0407 4964 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
19:21:08.0407 4964 ALG - ok
19:21:08.0469 4964 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
19:21:08.0469 4964 aliide - ok
19:21:08.0469 4964 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
19:21:08.0469 4964 amdide - ok
19:21:08.0516 4964 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
19:21:08.0516 4964 AmdK8 - ok
19:21:08.0531 4964 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
19:21:08.0531 4964 AmdPPM - ok
19:21:08.0594 4964 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
19:21:08.0594 4964 amdsata - ok
19:21:08.0641 4964 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
19:21:08.0641 4964 amdsbs - ok
19:21:08.0687 4964 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
19:21:08.0687 4964 amdxata - ok
19:21:08.0750 4964 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
19:21:08.0750 4964 AppID - ok
19:21:08.0781 4964 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
19:21:08.0781 4964 AppIDSvc - ok
19:21:08.0828 4964 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
19:21:08.0828 4964 Appinfo - ok
19:21:08.0906 4964 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
19:21:08.0906 4964 arc - ok
19:21:08.0921 4964 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
19:21:08.0921 4964 arcsas - ok
19:21:08.0953 4964 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
19:21:08.0953 4964 AsyncMac - ok
19:21:08.0999 4964 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
19:21:08.0999 4964 atapi - ok
19:21:09.0046 4964 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\windows\system32\DRIVERS\athrx.sys
19:21:09.0062 4964 athr - ok
19:21:09.0140 4964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
19:21:09.0140 4964 AudioEndpointBuilder - ok
19:21:09.0155 4964 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
19:21:09.0155 4964 AudioSrv - ok
19:21:09.0187 4964 [ 803B9A93C8D8B72414D7D05DC1A47F34 ] AX88772 C:\windows\system32\DRIVERS\ax88772.sys
19:21:09.0187 4964 AX88772 - ok
19:21:09.0249 4964 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
19:21:09.0249 4964 AxInstSV - ok
19:21:09.0296 4964 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
19:21:09.0296 4964 b06bdrv - ok
19:21:09.0343 4964 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
19:21:09.0343 4964 b57nd60a - ok
19:21:09.0374 4964 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
19:21:09.0374 4964 BDESVC - ok
19:21:09.0405 4964 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
19:21:09.0405 4964 Beep - ok
19:21:09.0467 4964 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
19:21:09.0467 4964 BFE - ok
19:21:09.0545 4964 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
19:21:09.0561 4964 BITS - ok
19:21:09.0592 4964 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
19:21:09.0592 4964 blbdrive - ok
19:21:09.0655 4964 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
19:21:09.0655 4964 bowser - ok
19:21:09.0670 4964 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
19:21:09.0670 4964 BrFiltLo - ok
19:21:09.0686 4964 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
19:21:09.0686 4964 BrFiltUp - ok
19:21:09.0748 4964 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
19:21:09.0748 4964 BridgeMP - ok
19:21:09.0779 4964 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
19:21:09.0779 4964 Browser - ok
19:21:09.0795 4964 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
19:21:09.0811 4964 Brserid - ok
19:21:09.0826 4964 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
19:21:09.0826 4964 BrSerWdm - ok
19:21:09.0857 4964 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
19:21:09.0857 4964 BrUsbMdm - ok
19:21:09.0873 4964 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
19:21:09.0873 4964 BrUsbSer - ok
19:21:09.0935 4964 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
19:21:09.0935 4964 BthEnum - ok
19:21:09.0982 4964 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
19:21:09.0982 4964 BTHMODEM - ok
19:21:10.0013 4964 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
19:21:10.0013 4964 BthPan - ok
19:21:10.0060 4964 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
19:21:10.0060 4964 BTHPORT - ok
19:21:10.0107 4964 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
19:21:10.0107 4964 bthserv - ok
19:21:10.0123 4964 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
19:21:10.0123 4964 BTHUSB - ok
19:21:10.0169 4964 catchme - ok
19:21:10.0201 4964 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
19:21:10.0201 4964 cdfs - ok
19:21:10.0232 4964 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
19:21:10.0232 4964 cdrom - ok
19:21:10.0294 4964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
19:21:10.0294 4964 CertPropSvc - ok
19:21:10.0388 4964 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:21:10.0388 4964 cfWiMAXService - ok
19:21:10.0419 4964 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
19:21:10.0419 4964 circlass - ok
19:21:10.0450 4964 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
19:21:10.0450 4964 CLFS - ok
19:21:10.0513 4964 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:21:10.0513 4964 clr_optimization_v2.0.50727_32 - ok
19:21:10.0544 4964 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:21:10.0544 4964 clr_optimization_v2.0.50727_64 - ok
19:21:10.0669 4964 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:21:10.0669 4964 clr_optimization_v4.0.30319_32 - ok
19:21:10.0747 4964 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:21:10.0747 4964 clr_optimization_v4.0.30319_64 - ok
19:21:10.0778 4964 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
19:21:10.0778 4964 CmBatt - ok
19:21:10.0825 4964 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
19:21:10.0825 4964 cmdide - ok
19:21:10.0871 4964 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\windows\system32\Drivers\cng.sys
19:21:10.0871 4964 CNG - ok
19:21:10.0918 4964 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
19:21:10.0918 4964 Compbatt - ok
19:21:10.0965 4964 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
19:21:10.0965 4964 CompositeBus - ok
19:21:10.0981 4964 COMSysApp - ok
19:21:10.0996 4964 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
19:21:10.0996 4964 ConfigFree Gadget Service - ok
19:21:11.0027 4964 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:21:11.0027 4964 ConfigFree Service - ok
19:21:11.0059 4964 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
19:21:11.0059 4964 crcdisk - ok
19:21:11.0121 4964 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
19:21:11.0121 4964 CryptSvc - ok
19:21:11.0183 4964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
19:21:11.0199 4964 DcomLaunch - ok
19:21:11.0246 4964 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
19:21:11.0246 4964 defragsvc - ok
19:21:11.0293 4964 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
19:21:11.0293 4964 DfsC - ok
19:21:11.0339 4964 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
19:21:11.0339 4964 Dhcp - ok
19:21:11.0371 4964 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
19:21:11.0371 4964 discache - ok
19:21:11.0386 4964 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
19:21:11.0386 4964 Disk - ok
19:21:11.0433 4964 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
19:21:11.0433 4964 Dnscache - ok
19:21:11.0480 4964 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
19:21:11.0480 4964 dot3svc - ok
19:21:11.0527 4964 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
19:21:11.0527 4964 Dot4 - ok
19:21:11.0573 4964 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\DRIVERS\Dot4Prt.sys
19:21:11.0573 4964 Dot4Print - ok
19:21:11.0605 4964 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
19:21:11.0605 4964 dot4usb - ok
19:21:11.0651 4964 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
19:21:11.0651 4964 DPS - ok
