Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Happili/Scour


  • This topic is locked This topic is locked
15 replies to this topic

#1 morbidbattlecry

morbidbattlecry

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 03 April 2012 - 05:31 PM

I'm at my wits end trying to remove this malware/virus. I've ran any number of programs as well as anti spyware and anti virus programs. Still getting redirects from google chrome and IE. So i decided to break down and post on here in the hopes of getting help.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19190
Run by Anrae at 21:58:22 on 2012-04-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.976 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\Explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Anrae\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{BB3CE38A-E1AE-4768-95FF-33E6BE5E2D35}
uInternet Settings,ProxyOverride = <local>;*.local
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [doubleTwist] c:\program files\doubletwist 2.0\DoubleTwist.DeviceHelper.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
StartupFolder: c:\users\anrae\appdata\roaming\micros~1\windows\startm~1\programs\startup\vcastm~1.lnk - c:\program files\v cast media manager\MEMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\videoc~1.lnk - c:\program files\panasonic\videocam suite 2\VideoCamSuiteAutoStart.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{0A06695B-E725-4715-81FB-4D71D414D618} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{68361021-D67B-42D5-BE2C-E360A4C596BC} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-6 64512]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2008-5-21 20352]
R2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2010-8-4 6656]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2009-1-29 6016]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-4-1 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2010-4-1 23424]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2010-1-25 9472]
.
=============== Created Last 30 ================
.
2012-04-02 23:11:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-02 23:11:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-04-02 23:00:04 -------- d-----w- c:\users\anrae\appdata\local\temp
2012-04-02 22:57:30 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-02 19:26:07 -------- d-----w- c:\users\anrae\appdata\local\adawarebp
2012-04-02 19:26:06 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-04-02 19:26:03 -------- d-----w- c:\program files\Toolbar Cleaner
2012-04-02 19:25:56 -------- d-----w- c:\program files\adawaretb
2012-04-02 19:25:15 -------- d-----w- c:\users\anrae\appdata\roaming\Ad-Aware Antivirus
2012-04-02 18:17:50 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-04-02 18:17:50 -------- d-----w- c:\program files\common files\PC Tools
2012-04-02 18:17:33 -------- d-----w- c:\users\anrae\appdata\roaming\TestApp
2012-04-02 18:17:33 -------- d-----w- c:\programdata\PC Tools
2012-04-02 17:21:53 -------- d-----w- C:\sh4ldr
2012-04-02 17:21:53 -------- d-----w- c:\program files\Enigma Software Group
2012-04-02 17:21:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-02 17:21:36 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-02 17:03:07 -------- d-----w- c:\users\anrae\appdata\roaming\DriverCure
2012-04-02 17:03:06 -------- d-----w- c:\users\anrae\appdata\roaming\SpeedyPC Software
2012-04-02 17:03:01 -------- d-----w- c:\programdata\SpeedyPC Software
2012-04-02 01:57:22 98816 ----a-w- c:\windows\sed.exe
2012-04-02 01:57:22 518144 ----a-w- c:\windows\SWREG.exe
2012-04-02 01:57:22 256000 ----a-w- c:\windows\PEV.exe
2012-04-02 01:57:22 208896 ----a-w- c:\windows\MBR.exe
2012-04-01 23:55:46 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-04-01 22:41:36 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-01 00:58:17 -------- d-----w- c:\program files\Anvisoft
2012-03-31 14:31:32 -------- d-----w- c:\users\anrae\appdata\roaming\Malwarebytes
2012-03-31 14:30:40 -------- d-----w- c:\programdata\Malwarebytes
2012-03-30 10:30:06 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{17d5efad-cdb3-41a9-923c-6b27ada7cebc}\mpengine.dll
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-14 19:01:07 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 19:01:04 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-14 19:01:04 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 19:01:04 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 19:01:04 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 19:01:04 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 19:01:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-14 19:00:36 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 19:00:36 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-03-30 19:50:31 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-28 12:40:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-23 13:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-19 14:22:20 42864 ----a-r- c:\windows\system32\SBBD.EXE
.
============= FINISH: 21:59:43.51 ===============
reak down and post on here in the hopes of getting help.

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 04 April 2012 - 05:13 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 morbidbattlecry

morbidbattlecry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 04 April 2012 - 06:43 PM

I did as you asked. I first had a problem with Internet Security 2012 invading my computer all the sudden. I used Malwarebytes to get rid of that per your websites directions. So that has gone away. But i'm still getting redirects. But not from Happili but from some other malware that doesn't list a name but just brings me to an alternate list of searches. Thanks for your help so far!



ComboFix 12-04-04.02 - Anrae 04/04/2012 16:59:15.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1076 [GMT -4:00]
Running from: C:\Users\Anrae\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))


2012-04-04 21:51:24 . 2012-04-04 21:51:33 -------- d-----w- C:\Users\Anrae\AppData\Local\temp
2012-04-04 21:51:24 . 2012-04-04 21:51:24 -------- d-----w- C:\Users\Mcx1\AppData\Local\temp
2012-04-04 21:51:24 . 2012-04-04 21:51:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-04 01:48:33 . 2011-12-10 19:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-04 01:48:32 . 2012-04-04 01:48:37 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-03 20:35:05 . 2012-04-03 20:35:05 4139168 ----a-w- C:\Windows\system32\FlashPlayerInstaller.exe
2012-04-03 20:00:57 . 2012-04-03 20:35:08 418464 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-04-03 19:56:32 . 2012-04-03 19:56:32 100864 ----a-w- C:\uwdorpod.sys
2012-04-03 13:35:05 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA9A47A1-0560-47CC-9172-D1B972C10C1D}\mpengine.dll
2012-04-02 23:11:51 . 2012-04-03 00:05:27 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-02 23:11:51 . 2012-04-02 23:13:59 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2012-04-02 19:26:07 . 2012-04-02 19:40:41 -------- d-----w- C:\Users\Anrae\AppData\Local\adawarebp
2012-04-02 19:26:06 . 2012-04-02 19:26:07 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-02 19:26:03 . 2012-04-02 19:26:03 -------- d-----w- C:\Program Files\Toolbar Cleaner
2012-04-02 19:25:56 . 2012-04-02 19:26:04 -------- d-----w- C:\Program Files\adawaretb
2012-04-02 19:25:15 . 2012-04-02 19:28:26 -------- d-----w- C:\Users\Anrae\AppData\Roaming\Ad-Aware Antivirus
2012-04-02 18:17:50 . 2012-04-02 19:30:04 -------- d-----w- C:\Program Files\Common Files\PC Tools
2012-04-02 18:17:50 . 2012-02-24 14:36:44 185560 ----a-w- C:\Windows\system32\drivers\PCTSD.sys
2012-04-02 18:17:33 . 2012-04-02 19:27:46 -------- d-----w- C:\ProgramData\PC Tools
2012-04-02 18:17:33 . 2012-04-02 18:17:33 -------- d-----w- C:\Users\Anrae\AppData\Roaming\TestApp
2012-04-02 17:21:53 . 2012-04-02 17:56:54 -------- d-----w- C:\sh4ldr
2012-04-02 17:21:53 . 2012-04-02 17:21:53 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-02 17:21:38 . 2012-04-02 17:56:50 -------- d-----w- C:\Windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-02 17:21:36 . 2012-04-02 17:21:36 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2012-04-02 17:03:07 . 2012-04-02 17:03:07 -------- d-----w- C:\Users\Anrae\AppData\Roaming\DriverCure
2012-04-02 17:03:06 . 2012-04-02 17:03:06 -------- d-----w- C:\Users\Anrae\AppData\Roaming\SpeedyPC Software
2012-04-02 17:03:01 . 2012-04-02 19:20:38 -------- d-----w- C:\ProgramData\SpeedyPC Software
2012-04-01 22:41:36 . 2011-06-29 11:23:34 101720 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2012-04-01 00:58:17 . 2012-04-01 23:40:15 -------- d-----w- C:\Program Files\Anvisoft
2012-03-31 14:31:32 . 2012-03-31 14:31:32 -------- d-----w- C:\Users\Anrae\AppData\Roaming\Malwarebytes
2012-03-31 14:30:40 . 2012-03-31 14:30:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\system32\GPhotos.scr
2012-03-14 19:01:07 . 2012-02-02 15:16:25 2044416 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 19:01:04 . 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 19:01:04 . 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 19:01:04 . 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 19:01:04 . 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-03-14 19:01:04 . 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 19:01:02 . 2012-01-31 10:59:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-03-14 19:00:36 . 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\system32\rdpencom.dll
2012-03-14 19:00:36 . 2012-01-09 13:58:29 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-03 20:35:08 . 2011-05-17 11:31:12 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-03-30 19:50:31 . 2011-01-18 13:25:29 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2012-02-23 13:18:36 . 2009-10-03 23:48:00 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-01-19 14:22:20 . 2012-01-19 14:22:20 42864 ----a-r- C:\Windows\system32\SBBD.EXE
2012-01-12 13:26:20 . 2012-04-01 22:41:36 101112 ----a-r- C:\Windows\system32\drivers\SBREDrv.sys.5985.aawbak


