Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect, radio, firewall not working


  • This topic is locked This topic is locked
38 replies to this topic

#1 unagimaki

unagimaki

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 06 April 2012 - 06:02 PM

I am having a bazillion problems with my computer. I am getting stressed out and I need help!

I believe I have a redirect virus. I am constantly redirected to spam websites when using google in chrome, mozilla. My internet explorer has stopped working too. Also there were different radio or something playing in the background even though no program was running and it definitely wasn't from the websites I was visiting.

I also cant get my firewall to work. Its due to some unidentified problem.

I have malwarebytes, spybot search and destroy as well as super antispware. While they do detect problems the problems haven't gone away!
Please help me so I can enjoy the internet once again.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 07 April 2012 - 05:03 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 07 April 2012 - 08:04 AM

Here is my log.

The radio playing in the background is constant (it got worse)

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Michelle at 8:58:55 on 2012-04-07
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.1112 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\WUDFHost.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michelle\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\michelle\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [<NO NAME>]
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [xtGECLdoPWqJXph.exe] c:\programdata\xtGECLdoPWqJXph.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10p_ActiveX.exe -update activex
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{855BDFB4-0AD2-41EA-9306-C2E3D7F27272} : DhcpNameServer = 8.8.8.8
TCP: Interfaces\{9C75C381-3FC4-4004-870F-5613A79DC7B0} : DhcpNameServer = 192.168.42.129
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\michelle\appdata\roaming\mozilla\firefox\profiles\ajfr6gd5.default\
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\michelle\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 126024]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-6-16 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-12 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 46592]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 99400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111112]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112712]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R2 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-4-9 656752]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-3-21 12920]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-6-16 22272]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-11-26 13440]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-18 135664]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2009-6-10 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [2010-6-23 23040]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 camsvc;TOSHIBA Web Camera Service;c:\program files\toshiba\toshiba web camera application\TWebCameraSrv.exe [2009-6-16 20544]
S4 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608]
S4 PassThru Service;Internet Pass-Through Service;c:\program files\htc\internet pass-through\PassThruSvr.exe [2010-9-16 80896]
S4 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
S4 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-2-21 1153368]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2011-3-31 155344]
S4 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2011-2-16 62776]
.
=============== Created Last 30 ================
.
2012-04-07 12:58:37 858 ----a-w- c:\programdata\yklpaaa.tmp
2012-04-07 12:57:05 869 ----a-w- c:\programdata\oldpbaa.tmp
2012-04-06 21:13:02 98816 ----a-w- c:\windows\sed.exe
2012-04-06 21:13:02 518144 ----a-w- c:\windows\SWREG.exe
2012-04-06 21:13:02 256000 ----a-w- c:\windows\PEV.exe
2012-04-06 21:13:02 208896 ----a-w- c:\windows\MBR.exe
2012-04-06 21:12:50 -------- d-s---w- C:\ComboFix
2012-04-06 20:26:27 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{755b73fd-86ff-4b75-b660-fa2094568f3a}\offreg.dll
2012-04-05 22:04:40 588 ----a-w- c:\programdata\tnxycaa.tmp
2012-04-05 22:04:35 574 ----a-w- c:\programdata\snxycaa.tmp
2012-04-05 21:59:14 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{755b73fd-86ff-4b75-b660-fa2094568f3a}\mpengine.dll
2012-04-04 22:37:50 579 ----a-w- c:\programdata\wroxcaa.tmp
2012-04-03 13:17:29 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-04-02 01:29:59 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9e4a104a-7ab3-45e8-b29c-e0184ecdb4ba}\gapaengine.dll
2012-04-02 01:21:26 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-02 01:20:25 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-29 15:11:55 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-03-28 02:34:58 6582328 ------w- c:\programdata\microsoft\windows defender\definition updates\{01ba1295-9512-48f6-9d20-65647f03c0e8}\mpengine.dll
2012-03-20 14:18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 07:08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-20 07:08:00 141112 ----a-w- c:\program files\internet explorer\sqmapi.dll
2012-03-19 12:35:02 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 12:34:53 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-19 12:34:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-19 12:34:52 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-19 12:34:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-19 12:34:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-19 12:34:52 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-19 12:34:51 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-19 12:31:19 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-19 12:31:19 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-01 21:29:13 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-01-31 08:59:04 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 9:00:35.86 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 07 April 2012 - 10:42 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 07 April 2012 - 02:25 PM

Hello

Thank you for your suggestion. Combofix does the system back up part but after about 45 minutes nothing happens. Something pops up from windows saying "freeware implenmetation of XCACLS has stopped working". Also it seems that my recycling has been corrupted. I have disabled all security software also.