19:21:11.0698 4964 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
19:21:11.0698 4964 drmkaud - ok
19:21:11.0761 4964 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
19:21:11.0776 4964 DXGKrnl - ok
19:21:11.0807 4964 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
19:21:11.0807 4964 EapHost - ok
19:21:11.0885 4964 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
19:21:11.0917 4964 ebdrv - ok
19:21:11.0948 4964 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
19:21:11.0948 4964 EFS - ok
19:21:11.0995 4964 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
19:21:12.0010 4964 ehRecvr - ok
19:21:12.0041 4964 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
19:21:12.0041 4964 ehSched - ok
19:21:12.0088 4964 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
19:21:12.0088 4964 elxstor - ok
19:21:12.0135 4964 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
19:21:12.0135 4964 ErrDev - ok
19:21:12.0166 4964 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
19:21:12.0182 4964 EventSystem - ok
19:21:12.0197 4964 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
19:21:12.0197 4964 exfat - ok
19:21:12.0229 4964 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
19:21:12.0229 4964 fastfat - ok
19:21:12.0291 4964 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
19:21:12.0291 4964 Fax - ok
19:21:12.0338 4964 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
19:21:12.0338 4964 fdc - ok
19:21:12.0353 4964 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
19:21:12.0353 4964 fdPHost - ok
19:21:12.0369 4964 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
19:21:12.0369 4964 FDResPub - ok
19:21:12.0400 4964 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
19:21:12.0400 4964 FileInfo - ok
19:21:12.0416 4964 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
19:21:12.0416 4964 Filetrace - ok
19:21:12.0463 4964 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
19:21:12.0463 4964 flpydisk - ok
19:21:12.0494 4964 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
19:21:12.0509 4964 FltMgr - ok
19:21:12.0572 4964 [ 5B92E2B067F64DC53698EB84966B3F0D ] FontCache C:\windows\system32\FntCache.dll
19:21:12.0572 4964 FontCache - ok
19:21:12.0634 4964 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:21:12.0650 4964 FontCache3.0.0.0 - ok
19:21:12.0665 4964 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
19:21:12.0681 4964 FsDepends - ok
19:21:12.0728 4964 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
19:21:12.0728 4964 fssfltr - ok
19:21:12.0837 4964 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:21:12.0853 4964 fsssvc - ok
19:21:12.0884 4964 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
19:21:12.0884 4964 Fs_Rec - ok
19:21:12.0931 4964 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
19:21:12.0931 4964 fvevol - ok
19:21:12.0977 4964 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
19:21:12.0977 4964 FwLnk - ok
19:21:12.0993 4964 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
19:21:12.0993 4964 gagp30kx - ok
19:21:13.0071 4964 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:21:13.0071 4964 GameConsoleService - ok
19:21:13.0133 4964 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
19:21:13.0133 4964 gpsvc - ok
19:21:13.0227 4964 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:21:13.0227 4964 gupdate - ok
19:21:13.0274 4964 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:21:13.0289 4964 gupdatem - ok
19:21:13.0336 4964 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:21:13.0336 4964 gusvc - ok
19:21:13.0367 4964 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
19:21:13.0367 4964 hcw85cir - ok
19:21:13.0430 4964 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
19:21:13.0430 4964 HdAudAddService - ok
19:21:13.0461 4964 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
19:21:13.0461 4964 HDAudBus - ok
19:21:13.0492 4964 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
19:21:13.0492 4964 HidBatt - ok
19:21:13.0508 4964 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
19:21:13.0508 4964 HidBth - ok
19:21:13.0523 4964 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
19:21:13.0523 4964 HidIr - ok
19:21:13.0539 4964 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
19:21:13.0555 4964 hidserv - ok
19:21:13.0570 4964 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
19:21:13.0570 4964 HidUsb - ok
19:21:13.0664 4964 [ 874073073B79FF7161AA66F809B05137 ] HitmanProScheduler C:\Program Files\HitmanPro\hmpsched.exe
19:21:13.0695 4964 HitmanProScheduler - ok
19:21:13.0742 4964 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
19:21:13.0742 4964 hkmsvc - ok
19:21:13.0773 4964 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
19:21:13.0773 4964 HomeGroupListener - ok
19:21:13.0820 4964 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
19:21:13.0820 4964 HomeGroupProvider - ok
19:21:13.0960 4964 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:21:13.0960 4964 hpqcxs08 - ok
19:21:14.0007 4964 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:21:14.0007 4964 hpqddsvc - ok
19:21:14.0038 4964 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
19:21:14.0038 4964 HpSAMD - ok
19:21:14.0116 4964 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:21:14.0179 4964 HPSLPSVC - ok
19:21:14.0225 4964 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
19:21:14.0225 4964 HTTP - ok
19:21:14.0257 4964 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
19:21:14.0272 4964 hwpolicy - ok
19:21:14.0319 4964 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
19:21:14.0319 4964 i8042prt - ok
19:21:14.0366 4964 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
19:21:14.0366 4964 iaStor - ok
19:21:14.0413 4964 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
19:21:14.0413 4964 iaStorV - ok
19:21:14.0475 4964 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:21:14.0475 4964 idsvc - ok
19:21:14.0740 4964 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
19:21:14.0787 4964 igfx - ok
19:21:14.0927 4964 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
19:21:14.0943 4964 iirsp - ok
19:21:15.0005 4964 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
19:21:15.0021 4964 IKEEXT - ok
19:21:15.0099 4964 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
19:21:15.0115 4964 IntcAzAudAddService - ok
19:21:15.0177 4964 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\windows\system32\drivers\IntcHdmi.sys
19:21:15.0177 4964 IntcHdmiAddService - ok
19:21:15.0224 4964 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
19:21:15.0224 4964 intelide - ok
19:21:15.0271 4964 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
19:21:15.0271 4964 intelppm - ok
19:21:15.0380 4964 [ 3DC635B66DD7412E1C9C3A77B8D78F25 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
19:21:15.0380 4964 IntuitUpdateService - ok
19:21:15.0489 4964 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:21:15.0489 4964 IntuitUpdateServiceV4 - ok
19:21:15.0520 4964 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
19:21:15.0520 4964 IPBusEnum - ok
19:21:15.0567 4964 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
19:21:15.0567 4964 IpFilterDriver - ok
19:21:15.0614 4964 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
19:21:15.0614 4964 iphlpsvc - ok
19:21:15.0645 4964 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
19:21:15.0661 4964 IPMIDRV - ok
19:21:15.0692 4964 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
19:21:15.0692 4964 IPNAT - ok
19:21:15.0723 4964 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
19:21:15.0723 4964 IRENUM - ok
19:21:15.0754 4964 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
19:21:15.0754 4964 isapnp - ok
19:21:15.0801 4964 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
19:21:15.0801 4964 iScsiPrt - ok
19:21:15.0832 4964 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