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-05-09 09:49:38 176936 ----a-w- C:\Program Files\Freecorder\prxtbFre0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2012-03-06 19:16:44 87440 ----a-w- C:\Program Files\adawaretb\adawareDx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "C:\Program Files\Freecorder\prxtbFre0.dll" [2011-05-09 09:49:38 176936]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "C:\Program Files\adawaretb\adawareDx.dll" [2012-03-06 19:16:44 87440]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "C:\Program Files\Freecorder\prxtbFre0.dll" [2011-05-09 09:49:38 176936]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"doubleTwist"="C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe" [2010-12-07 15:34:34 24576]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 20:07:20 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 22:21:16 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 02:51:52 4911104]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 11:36:38 1451304]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-12 15:39:56 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-12 15:39:40 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-12 15:39:48 133656]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 21:14:44 34352]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 22:36:46 30040]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 16:48:18 58656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 05:04:34 39792]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 18:48:44 647216]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 15:50:42 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 06:41:12 49208]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 04:25:58 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-01-16 22:22:12 421736]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 18:02:04 254696]
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2012-03-28 13:27:46 200600]

C:\Users\Anrae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
V CAST Media Monitor.lnk - C:\Program Files\V CAST Media Manager\MEMonitor.exe [N/A]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
VideoCam Suite 2.0.lnk - C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2010-5-29 185688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 21:25:26 712704 ----a-w- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 17:32:18 203264 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-29 00:03:46 75136 ----a-w- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01:58 448080 ----a-w- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:35:08 253600]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2012-04-04 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:00:57 . 2012-04-03 20:35:08]

2012-04-04 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-13 11:52:19 . 2010-05-13 11:52:06]

2012-04-04 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-13 11:52:19 . 2010-05-13 11:52:06]

2012-04-04 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2298999663-1155823426-2527135434-1000Core.job
- C:\Users\Anrae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17 12:42:29 . 2010-10-18 03:02:57]

2012-04-04 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2298999663-1155823426-2527135434-1000UA.job
- C:\Users\Anrae\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17 12:42:29 . 2010-10-18 03:02:57]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{BB3CE38A-E1AE-4768-95FF-33E6BE5E2D35}
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 04 April 2012 - 08:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 morbidbattlecry

morbidbattlecry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 06 April 2012 - 09:20 PM

Still having redirects. Programs ran as directed.