Any suggestions on what to do next?

Thanks!

Edited by unagimaki, 07 April 2012 - 02:26 PM.


#6 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 07 April 2012 - 05:24 PM

Okay I ran it in safe mode as it was suggested in other posts. It ran successfully. Here is the log. Everything appears to be better now. Havent checked the firewall yet.

ComboFix 12-04-07.03 - Michelle 04/07/2012 17:58:45.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2939.2498 [GMT -4:00]
Running from: c:\users\Michelle\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\snxycaa.tmp
c:\programdata\tnxycaa.tmp
c:\programdata\wroxcaa.tmp
c:\windows\$NtUninstallKB14070$
c:\windows\$NtUninstallKB14070$\2500830201\@
c:\windows\$NtUninstallKB14070$\2500830201\cfg.ini
c:\windows\$NtUninstallKB14070$\2500830201\Desktop.ini
c:\windows\$NtUninstallKB14070$\2500830201\L\qnbwvoto
c:\windows\$NtUninstallKB14070$\2500830201\U\00000001.@
c:\windows\$NtUninstallKB14070$\2500830201\U\00000002.@
c:\windows\$NtUninstallKB14070$\2500830201\U\00000004.@
c:\windows\$NtUninstallKB14070$\2500830201\U\80000000.@
c:\windows\$NtUninstallKB14070$\2500830201\U\80000004.@
c:\windows\$NtUninstallKB14070$\2500830201\U\80000032.@
c:\windows\$NtUninstallKB14070$\2500830201\version
c:\windows\$NtUninstallKB14070$\2811702003
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\win3EB6.tmp
c:\windows\win3E09.tmp
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
.
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!explorer.exe
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!winlogon.exe
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!explorer.exe
.
((((((((((((((((((((((((( Files Created from 2012-03-07 to 2012-04-07 )))))))))))))))))))))))))))))))
.
.
2012-04-07 22:09 . 2012-04-07 22:11 -------- d-----w- c:\users\Michelle\AppData\Local\temp
2012-04-07 22:09 . 2012-04-07 22:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-07 21:56 . 2012-04-07 22:11 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{755B73FD-86FF-4B75-B660-FA2094568F3A}\offreg.dll
2012-04-05 21:59 . 2012-03-13 23:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{755B73FD-86FF-4B75-B660-FA2094568F3A}\mpengine.dll
2012-04-03 13:17 . 2012-03-13 23:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-02 01:29 . 2012-02-09 17:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9E4A104A-7AB3-45E8-B29C-E0184ECDB4BA}\gapaengine.dll
2012-04-02 01:21 . 2012-04-02 01:22 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-02 01:20 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-03-20 14:47 . 2012-03-20 14:47 -------- d-----w- c:\windows\Sun
2012-03-20 14:18 . 2012-03-20 14:18 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-20 07:08 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-03-20 07:08 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-03-19 12:35 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-19 12:34 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-19 12:34 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-19 12:34 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-19 12:34 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-19 12:34 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-19 12:34 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-19 12:34 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-19 12:31 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-19 12:31 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-01 21:29 . 2009-07-19 19:59 72192 ----a-w- c:\windows\system32\drivers\tdx.sys
2012-03-14 02:15 . 2012-03-28 02:34 6582328 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01BA1295-9512-48F6-9D20-65647F03C0E8}\mpengine.dll
2012-01-31 08:59 . 2009-10-02 19:09 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-03-13 04:39 . 2012-04-06 22:52 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2010-11-02 14:03 86696 ----a-w- c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2010-11-02 86696]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-16 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-13 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-13 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-13 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-03-17 304496]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-01-19 1150976]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe" [2011-04-18 235168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Michelle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Michelle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 05:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2011-01-08 02:09 585728 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 06:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Panda Security Toolbar Antiphishing]
2010-11-02 14:03 441856 ----a-w- c:\programdata\Panda Security Toolbar Antiphishing\panda2_0dn.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 15:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 21:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-03-13 01:11 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartFaceVWatcher]
2009-03-25 02:33 163840 ----a-w- c:\program files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2011-07-25 15:41 433360 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 20:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 17:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-04-06 02:03 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-16 19:03 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2009-04-01 23:11 1283384 ----a-w- c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPCHWMsg]
2009-04-10 00:01 570736 ----a-w- c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
2009-04-17 01:42 2513472 ----a-w- c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
.
R1 aeqegrqm;aeqegrqm;c:\windows\system32\drivers\aeqegrqm.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wampmysqld
generichidservice
ipsec
inspect
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 02:50]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-19 02:50]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2441505634-2020984227-1343173905-1000Core.job
- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 20:29]
.
2012-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2441505634-2020984227-1343173905-1000UA.job
- c:\users\Michelle\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 20:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath - c:\users\Michelle\AppData\Roaming\Mozilla\Firefox\Profiles\ajfr6gd5.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-xtGECLdoPWqJXph.exe - c:\programdata\xtGECLdoPWqJXph.exe
MSConfigStartUp-American Airlines DealFinder - c:\program files\American Airlines DealFinder\American_Airlines_DealFinder.exe
MSConfigStartUp-PSUNMain - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"=hex:51,66,7a,6c,4c,1d,38,12,0e,bc,32,
bc,1f,12,85,04,ed,ca,7d,0c,c8,64,66,f0
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:20,4f,01,73,b3,12,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,0f,d9,d1,e4,97,f4,4f,8e,a0,6c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,af,0f,d9,d1,e4,97,f4,4f,8e,a0,6c,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\WerFault.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\helppane.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2012-04-07 18:18:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-07 22:17
.
Pre-Run: 169,990,344,704 bytes free
Post-Run: 170,047,098,880 bytes free
.
- - End Of File - - DA81000CBE0AC03E554893FE55FD73D9

