Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast Boot Scan found Java: Agent-TB and Jave: Agent-WY


  • This topic is locked This topic is locked
17 replies to this topic

#1 Toshiro

Toshiro

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 16 October 2011 - 10:18 PM

My computer runs slow at times, so I started a boot scan with Avast Free Home Edition. Scan results showed Java: Agent-TB and Java:Agent-WY. Boot Scan didn't complete due to a brownout in our neighborhood. I had to use System Restore to reboot computer.

I'm running Windows 7 Home Edition on a Toshiba A665-S6090 64-bit laptops
Avast Free Edition version 6.0.1289 Update Engine and Virus Definitions version 111016-1 COMODO Firewall Free Edition version 5.5.195786.1383
Malwarebytes' Anti-Malware 1.51.2.1300, Database version 7962
SuperAntiSpyware Free Edition 4.33.1000, Database Definition Version Core: 7801, Trace 5613
Ad-Aware Free Edition 9.5.1
Glary Utilities Free Edition 2.38.0.1288, Database 2011-09-30.

I primarily use Firefox 7.0.1 and Opera 11.51.

Ad-Aware and CCleaner don't seem to complete there scans recently.

DDS Log File

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by bondzephyr at 22:52:43 on 2011-10-16
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1630 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\ThpSrv.exe
C:\Program Files (x86)\ThreatFire\TFService.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\SysWOW64\vsnapvss.exe
C:\windows\Explorer.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ThreatFire\TFTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\System32\taskmgr.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\explorer.exe
C:\windows\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\SndVol.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\explorer.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <-loopback>;
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Foxit PDF Creator Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] "C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe"
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{FEB77252-54D8-477A-A231-A59BA76F6AAE} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
AppInit_DLLs: C:\windows\SysWOW64\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: Foxit PDF Creator Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [ThreatFire] "C:\Program Files (x86)\ThreatFire\TFTray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
AppInit_DLLs-X64: C:\windows\SysWOW64\guard32.dll
SEH-X64: SABShellExecuteHook Class: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\bondzephyr\AppData\Roaming\Mozilla\Firefox\Profiles\yqmkvniv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: C:\Users\bondzephyr\AppData\Roaming\Mozilla\Firefox\Profiles\yqmkvniv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\bondzephyr\AppData\Roaming\Mozilla\Firefox\Profiles\yqmkvniv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\bondzephyr\AppData\Roaming\Mozilla\Firefox\Profiles\yqmkvniv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: C:\Users\bondzephyr\AppData\Roaming\Mozilla\Firefox\Profiles\yqmkvniv.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\windows\system32\DRIVERS\Lbd.sys --> C:\windows\system32\DRIVERS\Lbd.sys [?]
R0 SMR200;Symantec SMR Utility Service 2.0.0;C:\windows\system32\drivers\SMR200.SYS --> C:\windows\system32\drivers\SMR200.SYS [?]
R0 TfFsMon;TfFsMon;C:\windows\system32\drivers\TfFsMon.sys --> C:\windows\system32\drivers\TfFsMon.sys [?]
R0 TfSysMon;TfSysMon;C:\windows\system32\drivers\TfSysMon.sys --> C:\windows\system32\drivers\TfSysMon.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\windows\system32\DRIVERS\cmdguard.sys --> C:\windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\windows\system32\DRIVERS\cmdhlp.sys --> C:\windows\system32\DRIVERS\cmdhlp.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-9-9 44768]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-7-1 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2151640]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-9-20 366152]
R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2007-4-18 11032]
R2 ThreatFire;ThreatFire;C:\Program Files (x86)\ThreatFire\TFService.exe service --> C:\Program Files (x86)\ThreatFire\TFService.exe service [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-18 2320920]
R2 VSNAPVSS;StorageCraft Shadow Copy Provider;C:\Windows\SysWOW64\vsnapvss.exe [2011-3-20 67880]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-8-31 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 TfNetMon;TfNetMon;\??\C:\windows\system32\drivers\TfNetMon.sys --> C:\windows\system32\drivers\TfNetMon.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-2-18 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-1-5 9968]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-1-5 74480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-2-18 123320]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2011-2-18 126392]
S2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-1-17 301720]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-9-14 508264]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-1-5 7408]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-9-14 219496]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-17 00:45:19 704000 ----a-w- C:\windows\isRS-000.tmp
2011-10-16 14:43:36 3134976 ----a-w- C:\windows\System32\win32k.sys
2011-10-11 16:55:25 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-10-10 16:44:18 -------- d-----w- C:\Users\bondzephyr\AppData\Roaming\Systweak
2011-10-10 16:44:07 18816 ----a-w- C:\windows\System32\roboot64.exe
2011-10-10 16:44:02 -------- d-----w- C:\Program Files (x86)\RegClean Pro
2011-10-07 19:31:35 -------- d-----w- C:\Users\bondzephyr\.swt
2011-10-03 04:54:29 94208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-10-03 04:54:29 140864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-10-03 04:54:20 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-10-03 04:54:20 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-10-03 04:54:19 -------- d-----w- C:\Program Files (x86)\Real Alternative
2011-10-01 01:12:34 -------- d-----w- C:\2c223feb9aa4aa788dd9594521
2011-09-25 09:20:11 -------- d-----w- C:\Program Files (x86)\BrizAVIJoin
2011-09-19 04:25:50 -------- d-----w- C:\Program Files (x86)\ConTEXT
.
==================== Find3M ====================
.
2011-10-04 14:27:40 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45:29 41184 ----a-w- C:\windows\avastSS.scr
2011-09-06 20:38:18 601944 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2011-09-06 20:36:30 65368 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2011-09-01 05:24:07 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-08-31 21:00:50 25416 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-08-31 18:56:31 16432 ----a-w- C:\windows\System32\lsdelete.exe
2011-08-27 05:40:28 861184 ----a-w- C:\windows\System32\oleaut32.dll
2011-08-27 05:40:28 331776 ----a-w- C:\windows\System32\oleacc.dll
2011-08-27 04:43:07 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2011-08-27 04:43:06 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
2011-08-18 19:25:12 69376 ----a-w- C:\windows\System32\drivers\Lbd.sys
2011-08-17 05:32:24 613888 ----a-w- C:\windows\System32\psisdecd.dll
2011-08-17 05:27:46 75776 ----a-w- C:\windows\System32\MSDvbNP.ax
2011-08-17 05:27:46 288256 ----a-w- C:\windows\System32\MSNP.ax
2011-08-17 05:27:46 108032 ----a-w- C:\windows\System32\psisrndr.ax
2011-08-17 05:27:46 104960 ----a-w- C:\windows\System32\Mpeg2Data.ax
2011-08-17 04:26:02 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
2011-08-17 04:22:23 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
2011-08-17 04:22:23 72704 ----a-w- C:\windows\SysWow64\Mpeg2Data.ax
2011-08-17 04:22:23 59904 ----a-w- C:\windows\SysWow64\MSDvbNP.ax
2011-08-17 04:22:23 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
2011-07-26 21:54:40 96376 ----a-w- C:\windows\System32\drivers\SMR200.SYS
2011-04-19 19:14:06 201728 ----a-w- C:\Program Files\hjsplit.exe
.
============= FINISH: 22:56:51.16 ===============