19:43:49.0508 5960 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
19:43:49.0919 5960 ============================================================
19:43:49.0919 5960 Current date / time: 2012/04/06 19:43:49.0919
19:43:49.0919 5960 SystemInfo:
19:43:49.0919 5960
19:43:49.0919 5960 OS Version: 6.0.6002 ServicePack: 2.0
19:43:49.0919 5960 Product type: Workstation
19:43:49.0920 5960 ComputerName: ANRAE-PC
19:43:49.0920 5960 UserName: Anrae
19:43:49.0920 5960 Windows directory: C:\Windows
19:43:49.0920 5960 System windows directory: C:\Windows
19:43:49.0920 5960 Processor architecture: Intel x86
19:43:49.0920 5960 Number of processors: 1
19:43:49.0920 5960 Page size: 0x1000
19:43:49.0920 5960 Boot type: Normal boot
19:43:49.0920 5960 ============================================================
19:43:52.0235 5960 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:43:52.0238 5960 \Device\Harddisk0\DR0:
19:43:52.0238 5960 MBR used
19:43:52.0238 5960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA6000
19:43:52.0455 5960 Initialize success
19:43:52.0455 5960 ============================================================
19:44:29.0433 4248 ============================================================
19:44:29.0433 4248 Scan started
19:44:29.0433 4248 Mode: Manual;
19:44:29.0433 4248 ============================================================
19:44:29.0906 4248 ACDaemon (35f57598f0589feb3c3abc1621bf329f) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:44:29.0908 4248 ACDaemon - ok
19:44:30.0020 4248 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:44:30.0026 4248 ACPI - ok
19:44:30.0260 4248 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:44:30.0262 4248 AdobeFlashPlayerUpdateSvc - ok
19:44:30.0385 4248 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
19:44:30.0394 4248 adp94xx - ok
19:44:30.0451 4248 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
19:44:30.0458 4248 adpahci - ok
19:44:30.0556 4248 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
19:44:30.0559 4248 adpu160m - ok
19:44:30.0612 4248 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
19:44:30.0617 4248 adpu320 - ok
19:44:30.0745 4248 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
19:44:30.0746 4248 AeLookupSvc - ok
19:44:30.0890 4248 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:44:30.0897 4248 AFD - ok
19:44:31.0008 4248 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
19:44:31.0010 4248 AgereModemAudio - ok
19:44:31.0134 4248 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
19:44:31.0158 4248 AgereSoftModem - ok
19:44:31.0297 4248 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
19:44:31.0299 4248 agp440 - ok
19:44:31.0358 4248 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:44:31.0361 4248 aic78xx - ok
19:44:31.0408 4248 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
19:44:31.0410 4248 ALG - ok
19:44:31.0526 4248 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
19:44:31.0527 4248 aliide - ok
19:44:31.0586 4248 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
19:44:31.0589 4248 amdagp - ok
19:44:31.0619 4248 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
19:44:31.0621 4248 amdide - ok
19:44:31.0765 4248 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
19:44:31.0767 4248 AmdK7 - ok
19:44:31.0798 4248 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
19:44:31.0800 4248 AmdK8 - ok
19:44:31.0975 4248 ApfiltrService (7c2f57bce81fa74933f0e1c84a97c9db) C:\Windows\system32\DRIVERS\Apfiltr.sys
19:44:31.0979 4248 ApfiltrService - ok
19:44:32.0093 4248 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
19:44:32.0094 4248 Appinfo - ok
19:44:32.0237 4248 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:44:32.0243 4248 Apple Mobile Device - ok
19:44:32.0412 4248 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
19:44:32.0415 4248 arc - ok
19:44:32.0480 4248 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
19:44:32.0483 4248 arcsas - ok
19:44:32.0595 4248 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:44:32.0597 4248 AsyncMac - ok
19:44:32.0637 4248 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:44:32.0637 4248 atapi - ok
19:44:32.0757 4248 atashost (40767b965a8d575d794f1f95e2e017e9) C:\Windows\system32\atashost.exe
19:44:32.0759 4248 atashost - ok
19:44:32.0913 4248 athr (8be56f8300e1c37b578da23c71816b7a) C:\Windows\system32\DRIVERS\athr.sys
19:44:32.0932 4248 athr - ok
19:44:33.0073 4248 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:44:33.0080 4248 AudioEndpointBuilder - ok
19:44:33.0097 4248 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
19:44:33.0100 4248 Audiosrv - ok
19:44:33.0180 4248 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:44:33.0181 4248 Beep - ok
19:44:33.0339 4248 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
19:44:33.0347 4248 BFE - ok
19:44:33.0419 4248 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\System32\bgsvcgen.exe
19:44:33.0422 4248 bgsvcgen - ok
19:44:33.0577 4248 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
19:44:33.0593 4248 BITS - ok
19:44:33.0668 4248 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
19:44:33.0671 4248 blbdrive - ok
19:44:33.0834 4248 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
19:44:33.0842 4248 Bonjour Service - ok
19:44:33.0981 4248 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:44:33.0984 4248 bowser - ok
19:44:34.0073 4248 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:44:34.0075 4248 BrFiltLo - ok
19:44:34.0182 4248 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:44:34.0248 4248 BrFiltUp - ok
19:44:34.0510 4248 Bridge (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:44:34.0512 4248 Bridge - ok
19:44:34.0550 4248 BridgeMP (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:44:34.0552 4248 BridgeMP - ok
19:44:34.0634 4248 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
19:44:34.0636 4248 Browser - ok
19:44:34.0757 4248 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:44:34.0760 4248 Brserid - ok
19:44:34.0828 4248 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:44:34.0831 4248 BrSerWdm - ok
19:44:34.0870 4248 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:44:34.0871 4248 BrUsbMdm - ok
19:44:34.0957 4248 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:44:34.0958 4248 BrUsbSer - ok
19:44:35.0089 4248 BTCFilterService (4813df77ede536a52e3737971f910baa) C:\Windows\system32\DRIVERS\motfilt.sys
19:44:35.0090 4248 BTCFilterService - ok
19:44:35.0213 4248 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:44:35.0214 4248 BTHMODEM - ok
19:44:35.0340 4248 catchme - ok
19:44:35.0479 4248 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:44:35.0482 4248 cdfs - ok
19:44:35.0576 4248 Cdr4_xp (c3e76b0c05ebf7261abfb08d9e75822e) C:\Windows\system32\drivers\Cdr4_xp.sys
19:44:35.0578 4248 Cdr4_xp - ok
19:44:35.0731 4248 Cdralw2k (17590dfe29e02842a6e3a463e443d1b9) C:\Windows\system32\drivers\Cdralw2k.sys
19:44:35.0732 4248 Cdralw2k - ok
19:44:35.0804 4248 cdrbsdrv (e0042bd5bef17a6a3ef1df576bde24d1) C:\Windows\system32\drivers\cdrbsdrv.sys
19:44:35.0805 4248 cdrbsdrv - ok
19:44:35.0891 4248 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:44:35.0894 4248 cdrom - ok
19:44:36.0024 4248 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:44:36.0025 4248 CertPropSvc - ok
19:44:36.0099 4248 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
19:44:36.0105 4248 circlass - ok
19:44:36.0203 4248 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:44:36.0208 4248 CLFS - ok
19:44:36.0285 4248 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:44:36.0290 4248 clr_optimization_v2.0.50727_32 - ok
19:44:36.0440 4248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:44:36.0448 4248 clr_optimization_v4.0.30319_32 - ok
19:44:36.0507 4248 CLTNetCnService - ok
19:44:36.0657 4248 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
19:44:36.0658 4248 CmBatt - ok
19:44:36.0690 4248 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
19:44:36.0692 4248 cmdide - ok
19:44:36.0733 4248 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
19:44:36.0734 4248 Compbatt - ok
19:44:36.0754 4248 COMSysApp - ok
19:44:36.0845 4248 ConfigFree Service (596e452b5152ec9afe8153d296459d2b) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
19:44:36.0847 4248 ConfigFree Service - ok
19:44:36.0975 4248 cpuz132 - ok
19:44:37.0024 4248 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
19:44:37.0025 4248 crcdisk - ok
19:44:37.0065 4248 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
19:44:37.0067 4248 Crusoe - ok
19:44:37.0219 4248 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
19:44:37.0222 4248 CryptSvc - ok
19:44:37.0307 4248 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:44:37.0320 4248 DcomLaunch - ok
19:44:37.0456 4248 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:44:37.0459 4248 DfsC - ok
19:44:37.0653 4248 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
19:44:37.0701 4248 DFSR - ok
19:44:37.0985 4248 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
19:44:37.0988 4248 Dhcp - ok
19:44:38.0089 4248 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:44:38.0091 4248 disk - ok
19:44:38.0269 4248 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
19:44:38.0272 4248 Dnscache - ok
19:44:38.0330 4248 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
19:44:38.0335 4248 dot3svc - ok
19:44:38.0514 4248 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
19:44:38.0518 4248 Dot4 - ok
19:44:38.0556 4248 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
19:44:38.0558 4248 Dot4Print - ok
19:44:38.0597 4248 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
19:44:38.0599 4248 dot4usb - ok
19:44:38.0758 4248 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
19:44:38.0761 4248 DPS - ok
19:44:38.0882 4248 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:44:38.0883 4248 drmkaud - ok
19:44:39.0057 4248 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:44:39.0071 4248 DXGKrnl - ok
19:44:39.0224 4248 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:44:39.0227 4248 E1G60 - ok
19:44:39.0272 4248 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
19:44:39.0274 4248 EapHost - ok
19:44:39.0473 4248 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:44:39.0476 4248 Ecache - ok
19:44:39.0572 4248 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
19:44:39.0578 4248 ehRecvr - ok
19:44:39.0605 4248 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
19:44:39.0609 4248 ehSched - ok
19:44:39.0635 4248 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
19:44:39.0637 4248 ehstart - ok
19:44:39.0800 4248 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
19:44:39.0808 4248 elxstor - ok
19:44:39.0927 4248 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
19:44:39.0939 4248 EMDMgmt - ok
19:44:40.0058 4248 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
19:44:40.0059 4248 ErrDev - ok
19:44:40.0189 4248 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
19:44:40.0195 4248 EventSystem - ok
19:44:40.0338 4248 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:44:40.0341 4248 exfat - ok
19:44:40.0425 4248 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:44:40.0428 4248 fastfat - ok
19:44:40.0586 4248 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:44:40.0587 4248 fdc - ok
19:44:40.0647 4248 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
19:44:40.0649 4248 fdPHost - ok
19:44:40.0678 4248 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
19:44:40.0680 4248 FDResPub - ok
19:44:40.0804 4248 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:44:40.0806 4248 FileInfo - ok
19:44:40.0871 4248 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:44:40.0873 4248 Filetrace - ok
19:44:40.0904 4248 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:44:40.0905 4248 flpydisk - ok
19:44:40.0966 4248 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:44:40.0971 4248 FltMgr - ok
19:44:41.0123 4248 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
19:44:41.0140 4248 FontCache - ok