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 07 April 2012 - 05:49 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 07 April 2012 - 06:22 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-07 18:58:06
-----------------------------
18:58:06.800 OS Version: Windows 6.0.6002 Service Pack 2
18:58:06.800 Number of processors: 2 586 0x170A
18:58:06.800 ComputerName: MICHELLE-PC UserName: Michelle
18:58:31.978 Initialize success
19:04:09.086 AVAST engine defs: 12040701
19:06:10.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:06:10.890 Disk 0 Vendor: TOSHIBA_ FG01 Size: 305245MB BusType: 3
19:06:10.906 Disk 0 MBR read successfully
19:06:10.906 Disk 0 MBR scan
19:06:10.922 Disk 0 Windows VISTA default MBR code
19:06:10.937 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:06:10.953 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 294695 MB offset 3074048
19:06:10.984 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9049 MB offset 606609408
19:06:11.031 Disk 0 scanning sectors +625141760
19:06:11.124 Disk 0 scanning C:\Windows\system32\drivers
19:06:23.698 Service scanning
19:06:38.440 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
19:07:00.966 Modules scanning
19:07:10.794 Disk 0 trace - called modules:
19:07:10.810 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:07:10.826 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a17ac8]
19:07:10.826 3 CLASSPNP.SYS[8a70f8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x84a5e028]
19:07:12.152 AVAST engine scan C:\Windows
19:07:16.894 AVAST engine scan C:\Windows\system32
19:11:10.676 AVAST engine scan C:\Windows\system32\drivers
19:11:30.144 AVAST engine scan C:\Users\Michelle
19:13:11.700 File: C:\Users\Michelle\AppData\Roaming\Google\Google\ruamntmv.dll **INFECTED** Win32:Dropper-KLA [Trj]
19:17:11.394 AVAST engine scan C:\ProgramData
19:18:48.754 Scan finished successfully
19:19:26.313 Disk 0 MBR has been saved successfully to "C:\Users\Michelle\Desktop\MBR.dat"
19:19:26.329 The log file has been saved successfully to "C:\Users\Michelle\Desktop\aswMBR.txt"