19:21:15.0832 4964 kbdclass - ok
19:21:15.0832 4964 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
19:21:15.0832 4964 kbdhid - ok
19:21:15.0848 4964 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
19:21:15.0848 4964 KeyIso - ok
19:21:15.0895 4964 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
19:21:15.0895 4964 KSecDD - ok
19:21:15.0941 4964 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
19:21:15.0941 4964 KSecPkg - ok
19:21:15.0973 4964 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
19:21:15.0973 4964 ksthunk - ok
19:21:16.0019 4964 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
19:21:16.0019 4964 KtmRm - ok
19:21:16.0066 4964 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
19:21:16.0082 4964 LanmanServer - ok
19:21:16.0113 4964 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
19:21:16.0113 4964 LanmanWorkstation - ok
19:21:16.0160 4964 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
19:21:16.0160 4964 lltdio - ok
19:21:16.0191 4964 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
19:21:16.0191 4964 lltdsvc - ok
19:21:16.0207 4964 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
19:21:16.0207 4964 lmhosts - ok
19:21:16.0238 4964 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
19:21:16.0238 4964 LSI_FC - ok
19:21:16.0253 4964 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
19:21:16.0253 4964 LSI_SAS - ok
19:21:16.0269 4964 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
19:21:16.0269 4964 LSI_SAS2 - ok
19:21:16.0300 4964 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
19:21:16.0300 4964 LSI_SCSI - ok
19:21:16.0331 4964 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
19:21:16.0331 4964 luafv - ok
19:21:16.0378 4964 [ 36EFC8C32829A27BAF0E63BFDBD5EE90 ] massfilter C:\windows\system32\drivers\massfilter.sys
19:21:16.0378 4964 massfilter - ok
19:21:16.0409 4964 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
19:21:16.0409 4964 Mcx2Svc - ok
19:21:16.0519 4964 [ E416E967E3FB6FB1E9AE12B9C7DAB526 ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
19:21:16.0519 4964 MDM - ok
19:21:16.0550 4964 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
19:21:16.0550 4964 megasas - ok
19:21:16.0565 4964 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
19:21:16.0565 4964 MegaSR - ok
19:21:16.0597 4964 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
19:21:16.0597 4964 MMCSS - ok
19:21:16.0628 4964 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
19:21:16.0628 4964 Modem - ok
19:21:16.0643 4964 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
19:21:16.0643 4964 monitor - ok
19:21:16.0690 4964 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
19:21:16.0690 4964 mouclass - ok
19:21:16.0737 4964 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
19:21:16.0737 4964 mouhid - ok
19:21:16.0768 4964 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
19:21:16.0768 4964 mountmgr - ok
19:21:16.0846 4964 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
19:21:16.0846 4964 MpFilter - ok
19:21:16.0877 4964 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
19:21:16.0877 4964 mpio - ok
19:21:16.0893 4964 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
19:21:16.0893 4964 mpsdrv - ok
19:21:16.0940 4964 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
19:21:16.0955 4964 MpsSvc - ok
19:21:16.0987 4964 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
19:21:16.0987 4964 MRxDAV - ok
19:21:17.0018 4964 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
19:21:17.0018 4964 mrxsmb - ok
19:21:17.0065 4964 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
19:21:17.0065 4964 mrxsmb10 - ok
19:21:17.0080 4964 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
19:21:17.0080 4964 mrxsmb20 - ok
19:21:17.0096 4964 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
19:21:17.0096 4964 msahci - ok
19:21:17.0127 4964 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
19:21:17.0127 4964 msdsm - ok
19:21:17.0143 4964 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
19:21:17.0143 4964 MSDTC - ok
19:21:17.0189 4964 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
19:21:17.0189 4964 Msfs - ok
19:21:17.0205 4964 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
19:21:17.0205 4964 mshidkmdf - ok
19:21:17.0236 4964 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
19:21:17.0236 4964 msisadrv - ok
19:21:17.0283 4964 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
19:21:17.0283 4964 MSiSCSI - ok
19:21:17.0283 4964 msiserver - ok
19:21:17.0330 4964 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
19:21:17.0330 4964 MSKSSRV - ok
19:21:17.0408 4964 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:21:17.0408 4964 MsMpSvc - ok
19:21:17.0439 4964 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
19:21:17.0439 4964 MSPCLOCK - ok
19:21:17.0470 4964 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
19:21:17.0470 4964 MSPQM - ok
19:21:17.0501 4964 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
19:21:17.0517 4964 MsRPC - ok
19:21:17.0548 4964 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
19:21:17.0548 4964 mssmbios - ok
19:21:17.0611 4964 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
19:21:17.0611 4964 MSTEE - ok
19:21:17.0626 4964 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
19:21:17.0626 4964 MTConfig - ok
19:21:17.0642 4964 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
19:21:17.0642 4964 Mup - ok
19:21:17.0689 4964 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
19:21:17.0689 4964 napagent - ok
19:21:17.0735 4964 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
19:21:17.0735 4964 NativeWifiP - ok
19:21:17.0798 4964 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
19:21:17.0798 4964 NDIS - ok
19:21:17.0829 4964 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
19:21:17.0829 4964 NdisCap - ok
19:21:17.0860 4964 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
19:21:17.0860 4964 NdisTapi - ok
19:21:17.0907 4964 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
19:21:17.0907 4964 Ndisuio - ok
19:21:17.0938 4964 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
19:21:17.0954 4964 NdisWan - ok
19:21:17.0985 4964 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
19:21:17.0985 4964 NDProxy - ok
19:21:18.0063 4964 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
19:21:18.0063 4964 Net Driver HPZ12 - ok
19:21:18.0094 4964 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
19:21:18.0094 4964 NetBIOS - ok
19:21:18.0125 4964 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
19:21:18.0125 4964 NetBT - ok
19:21:18.0141 4964 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
19:21:18.0141 4964 Netlogon - ok
19:21:18.0188 4964 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
19:21:18.0188 4964 Netman - ok
19:21:18.0219 4964 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
19:21:18.0219 4964 netprofm - ok
19:21:18.0250 4964 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:21:18.0250 4964 NetTcpPortSharing - ok
19:21:18.0281 4964 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
19:21:18.0281 4964 nfrd960 - ok
19:21:18.0344 4964 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:21:18.0344 4964 NisDrv - ok
19:21:18.0406 4964 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:21:18.0406 4964 NisSrv - ok
19:21:18.0453 4964 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
19:21:18.0453 4964 NlaSvc - ok
19:21:18.0469 4964 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
19:21:18.0469 4964 Npfs - ok
19:21:18.0500 4964 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
19:21:18.0500 4964 nsi - ok
19:21:18.0531 4964 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
19:21:18.0531 4964 nsiproxy - ok
19:21:18.0593 4964 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
19:21:18.0609 4964 Ntfs - ok