19:44:41.0283 4248 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:44:41.0285 4248 FontCache3.0.0.0 - ok
19:44:41.0386 4248 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:44:41.0388 4248 Fs_Rec - ok
19:44:41.0465 4248 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
19:44:41.0467 4248 gagp30kx - ok
19:44:41.0610 4248 GameConsoleService (01a5829dd261b4f3dd66d7e9f9b973f5) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:44:41.0615 4248 GameConsoleService - ok
19:44:41.0741 4248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:44:41.0743 4248 GEARAspiWDM - ok
19:44:41.0817 4248 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
19:44:41.0830 4248 gpsvc - ok
19:44:41.0951 4248 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:44:41.0952 4248 gupdate - ok
19:44:42.0017 4248 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
19:44:42.0019 4248 gupdatem - ok
19:44:42.0066 4248 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
19:44:42.0071 4248 gusvc - ok
19:44:42.0420 4248 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:44:42.0426 4248 HdAudAddService - ok
19:44:42.0510 4248 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:44:42.0523 4248 HDAudBus - ok
19:44:42.0641 4248 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:44:42.0643 4248 HidBth - ok
19:44:42.0699 4248 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
19:44:42.0701 4248 HidIr - ok
19:44:42.0752 4248 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
19:44:42.0754 4248 hidserv - ok
19:44:42.0856 4248 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
19:44:42.0857 4248 HidUsb - ok
19:44:42.0924 4248 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
19:44:42.0928 4248 hkmsvc - ok
19:44:43.0014 4248 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
19:44:43.0016 4248 HpCISSs - ok
19:44:43.0253 4248 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
19:44:43.0258 4248 hpqcxs08 - ok
19:44:43.0288 4248 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
19:44:43.0292 4248 hpqddsvc - ok
19:44:43.0447 4248 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:44:43.0457 4248 HTTP - ok
19:44:43.0516 4248 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
19:44:43.0518 4248 i2omp - ok
19:44:43.0666 4248 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:44:43.0668 4248 i8042prt - ok
19:44:43.0731 4248 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
19:44:43.0737 4248 iaStorV - ok
19:44:43.0854 4248 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
19:44:43.0857 4248 IDriverT - ok
19:44:44.0046 4248 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:44:44.0091 4248 idsvc - ok
19:44:44.0292 4248 igfx (62f534791ae488a475a3e508d92af4cc) C:\Windows\system32\DRIVERS\igdkmd32.sys
19:44:44.0339 4248 igfx - ok
19:44:44.0456 4248 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:44:44.0457 4248 iirsp - ok
19:44:44.0511 4248 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
19:44:44.0521 4248 IKEEXT - ok
19:44:44.0721 4248 IntcAzAudAddService (8a4341616976e47712b60f18c7049dcc) C:\Windows\system32\drivers\RTKVHDA.sys
19:44:44.0764 4248 IntcAzAudAddService - ok
19:44:44.0938 4248 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
19:44:44.0940 4248 intelide - ok
19:44:44.0985 4248 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:44:44.0986 4248 intelppm - ok
19:44:45.0056 4248 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
19:44:45.0060 4248 IPBusEnum - ok
19:44:45.0181 4248 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:44:45.0184 4248 IpFilterDriver - ok
19:44:45.0242 4248 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
19:44:45.0247 4248 iphlpsvc - ok
19:44:45.0345 4248 IpInIp - ok
19:44:45.0409 4248 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
19:44:45.0411 4248 IPMIDRV - ok
19:44:45.0449 4248 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:44:45.0451 4248 IPNAT - ok
19:44:45.0576 4248 iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
19:44:45.0593 4248 iPod Service - ok
19:44:45.0756 4248 iPodDrv (cf79ff3d10864f73660a34e006b6b8f8) C:\Windows\system32\drivers\iPodDrv.sys
19:44:45.0758 4248 iPodDrv - ok
19:44:45.0806 4248 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:44:45.0807 4248 IRENUM - ok
19:44:45.0921 4248 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
19:44:45.0923 4248 isapnp - ok
19:44:45.0978 4248 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:44:45.0983 4248 iScsiPrt - ok
19:44:46.0034 4248 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:44:46.0036 4248 iteatapi - ok
19:44:46.0342 4248 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:44:46.0344 4248 iteraid - ok
19:44:46.0470 4248 jswpsapi (723ba0aec942e91c0a9ce146e73deceb) C:\Program Files\Jumpstart\jswpsapi.exe
19:44:46.0494 4248 jswpsapi - ok
19:44:46.0614 4248 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
19:44:46.0615 4248 jswpslwf - ok
19:44:46.0667 4248 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:44:46.0668 4248 kbdclass - ok
19:44:46.0782 4248 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
19:44:46.0783 4248 kbdhid - ok
19:44:46.0842 4248 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:44:46.0844 4248 KeyIso - ok
19:44:46.0965 4248 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
19:44:46.0970 4248 KR10I - ok
19:44:47.0052 4248 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
19:44:47.0057 4248 KR10N - ok
19:44:47.0168 4248 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:44:47.0178 4248 KSecDD - ok
19:44:47.0303 4248 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
19:44:47.0312 4248 KtmRm - ok
19:44:47.0387 4248 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
19:44:47.0392 4248 LanmanServer - ok
19:44:47.0487 4248 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
19:44:47.0494 4248 LanmanWorkstation - ok
19:44:47.0641 4248 Lavasoft Ad-Aware Service (ed60ffd305ac0424920d146db9f9ed78) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
19:44:47.0685 4248 Lavasoft Ad-Aware Service - ok
19:44:47.0815 4248 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
19:44:47.0816 4248 Lavasoft Kernexplorer - ok
19:44:48.0044 4248 Lbd (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
19:44:48.0046 4248 Lbd - ok
19:44:48.0117 4248 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:44:48.0120 4248 lltdio - ok
19:44:48.0192 4248 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
19:44:48.0198 4248 lltdsvc - ok
19:44:48.0292 4248 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
19:44:48.0295 4248 lmhosts - ok
19:44:48.0380 4248 LPCFilter (515fc18cabee0158a324b08b1c2667cf) C:\Windows\system32\DRIVERS\LPCFilter.sys
19:44:48.0382 4248 LPCFilter - ok
19:44:48.0481 4248 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
19:44:48.0483 4248 LSI_FC - ok
19:44:48.0546 4248 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
19:44:48.0549 4248 LSI_SAS - ok
19:44:48.0666 4248 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
19:44:48.0669 4248 LSI_SCSI - ok
19:44:48.0738 4248 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:44:48.0741 4248 luafv - ok
19:44:48.0866 4248 MCSTRM - ok
19:44:48.0938 4248 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
19:44:48.0941 4248 Mcx2Svc - ok
19:44:48.0990 4248 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
19:44:48.0992 4248 megasas - ok
19:44:49.0112 4248 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
19:44:49.0121 4248 MegaSR - ok
19:44:49.0240 4248 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:44:49.0242 4248 Microsoft Office Groove Audit Service - ok
19:44:49.0376 4248 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:44:49.0379 4248 MMCSS - ok
19:44:49.0446 4248 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:44:49.0448 4248 Modem - ok
19:44:49.0550 4248 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:44:49.0552 4248 monitor - ok
19:44:49.0652 4248 motccgp (c741717b0a18813dd7d12085937cee72) C:\Windows\system32\DRIVERS\motccgp.sys
19:44:49.0653 4248 motccgp - ok
19:44:49.0758 4248 motccgpfl (b812da6605caf02641312f1f65c75419) C:\Windows\system32\DRIVERS\motccgpfl.sys
19:44:49.0759 4248 motccgpfl - ok
19:44:49.0824 4248 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\Windows\system32\DRIVERS\motmodem.sys
19:44:49.0825 4248 motmodem - ok
19:44:49.0909 4248 MotoConnect Service (9b2923c59d49672d1205c391a1296525) C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
19:44:49.0911 4248 MotoConnect Service - ok
19:44:50.0052 4248 MotoSwitchService (fd8c2cef7ad8b23c6714103d621fac1f) C:\Windows\system32\DRIVERS\motswch.sys
19:44:50.0054 4248 MotoSwitchService - ok
19:44:50.0102 4248 Motousbnet (ddc489d40b49f443787e7ffa75373522) C:\Windows\system32\DRIVERS\Motousbnet.sys
19:44:50.0103 4248 Motousbnet - ok
19:44:50.0162 4248 motusbdevice (2136cca3d1bf7c0248e5366b1a6c24e3) C:\Windows\system32\DRIVERS\motusbdevice.sys
19:44:50.0164 4248 motusbdevice - ok
19:44:50.0278 4248 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:44:50.0279 4248 mouclass - ok
19:44:50.0403 4248 moufiltr (baa4ed3c323bee7ebc144c7d232220a8) C:\Windows\system32\DRIVERS\moufiltr.sys
19:44:50.0404 4248 moufiltr - ok
19:44:50.0522 4248 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:44:50.0525 4248 mouhid - ok
19:44:50.0566 4248 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:44:50.0568 4248 MountMgr - ok
19:44:50.0725 4248 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
19:44:50.0728 4248 mpio - ok
19:44:50.0772 4248 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:44:50.0774 4248 mpsdrv - ok
19:44:50.0827 4248 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
19:44:50.0841 4248 MpsSvc - ok
19:44:50.0959 4248 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:44:50.0961 4248 Mraid35x - ok
19:44:51.0026 4248 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:44:51.0029 4248 MRxDAV - ok
19:44:51.0175 4248 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:44:51.0178 4248 mrxsmb - ok
19:44:51.0234 4248 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:44:51.0240 4248 mrxsmb10 - ok
19:44:51.0419 4248 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:44:51.0422 4248 mrxsmb20 - ok
19:44:51.0567 4248 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
19:44:51.0569 4248 msahci - ok
19:44:51.0620 4248 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
19:44:51.0623 4248 msdsm - ok
19:44:51.0681 4248 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
19:44:51.0685 4248 MSDTC - ok
19:44:51.0815 4248 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:44:51.0817 4248 Msfs - ok
19:44:51.0888 4248 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:44:51.0890 4248 msisadrv - ok
19:44:51.0956 4248 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
19:44:51.0960 4248 MSiSCSI - ok
19:44:52.0033 4248 msiserver - ok
19:44:52.0117 4248 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:44:52.0119 4248 MSKSSRV - ok
19:44:52.0276 4248 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:44:52.0277 4248 MSPCLOCK - ok
19:44:52.0316 4248 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:44:52.0318 4248 MSPQM - ok
19:44:52.0369 4248 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:44:52.0373 4248 MsRPC - ok
19:44:52.0498 4248 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:44:52.0500 4248 mssmbios - ok
19:44:52.0542 4248 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:44:52.0544 4248 MSTEE - ok
19:44:52.0626 4248 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:44:52.0628 4248 Mup - ok
19:44:52.0740 4248 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
19:44:52.0749 4248 napagent - ok
19:44:52.0837 4248 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:44:52.0841 4248 NativeWifiP - ok
19:44:53.0016 4248 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:44:53.0028 4248 NDIS - ok
19:44:53.0078 4248 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:44:53.0080 4248 NdisTapi - ok
19:44:53.0192 4248 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:44:53.0194 4248 Ndisuio - ok
19:44:53.0272 4248 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:44:53.0275 4248 NdisWan - ok