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 AM

Posted 21 October 2011 - 09:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

#3 Toshiro

Toshiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 21 October 2011 - 03:26 PM



Here is the ComboFix scan. I had some problems with it as it rebooted and automatically restarted my security programs, including the automatic update function of SuperAntiSpyware and Malwareytes Anti-Ware. Since there were instructions in the linked text you provided, I had to exit these programs completely.

ComboFix 11-10-21.04 - bondzephyr 10/21/2011 15:25:35.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2445 [GMT -4:00]
Running from: c:\users\bondzephyr\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
FW: COMODO Firewall *Disabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\bondzephyr\AppData\Roaming\Microsoft\Windows\Recent\Legion of Super-Heroes 1-34.URL
.
.
((((((((((((((((((((((((( Files Created from 2011-09-21 to 2011-10-21 )))))))))))))))))))))))))))))))
.
.
2011-10-21 19:38 . 2011-10-21 19:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 00:03 . 2011-10-18 00:05 -------- d-----w- c:\users\bondzephyr\AppData\Roaming\Media Player Classic
2011-10-16 14:43 . 2011-09-06 03:07 3134976 ----a-w- c:\windows\system32\win32k.sys
2011-10-11 16:55 . 2011-10-16 13:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-10-10 16:44 . 2011-10-16 13:48 -------- d-----w- c:\users\bondzephyr\AppData\Roaming\Systweak
2011-10-10 16:44 . 2011-07-07 17:08 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-10-10 16:44 . 2011-10-19 15:53 -------- d-----w- c:\program files (x86)\RegClean Pro
2011-10-07 19:31 . 2011-10-07 19:31 -------- d-----w- c:\users\bondzephyr\.swt
2011-10-03 04:54 . 2010-02-15 18:00 94208 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-10-03 04:54 . 2010-02-15 18:00 140864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-10-03 04:54 . 2004-01-11 22:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-10-03 04:54 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-10-03 04:54 . 2011-10-18 00:01 -------- d-----w- c:\program files (x86)\Real Alternative
2011-10-01 01:12 . 2011-10-02 22:13 -------- d-----w- C:\2c223feb9aa4aa788dd9594521
2011-09-25 09:20 . 2011-10-02 22:13 -------- d-----w- c:\program files (x86)\BrizAVIJoin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 14:27 . 2011-05-15 09:48 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-06 20:45 . 2011-05-30 22:12 41184 ----a-w- c:\windows\avastSS.scr
2011-09-06 20:45 . 2011-05-30 22:12 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-09-06 20:45 . 2011-05-30 22:12 254400 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-05-30 22:56 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:38 . 2011-05-30 22:12 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2011-05-30 22:12 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2011-05-30 22:12 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2011-05-30 22:12 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2011-05-30 22:12 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-31 21:00 . 2011-02-28 00:59 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-31 18:56 . 2011-08-31 20:43 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-08-18 19:25 . 2011-08-31 18:46 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-08-08 19:17 . 2011-08-08 19:17 0 ---ha-w- c:\users\bondzephyr\AppData\Local\BIT2692.tmp
2011-07-29 09:28 . 2011-07-29 09:28 0 ---ha-w- c:\users\bondzephyr\AppData\Local\BIT3B0E.tmp
2011-07-26 21:54 . 2011-07-26 21:54 96376 ----a-w- c:\windows\system32\drivers\SMR200.SYS
2011-04-19 19:14 . 2010-11-11 19:34 201728 ----a-w- c:\program files\hjsplit.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-21_18.29.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-21 19:39 . 2011-10-21 19:39 14209 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-10-21 18:10 . 2011-10-21 18:10 14209 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2011-10-21 18:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-21 19:41 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-10-21 18:11 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-21 19:41 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-21 19:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-21 18:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-18 21:16 . 2011-10-21 19:42 69222 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-21 19:42 48720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-21 17:45 48720 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-26 04:18 . 2011-10-21 19:02 22376 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1309847059-2848126792-3249451353-1001_UserData.bin
+ 2011-02-18 21:50 . 2011-10-21 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 21:50 . 2011-10-21 18:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-02-18 21:50 . 2011-10-21 18:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-02-18 21:50 . 2011-10-21 19:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-21 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-21 18:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-10-21 18:11 . 2011-10-21 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-21 19:40 . 2011-10-21 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-21 18:11 . 2011-10-21 18:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-21 19:40 . 2011-10-21 19:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-22 18:20 . 2011-10-21 18:10 726780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1309847059-2848126792-3249451353-1001-8192.dat
+ 2011-03-22 18:20 . 2011-10-21 19:39 726780 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1309847059-2848126792-3249451353-1001-8192.dat
- 2009-07-14 02:34 . 2011-10-21 18:24 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-10-21 19:15 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2011-01-17 14:54 175912 ----a-w- c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-29 02:44 1400712 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuz0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-29 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-30 39408]
"SUPERAntiSpyware"="c:\program files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-06-11 552960]
"ThreatFire"="c:\program files (x86)\ThreatFire\TFTray.exe" [2011-02-22 378128]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 18:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
.
R1 pwipf6;Privacyware Filter Driver;c:\windows\system32\DRIVERS\pwipf6.sys [x]
R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-01-05 9968]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.sys [2010-01-05 74480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-08-31 2151640]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-08-31 17152]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-01-05 7408]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 SMR200;Symantec SMR Utility Service 2.0.0;c:\windows\System32\drivers\SMR200.SYS [x]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-03-05 123320]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-01-18 301720]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S2 ThreatFire;ThreatFire;c:\program files (x86)\ThreatFire\TFService.exe service [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\SysWOW64\vsnapvss.exe [2011-02-25 67880]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-23 822192]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:56]
.
2011-10-21 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2011-04-23 13:07]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
.
2011-10-21 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2011-10-10 17:08]
.
2011-10-19 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files (x86)\RegClean Pro\RegCleanPro.exe [2011-10-10 17:08]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2011-05-24 23:41 287048 ----a-w- c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 9048392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>;
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\bondzephyr\AppData\Roaming\Mozilla\Firefox\Profiles\yqmkvniv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"=hex:51,66,7a,6c,4c,1d,38,12,f0,31,07,
be,62,db,e7,0c,cc,e4,d4,72,ec,73,53,d8
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=hex:51,66,7a,6c,4c,1d,38,12,7b,ba,ea,
34,67,f9,48,0d,fd,1d,4b,bb,a3,e3,60,89
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{97AB88EF-346B-4179-A0B1-7445896547A5}"=hex:51,66,7a,6c,4c,1d,38,12,81,8b,b8,
93,59,7a,17,04,df,a7,37,05,8c,3b,03,b1
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{C8D5D964-2BE8-4C5B-8CF5-6E975AA88504}"=hex:51,66,7a,6c,4c,1d,38,12,0a,da,c6,
cc,da,65,35,09,f3,e3,2d,d7,5f,f6,c1,10
"{D93EC24D-8741-4D41-B83D-A5793B998416}"=hex:51,66,7a,6c,4c,1d,38,12,23,c1,2d,
dd,73,c9,2f,08,c7,2b,e6,39,3e,c7,c0,02
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:20,b9,7b,87,a5,18,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\02\04\13\0e\00?"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\ThreatFire\TFService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
.
**************************************************************************
.
Completion time: 2011-10-21 16:00:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-21 20:00S
.
Pre-Run: 108,624,936,960 bytes free
Post-Run: 108,270,407,680 bytes free
.
- - End Of File - - FF222446683CE38DBA55806B51E69B26