18:55:59.0613 1916 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
18:55:59.0956 1916 ============================================================
18:55:59.0956 1916 Current date / time: 2012/04/07 18:55:59.0956
18:55:59.0956 1916 SystemInfo:
18:55:59.0956 1916
18:55:59.0956 1916 OS Version: 6.0.6002 ServicePack: 2.0
18:55:59.0956 1916 Product type: Workstation
18:55:59.0956 1916 ComputerName: MICHELLE-PC
18:55:59.0956 1916 UserName: Michelle
18:55:59.0956 1916 Windows directory: C:\Windows
18:55:59.0972 1916 System windows directory: C:\Windows
18:55:59.0972 1916 Processor architecture: Intel x86
18:55:59.0972 1916 Number of processors: 2
18:55:59.0972 1916 Page size: 0x1000
18:55:59.0972 1916 Boot type: Normal boot
18:55:59.0972 1916 ============================================================
18:56:00.0518 1916 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:56:00.0643 1916 \Device\Harddisk0\DR0:
18:56:00.0643 1916 MBR used
18:56:00.0643 1916 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F93800
18:56:00.0736 1916 Initialize success
18:56:00.0736 1916 ============================================================
18:56:07.0710 2440 ============================================================
18:56:07.0710 2440 Scan started
18:56:07.0710 2440 Mode: Manual;
18:56:07.0710 2440 ============================================================
18:56:08.0131 2440 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:56:08.0131 2440 ACPI - ok
18:56:08.0193 2440 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:56:08.0193 2440 adp94xx - ok
18:56:08.0302 2440 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:56:08.0302 2440 adpahci - ok
18:56:08.0334 2440 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:56:08.0334 2440 adpu160m - ok
18:56:08.0412 2440 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:56:08.0427 2440 adpu320 - ok
18:56:08.0458 2440 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:56:08.0458 2440 AeLookupSvc - ok
18:56:08.0536 2440 aeqegrqm - ok
18:56:08.0599 2440 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:56:08.0614 2440 AFD - ok
18:56:08.0630 2440 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
18:56:08.0646 2440 AgereModemAudio - ok
18:56:08.0770 2440 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
18:56:08.0786 2440 AgereSoftModem - ok
18:56:08.0880 2440 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:56:08.0880 2440 agp440 - ok
18:56:08.0911 2440 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:56:08.0911 2440 aic78xx - ok
18:56:09.0004 2440 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:56:09.0004 2440 ALG - ok
18:56:09.0067 2440 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:56:09.0067 2440 aliide - ok
18:56:09.0129 2440 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:56:09.0129 2440 amdagp - ok
18:56:09.0192 2440 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:56:09.0192 2440 amdide - ok
18:56:09.0285 2440 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:56:09.0285 2440 AmdK7 - ok
18:56:09.0316 2440 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:56:09.0332 2440 AmdK8 - ok
18:56:09.0410 2440 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:56:09.0410 2440 Appinfo - ok
18:56:09.0519 2440 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:56:09.0519 2440 arc - ok
18:56:09.0566 2440 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:56:09.0566 2440 arcsas - ok
18:56:09.0660 2440 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:56:09.0660 2440 AsyncMac - ok
18:56:09.0675 2440 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
18:56:09.0675 2440 atapi - ok
18:56:09.0784 2440 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:56:09.0784 2440 AudioEndpointBuilder - ok
18:56:09.0800 2440 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:56:09.0800 2440 Audiosrv - ok
18:56:09.0847 2440 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:56:09.0847 2440 Beep - ok
18:56:10.0065 2440 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
18:56:10.0081 2440 BITS - ok
18:56:10.0159 2440 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:56:10.0174 2440 blbdrive - ok
18:56:10.0284 2440 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:56:10.0299 2440 bowser - ok
18:56:10.0330 2440 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:56:10.0330 2440 BrFiltLo - ok
18:56:10.0393 2440 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:56:10.0393 2440 BrFiltUp - ok
18:56:10.0440 2440 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:56:10.0440 2440 Browser - ok
18:56:10.0533 2440 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:56:10.0533 2440 Brserid - ok
18:56:10.0549 2440 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:56:10.0549 2440 BrSerWdm - ok
18:56:10.0658 2440 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:56:10.0658 2440 BrUsbMdm - ok
18:56:10.0674 2440 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:56:10.0674 2440 BrUsbSer - ok
18:56:10.0767 2440 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:56:10.0783 2440 BTHMODEM - ok