19:44:53.0421 4248 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:44:53.0423 4248 NDProxy - ok
19:44:53.0491 4248 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
19:44:53.0494 4248 Net Driver HPZ12 - ok
19:44:53.0623 4248 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:44:53.0629 4248 NetBIOS - ok
19:44:53.0692 4248 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:44:53.0697 4248 netbt - ok
19:44:53.0820 4248 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:44:53.0822 4248 Netlogon - ok
19:44:53.0868 4248 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
19:44:53.0876 4248 Netman - ok
19:44:53.0919 4248 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
19:44:53.0923 4248 netprofm - ok
19:44:54.0022 4248 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:44:54.0025 4248 NetTcpPortSharing - ok
19:44:54.0244 4248 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
19:44:54.0295 4248 NETw3v32 - ok
19:44:54.0412 4248 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:44:54.0418 4248 nfrd960 - ok
19:44:54.0476 4248 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
19:44:54.0482 4248 NlaSvc - ok
19:44:54.0591 4248 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
19:44:54.0604 4248 nmservice - ok
19:44:54.0727 4248 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:44:54.0729 4248 Npfs - ok
19:44:54.0783 4248 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
19:44:54.0786 4248 nsi - ok
19:44:54.0903 4248 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:44:54.0905 4248 nsiproxy - ok
19:44:54.0984 4248 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:44:55.0007 4248 Ntfs - ok
19:44:55.0120 4248 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:44:55.0122 4248 ntrigdigi - ok
19:44:55.0161 4248 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:44:55.0162 4248 Null - ok
19:44:55.0208 4248 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
19:44:55.0212 4248 nvraid - ok
19:44:55.0338 4248 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
19:44:55.0340 4248 nvstor - ok
19:44:55.0364 4248 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
19:44:55.0369 4248 nv_agp - ok
19:44:55.0395 4248 NwlnkFlt - ok
19:44:55.0420 4248 NwlnkFwd - ok
19:44:55.0570 4248 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:44:55.0580 4248 odserv - ok
19:44:55.0715 4248 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:44:55.0717 4248 ohci1394 - ok
19:44:55.0836 4248 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:44:55.0840 4248 ose - ok
19:44:55.0972 4248 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:44:55.0990 4248 p2pimsvc - ok
19:44:56.0020 4248 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:44:56.0027 4248 p2psvc - ok
19:44:56.0095 4248 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
19:44:56.0098 4248 Parport - ok
19:44:56.0218 4248 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:44:56.0220 4248 partmgr - ok
19:44:56.0292 4248 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
19:44:56.0294 4248 Parvdm - ok
19:44:56.0615 4248 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
19:44:56.0682 4248 PcaSvc - ok
19:44:56.0810 4248 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:44:56.0814 4248 pci - ok
19:44:56.0879 4248 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
19:44:56.0881 4248 pciide - ok
19:44:57.0056 4248 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
19:44:57.0060 4248 pcmcia - ok
19:44:57.0158 4248 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:44:57.0176 4248 PEAUTH - ok
19:44:57.0249 4248 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\Toshiba\IVP\ISM\pinger.exe
19:44:57.0253 4248 pinger - ok
19:44:57.0393 4248 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
19:44:57.0426 4248 pla - ok
19:44:57.0538 4248 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
19:44:57.0546 4248 PlugPlay - ok
19:44:57.0656 4248 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
19:44:57.0659 4248 Pml Driver HPZ12 - ok
19:44:57.0778 4248 pnarp (3de33bce4a930edf57bd1f742823bcd8) C:\Windows\system32\DRIVERS\pnarp.sys
19:44:57.0780 4248 pnarp - ok
19:44:57.0850 4248 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:44:57.0858 4248 PNRPAutoReg - ok
19:44:57.0882 4248 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
19:44:57.0889 4248 PNRPsvc - ok
19:44:57.0994 4248 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
19:44:58.0003 4248 PolicyAgent - ok
19:44:58.0069 4248 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:44:58.0071 4248 PptpMiniport - ok
19:44:58.0167 4248 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
19:44:58.0169 4248 Processor - ok
19:44:58.0225 4248 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
19:44:58.0231 4248 ProfSvc - ok
19:44:58.0298 4248 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:44:58.0300 4248 ProtectedStorage - ok
19:44:58.0439 4248 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:44:58.0442 4248 PSched - ok
19:44:58.0534 4248 purendis (53efa6066e7ffaa1ad91c7fb40ffd2ec) C:\Windows\system32\DRIVERS\purendis.sys
19:44:58.0535 4248 purendis - ok
19:44:58.0680 4248 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
19:44:58.0682 4248 PxHelp20 - ok
19:44:58.0774 4248 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
19:44:58.0797 4248 ql2300 - ok
19:44:58.0922 4248 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:44:58.0925 4248 ql40xx - ok
19:44:58.0978 4248 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
19:44:58.0986 4248 QWAVE - ok
19:44:59.0109 4248 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:44:59.0110 4248 QWAVEdrv - ok
19:44:59.0152 4248 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:44:59.0153 4248 RasAcd - ok
19:44:59.0202 4248 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
19:44:59.0207 4248 RasAuto - ok
19:44:59.0334 4248 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:59.0337 4248 Rasl2tp - ok
19:44:59.0390 4248 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
19:44:59.0398 4248 RasMan - ok
19:44:59.0516 4248 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:59.0518 4248 RasPppoe - ok
19:44:59.0556 4248 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:44:59.0559 4248 RasSstp - ok
19:44:59.0611 4248 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:44:59.0618 4248 rdbss - ok
19:44:59.0749 4248 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:59.0751 4248 RDPCDD - ok
19:44:59.0804 4248 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
19:44:59.0809 4248 rdpdr - ok
19:44:59.0855 4248 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:44:59.0862 4248 RDPENCDD - ok
19:44:59.0939 4248 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
19:44:59.0943 4248 RDPWD - ok
19:45:00.0056 4248 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
19:45:00.0059 4248 RemoteAccess - ok
19:45:00.0106 4248 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
19:45:00.0111 4248 RemoteRegistry - ok
19:45:00.0268 4248 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
19:45:00.0270 4248 RimVSerPort - ok
19:45:00.0325 4248 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
19:45:00.0327 4248 ROOTMODEM - ok
19:45:00.0371 4248 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
19:45:00.0375 4248 RpcLocator - ok
19:45:00.0497 4248 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
19:45:00.0504 4248 RpcSs - ok
19:45:00.0585 4248 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:45:00.0587 4248 rspndr - ok
19:45:00.0694 4248 RTL8169 (5163f804256deb8cf1ef64b780a18caa) C:\Windows\system32\DRIVERS\Rtlh86.sys
19:45:00.0698 4248 RTL8169 - ok
19:45:00.0754 4248 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
19:45:00.0755 4248 SamSs - ok
19:45:00.0834 4248 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:45:00.0837 4248 sbp2port - ok
19:45:01.0026 4248 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
19:45:01.0050 4248 SBSDWSCService - ok
19:45:01.0184 4248 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
19:45:01.0191 4248 SCardSvr - ok
19:45:01.0275 4248 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
19:45:01.0290 4248 Schedule - ok
19:45:01.0403 4248 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
19:45:01.0404 4248 SCPolicySvc - ok
19:45:01.0476 4248 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
19:45:01.0479 4248 sdbus - ok
19:45:01.0592 4248 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
19:45:01.0597 4248 SDRSVC - ok
19:45:01.0659 4248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:45:01.0725 4248 secdrv - ok
19:45:02.0030 4248 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
19:45:02.0033 4248 seclogon - ok
19:45:02.0131 4248 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
19:45:02.0137 4248 SENS - ok
19:45:02.0206 4248 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
19:45:02.0208 4248 Serenum - ok
19:45:02.0310 4248 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
19:45:02.0313 4248 Serial - ok
19:45:02.0376 4248 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:45:02.0379 4248 sermouse - ok
19:45:02.0505 4248 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
19:45:02.0509 4248 SessionEnv - ok
19:45:02.0572 4248 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
19:45:02.0573 4248 sffdisk - ok
19:45:02.0665 4248 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
19:45:02.0667 4248 sffp_mmc - ok
19:45:02.0743 4248 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:45:02.0745 4248 sffp_sd - ok
19:45:02.0875 4248 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:45:02.0876 4248 sfloppy - ok
19:45:02.0965 4248 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
19:45:02.0973 4248 SharedAccess - ok
19:45:03.0097 4248 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
19:45:03.0105 4248 ShellHWDetection - ok
19:45:03.0173 4248 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
19:45:03.0175 4248 sisagp - ok
19:45:03.0276 4248 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
19:45:03.0278 4248 SiSRaid2 - ok
19:45:03.0339 4248 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
19:45:03.0342 4248 SiSRaid4 - ok
19:45:03.0586 4248 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
19:45:03.0660 4248 slsvc - ok
19:45:03.0774 4248 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
19:45:03.0778 4248 SLUINotify - ok
19:45:03.0838 4248 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:45:03.0841 4248 Smb - ok
19:45:03.0958 4248 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
19:45:03.0961 4248 SNMPTRAP - ok
19:45:04.0025 4248 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:45:04.0028 4248 spldr - ok
19:45:04.0163 4248 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
19:45:04.0168 4248 Spooler - ok
19:45:04.0248 4248 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:45:04.0255 4248 srv - ok
19:45:04.0388 4248 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:45:04.0392 4248 srv2 - ok
19:45:04.0461 4248 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:45:04.0465 4248 srvnet - ok
19:45:04.0580 4248 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
19:45:04.0585 4248 SSDPSRV - ok
19:45:04.0614 4248 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
19:45:04.0619 4248 SstpSvc - ok
19:45:04.0741 4248 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
19:45:04.0753 4248 stisvc - ok
19:45:04.0852 4248 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:45:04.0854 4248 swenum - ok
19:45:04.0947 4248 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
19:45:04.0956 4248 swprv - ok
19:45:05.0029 4248 Swupdtmr (e1292c1ed4deb17b8a9b586d22cb2061) c:\Toshiba\IVP\swupdate\swupdtmr.exe
19:45:05.0032 4248 Swupdtmr - ok
19:45:05.0127 4248 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:45:05.0128 4248 Symc8xx - ok
19:45:05.0189 4248 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:45:05.0191 4248 Sym_hi - ok
19:45:05.0248 4248 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:45:05.0250 4248 Sym_u3 - ok
19:45:05.0332 4248 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
19:45:05.0338 4248 SynTP - ok