Also, here is the SecurityCkeck.exe scan:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Malwarebytes' Anti-Malware mbamservice.exe
ThreatFire TFTray.exe
ThreatFire TFService.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe

Any help is appreciated.

Toshiro

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 AM

Posted 22 October 2011 - 09:14 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:
  • Download the latest version of Java SE Runtime Environment 6 Update 27.
  • In the box labeled "Java Platform, Standard Edition", click the "Download JRE" button to the right.
  • In the Window that opens, select Windows (or Windows x64), and check the "agree" box and click "Continue".
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Then from your Desktop double-click on jre-6u27-windows-i586.exe that you have downloaded to install the newest version.

    For the x64 bit version download this on jre-6u27-windows-x64.exe). Make sure you download the corrent version.

    - Note: If you are running Vista or Windows 7, you may need to right-click on the installation file and select Run as Administrator.

If present remove the old version(s) of Java using the Add/Remove Programs applet.


list....

===

Critical vulnerabilities have been identified in Adobe Flash Player 10.3.183.10 and earlier versions... being exploited in the wild in active targeted attacks... update to Adobe Adobe Flash Player 11.0.1.152

Flash Player 11.0.1.152

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Include in your download" this is not required. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Your security programs.

ThreatFire TFTray.exe
ThreatFire TFService.exe
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Alwil Software Avast5 AvastSvc.exe

Can your disable ThreatFire TFService.exe and see if your performance increases.

Let me know what problem persists.
Alwil Software Avast5 AvastUI.exe



#5 Toshiro

Toshiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 22 October 2011 - 04:42 PM

I've made the updates suggested, but I prefer to use Foxit Reader (the free version) and was wondering could I just delete the Adobe Reader and make Foxit my preferred reader, or would it best to keep Adobe Reader in case Foxit can't open some files. I know this option was somewhat standard in earlier years, and that's what I did. Really haven't thought about it since I bought this laptop (my first) earlier this year.

Also, I'm not sure how to disable ThreatFire's TFService.exe. As you can tell, I use free security software as much as possible. I usually check pcmag.com, pcworld.com and more recently, tomshardware.com for their reviews. I'm just wondering if I've overdid the security software. Most of it is on-demand and not running in the background like my AV and firewall.

Also, when I did the System Restore, did that get rid of the Java infections. I may be jumping ahead.

Again, thanks for all your help.

Toshiro

P.S. It may take my up to a day to respond to your guidance. I'm my mother's only caretaker and sometimes, she has to come first. Thank you for your understanding.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 AM

Posted 23 October 2011 - 08:14 AM

I've made the updates suggested, but I prefer to use Foxit Reader (the free version) and was wondering could I just delete the Adobe Reader and make Foxit my preferred reader.

Your call both are good programs.

Also, I'm not sure how to disable ThreatFire's TFService.exe.


I could only find this page that explain how you can remove it.

http://www.pctools.com/threatfire/answers/id/760/

If it's not running while the other Virus protection is running there should be nor problem.
Your call if you want to keep it or not.

===

Also, when I did the System Restore, did that get rid of the Java infections. I may be jumping ahead.

When did you do this System restore.

Was it after we executed the ComboFix?

How is the computer performing?
Any remaining issues?

#7 Toshiro

Toshiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 23 October 2011 - 04:19 PM

As I stated in my original post:

"My computer runs slow at times, so I started a boot scan with Avast Free Home Edition. Scan results showed Java: Agent-TB and Java:Agent-WY. Boot Scan didn't complete due to a brownout in our neighborhood. I had to use System Restore to reboot computer." (Emphasis mine)

My computer was useless until I went into safe mode and did a System Restore. I restored the system to either the day before or a few days before. I believe the System Restore Point was a few days earlier.

I googled the ThreatFire question and found the same link. I'm not sure that ThreatFire doesn't run in the background with Avast! AV and Comodo FW. The recommendation to run it came either from pcmag.com or pcworld.com. Of course, they also consistently rank Norton AV and Security Suite as #1 or #2, and whenever I use it, I have various problems with system stability and performance and often, some malware gets through. Just saying this so that if you think I should try to uninstall it, I can always reinstall at a later date.

I've noticed since the ComboFix scan, spoolsv.exe appears in my Windows Task Manager. Since I have no printer attached to this laptop yet and I removed this exe file from the system start-up routine right after I bought this laptop earlier this year, I'm wondering could this be a problem? Could this be a false spoolsv.exe file hiding some malware program. It takes several times to stop this process in Task Manager.

Also, whenever spoolsv.exe appears, my Firefox or Opera browser windows freeze even if it isn't downloading a webpage.