18:56:10.0876 2440 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
18:56:10.0876 2440 camsvc - ok
18:56:11.0001 2440 catchme - ok
18:56:11.0095 2440 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:56:11.0095 2440 cdfs - ok
18:56:11.0142 2440 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:56:11.0142 2440 cdrom - ok
18:56:11.0251 2440 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:56:11.0251 2440 CertPropSvc - ok
18:56:11.0298 2440 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:56:11.0298 2440 circlass - ok
18:56:11.0407 2440 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:56:11.0422 2440 CLFS - ok
18:56:11.0516 2440 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:56:11.0516 2440 clr_optimization_v2.0.50727_32 - ok
18:56:11.0625 2440 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:56:11.0625 2440 clr_optimization_v4.0.30319_32 - ok
18:56:11.0688 2440 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:56:11.0688 2440 CmBatt - ok
18:56:11.0734 2440 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:56:11.0734 2440 cmdide - ok
18:56:11.0797 2440 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:56:11.0797 2440 Compbatt - ok
18:56:11.0844 2440 COMSysApp - ok
18:56:11.0937 2440 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
18:56:11.0937 2440 ConfigFree Service - ok
18:56:12.0015 2440 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:56:12.0015 2440 crcdisk - ok
18:56:12.0046 2440 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:56:12.0046 2440 Crusoe - ok
18:56:12.0140 2440 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
18:56:12.0140 2440 CryptSvc - ok
18:56:12.0249 2440 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:56:12.0265 2440 DcomLaunch - ok
18:56:12.0374 2440 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:56:12.0374 2440 DfsC - ok
18:56:12.0499 2440 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:56:12.0530 2440 DFSR - ok
18:56:12.0608 2440 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:56:12.0624 2440 Dhcp - ok
18:56:12.0670 2440 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:56:12.0670 2440 disk - ok
18:56:12.0780 2440 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:56:12.0780 2440 Dnscache - ok
18:56:12.0842 2440 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:56:12.0842 2440 dot3svc - ok
18:56:12.0920 2440 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:56:12.0936 2440 DPS - ok
18:56:12.0982 2440 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:56:12.0982 2440 drmkaud - ok
18:56:13.0138 2440 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:56:13.0138 2440 DXGKrnl - ok
18:56:13.0232 2440 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:56:13.0232 2440 E1G60 - ok
18:56:13.0310 2440 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:56:13.0310 2440 EapHost - ok
18:56:13.0372 2440 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:56:13.0388 2440 Ecache - ok
18:56:13.0466 2440 ehRecvr (3a511ed3c9a9da2cd5a50ff46178063a) C:\Windows\ehome\ehRecvr.exe
18:56:13.0466 2440 ehRecvr - ok
18:56:13.0497 2440 ehSched (a3d94c93333619458af4bde7531234c5) C:\Windows\ehome\ehsched.exe
18:56:13.0497 2440 ehSched - ok
18:56:13.0513 2440 ehstart (487ba5c5bb442bd172f120dc197811c2) C:\Windows\ehome\ehstart.dll
18:56:13.0513 2440 ehstart - ok
18:56:13.0622 2440 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:56:13.0622 2440 elxstor - ok
18:56:13.0700 2440 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:56:13.0700 2440 EMDMgmt - ok
18:56:13.0794 2440 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:56:13.0794 2440 ErrDev - ok
18:56:13.0903 2440 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:56:13.0903 2440 EventSystem - ok
18:56:14.0012 2440 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:56:14.0012 2440 exfat - ok
18:56:14.0074 2440 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:56:14.0074 2440 fastfat - ok
18:56:14.0184 2440 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:56:14.0184 2440 fdc - ok
18:56:14.0215 2440 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:56:14.0230 2440 fdPHost - ok
18:56:14.0308 2440 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:56:14.0308 2440 FDResPub - ok
18:56:14.0371 2440 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:56:14.0371 2440 FileInfo - ok
18:56:14.0480 2440 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:56:14.0480 2440 Filetrace - ok
18:56:14.0589 2440 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:56:14.0589 2440 flpydisk - ok
18:56:14.0714 2440 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:56:14.0714 2440 FltMgr - ok
18:56:14.0839 2440 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:56:14.0854 2440 FontCache - ok
18:56:14.0948 2440 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:56:14.0948 2440 FontCache3.0.0.0 - ok
18:56:15.0042 2440 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:56:15.0042 2440 Fs_Rec - ok
18:56:15.0073 2440 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