19:21:18.0625 4964 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
19:21:18.0625 4964 Null - ok
19:21:18.0687 4964 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
19:21:18.0687 4964 nvraid - ok
19:21:18.0718 4964 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
19:21:18.0718 4964 nvstor - ok
19:21:18.0749 4964 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
19:21:18.0765 4964 nv_agp - ok
19:21:18.0796 4964 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
19:21:18.0796 4964 ohci1394 - ok
19:21:18.0827 4964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
19:21:18.0827 4964 p2pimsvc - ok
19:21:18.0859 4964 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
19:21:18.0859 4964 p2psvc - ok
19:21:18.0905 4964 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
19:21:18.0905 4964 Parport - ok
19:21:18.0937 4964 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
19:21:18.0937 4964 partmgr - ok
19:21:18.0968 4964 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
19:21:18.0983 4964 PcaSvc - ok
19:21:19.0015 4964 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
19:21:19.0030 4964 pci - ok
19:21:19.0030 4964 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
19:21:19.0030 4964 pciide - ok
19:21:19.0061 4964 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
19:21:19.0061 4964 pcmcia - ok
19:21:19.0077 4964 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
19:21:19.0077 4964 pcw - ok
19:21:19.0108 4964 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
19:21:19.0108 4964 PEAUTH - ok
19:21:19.0171 4964 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
19:21:19.0171 4964 PerfHost - ok
19:21:19.0233 4964 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
19:21:19.0233 4964 PGEffect - ok
19:21:19.0295 4964 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
19:21:19.0295 4964 pla - ok
19:21:19.0358 4964 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
19:21:19.0358 4964 PlugPlay - ok
19:21:19.0467 4964 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
19:21:19.0467 4964 Pml Driver HPZ12 - ok
19:21:19.0498 4964 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
19:21:19.0498 4964 PNRPAutoReg - ok
19:21:19.0514 4964 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
19:21:19.0529 4964 PNRPsvc - ok
19:21:19.0561 4964 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
19:21:19.0576 4964 PolicyAgent - ok
19:21:19.0592 4964 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
19:21:19.0607 4964 Power - ok
19:21:19.0654 4964 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
19:21:19.0654 4964 PptpMiniport - ok
19:21:19.0670 4964 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
19:21:19.0670 4964 Processor - ok
19:21:19.0717 4964 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
19:21:19.0717 4964 ProfSvc - ok
19:21:19.0732 4964 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
19:21:19.0732 4964 ProtectedStorage - ok
19:21:19.0763 4964 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
19:21:19.0763 4964 Psched - ok
19:21:19.0826 4964 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
19:21:19.0841 4964 ql2300 - ok
19:21:19.0873 4964 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
19:21:19.0873 4964 ql40xx - ok
19:21:19.0919 4964 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
19:21:19.0919 4964 QWAVE - ok
19:21:19.0935 4964 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
19:21:19.0935 4964 QWAVEdrv - ok
19:21:19.0966 4964 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
19:21:19.0966 4964 RasAcd - ok
19:21:20.0013 4964 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
19:21:20.0013 4964 RasAgileVpn - ok
19:21:20.0044 4964 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
19:21:20.0044 4964 RasAuto - ok
19:21:20.0075 4964 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
19:21:20.0075 4964 Rasl2tp - ok
19:21:20.0138 4964 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
19:21:20.0138 4964 RasMan - ok
19:21:20.0169 4964 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
19:21:20.0169 4964 RasPppoe - ok
19:21:20.0185 4964 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
19:21:20.0185 4964 RasSstp - ok
19:21:20.0231 4964 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
19:21:20.0231 4964 rdbss - ok
19:21:20.0263 4964 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
19:21:20.0263 4964 rdpbus - ok
19:21:20.0278 4964 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
19:21:20.0278 4964 RDPCDD - ok
19:21:20.0309 4964 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
19:21:20.0309 4964 RDPENCDD - ok
19:21:20.0325 4964 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
19:21:20.0325 4964 RDPREFMP - ok
19:21:20.0403 4964 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
19:21:20.0403 4964 RdpVideoMiniport - ok
19:21:20.0450 4964 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
19:21:20.0450 4964 RDPWD - ok
19:21:20.0512 4964 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
19:21:20.0512 4964 rdyboost - ok
19:21:20.0559 4964 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
19:21:20.0559 4964 RemoteAccess - ok
19:21:20.0590 4964 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
19:21:20.0590 4964 RemoteRegistry - ok
19:21:20.0637 4964 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
19:21:20.0653 4964 RFCOMM - ok
19:21:20.0684 4964 [ E20B1907FC72A3664ECE21E3C20FC63D ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
19:21:20.0684 4964 rimspci - ok
19:21:20.0699 4964 [ 7DDA2E5CF452DAD24B1BE704225C18EE ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
19:21:20.0699 4964 risdpcie - ok
19:21:20.0715 4964 [ 6A1CD4674505E6791390A1AB71DA1FBE ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
19:21:20.0715 4964 rixdpcie - ok
19:21:20.0746 4964 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
19:21:20.0762 4964 RpcEptMapper - ok
19:21:20.0777 4964 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
19:21:20.0777 4964 RpcLocator - ok
19:21:20.0824 4964 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
19:21:20.0824 4964 RpcSs - ok
19:21:20.0871 4964 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
19:21:20.0871 4964 rspndr - ok
19:21:20.0918 4964 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
19:21:20.0933 4964 RTL8167 - ok
19:21:20.0996 4964 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
19:21:20.0996 4964 rtl8192se - ok
19:21:21.0027 4964 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
19:21:21.0027 4964 SamSs - ok
19:21:21.0074 4964 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
19:21:21.0074 4964 sbp2port - ok
19:21:21.0105 4964 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
19:21:21.0121 4964 SCardSvr - ok
19:21:21.0152 4964 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
19:21:21.0152 4964 scfilter - ok
19:21:21.0214 4964 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
19:21:21.0214 4964 Schedule - ok
19:21:21.0261 4964 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
19:21:21.0261 4964 SCPolicySvc - ok
19:21:21.0292 4964 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
19:21:21.0292 4964 sdbus - ok
19:21:21.0323 4964 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
19:21:21.0323 4964 SDRSVC - ok
19:21:21.0370 4964 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
19:21:21.0370 4964 secdrv - ok
19:21:21.0401 4964 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
19:21:21.0401 4964 seclogon - ok
19:21:21.0433 4964 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
19:21:21.0448 4964 SENS - ok
19:21:21.0464 4964 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
19:21:21.0464 4964 SensrSvc - ok
19:21:21.0526 4964 [ 052D4299E72FFFCCD9A168ADCDF5C450 ] Ser2pl C:\windows\system32\DRIVERS\ser2pl64.sys
19:21:21.0526 4964 Ser2pl - ok
19:21:21.0542 4964 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
19:21:21.0542 4964 Serenum - ok