Not sure about overall system performance since this freezing of my browser windows have even made it hard to finish this post several times.

Again, thanks for all your help so far.

Toshiro

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 AM

Posted 24 October 2011 - 08:52 AM

I googled the ThreatFire question and found the same link. I'm not sure that ThreatFire doesn't run in the background with Avast! AV and Comodo FW. The recommendation to run it came either from pcmag.com or pcworld.com. Of course, they also consistently rank Norton AV and Security Suite as #1 or #2, and whenever I use it, I have various problems with system stability and performance and often, some malware gets through. Just saying this so that if you think I should try to uninstall it, I can always reinstall at a later date.


That is what I had in mind. Remove it and when all is well you can reinstall it and then see if your performance with the computer is worst or not.
Wait until we check on this file spoolsv.dll

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    spoolsv.dll

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

#9 Toshiro

Toshiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 24 October 2011 - 02:25 PM

Here is the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:29 on 24/10/2011 by bondzephyr
Administrator - Elevation successful

========== filefind ==========

Searching for "spoolsv.dll"
No files found.

-= EOF =-

I've also uninstalled ThreatFire, but chose to keep the configuration files and logs in case I want to reinstall it later. I can delete them if you think that would be better.

I may post about system performance before you reply, but only about this since ThreatFire is uninstalled.

Thanks again for all your help,

Toshiro

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 AM

Posted 25 October 2011 - 10:18 AM

No file found. We may be dealing with a remnant entry in the registry.

Run the SystemLook tool and execute this find.

:regfind
spoolsv.dll


Post the log.

#11 Toshiro

Toshiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 25 October 2011 - 11:38 AM

Here is the new SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:35 on 25/10/2011 by bondzephyr
Administrator - Elevation successful

========== regfind ==========

Searching for "spoolsv.dll"
No data found.

-= EOF =-

Toshiro

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 AM

Posted 25 October 2011 - 01:02 PM

We may be dealing with a rootkit. Please run these tools.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) ( 511KB ) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Please post the logs for my review.

#13 Toshiro

Toshiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 26 October 2011 - 02:26 PM

Here is the aswMBR scan:

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-26 14:01:37
-----------------------------
14:01:37.374 OS Version: Windows x64 6.1.7600
14:01:37.374 Number of processors: 4 586 0x2505
14:01:37.374 ComputerName: BATCAVE-4477 UserName: bondzephyr
14:01:38.902 Initialize success
14:01:39.058 AVAST engine defs: 11102600
14:01:56.406 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:01:56.406 Disk 0 Vendor: TOSHIBA_ GH10 Size: 476940MB BusType: 3
14:01:56.437 Disk 0 MBR read successfully
14:01:56.452 Disk 0 MBR scan
14:01:56.452 Disk 0 Windows VISTA default MBR code
14:01:56.468 Service scanning
14:01:57.872 Modules scanning
14:01:57.872 Disk 0 trace - called modules:
14:01:57.903 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
14:01:57.919 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a90060]
14:01:57.919 3 CLASSPNP.SYS[fffff88001ba043f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8006a8f060]
14:01:57.934 5 thpdrv.sys[fffff88001ae8cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a60050]
14:01:58.839 AVAST engine scan C:\windows
14:02:01.413 AVAST engine scan C:\windows\system32
14:03:18.197 AVAST engine scan C:\windows\system32\drivers
14:03:28.025 AVAST engine scan C:\Users\bondzephyr
14:29:23.082 AVAST engine scan C:\ProgramData
14:34:21.245 Scan finished successfully
14:35:51.008 Disk 0 MBR has been saved successfully to "C:\Users\bondzephyr\Desktop\MBR.dat"
14:35:51.024 The log file has been saved successfully to "C:\Users\bondzephyr\Desktop\aswMBR.txt"

The above scan is the second aswMBR scan. The first scan resulted in a BSOD It may have been caused because the laptop seems to go into hibernation very soon after no input from a device. I don't understand this because I changed the setting to do away with the hibernation setting. After a Windows Update, the settings seemedto reset to default. Following is the information on the BSOD if this helps:

STOP: 0x00000109(0xA3A039D52753E, 0x3B37465EEFAC0FFFF80000B95080, 0X0000000000000002)

Here is the TDSSkiller log:

14:58:42.0177 3728 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
14:58:42.0890 3728 ============================================================
14:58:42.0890 3728 Current date / time: 2011/10/26 14:58:42.0890
14:58:42.0890 3728 SystemInfo:
14:58:42.0890 3728
14:58:42.0890 3728 OS Version: 6.1.7600 ServicePack: 0.0
14:58:42.0890 3728 Product type: Workstation
14:58:42.0890 3728 ComputerName: BATCAVE-4477
14:58:42.0891 3728 UserName: bondzephyr
14:58:42.0891 3728 Windows directory: C:\windows
14:58:42.0891 3728 System windows directory: C:\windows
14:58:42.0891 3728 Running under WOW64
14:58:42.0891 3728 Processor architecture: Intel x64
14:58:42.0891 3728 Number of processors: 4
14:58:42.0891 3728 Page size: 0x1000
14:58:42.0891 3728 Boot type: Normal boot
14:58:42.0891 3728 ============================================================
14:58:44.0563 3728 Initialize success
14:58:56.0087 1052 ============================================================
14:58:56.0087 1052 Scan started
14:58:56.0087 1052 Mode: Manual;
14:58:56.0087 1052 ============================================================
14:58:59.0032 1052 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\windows\system32\DRIVERS\1394ohci.sys
14:58:59.0052 1052 1394ohci - ok
14:58:59.0202 1052 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
14:58:59.0209 1052 ACPI - ok
14:58:59.0392 1052 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
14:58:59.0407 1052 acpials - ok
14:58:59.0557 1052 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
14:58:59.0588 1052 AcpiPmi - ok
14:58:59.0906 1052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
14:58:59.0924 1052 adp94xx - ok
14:59:00.0065 1052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
14:59:00.0088 1052 adpahci - ok
14:59:00.0212 1052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
14:59:00.0226 1052 adpu320 - ok
14:59:00.0431 1052 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
14:59:00.0446 1052 AFD - ok
14:59:00.0604 1052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
14:59:00.0613 1052 agp440 - ok
14:59:00.0798 1052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
14:59:00.0815 1052 aliide - ok
14:59:00.0978 1052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
14:59:00.0994 1052 amdide - ok
14:59:01.0176 1052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
14:59:01.0179 1052 AmdK8 - ok
14:59:01.0312 1052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
14:59:01.0330 1052 AmdPPM - ok
14:59:01.0510 1052 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
14:59:01.0562 1052 amdsata - ok
14:59:01.0872 1052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
14:59:01.0945 1052 amdsbs - ok
14:59:02.0130 1052 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
14:59:02.0144 1052 amdxata - ok
14:59:02.0301 1052 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
14:59:02.0331 1052 AppID - ok
14:59:02.0543 1052 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
14:59:02.0561 1052 arc - ok
14:59:02.0674 1052 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
14:59:02.0703 1052 arcsas - ok
14:59:02.0878 1052 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\windows\system32\drivers\aswFsBlk.sys
14:59:02.0897 1052 aswFsBlk - ok
14:59:03.0106 1052 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\windows\system32\drivers\aswMonFlt.sys
14:59:03.0113 1052 aswMonFlt - ok
14:59:03.0225 1052 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\windows\system32\drivers\aswRdr.sys
14:59:03.0240 1052 aswRdr - ok
14:59:03.0420 1052 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\windows\system32\drivers\aswSnx.sys
14:59:03.0434 1052 aswSnx - ok
14:59:03.0567 1052 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\windows\system32\drivers\aswSP.sys
14:59:03.0581 1052 aswSP - ok
14:59:03.0706 1052 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\windows\system32\drivers\aswTdi.sys
14:59:03.0729 1052 aswTdi - ok
14:59:03.0888 1052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
14:59:03.0905 1052 AsyncMac - ok
14:59:04.0023 1052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
14:59:04.0040 1052 atapi - ok
14:59:04.0297 1052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
14:59:04.0304 1052 b06bdrv - ok
14:59:04.0442 1052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
14:59:04.0464 1052 b57nd60a - ok
14:59:04.0670 1052 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
14:59:04.0671 1052 Beep - ok
14:59:04.0856 1052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
14:59:04.0864 1052 blbdrive - ok
14:59:05.0052 1052 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
14:59:05.0068 1052 bowser - ok
14:59:05.0223 1052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
14:59:05.0237 1052 BrFiltLo - ok
14:59:05.0408 1052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
14:59:05.0429 1052 BrFiltUp - ok
14:59:05.0592 1052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
14:59:05.0597 1052 Brserid - ok
14:59:05.0714 1052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
14:59:05.0715 1052 BrSerWdm - ok
14:59:05.0817 1052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
14:59:05.0820 1052 BrUsbMdm - ok
14:59:05.0924 1052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
14:59:05.0925 1052 BrUsbSer - ok
14:59:06.0054 1052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
14:59:06.0056 1052 BTHMODEM - ok
14:59:06.0094 1052 catchme - ok
14:59:06.0214 1052 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
14:59:06.0216 1052 cdfs - ok
14:59:06.0349 1052 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
14:59:06.0351 1052 cdrom - ok
14:59:06.0499 1052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
14:59:06.0500 1052 circlass - ok
14:59:07.0098 1052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
14:59:07.0105 1052 CLFS - ok
14:59:07.0409 1052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
14:59:07.0411 1052 CmBatt - ok
14:59:07.0529 1052 cmdGuard (0020e6598d80b92e4d8618554c4843ab) C:\windows\system32\DRIVERS\cmdguard.sys
14:59:07.0532 1052 cmdGuard - ok
14:59:07.0674 1052 cmdHlp (7a2af19b01bf433c23ac1111610acf84) C:\windows\system32\DRIVERS\cmdhlp.sys
14:59:07.0675 1052 cmdHlp - ok
14:59:07.0780 1052 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
14:59:07.0782 1052 cmdide - ok
14:59:07.0809 1052 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
14:59:07.0814 1052 CNG - ok
14:59:07.0937 1052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
14:59:07.0939 1052 Compbatt - ok
14:59:08.0055 1052 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
14:59:08.0057 1052 CompositeBus - ok
14:59:08.0166 1052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
14:59:08.0167 1052 crcdisk - ok
14:59:08.0335 1052 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
14:59:08.0338 1052 DfsC - ok
14:59:08.0453 1052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
14:59:08.0456 1052 discache - ok
14:59:08.0564 1052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
14:59:08.0567 1052 Disk - ok
14:59:08.0713 1052 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
14:59:08.0715 1052 drmkaud - ok
14:59:09.0077 1052 DXGKrnl (601e731bf8e3f22906ce7d4d724b0439) C:\windows\System32\drivers\dxgkrnl.sys
14:59:09.0111 1052 DXGKrnl - ok
14:59:09.0310 1052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
14:59:09.0443 1052 ebdrv - ok
14:59:09.0647 1052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
14:59:09.0654 1052 elxstor - ok
14:59:09.0884 1052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
14:59:09.0885 1052 ErrDev - ok
14:59:09.0987 1052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
14:59:09.0990 1052 exfat - ok
14:59:10.0088 1052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
14:59:10.0092 1052 fastfat - ok
14:59:10.0210 1052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
14:59:10.0213 1052 fdc - ok