18:56:15.0073 2440 FwLnk - ok
18:56:15.0182 2440 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:56:15.0182 2440 gagp30kx - ok
18:56:15.0198 2440 generichidservice - ok
18:56:15.0260 2440 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:56:15.0260 2440 gpsvc - ok
18:56:15.0354 2440 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:15.0354 2440 gupdate - ok
18:56:15.0369 2440 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
18:56:15.0369 2440 gupdatem - ok
18:56:15.0400 2440 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:56:15.0400 2440 gusvc - ok
18:56:15.0510 2440 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:56:15.0510 2440 HdAudAddService - ok
18:56:15.0572 2440 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:56:15.0572 2440 HDAudBus - ok
18:56:15.0666 2440 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:56:15.0666 2440 HidBth - ok
18:56:15.0759 2440 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:56:15.0759 2440 HidIr - ok
18:56:15.0868 2440 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
18:56:15.0884 2440 hidserv - ok
18:56:15.0946 2440 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:56:15.0946 2440 HidUsb - ok
18:56:16.0024 2440 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:56:16.0024 2440 hkmsvc - ok
18:56:16.0071 2440 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:56:16.0087 2440 HpCISSs - ok
18:56:16.0165 2440 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys
18:56:16.0165 2440 HTCAND32 - ok
18:56:16.0212 2440 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys
18:56:16.0212 2440 htcnprot - ok
18:56:16.0336 2440 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:56:16.0336 2440 HTTP - ok
18:56:16.0430 2440 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:56:16.0430 2440 i2omp - ok
18:56:16.0477 2440 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:56:16.0477 2440 i8042prt - ok
18:56:16.0586 2440 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
18:56:16.0602 2440 iaStor - ok
18:56:16.0695 2440 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:56:16.0711 2440 iaStorV - ok
18:56:16.0789 2440 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
18:56:16.0789 2440 IDriverT - ok
18:56:16.0929 2440 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:56:16.0945 2440 idsvc - ok
18:56:17.0116 2440 igfx (43daae0cfc92c86e43f63c2f491a870d) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:56:17.0148 2440 igfx - ok
18:56:17.0241 2440 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:56:17.0241 2440 iirsp - ok
18:56:17.0319 2440 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:56:17.0319 2440 IKEEXT - ok
18:56:17.0397 2440 inspect - ok
18:56:17.0506 2440 IntcAzAudAddService (3d40dd1831ed82a9ff660949506aad56) C:\Windows\system32\drivers\RTKVHDA.sys
18:56:17.0553 2440 IntcAzAudAddService - ok
18:56:17.0631 2440 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:56:17.0631 2440 intelide - ok
18:56:17.0647 2440 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:56:17.0647 2440 intelppm - ok
18:56:17.0725 2440 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:56:17.0725 2440 IPBusEnum - ok
18:56:17.0772 2440 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:56:17.0772 2440 IpFilterDriver - ok
18:56:17.0865 2440 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:56:17.0865 2440 iphlpsvc - ok
18:56:17.0896 2440 IpInIp - ok
18:56:17.0974 2440 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:56:17.0974 2440 IPMIDRV - ok
18:56:18.0021 2440 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:56:18.0021 2440 IPNAT - ok
18:56:18.0115 2440 ipsec - ok
18:56:18.0162 2440 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:56:18.0162 2440 IRENUM - ok
18:56:18.0255 2440 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:56:18.0255 2440 isapnp - ok
18:56:18.0318 2440 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:56:18.0333 2440 iScsiPrt - ok
18:56:18.0427 2440 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:56:18.0427 2440 iteatapi - ok
18:56:18.0458 2440 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:56:18.0458 2440 iteraid - ok
18:56:18.0567 2440 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:56:18.0567 2440 kbdclass - ok
18:56:18.0630 2440 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:56:18.0630 2440 kbdhid - ok
18:56:18.0723 2440 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:56:18.0723 2440 KeyIso - ok
18:56:18.0754 2440 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:56:18.0754 2440 KSecDD - ok
18:56:18.0848 2440 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:56:18.0848 2440 KtmRm - ok
18:56:18.0973 2440 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
18:56:18.0973 2440 LanmanServer - ok
18:56:19.0004 2440 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:56:19.0020 2440 LanmanWorkstation - ok
18:56:19.0098 2440 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:56:19.0098 2440 LightScribeService - ok
18:56:19.0207 2440 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:56:19.0222 2440 lltdio - ok