19:21:21.0573 4964 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
19:21:21.0573 4964 Serial - ok
19:21:21.0620 4964 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
19:21:21.0620 4964 sermouse - ok
19:21:21.0667 4964 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
19:21:21.0667 4964 SessionEnv - ok
19:21:21.0713 4964 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
19:21:21.0713 4964 sffdisk - ok
19:21:21.0745 4964 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
19:21:21.0745 4964 sffp_mmc - ok
19:21:21.0745 4964 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
19:21:21.0745 4964 sffp_sd - ok
19:21:21.0791 4964 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
19:21:21.0791 4964 sfloppy - ok
19:21:21.0854 4964 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
19:21:21.0854 4964 SharedAccess - ok
19:21:21.0901 4964 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
19:21:21.0901 4964 ShellHWDetection - ok
19:21:21.0932 4964 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
19:21:21.0932 4964 SiSRaid2 - ok
19:21:21.0963 4964 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
19:21:21.0963 4964 SiSRaid4 - ok
19:21:21.0979 4964 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
19:21:21.0979 4964 Smb - ok
19:21:22.0025 4964 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
19:21:22.0025 4964 SNMPTRAP - ok
19:21:22.0057 4964 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
19:21:22.0057 4964 spldr - ok
19:21:22.0103 4964 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
19:21:22.0103 4964 Spooler - ok
19:21:22.0213 4964 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
19:21:22.0228 4964 sppsvc - ok
19:21:22.0275 4964 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
19:21:22.0275 4964 sppuinotify - ok
19:21:22.0306 4964 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
19:21:22.0322 4964 srv - ok
19:21:22.0369 4964 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
19:21:22.0369 4964 srv2 - ok
19:21:22.0384 4964 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
19:21:22.0384 4964 srvnet - ok
19:21:22.0431 4964 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
19:21:22.0431 4964 SSDPSRV - ok
19:21:22.0447 4964 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
19:21:22.0462 4964 SstpSvc - ok
19:21:22.0478 4964 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
19:21:22.0478 4964 stexstor - ok
19:21:22.0540 4964 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
19:21:22.0540 4964 stisvc - ok
19:21:22.0571 4964 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
19:21:22.0571 4964 swenum - ok
19:21:22.0618 4964 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
19:21:22.0634 4964 swprv - ok
19:21:22.0665 4964 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
19:21:22.0665 4964 SynTP - ok
19:21:22.0743 4964 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
19:21:22.0743 4964 SysMain - ok
19:21:22.0790 4964 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
19:21:22.0790 4964 TabletInputService - ok
19:21:22.0821 4964 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
19:21:22.0821 4964 TapiSrv - ok
19:21:22.0852 4964 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
19:21:22.0852 4964 TBS - ok
19:21:22.0930 4964 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
19:21:22.0946 4964 Tcpip - ok
19:21:22.0977 4964 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
19:21:22.0977 4964 TCPIP6 - ok
19:21:23.0024 4964 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
19:21:23.0024 4964 tcpipreg - ok
19:21:23.0055 4964 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
19:21:23.0071 4964 tdcmdpst - ok
19:21:23.0086 4964 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
19:21:23.0086 4964 TDPIPE - ok
19:21:23.0117 4964 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
19:21:23.0117 4964 TDTCP - ok
19:21:23.0164 4964 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
19:21:23.0164 4964 tdx - ok
19:21:23.0195 4964 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
19:21:23.0195 4964 TermDD - ok
19:21:23.0227 4964 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
19:21:23.0227 4964 TermService - ok
19:21:23.0258 4964 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
19:21:23.0258 4964 Themes - ok
19:21:23.0305 4964 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
19:21:23.0305 4964 Thpdrv - ok
19:21:23.0305 4964 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
19:21:23.0320 4964 Thpevm - ok
19:21:23.0336 4964 [ 6146EAC71AE3C9DA17B0E33632082B7B ] Thpsrv C:\windows\system32\ThpSrv.exe
19:21:23.0351 4964 Thpsrv - ok
19:21:23.0367 4964 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
19:21:23.0367 4964 THREADORDER - ok
19:21:23.0461 4964 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:21:23.0461 4964 TMachInfo - ok
19:21:23.0507 4964 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
19:21:23.0507 4964 TODDSrv - ok
19:21:23.0585 4964 [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:21:23.0585 4964 TosCoSrv - ok
19:21:23.0632 4964 [ 32FF64D06A91DAA0331C624AFF442679 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:21:23.0632 4964 TOSHIBA eco Utility Service - ok
19:21:23.0710 4964 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:21:23.0710 4964 TOSHIBA HDD SSD Alert Service - ok
19:21:23.0757 4964 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
19:21:23.0773 4964 tos_sps64 - ok
19:21:23.0819 4964 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:21:23.0819 4964 TPCHSrv - ok
19:21:23.0866 4964 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
19:21:23.0866 4964 TrkWks - ok
19:21:23.0929 4964 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
19:21:23.0929 4964 TrustedInstaller - ok
19:21:23.0960 4964 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
19:21:23.0960 4964 tssecsrv - ok
19:21:24.0007 4964 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
19:21:24.0007 4964 TsUsbFlt - ok
19:21:24.0069 4964 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
19:21:24.0069 4964 tunnel - ok
19:21:24.0100 4964 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:21:24.0100 4964 TVALZ - ok
19:21:24.0131 4964 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
19:21:24.0131 4964 TVALZFL - ok
19:21:24.0163 4964 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
19:21:24.0163 4964 uagp35 - ok
19:21:24.0209 4964 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
19:21:24.0209 4964 udfs - ok
19:21:24.0241 4964 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
19:21:24.0241 4964 UI0Detect - ok
19:21:24.0287 4964 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
19:21:24.0287 4964 uliagpkx - ok
19:21:24.0334 4964 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
19:21:24.0334 4964 umbus - ok
19:21:24.0365 4964 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
19:21:24.0365 4964 UmPass - ok
19:21:24.0397 4964 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
19:21:24.0397 4964 upnphost - ok
19:21:24.0459 4964 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\windows\system32\drivers\usbaudio.sys
19:21:24.0459 4964 usbaudio - ok
19:21:24.0490 4964 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
19:21:24.0490 4964 usbccgp - ok
19:21:24.0537 4964 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
19:21:24.0537 4964 usbcir - ok
19:21:24.0568 4964 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
19:21:24.0584 4964 usbehci - ok
19:21:24.0615 4964 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
19:21:24.0615 4964 usbhub - ok
19:21:24.0646 4964 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
19:21:24.0646 4964 usbohci - ok
19:21:24.0662 4964 USBPNPA - ok
19:21:24.0693 4964 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
19:21:24.0693 4964 usbprint - ok
19:21:24.0740 4964 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
19:21:24.0740 4964 usbscan - ok