14:59:10.0321 1052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
14:59:10.0324 1052 FileInfo - ok
14:59:10.0418 1052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
14:59:10.0420 1052 Filetrace - ok
14:59:10.0560 1052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
14:59:10.0562 1052 flpydisk - ok
14:59:10.0856 1052 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
14:59:10.0884 1052 FltMgr - ok
14:59:11.0008 1052 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
14:59:11.0010 1052 FsDepends - ok
14:59:11.0111 1052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
14:59:11.0113 1052 Fs_Rec - ok
14:59:11.0239 1052 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
14:59:11.0242 1052 fvevol - ok
14:59:11.0394 1052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
14:59:11.0396 1052 gagp30kx - ok
14:59:11.0579 1052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
14:59:11.0597 1052 hcw85cir - ok
14:59:11.0738 1052 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
14:59:11.0743 1052 HdAudAddService - ok
14:59:11.0858 1052 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
14:59:11.0861 1052 HDAudBus - ok
14:59:11.0971 1052 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
14:59:11.0973 1052 HECIx64 - ok
14:59:12.0067 1052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
14:59:12.0069 1052 HidBatt - ok
14:59:12.0192 1052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
14:59:12.0195 1052 HidBth - ok
14:59:12.0286 1052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
14:59:12.0288 1052 HidIr - ok
14:59:12.0402 1052 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
14:59:12.0404 1052 HidUsb - ok
14:59:12.0505 1052 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
14:59:12.0508 1052 HpSAMD - ok
14:59:12.0632 1052 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\windows\system32\DRIVERS\HssDrv.sys
14:59:12.0647 1052 HssDrv - ok
14:59:12.0798 1052 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
14:59:12.0807 1052 HTTP - ok
14:59:12.0959 1052 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
14:59:12.0990 1052 hwpolicy - ok
14:59:13.0196 1052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
14:59:13.0199 1052 i8042prt - ok
14:59:13.0321 1052 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
14:59:13.0324 1052 iaStor - ok
14:59:13.0469 1052 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
14:59:13.0475 1052 iaStorV - ok
14:59:13.0822 1052 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys
14:59:14.0072 1052 igfx - ok
14:59:14.0198 1052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
14:59:14.0201 1052 iirsp - ok
14:59:14.0325 1052 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys
14:59:14.0329 1052 Impcd - ok
14:59:14.0431 1052 inspect (fc863d6ec8fc977ac4be6ca7ddc10dae) C:\windows\system32\DRIVERS\inspect.sys
14:59:14.0434 1052 inspect - ok
14:59:14.0594 1052 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
14:59:14.0616 1052 IntcAzAudAddService - ok
14:59:14.0745 1052 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
14:59:14.0750 1052 IntcDAud - ok
14:59:14.0922 1052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
14:59:14.0924 1052 intelide - ok
14:59:15.0044 1052 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
14:59:15.0046 1052 intelppm - ok
14:59:15.0152 1052 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
14:59:15.0155 1052 IpFilterDriver - ok
14:59:15.0278 1052 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
14:59:15.0280 1052 IPMIDRV - ok
14:59:15.0383 1052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
14:59:15.0386 1052 IPNAT - ok
14:59:15.0498 1052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
14:59:15.0500 1052 IRENUM - ok
14:59:15.0610 1052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
14:59:15.0612 1052 isapnp - ok
14:59:15.0733 1052 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
14:59:15.0738 1052 iScsiPrt - ok
14:59:15.0898 1052 JMCR (25d602ae635a0443458fbed1a8b6e4e9) C:\windows\system32\DRIVERS\jmcr.sys
14:59:15.0902 1052 JMCR - ok
14:59:16.0056 1052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
14:59:16.0058 1052 kbdclass - ok
14:59:16.0195 1052 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
14:59:16.0198 1052 kbdhid - ok
14:59:16.0230 1052 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
14:59:16.0233 1052 KSecDD - ok
14:59:16.0352 1052 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
14:59:16.0356 1052 KSecPkg - ok
14:59:16.0475 1052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
14:59:16.0477 1052 ksthunk - ok
14:59:16.0651 1052 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
14:59:16.0669 1052 Lavasoft Kernexplorer - ok
14:59:16.0773 1052 Lbd (c8b3131857931ae76798a741cc52b021) C:\windows\system32\DRIVERS\Lbd.sys
14:59:16.0776 1052 Lbd - ok
14:59:17.0171 1052 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
14:59:17.0174 1052 lltdio - ok
14:59:17.0338 1052 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
14:59:17.0341 1052 LPCFilter - ok
14:59:17.0465 1052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
14:59:17.0469 1052 LSI_FC - ok
14:59:17.0595 1052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
14:59:17.0598 1052 LSI_SAS - ok
14:59:17.0723 1052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
14:59:17.0734 1052 LSI_SAS2 - ok
14:59:17.0846 1052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
14:59:17.0848 1052 LSI_SCSI - ok
14:59:17.0966 1052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
14:59:17.0968 1052 luafv - ok
14:59:18.0096 1052 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\windows\system32\drivers\mbam.sys
14:59:18.0098 1052 MBAMProtector - ok
14:59:18.0236 1052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
14:59:18.0238 1052 megasas - ok
14:59:18.0346 1052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
14:59:18.0350 1052 MegaSR - ok
14:59:18.0462 1052 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
14:59:18.0464 1052 Modem - ok
14:59:18.0570 1052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
14:59:18.0572 1052 monitor - ok
14:59:18.0723 1052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
14:59:18.0726 1052 mouclass - ok
14:59:18.0842 1052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
14:59:18.0844 1052 mouhid - ok
14:59:18.0963 1052 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
14:59:18.0972 1052 mountmgr - ok
14:59:19.0068 1052 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
14:59:19.0071 1052 mpio - ok
14:59:19.0222 1052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
14:59:19.0224 1052 mpsdrv - ok
14:59:19.0323 1052 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
14:59:19.0327 1052 MRxDAV - ok
14:59:19.0454 1052 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
14:59:19.0458 1052 mrxsmb - ok
14:59:19.0589 1052 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
14:59:19.0594 1052 mrxsmb10 - ok
14:59:19.0717 1052 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
14:59:19.0720 1052 mrxsmb20 - ok
14:59:19.0827 1052 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
14:59:19.0829 1052 msahci - ok
14:59:19.0941 1052 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
14:59:19.0944 1052 msdsm - ok
14:59:20.0062 1052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
14:59:20.0063 1052 Msfs - ok
14:59:20.0164 1052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
14:59:20.0166 1052 mshidkmdf - ok
14:59:20.0295 1052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
14:59:20.0297 1052 msisadrv - ok
14:59:20.0411 1052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
14:59:20.0413 1052 MSKSSRV - ok
14:59:20.0523 1052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
14:59:20.0524 1052 MSPCLOCK - ok
14:59:20.0641 1052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
14:59:20.0643 1052 MSPQM - ok