18:56:19.0300 2440 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:56:19.0300 2440 lltdsvc - ok
18:56:19.0394 2440 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:56:19.0394 2440 lmhosts - ok
18:56:19.0456 2440 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:56:19.0472 2440 LSI_FC - ok
18:56:19.0566 2440 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:56:19.0566 2440 LSI_SAS - ok
18:56:19.0659 2440 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:56:19.0659 2440 LSI_SCSI - ok
18:56:19.0706 2440 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:56:19.0706 2440 luafv - ok
18:56:19.0737 2440 Mcx2Svc (3bd2ad18179dead6652e87157fb98e4a) C:\Windows\system32\Mcx2Svc.dll
18:56:19.0737 2440 Mcx2Svc - ok
18:56:19.0831 2440 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:56:19.0831 2440 megasas - ok
18:56:19.0893 2440 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:56:19.0893 2440 MegaSR - ok
18:56:20.0002 2440 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:56:20.0002 2440 MMCSS - ok
18:56:20.0065 2440 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:56:20.0065 2440 Modem - ok
18:56:20.0143 2440 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:56:20.0143 2440 monitor - ok
18:56:20.0158 2440 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:56:20.0158 2440 mouclass - ok
18:56:20.0205 2440 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:56:20.0205 2440 mouhid - ok
18:56:20.0283 2440 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:56:20.0283 2440 MountMgr - ok
18:56:20.0346 2440 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
18:56:20.0346 2440 MpFilter - ok
18:56:20.0470 2440 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:56:20.0470 2440 mpio - ok
18:56:20.0580 2440 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
18:56:20.0595 2440 MpNWMon - ok
18:56:20.0704 2440 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:56:20.0704 2440 mpsdrv - ok
18:56:20.0736 2440 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:56:20.0736 2440 Mraid35x - ok
18:56:20.0860 2440 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:56:20.0860 2440 MRxDAV - ok
18:56:20.0985 2440 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:56:20.0985 2440 mrxsmb - ok
18:56:21.0048 2440 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:56:21.0048 2440 mrxsmb10 - ok
18:56:21.0172 2440 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:56:21.0172 2440 mrxsmb20 - ok
18:56:21.0282 2440 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
18:56:21.0282 2440 msahci - ok
18:56:21.0313 2440 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:56:21.0313 2440 msdsm - ok
18:56:21.0406 2440 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:56:21.0406 2440 MSDTC - ok
18:56:21.0469 2440 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:56:21.0469 2440 Msfs - ok
18:56:21.0547 2440 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:56:21.0547 2440 msisadrv - ok
18:56:21.0625 2440 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:56:21.0625 2440 MSiSCSI - ok
18:56:21.0703 2440 msiserver - ok
18:56:21.0734 2440 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:56:21.0734 2440 MSKSSRV - ok
18:56:21.0843 2440 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
18:56:21.0843 2440 MsMpSvc - ok
18:56:21.0937 2440 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:56:21.0937 2440 MSPCLOCK - ok
18:56:21.0968 2440 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:56:21.0968 2440 MSPQM - ok
18:56:22.0062 2440 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:56:22.0062 2440 MsRPC - ok
18:56:22.0140 2440 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:56:22.0140 2440 mssmbios - ok
18:56:22.0218 2440 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:56:22.0218 2440 MSTEE - ok
18:56:22.0311 2440 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:56:22.0311 2440 Mup - ok
18:56:22.0358 2440 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:56:22.0358 2440 napagent - ok
18:56:22.0483 2440 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:56:22.0483 2440 NativeWifiP - ok
18:56:22.0592 2440 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:56:22.0608 2440 NDIS - ok
18:56:22.0717 2440 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:56:22.0717 2440 NdisTapi - ok
18:56:22.0732 2440 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:56:22.0732 2440 Ndisuio - ok
18:56:22.0857 2440 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:56:22.0873 2440 NdisWan - ok
18:56:22.0904 2440 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:56:22.0904 2440 NDProxy - ok
18:56:22.0982 2440 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:56:22.0982 2440 NetBIOS - ok
18:56:23.0044 2440 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:56:23.0044 2440 netbt - ok
18:56:23.0138 2440 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:56:23.0138 2440 Netlogon - ok
18:56:23.0200 2440 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:56:23.0200 2440 Netman - ok