19:21:24.0787 4964 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\windows\system32\DRIVERS\usbser.sys
19:21:24.0787 4964 usbser - ok
19:21:24.0833 4964 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
19:21:24.0833 4964 USBSTOR - ok
19:21:24.0880 4964 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
19:21:24.0880 4964 usbuhci - ok
19:21:24.0927 4964 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
19:21:24.0927 4964 usbvideo - ok
19:21:24.0943 4964 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
19:21:24.0958 4964 UxSms - ok
19:21:24.0974 4964 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
19:21:24.0974 4964 VaultSvc - ok
19:21:24.0989 4964 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
19:21:24.0989 4964 vdrvroot - ok
19:21:25.0036 4964 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
19:21:25.0036 4964 vds - ok
19:21:25.0067 4964 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
19:21:25.0067 4964 vga - ok
19:21:25.0083 4964 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
19:21:25.0083 4964 VgaSave - ok
19:21:25.0130 4964 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
19:21:25.0130 4964 vhdmp - ok
19:21:25.0161 4964 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
19:21:25.0161 4964 viaide - ok
19:21:25.0177 4964 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
19:21:25.0177 4964 volmgr - ok
19:21:25.0223 4964 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
19:21:25.0239 4964 volmgrx - ok
19:21:25.0270 4964 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
19:21:25.0270 4964 volsnap - ok
19:21:25.0301 4964 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
19:21:25.0301 4964 vsmraid - ok
19:21:25.0379 4964 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
19:21:25.0379 4964 VSS - ok
19:21:25.0395 4964 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
19:21:25.0395 4964 vwifibus - ok
19:21:25.0426 4964 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
19:21:25.0426 4964 vwififlt - ok
19:21:25.0457 4964 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
19:21:25.0457 4964 W32Time - ok
19:21:25.0489 4964 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
19:21:25.0489 4964 WacomPen - ok
19:21:25.0535 4964 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
19:21:25.0535 4964 WANARP - ok
19:21:25.0535 4964 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
19:21:25.0535 4964 Wanarpv6 - ok
19:21:25.0629 4964 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
19:21:25.0629 4964 WatAdminSvc - ok
19:21:25.0707 4964 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
19:21:25.0707 4964 wbengine - ok
19:21:25.0738 4964 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
19:21:25.0754 4964 WbioSrvc - ok
19:21:25.0801 4964 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
19:21:25.0816 4964 wcncsvc - ok
19:21:25.0832 4964 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
19:21:25.0832 4964 WcsPlugInService - ok
19:21:25.0863 4964 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
19:21:25.0863 4964 Wd - ok
19:21:25.0925 4964 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
19:21:25.0925 4964 Wdf01000 - ok
19:21:25.0957 4964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
19:21:25.0957 4964 WdiServiceHost - ok
19:21:25.0957 4964 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
19:21:25.0957 4964 WdiSystemHost - ok
19:21:26.0003 4964 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
19:21:26.0003 4964 WebClient - ok
19:21:26.0035 4964 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
19:21:26.0035 4964 Wecsvc - ok
19:21:26.0066 4964 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
19:21:26.0066 4964 wercplsupport - ok
19:21:26.0097 4964 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
19:21:26.0097 4964 WerSvc - ok
19:21:26.0128 4964 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
19:21:26.0128 4964 WfpLwf - ok
19:21:26.0144 4964 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
19:21:26.0144 4964 WIMMount - ok
19:21:26.0159 4964 WinDefend - ok
19:21:26.0159 4964 WinHttpAutoProxySvc - ok
19:21:26.0222 4964 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
19:21:26.0222 4964 Winmgmt - ok
19:21:26.0315 4964 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
19:21:26.0315 4964 WinRM - ok
19:21:26.0378 4964 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
19:21:26.0378 4964 WinUsb - ok
19:21:26.0425 4964 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
19:21:26.0440 4964 Wlansvc - ok
19:21:26.0487 4964 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:21:26.0503 4964 wlcrasvc - ok
19:21:26.0612 4964 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:21:26.0627 4964 wlidsvc - ok
19:21:26.0659 4964 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
19:21:26.0659 4964 WmiAcpi - ok
19:21:26.0690 4964 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
19:21:26.0690 4964 wmiApSrv - ok
19:21:26.0721 4964 WMPNetworkSvc - ok
19:21:26.0752 4964 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
19:21:26.0752 4964 WPCSvc - ok
19:21:26.0783 4964 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
19:21:26.0799 4964 WPDBusEnum - ok
19:21:26.0830 4964 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
19:21:26.0830 4964 ws2ifsl - ok
19:21:26.0861 4964 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
19:21:26.0861 4964 wscsvc - ok
19:21:26.0861 4964 WSearch - ok
19:21:26.0955 4964 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
19:21:26.0971 4964 wuauserv - ok
19:21:27.0017 4964 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
19:21:27.0017 4964 WudfPf - ok
19:21:27.0049 4964 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
19:21:27.0049 4964 WUDFRd - ok
19:21:27.0095 4964 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
19:21:27.0095 4964 wudfsvc - ok
19:21:27.0127 4964 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
19:21:27.0127 4964 WwanSvc - ok
19:21:27.0173 4964 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbgps C:\windows\system32\DRIVERS\ZTEusbgps.sys
19:21:27.0173 4964 ZTEusbgps - ok
19:21:27.0220 4964 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbmdm6k C:\windows\system32\DRIVERS\ZTEusbmdm6k.sys
19:21:27.0220 4964 ZTEusbmdm6k - ok
19:21:27.0267 4964 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbnmea C:\windows\system32\DRIVERS\ZTEusbnmea.sys
19:21:27.0267 4964 ZTEusbnmea - ok
19:21:27.0298 4964 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbnmeaext C:\windows\system32\DRIVERS\ZTEusbnmeaext.sys
19:21:27.0298 4964 ZTEusbnmeaext - ok
19:21:27.0345 4964 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbser6k C:\windows\system32\DRIVERS\ZTEusbser6k.sys
19:21:27.0361 4964 ZTEusbser6k - ok
19:21:27.0376 4964 ================ Scan global ===============================
19:21:27.0407 4964 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
19:21:27.0439 4964 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
19:21:27.0454 4964 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
19:21:27.0485 4964 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
19:21:27.0517 4964 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
19:21:27.0532 4964 [Global] - ok
19:21:27.0532 4964 ================ Scan MBR ==================================
19:21:27.0548 4964 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
19:21:27.0719 4964 \Device\Harddisk0\DR0 - ok
19:21:27.0719 4964 ================ Scan VBR ==================================
19:21:27.0735 4964 [ 110CE1730786A90A038686E37CC0DE26 ] \Device\Harddisk0\DR0\Partition1
19:21:27.0735 4964 \Device\Harddisk0\DR0\Partition1 - ok
19:21:27.0735 4964 ============================================================
19:21:27.0735 4964 Scan finished
19:21:27.0735 4964 ============================================================
19:21:27.0751 1232 Detected object count: 0
19:21:27.0751 1232 Actual detected object count: 0