19:45:05.0432 4248 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
19:45:05.0445 4248 SysMain - ok
19:45:05.0554 4248 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
19:45:05.0558 4248 TabletInputService - ok
19:45:05.0626 4248 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
19:45:05.0633 4248 TapiSrv - ok
19:45:05.0721 4248 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
19:45:05.0725 4248 TBS - ok
19:45:05.0861 4248 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:45:05.0881 4248 Tcpip - ok
19:45:05.0975 4248 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:45:05.0982 4248 Tcpip6 - ok
19:45:06.0047 4248 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:45:06.0051 4248 tcpipreg - ok
19:45:06.0107 4248 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
19:45:06.0109 4248 tdcmdpst - ok
19:45:06.0220 4248 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:45:06.0221 4248 TDPIPE - ok
19:45:06.0267 4248 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:45:06.0268 4248 TDTCP - ok
19:45:06.0381 4248 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:45:06.0384 4248 tdx - ok
19:45:06.0434 4248 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:45:06.0437 4248 TermDD - ok
19:45:06.0513 4248 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
19:45:06.0531 4248 TermService - ok
19:45:06.0642 4248 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
19:45:06.0646 4248 Themes - ok
19:45:06.0710 4248 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
19:45:06.0712 4248 THREADORDER - ok
19:45:06.0861 4248 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
19:45:06.0868 4248 tifm21 - ok
19:45:07.0003 4248 TNaviSrv (e47f35a87ff0da38def37a0eb0c2d2df) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
19:45:07.0016 4248 TNaviSrv - ok
19:45:07.0175 4248 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
19:45:07.0180 4248 TODDSrv - ok
19:45:07.0277 4248 TosCoSrv (da6903958cbdc091ffcbbca70ccff34c) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
19:45:07.0286 4248 TosCoSrv - ok
19:45:07.0323 4248 TOSHIBA SMART Log Service (22690dffc7f2a18279a7a0489aa02bac) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
19:45:07.0326 4248 TOSHIBA SMART Log Service - ok
19:45:07.0446 4248 Tosrfcom - ok
19:45:07.0505 4248 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\Windows\system32\DRIVERS\tosrfec.sys
19:45:07.0506 4248 tosrfec - ok
19:45:07.0624 4248 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
19:45:07.0631 4248 tos_sps32 - ok
19:45:07.0744 4248 TpChoice - ok
19:45:07.0802 4248 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
19:45:07.0807 4248 TrkWks - ok
19:45:07.0874 4248 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
19:45:07.0876 4248 TrustedInstaller - ok
19:45:08.0006 4248 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:08.0008 4248 tssecsrv - ok
19:45:08.0079 4248 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:45:08.0081 4248 tunmp - ok
19:45:08.0209 4248 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:45:08.0211 4248 tunnel - ok
19:45:08.0262 4248 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
19:45:08.0264 4248 TVALZ - ok
19:45:08.0388 4248 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
19:45:08.0391 4248 uagp35 - ok
19:45:08.0449 4248 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:45:08.0455 4248 udfs - ok
19:45:08.0579 4248 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
19:45:08.0585 4248 UI0Detect - ok
19:45:08.0649 4248 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
19:45:08.0652 4248 uliagpkx - ok
19:45:08.0748 4248 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
19:45:08.0754 4248 uliahci - ok
19:45:08.0819 4248 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:45:08.0825 4248 UlSata - ok
19:45:08.0939 4248 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:45:08.0942 4248 ulsata2 - ok
19:45:08.0980 4248 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:45:08.0984 4248 umbus - ok
19:45:09.0085 4248 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\DRIVERS\umpass.sys
19:45:09.0087 4248 UMPass - ok
19:45:09.0198 4248 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
19:45:09.0206 4248 upnphost - ok
19:45:09.0285 4248 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
19:45:09.0287 4248 USBAAPL - ok
19:45:09.0411 4248 usbbus - ok
19:45:09.0457 4248 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:09.0459 4248 usbccgp - ok
19:45:09.0512 4248 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
19:45:09.0514 4248 usbcir - ok
19:45:09.0622 4248 UsbDiag - ok
19:45:09.0701 4248 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:45:09.0703 4248 usbehci - ok
19:45:09.0823 4248 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:45:09.0828 4248 usbhub - ok
19:45:09.0873 4248 USBModem - ok
19:45:09.0915 4248 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
19:45:09.0917 4248 usbohci - ok
19:45:10.0042 4248 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
19:45:10.0043 4248 usbprint - ok
19:45:10.0105 4248 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:10.0109 4248 USBSTOR - ok
19:45:10.0229 4248 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
19:45:10.0231 4248 usbuhci - ok
19:45:10.0313 4248 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
19:45:10.0317 4248 usbvideo - ok
19:45:10.0427 4248 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
19:45:10.0432 4248 UxSms - ok
19:45:10.0502 4248 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
19:45:10.0513 4248 vds - ok
19:45:10.0658 4248 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:10.0660 4248 vga - ok
19:45:10.0696 4248 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:45:10.0698 4248 VgaSave - ok
19:45:10.0746 4248 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
19:45:10.0748 4248 viaagp - ok
19:45:10.0891 4248 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
19:45:10.0893 4248 ViaC7 - ok
19:45:10.0936 4248 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
19:45:10.0937 4248 viaide - ok
19:45:10.0980 4248 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:45:10.0982 4248 volmgr - ok
19:45:11.0103 4248 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:45:11.0110 4248 volmgrx - ok
19:45:11.0178 4248 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:45:11.0184 4248 volsnap - ok
19:45:11.0310 4248 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
19:45:11.0314 4248 vsmraid - ok
19:45:11.0386 4248 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
19:45:11.0411 4248 VSS - ok
19:45:11.0531 4248 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
19:45:11.0540 4248 W32Time - ok
19:45:11.0606 4248 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:45:11.0607 4248 WacomPen - ok
19:45:11.0706 4248 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:11.0709 4248 Wanarp - ok
19:45:11.0720 4248 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:11.0721 4248 Wanarpv6 - ok
19:45:11.0779 4248 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
19:45:11.0791 4248 wcncsvc - ok
19:45:11.0907 4248 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
19:45:11.0911 4248 WcsPlugInService - ok
19:45:12.0071 4248 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
19:45:12.0116 4248 Wd - ok
19:45:12.0313 4248 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:45:12.0324 4248 Wdf01000 - ok
19:45:12.0401 4248 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:45:12.0406 4248 WdiServiceHost - ok
19:45:12.0420 4248 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
19:45:12.0423 4248 WdiSystemHost - ok
19:45:12.0511 4248 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
19:45:12.0518 4248 WebClient - ok
19:45:12.0574 4248 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
19:45:12.0580 4248 Wecsvc - ok
19:45:12.0642 4248 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
19:45:12.0647 4248 wercplsupport - ok
19:45:12.0752 4248 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
19:45:12.0757 4248 WerSvc - ok
19:45:12.0870 4248 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
19:45:12.0876 4248 WinDefend - ok
19:45:12.0892 4248 WinHttpAutoProxySvc - ok
19:45:13.0044 4248 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
19:45:13.0048 4248 Winmgmt - ok
19:45:13.0134 4248 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
19:45:13.0161 4248 WinRM - ok
19:45:13.0299 4248 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
19:45:13.0312 4248 Wlansvc - ok
19:45:13.0497 4248 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:45:13.0529 4248 wlidsvc - ok
19:45:13.0706 4248 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
19:45:13.0708 4248 WmiAcpi - ok
19:45:13.0788 4248 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
19:45:13.0792 4248 wmiApSrv - ok
19:45:13.0926 4248 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:45:13.0944 4248 WMPNetworkSvc - ok
19:45:14.0054 4248 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
19:45:14.0060 4248 WPCSvc - ok
19:45:14.0139 4248 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
19:45:14.0144 4248 WPDBusEnum - ok
19:45:14.0293 4248 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
19:45:14.0295 4248 WpdUsb - ok
19:45:14.0478 4248 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:45:14.0498 4248 WPFFontCache_v0400 - ok
19:45:14.0625 4248 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:45:14.0627 4248 ws2ifsl - ok
19:45:14.0686 4248 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
19:45:14.0691 4248 wscsvc - ok
19:45:14.0765 4248 WSearch - ok
19:45:14.0873 4248 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
19:45:14.0915 4248 wuauserv - ok
19:45:15.0065 4248 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:15.0068 4248 WUDFRd - ok
19:45:15.0119 4248 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
19:45:15.0123 4248 wudfsvc - ok
19:45:15.0174 4248 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:45:15.0246 4248 \Device\Harddisk0\DR0 - ok
19:45:15.0256 4248 Boot (0x1200) (bcaf97a13b1d31bc3778ca91dc7dfa31) \Device\Harddisk0\DR0\Partition0
19:45:15.0258 4248 \Device\Harddisk0\DR0\Partition0 - ok
19:45:15.0262 4248 ============================================================
19:45:15.0262 4248 Scan finished
19:45:15.0263 4248 ============================================================
19:45:15.0281 4308 Detected object count: 0
19:45:15.0281 4308 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-06 19:46:48
-----------------------------
19:46:48.034 OS Version: Windows 6.0.6002 Service Pack 2
19:46:48.035 Number of processors: 1 586 0x1601
19:46:48.036 ComputerName: ANRAE-PC UserName: Anrae
19:46:58.134 Initialize success
19:47:59.278 AVAST engine defs: 12040601
19:48:11.754 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
19:48:11.767 Disk 0 Vendor: TOSHIBA_MK1246GSX LB213M Size: 114473MB BusType: 3
19:48:11.795 Disk 0 MBR read successfully
19:48:11.800 Disk 0 MBR scan
19:48:11.806 Disk 0 Windows VISTA default MBR code
19:48:11.812 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:48:11.862 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
19:48:11.906 Disk 0 scanning sectors +234440704
19:48:12.129 Disk 0 scanning C:\Windows\system32\drivers
19:48:26.222 Service scanning
19:49:10.450 Modules scanning
19:49:22.602 Disk 0 trace - called modules:
19:49:22.632 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
19:49:22.641 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8582dac8]
19:49:22.647 3 CLASSPNP.SYS[82d478b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8486d5e8]
19:49:23.965 AVAST engine scan C:\Windows
19:49:27.765 AVAST engine scan C:\Windows\system32
19:54:33.628 AVAST engine scan C:\Windows\system32\drivers
19:54:53.706 AVAST engine scan C:\Users\Anrae
20:39:14.159 AVAST engine scan C:\ProgramData
21:04:40.179 Scan finished successfully
22:18:27.940 Disk 0 MBR has been saved successfully to "C:\Users\Anrae\Desktop\MBR.dat"
22:18:27.976 The log file has been saved successfully to "C:\Users\Anrae\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 06 April 2012 - 09:26 PM