14:59:20.0782 1052 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
14:59:20.0790 1052 MsRPC - ok
14:59:20.0919 1052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
14:59:20.0921 1052 mssmbios - ok
14:59:21.0021 1052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
14:59:21.0022 1052 MSTEE - ok
14:59:21.0130 1052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
14:59:21.0132 1052 MTConfig - ok
14:59:21.0271 1052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
14:59:21.0273 1052 Mup - ok
14:59:21.0401 1052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
14:59:21.0406 1052 NativeWifiP - ok
14:59:21.0534 1052 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
14:59:21.0546 1052 NDIS - ok
14:59:21.0661 1052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
14:59:21.0663 1052 NdisCap - ok
14:59:21.0771 1052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
14:59:21.0773 1052 NdisTapi - ok
14:59:21.0876 1052 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
14:59:21.0878 1052 Ndisuio - ok
14:59:21.0988 1052 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
14:59:21.0991 1052 NdisWan - ok
14:59:22.0100 1052 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
14:59:22.0102 1052 NDProxy - ok
14:59:22.0214 1052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
14:59:22.0216 1052 NetBIOS - ok
14:59:22.0322 1052 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
14:59:22.0326 1052 NetBT - ok
14:59:22.0445 1052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
14:59:22.0447 1052 nfrd960 - ok
14:59:22.0571 1052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
14:59:22.0573 1052 Npfs - ok
14:59:22.0685 1052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
14:59:22.0688 1052 nsiproxy - ok
14:59:22.0977 1052 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
14:59:23.0069 1052 Ntfs - ok
14:59:23.0187 1052 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
14:59:23.0205 1052 Null - ok
14:59:23.0371 1052 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
14:59:23.0374 1052 nvraid - ok
14:59:23.0613 1052 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
14:59:23.0617 1052 nvstor - ok
14:59:23.0736 1052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
14:59:23.0792 1052 nv_agp - ok
14:59:23.0908 1052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
14:59:23.0911 1052 ohci1394 - ok
14:59:24.0095 1052 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
14:59:24.0098 1052 Parport - ok
14:59:24.0210 1052 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
14:59:24.0228 1052 partmgr - ok
14:59:24.0360 1052 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys
14:59:24.0363 1052 pci - ok
14:59:24.0475 1052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
14:59:24.0477 1052 pciide - ok
14:59:24.0588 1052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
14:59:24.0592 1052 pcmcia - ok
14:59:24.0738 1052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
14:59:24.0740 1052 pcw - ok
14:59:24.0892 1052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
14:59:24.0900 1052 PEAUTH - ok
14:59:25.0033 1052 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
14:59:25.0035 1052 PGEffect - ok
14:59:25.0183 1052 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
14:59:25.0186 1052 PptpMiniport - ok
14:59:25.0291 1052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
14:59:25.0293 1052 Processor - ok
14:59:25.0436 1052 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
14:59:25.0439 1052 Psched - ok
14:59:25.0549 1052 pwipf6 - ok
14:59:25.0696 1052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
14:59:25.0736 1052 ql2300 - ok
14:59:25.0864 1052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
14:59:25.0867 1052 ql40xx - ok
14:59:25.0998 1052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
14:59:26.0001 1052 QWAVEdrv - ok
14:59:26.0101 1052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
14:59:26.0102 1052 RasAcd - ok
14:59:26.0216 1052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
14:59:26.0218 1052 RasAgileVpn - ok
14:59:26.0355 1052 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
14:59:26.0358 1052 Rasl2tp - ok
14:59:26.0508 1052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
14:59:26.0510 1052 RasPppoe - ok
14:59:26.0634 1052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
14:59:26.0636 1052 RasSstp - ok
14:59:26.0740 1052 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
14:59:26.0746 1052 rdbss - ok
14:59:26.0862 1052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
14:59:26.0864 1052 rdpbus - ok
14:59:26.0965 1052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
14:59:26.0966 1052 RDPCDD - ok
14:59:27.0096 1052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
14:59:27.0097 1052 RDPENCDD - ok
14:59:27.0212 1052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
14:59:27.0214 1052 RDPREFMP - ok
14:59:27.0322 1052 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
14:59:27.0326 1052 RDPWD - ok
14:59:27.0446 1052 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\windows\system32\drivers\rdyboost.sys
14:59:27.0449 1052 rdyboost - ok
14:59:27.0588 1052 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
14:59:27.0589 1052 regi - ok
14:59:27.0750 1052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
14:59:27.0753 1052 rspndr - ok
14:59:27.0891 1052 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
14:59:27.0896 1052 RTL8167 - ok
14:59:28.0042 1052 RTL8192Ce (ffc748d848740d1bc8f330a8879c2674) C:\windows\system32\DRIVERS\rtl8192Ce.sys
14:59:28.0053 1052 RTL8192Ce - ok
14:59:28.0166 1052 SASDIFSV (5bf35c4ea3f00fa8d3f1e5bf03d24584) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
14:59:28.0168 1052 SASDIFSV - ok
14:59:28.0176 1052 SASENUM (a22f08c98ac2f44587bf3a1fb52bf8cd) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
14:59:28.0178 1052 SASENUM - ok
14:59:28.0280 1052 SASKUTIL (c7d81c10d3befeee41f3408714637438) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys
14:59:28.0282 1052 SASKUTIL - ok
14:59:28.0387 1052 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
14:59:28.0389 1052 sbp2port - ok
14:59:28.0528 1052 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
14:59:28.0530 1052 scfilter - ok
14:59:28.0696 1052 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys
14:59:28.0700 1052 sdbus - ok
14:59:28.0805 1052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
14:59:28.0807 1052 secdrv - ok
14:59:28.0942 1052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
14:59:28.0944 1052 Serenum - ok
14:59:29.0066 1052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
14:59:29.0068 1052 Serial - ok
14:59:29.0180 1052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
14:59:29.0182 1052 sermouse - ok
14:59:29.0309 1052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
14:59:29.0310 1052 sffdisk - ok
14:59:29.0412 1052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
14:59:29.0413 1052 sffp_mmc - ok
14:59:29.0519 1052 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
14:59:29.0541 1052 sffp_sd - ok
14:59:29.0658 1052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
14:59:29.0660 1052 sfloppy - ok
14:59:29.0789 1052 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\windows\system32\DRIVERS\Sftfslh.sys
14:59:29.0798 1052 Sftfs - ok
14:59:29.0947 1052 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\windows\system32\DRIVERS\Sftplaylh.sys
14:59:29.0964 1052 Sftplay - ok
14:59:30.0090 1052 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\windows\system32\DRIVERS\Sftredirlh.sys
14:59:30.0092 1052 Sftredir - ok
14:59:30.0202 1052 Sftvol (393b22addd89979eb1c60898f51c3648) C:\windows\system32\DRIVERS\Sftvollh.sys
14:59:30.0206 1052 Sftvol - ok
14:59:30.0443 1052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
14:59:30.0445 1052 SiSRaid2 - ok
14:59:30.0539 1052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
14:59:30.0541 1052 SiSRaid4 - ok