aswMBR.txt
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-30 19:33:45
-----------------------------
19:33:45.380 OS Version: Windows x64 6.1.7601 Service Pack 1
19:33:45.380 Number of processors: 2 586 0x170A
19:33:45.380 ComputerName: LEN-PC UserName: Len
19:33:46.550 Initialize success
20:07:53.899 AVAST engine defs: 12113001
20:09:18.233 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:09:18.233 Disk 0 Vendor: TOSHIBA_ FG00 Size: 476940MB BusType: 3
20:09:18.248 Disk 0 MBR read successfully
20:09:18.248 Disk 0 MBR scan
20:09:18.248 Disk 0 Windows VISTA default MBR code
20:09:18.248 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:09:18.295 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464503 MB offset 3074048
20:09:18.357 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10936 MB offset 954376192
20:09:18.467 Disk 0 scanning C:\windows\system32\drivers
20:09:33.770 Service scanning
20:10:33.440 Modules scanning
20:10:33.440 Disk 0 trace - called modules:
20:10:33.456 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
20:10:33.971 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800487b060]
20:10:33.971 3 CLASSPNP.SYS[fffff8800178843f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004879060]
20:10:33.971 5 thpdrv.sys[fffff88001ba4cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046ab050]
20:10:35.562 AVAST engine scan C:\windows
20:10:43.003 AVAST engine scan C:\windows\system32
20:15:23.398 AVAST engine scan C:\windows\system32\drivers
20:15:42.914 AVAST engine scan C:\Users\Len
20:16:48.980 Disk 0 MBR has been saved successfully to "C:\Users\Len\Desktop\MBR.dat"
20:16:48.995 The log file has been saved successfully to "C:\Users\Len\Desktop\aswMBR.txt"