In which browsers are getting redirected - check al;l that are installed on the computer


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 morbidbattlecry

morbidbattlecry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 07 April 2012 - 11:03 AM

Looks like just Google Chrome. No longer in IE.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 07 April 2012 - 11:14 AM

Greetings

I want you to uninstall chrome and if asked about user data or settings then remove that also.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
C:\Users\Anrae\AppData\Roaming\DriverCure
C:\Users\Anrae\AppData\Roaming\SpeedyPC Software
C:\ProgramData\SpeedyPC Software
C:\Program Files\Freecorder

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 morbidbattlecry

morbidbattlecry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 09 April 2012 - 05:53 PM

Everything is running perfect! No redirects at all. Thank you so much for your help!!



ComboFix 12-04-04.02 - Anrae 04/07/2012 17:30:55.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1091 [GMT -4:00]
Running from: C:\Users\Anrae\Desktop\ComboFix.exe
Command switches used :: C:\Users\Anrae\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Freecorder
C:\Program Files\Freecorder\Applian_Audio_Plugin.dll
C:\Program Files\Freecorder\audgopher.dll
C:\Program Files\Freecorder\audhook.dll
C:\Program Files\Freecorder\FCAudio.exe
C:\Program Files\Freecorder\FCConv.exe
C:\Program Files\Freecorder\FCSettings.exe
C:\Program Files\Freecorder\FCVideos.exe
C:\Program Files\Freecorder\ffmpeg.exe
C:\Program Files\Freecorder\FLVPlayer.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Freecorder\Freecorder.xpi
C:\Program Files\Freecorder\freecorder_ie.exe
C:\Program Files\Freecorder\FreecorderToolbarHelper.exe
C:\Program Files\Freecorder\FreecorderToolbarHelper1.exe
C:\Program Files\Freecorder\INSTALL.LOG
C:\Program Files\Freecorder\lame_enc.dll
C:\Program Files\Freecorder\ldrtbFre0.dll
C:\Program Files\Freecorder\prxtbFre0.dll
C:\Program Files\Freecorder\prxtbFre2.dll
C:\Program Files\Freecorder\sdl.dll
C:\Program Files\Freecorder\tbFre1.dll
C:\Program Files\Freecorder\tbFre2.dll
C:\Program Files\Freecorder\tbFree.dll
C:\Program Files\Freecorder\toolbar.cfg
C:\Program Files\Freecorder\uninstall.exe
C:\Program Files\Freecorder\Uninstall\IRIMG1.JPG
C:\Program Files\Freecorder\Uninstall\IRIMG2.JPG
C:\Program Files\Freecorder\Uninstall\uninstall.dat
C:\Program Files\Freecorder\Uninstall\uninstall.xml
C:\Program Files\Freecorder\UNWISE.EXE
C:\Program Files\Freecorder\VistaAudioLib.dll
C:\ProgramData\SpeedyPC Software
C:\Users\Anrae\AppData\Roaming\DriverCure
C:\Users\Anrae\AppData\Roaming\DriverCure\LogFile.txt
C:\Users\Anrae\AppData\Roaming\SpeedyPC Software