14:59:30.0655 1052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
14:59:30.0658 1052 Smb - ok
14:59:30.0833 1052 SMR200 (fba539fb7b2291b173b2669df66fdf04) C:\windows\system32\drivers\SMR200.SYS
14:59:30.0838 1052 SMR200 - ok
14:59:30.0977 1052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
14:59:30.0979 1052 spldr - ok
14:59:31.0084 1052 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
14:59:31.0090 1052 srv - ok
14:59:31.0259 1052 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
14:59:31.0266 1052 srv2 - ok
14:59:31.0368 1052 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
14:59:31.0371 1052 srvnet - ok
14:59:31.0499 1052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
14:59:31.0502 1052 stexstor - ok
14:59:31.0650 1052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
14:59:31.0653 1052 swenum - ok
14:59:31.0788 1052 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
14:59:31.0793 1052 SynTP - ok
14:59:31.0929 1052 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\windows\system32\DRIVERS\taphss.sys
14:59:31.0932 1052 taphss - ok
14:59:32.0105 1052 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
14:59:32.0174 1052 Tcpip - ok
14:59:32.0328 1052 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
14:59:32.0338 1052 TCPIP6 - ok
14:59:32.0450 1052 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
14:59:32.0453 1052 tcpipreg - ok
14:59:32.0583 1052 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
14:59:32.0586 1052 tdcmdpst - ok
14:59:32.0733 1052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
14:59:32.0735 1052 TDPIPE - ok
14:59:32.0855 1052 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
14:59:32.0859 1052 TDTCP - ok
14:59:32.0998 1052 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
14:59:33.0001 1052 tdx - ok
14:59:33.0104 1052 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
14:59:33.0106 1052 TermDD - ok
14:59:33.0203 1052 TfFsMon - ok
14:59:33.0303 1052 TfNetMon - ok
14:59:33.0392 1052 TfSysMon - ok
14:59:33.0504 1052 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
14:59:33.0513 1052 Thpdrv - ok
14:59:33.0644 1052 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
14:59:33.0659 1052 Thpevm - ok
14:59:33.0841 1052 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
14:59:33.0848 1052 tos_sps64 - ok
14:59:33.0986 1052 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
14:59:33.0987 1052 tssecsrv - ok
14:59:34.0124 1052 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
14:59:34.0127 1052 tunnel - ok
14:59:34.0219 1052 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
14:59:34.0221 1052 TVALZ - ok
14:59:34.0341 1052 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
14:59:34.0343 1052 TVALZFL - ok
14:59:34.0439 1052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
14:59:34.0442 1052 uagp35 - ok
14:59:34.0554 1052 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
14:59:34.0559 1052 udfs - ok
14:59:34.0687 1052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
14:59:34.0688 1052 uliagpkx - ok
14:59:34.0795 1052 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
14:59:34.0797 1052 umbus - ok
14:59:34.0911 1052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
14:59:34.0913 1052 UmPass - ok
14:59:35.0053 1052 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
14:59:35.0056 1052 usbccgp - ok
14:59:35.0178 1052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
14:59:35.0181 1052 usbcir - ok
14:59:35.0282 1052 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\drivers\usbehci.sys
14:59:35.0285 1052 usbehci - ok
14:59:35.0314 1052 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
14:59:35.0320 1052 usbhub - ok
14:59:35.0443 1052 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\drivers\usbohci.sys
14:59:35.0445 1052 usbohci - ok
14:59:35.0553 1052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
14:59:35.0575 1052 usbprint - ok
14:59:35.0724 1052 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\drivers\USBSTOR.SYS
14:59:35.0726 1052 USBSTOR - ok
14:59:35.0831 1052 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
14:59:35.0834 1052 usbuhci - ok
14:59:35.0958 1052 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
14:59:35.0962 1052 usbvideo - ok
14:59:36.0097 1052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
14:59:36.0100 1052 vdrvroot - ok
14:59:36.0258 1052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
14:59:36.0271 1052 vga - ok
14:59:36.0375 1052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
14:59:36.0377 1052 VgaSave - ok
14:59:36.0501 1052 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
14:59:36.0505 1052 vhdmp - ok
14:59:36.0617 1052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
14:59:36.0619 1052 viaide - ok
14:59:36.0728 1052 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
14:59:36.0730 1052 volmgr - ok
14:59:36.0850 1052 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
14:59:36.0855 1052 volmgrx - ok
14:59:36.0970 1052 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
14:59:36.0975 1052 volsnap - ok
14:59:37.0090 1052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
14:59:37.0093 1052 vsmraid - ok
14:59:37.0235 1052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
14:59:37.0237 1052 vwifibus - ok
14:59:37.0360 1052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
14:59:37.0381 1052 vwififlt - ok
14:59:37.0527 1052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
14:59:37.0529 1052 WacomPen - ok
14:59:37.0714 1052 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:59:37.0717 1052 WANARP - ok
14:59:37.0750 1052 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
14:59:37.0752 1052 Wanarpv6 - ok
14:59:37.0897 1052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
14:59:37.0899 1052 Wd - ok
14:59:38.0008 1052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
14:59:38.0016 1052 Wdf01000 - ok
14:59:38.0182 1052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
14:59:38.0203 1052 WfpLwf - ok
14:59:38.0416 1052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
14:59:38.0418 1052 WIMMount - ok
14:59:38.0627 1052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
14:59:38.0629 1052 WmiAcpi - ok
14:59:38.0826 1052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
14:59:38.0828 1052 ws2ifsl - ok
14:59:39.0002 1052 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
14:59:39.0005 1052 WudfPf - ok
14:59:39.0145 1052 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
14:59:39.0158 1052 \Device\Harddisk0\DR0 - ok
14:59:39.0168 1052 Boot (0x1200) (166e30c434093e0e63a675ad2264fffd) \Device\Harddisk0\DR0\Partition0
14:59:39.0169 1052 \Device\Harddisk0\DR0\Partition0 - ok
14:59:39.0170 1052 ============================================================
14:59:39.0170 1052 Scan finished
14:59:39.0170 1052 ============================================================
14:59:39.0179 2784 Detected object count: 0
14:59:39.0180 2784 Actual detected object count: 0
15:00:16.0951 3152 ============================================================

Thanks again for all the help,

Torisho

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,532 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:25 AM

Posted 27 October 2011 - 08:36 AM

The BSOD bay have caused by the infection. If it happens again search Google for this string STOP: 0x00000109.
If you need help on this you can start a new topic in the Windows 7 forum.

Both logs are clean.

Any pending issues with this computer?

#15 Toshiro

Toshiro
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:25 AM

Posted 28 October 2011 - 12:11 PM

I guess not. Does this mean I can update my AV, Firewall and other security software now? Also, can I remove these tools I downloaded to help in this cleaning?

Thanks so much for your help,

Toshiro




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users