No problems with downloads or log reports.
Bpaka

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 30 November 2012 - 11:25 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Bpaka

Bpaka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 01 December 2012 - 01:00 AM

Gringo,
Following will be the log file from ComboFix. The only problem I had was that I accidently started ComboFix before the CFScript.txt was dropped on it. I clicked the X and stopped it as soon as it started and then dropped the CFScript.txt on the icon.

I also forgot to close my internet connection so did so when prompted to do so.

While MSE was running earlier I got no kill messages and no trogan:js/medfos.b files were quarantined. Yesterday they were coming every 5 or 10 minutes.

Thanks again,
Bpaka

ComboFix 12-11-30.03 - Len 11/30/2012 20:59:02.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2162 [GMT -8:00]
Running from: c:\users\Len\Desktop\ComboFix.exe
Command switches used :: c:\users\Len\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-01 to 2012-12-01 )))))))))))))))))))))))))))))))
.
.
2012-12-01 05:12 . 2012-12-01 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-01 03:17 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{071AEF32-3554-44DC-8EAE-3BDDAC4483CF}\mpengine.dll
2012-11-29 19:16 . 2012-11-29 19:16 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-11-29 18:55 . 2012-11-29 19:16 -------- d-----w- c:\programdata\HitmanPro
2012-11-29 01:02 . 2012-11-29 01:03 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2012-11-28 22:02 . 2012-11-28 22:02 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81A28F3B-2637-4637-A0E7-6E175FE5A728}\gapaengine.dll
2012-11-28 22:02 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-28 21:07 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-28 21:07 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-28 21:07 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-28 21:07 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-28 21:07 . 2012-08-24 18:04 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-28 21:07 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-28 21:07 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-28 21:07 . 2012-08-24 16:57 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-11-28 21:07 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-15 00:38 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 00:38 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 00:38 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 00:38 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 20:33 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 20:33 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 20:33 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 20:33 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 20:33 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 20:00 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 20:00 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 20:00 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 20:00 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 20:00 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 20:00 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 20:00 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 20:00 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 20:00 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 20:00 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 20:00 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 20:00 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 19:36 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 19:36 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 14:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 14:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 14:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 14:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 14:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 14:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 14:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 06:17 . 2012-11-09 08:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2012-11-14 01:40 . 2012-11-14 01:40 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2012-11-02 23:38 . 2012-11-02 23:38 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-11-02 23:38 . 2012-11-02 23:38 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-11-02 23:38 . 2012-11-02 23:38 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-11-02 23:38 . 2012-11-02 23:38 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-11-02 23:38 . 2012-11-02 23:38 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-11-02 23:38 . 2012-11-02 23:38 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 05:25 . 2012-04-20 01:07 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 05:25 . 2011-12-29 23:45 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-15 00:27 . 2009-12-15 17:40 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 20:00 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:00 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:00 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-05 04:53 . 2011-03-25 12:09 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-29 05:42 . 2012-09-29 05:42 2177704 ----a-w- c:\windows\system32\coin92.dll
2012-09-14 19:19 . 2012-10-17 00:44 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-17 00:44 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyTOSHIBA"="c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe" [2009-08-06 264048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-07-16 529256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-08-11 2446648]
"CnxtCoInstallerDefer"="c:\program files (x86)\CONEXANT\SETUP4B22818E1D8\SETUP\setup.exe" [2008-03-18 999424]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2008-04-15 11776]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-09 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-26 13672]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-10 139264]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1103904]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
S3 ZTEusbgps;ZTE GPS Port;c:\windows\system32\DRIVERS\ZTEusbgps.sys [2008-04-15 121344]
S3 ZTEusbnmeaext;ZTE NMEAExt Port;c:\windows\system32\DRIVERS\ZTEusbnmeaext.sys [2008-04-15 121344]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 31576716
*NewlyCreated* - ASWMBR
*Deregistered* - 31576716
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 05:25]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 00:29]
.
2012-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-08 00:29]
.
2012-11-30 c:\windows\Tasks\RegistryBooster.job
- c:\program files (x86)\Uniblue\RegistryBooster\rbmonitor.exe [2010-07-30 16:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://forecast.weather.gov/MapClick.php?lat=47.81638223710274&lon=-116.70690536499023&site=otx&unit=0&lg=en&FcstType=text
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office10\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-30 21:38:23
ComboFix-quarantined-files.txt 2012-12-01 05:38
ComboFix2.txt 2012-12-01 02:40
.
Pre-Run: 413,544,005,632 bytes free
Post-Run: 413,098,045,440 bytes free
.
- - End Of File - - 36C9B0E21B1988CBF6FB46DBB8D3263B

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,221 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:01 AM

Posted 01 December 2012 - 01:21 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.2
Java™ 6 Update 14
Uniblue RegistryBooster
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Bpaka

Bpaka
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:01 PM

Posted 01 December 2012 - 01:46 AM

WOW... This looks like a project for tomorrow. I don't know what time it is where you are, but for a 72 year old codger it is 3 hours past my bedtime. We will talk again tomorrow.
Thanks for your help today.
Bpaka




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users