Infected copy of C:\Windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - C:\Windows\ERDNT\cache\atapi.sys


((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))


2012-04-07 21:40:44 . 2012-04-07 21:43:11 -------- d-----w- C:\Users\Anrae\AppData\Local\temp
2012-04-07 21:40:44 . 2012-04-07 21:40:44 -------- d-----w- C:\Users\Mcx1\AppData\Local\temp
2012-04-07 21:40:44 . 2012-04-07 21:40:44 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-04-06 14:42:20 . 2012-04-06 14:42:20 -------- d-----w- C:\Users\Anrae\AppData\Roaming\Auslogics
2012-04-06 14:42:09 . 2012-04-06 14:42:09 -------- d-----w- C:\Program Files\Auslogics
2012-04-06 09:01:36 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6BCB8D78-5D74-4052-9582-1C4491607A14}\mpengine.dll
2012-04-06 00:01:21 . 2012-04-06 00:01:25 -------- d-----w- C:\Program Files\CCleaner
2012-04-04 01:48:33 . 2011-12-10 19:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-04-04 01:48:32 . 2012-04-04 23:20:27 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2012-04-03 20:35:05 . 2012-04-03 20:35:05 4139168 ----a-w- C:\Windows\system32\FlashPlayerInstaller.exe
2012-04-03 20:00:57 . 2012-04-03 20:35:08 418464 ----a-w- C:\Windows\system32\FlashPlayerApp.exe
2012-04-03 19:56:32 . 2012-04-03 19:56:32 100864 ----a-w- C:\uwdorpod.sys
2012-04-02 23:11:51 . 2012-04-07 21:42:00 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
2012-04-02 23:11:51 . 2012-04-07 21:20:58 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-02 19:26:07 . 2012-04-02 19:40:41 -------- d-----w- C:\Users\Anrae\AppData\Local\adawarebp
2012-04-02 19:26:06 . 2012-04-02 19:26:07 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-04-02 19:26:03 . 2012-04-02 19:26:03 -------- d-----w- C:\Program Files\Toolbar Cleaner
2012-04-02 19:25:15 . 2012-04-02 19:28:26 -------- d-----w- C:\Users\Anrae\AppData\Roaming\Ad-Aware Antivirus
2012-04-02 18:17:50 . 2012-04-02 19:30:04 -------- d-----w- C:\Program Files\Common Files\PC Tools
2012-04-02 18:17:50 . 2012-02-24 14:36:44 185560 ----a-w- C:\Windows\system32\drivers\PCTSD.sys
2012-04-02 18:17:33 . 2012-04-02 19:27:46 -------- d-----w- C:\ProgramData\PC Tools
2012-04-02 18:17:33 . 2012-04-02 18:17:33 -------- d-----w- C:\Users\Anrae\AppData\Roaming\TestApp
2012-04-02 17:21:53 . 2012-04-02 17:56:54 -------- d-----w- C:\sh4ldr
2012-04-02 17:21:53 . 2012-04-02 17:21:53 -------- d-----w- C:\Program Files\Enigma Software Group
2012-04-02 17:21:38 . 2012-04-02 17:56:50 -------- d-----w- C:\Windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-02 17:21:36 . 2012-04-02 17:21:36 -------- d-----w- C:\Program Files\Common Files\Wise Installation Wizard
2012-04-01 22:41:36 . 2011-06-29 11:23:34 101720 ----a-w- C:\Windows\system32\drivers\SBREDrv.sys
2012-04-01 00:58:17 . 2012-04-01 23:40:15 -------- d-----w- C:\Program Files\Anvisoft
2012-03-31 14:31:32 . 2012-03-31 14:31:32 -------- d-----w- C:\Users\Anrae\AppData\Roaming\Malwarebytes
2012-03-31 14:30:40 . 2012-03-31 14:30:40 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-22 19:12:12 . 2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\system32\GPhotos.scr
2012-03-14 19:01:07 . 2012-02-02 15:16:25 2044416 ----a-w- C:\Windows\system32\win32k.sys
2012-03-14 19:01:04 . 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll
2012-03-14 19:01:04 . 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\system32\d3d10_1.dll
2012-03-14 19:01:04 . 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll
2012-03-14 19:01:04 . 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\system32\d2d1.dll
2012-03-14 19:01:04 . 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\system32\DWrite.dll
2012-03-14 19:01:02 . 2012-01-31 10:59:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-03-14 19:00:36 . 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\system32\rdpencom.dll
2012-03-14 19:00:36 . 2012-01-09 13:58:29 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-03 20:35:08 . 2011-05-17 11:31:12 70304 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-03-30 19:50:31 . 2011-01-18 13:25:29 472808 ----a-w- C:\Windows\system32\deployJava1.dll
2012-02-23 13:18:36 . 2009-10-03 23:48:00 237072 ------w- C:\Windows\system32\MpSigStub.exe
2012-01-19 14:22:20 . 2012-01-19 14:22:20 42864 ----a-r- C:\Windows\system32\SBBD.EXE
2012-01-12 13:26:20 . 2012-04-01 22:41:36 101112 ----a-r- C:\Windows\system32\drivers\SBREDrv.sys.5985.aawbak


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"doubleTwist"="C:\Program Files\doubleTwist 2.0\DoubleTwist.DeviceHelper.exe" [2010-12-07 15:34:34 24576]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-06 00:01:13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2006-09-11 22:21:16 180224]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 02:51:52 4911104]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 11:36:38 1451304]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-06-12 15:39:56 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-06-12 15:39:40 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-06-12 15:39:48 133656]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 21:14:44 34352]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 22:36:46 30040]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 16:48:18 58656]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 05:04:34 39792]
"nmctxth"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 18:48:44 647216]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [2001-07-09 15:50:42 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 06:41:12 49208]
"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 04:25:58 59240]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2012-01-16 22:22:12 421736]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 18:02:04 254696]
"Ad-Aware Browsing Protection"="C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [2012-03-28 13:27:46 200600]

C:\Users\Anrae\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
V CAST Media Monitor.lnk - C:\Program Files\V CAST Media Manager\MEMonitor.exe [N/A]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
VideoCam Suite 2.0.lnk - C:\Program Files\Panasonic\VideoCam Suite 2\VideoCamSuiteAutoStart.exe [2010-5-29 185688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-01-22 21:25:26 712704 ----a-w- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 17:32:18 203264 ----a-w- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38:18 421888 ----a-w- C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 04:01:58 448080 ----a-w- C:\Program Files\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:35:08 253600]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Contents of the 'Scheduled Tasks' folder

2012-04-07 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:00:57 . 2012-04-03 20:35:08]

2012-04-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-13 11:52:19 . 2010-05-13 11:52:06]

2012-04-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-13 11:52:19 . 2010-05-13 11:52:06]


------- Supplementary Scan -------

uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{BB3CE38A-E1AE-4768-95FF-33E6BE5E2D35}
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: rhapsody.com\rhap-app-4-0
Trusted Zone: rhapsody.com\rhapreg
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

- - - - ORPHANS REMOVED - - - -

BHO-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
Toolbar-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll
MSConfigStartUp-ITSecMng - C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
AddRemove-Freecorder Toolbar - C:\Program Files\Freecorder\uninstall.exe

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 09 April 2012 - 07:13 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 8.1.3
BitComet 1.20
Freecorder Toolbar
Java™ 6 Update 3

[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 11 April 2012 - 11:22 PM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 morbidbattlecry

morbidbattlecry
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:24 AM

Posted 12 April 2012 - 03:00 PM

Sorry Just need a bit more time. I've been very busy with work.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 12 April 2012 - 05:36 PM

:thumbup2: I will check in on you in a couple of days if I have not heard from you
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 15 April 2012 - 12:00 AM

Hello


Just checking in on you as it has been a couple of days since I have heard from you.

Are you having any troubles or just need more time?




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:24 AM

Posted 17 April 2012 - 11:32 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users