18:56:23.0310 2440 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:56:23.0310 2440 netprofm - ok
18:56:23.0388 2440 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:56:23.0403 2440 NetTcpPortSharing - ok
18:56:23.0497 2440 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:56:23.0497 2440 nfrd960 - ok
18:56:23.0559 2440 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:56:23.0575 2440 NisDrv - ok
18:56:23.0684 2440 NisSrv (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
18:56:23.0684 2440 NisSrv - ok
18:56:23.0762 2440 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:56:23.0762 2440 NlaSvc - ok
18:56:23.0824 2440 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:56:23.0824 2440 Npfs - ok
18:56:23.0887 2440 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:56:23.0887 2440 nsi - ok
18:56:23.0934 2440 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:56:23.0934 2440 nsiproxy - ok
18:56:24.0074 2440 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:56:24.0090 2440 Ntfs - ok
18:56:24.0183 2440 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:56:24.0183 2440 ntrigdigi - ok
18:56:24.0214 2440 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:56:24.0214 2440 Null - ok
18:56:24.0261 2440 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:56:24.0261 2440 nvraid - ok
18:56:24.0308 2440 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:56:24.0308 2440 nvstor - ok
18:56:24.0402 2440 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:56:24.0402 2440 nv_agp - ok
18:56:24.0402 2440 NwlnkFlt - ok
18:56:24.0417 2440 NwlnkFwd - ok
18:56:24.0589 2440 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:56:24.0589 2440 odserv - ok
18:56:24.0714 2440 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:56:24.0714 2440 ohci1394 - ok
18:56:24.0792 2440 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:56:24.0792 2440 ose - ok
18:56:24.0916 2440 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:56:24.0932 2440 p2pimsvc - ok
18:56:24.0948 2440 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:56:24.0963 2440 p2psvc - ok
18:56:25.0057 2440 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:56:25.0057 2440 Parport - ok
18:56:25.0104 2440 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:56:25.0104 2440 partmgr - ok
18:56:25.0182 2440 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:56:25.0182 2440 Parvdm - ok
18:56:25.0291 2440 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
18:56:25.0291 2440 PassThru Service - ok
18:56:25.0369 2440 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:56:25.0369 2440 PcaSvc - ok
18:56:25.0431 2440 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:56:25.0447 2440 pci - ok
18:56:25.0525 2440 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\DRIVERS\pciide.sys
18:56:25.0525 2440 pciide - ok
18:56:25.0618 2440 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:56:25.0634 2440 pcmcia - ok
18:56:25.0665 2440 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:56:25.0681 2440 PEAUTH - ok
18:56:25.0790 2440 PGEffect (28f7ffff50c474cf8be16a2cacc7ce42) C:\Windows\system32\DRIVERS\pgeffect.sys
18:56:25.0790 2440 PGEffect - ok
18:56:25.0868 2440 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:56:25.0884 2440 pla - ok
18:56:25.0993 2440 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:56:25.0993 2440 PlugPlay - ok
18:56:26.0055 2440 pneteth (713e294439d982bb161317de0136faa0) C:\Windows\system32\DRIVERS\pneteth.sys
18:56:26.0055 2440 pneteth - ok
18:56:26.0180 2440 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:56:26.0196 2440 PNRPAutoReg - ok
18:56:26.0211 2440 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:56:26.0227 2440 PNRPsvc - ok
18:56:26.0336 2440 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:56:26.0336 2440 PolicyAgent - ok
18:56:26.0383 2440 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:56:26.0383 2440 PptpMiniport - ok
18:56:26.0461 2440 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:56:26.0461 2440 Processor - ok
18:56:26.0523 2440 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:56:26.0523 2440 ProfSvc - ok
18:56:26.0617 2440 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:56:26.0617 2440 ProtectedStorage - ok
18:56:26.0695 2440 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:56:26.0695 2440 PSched - ok
18:56:26.0820 2440 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:56:26.0835 2440 ql2300 - ok
18:56:26.0929 2440 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:56:26.0929 2440 ql40xx - ok
18:56:26.0976 2440 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:56:26.0976 2440 QWAVE - ok
18:56:27.0069 2440 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:56:27.0085 2440 QWAVEdrv - ok
18:56:27.0100 2440 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:56:27.0100 2440 RasAcd - ok
18:56:27.0178 2440 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:56:27.0178 2440 RasAuto - ok
18:56:27.0241 2440 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:56:27.0241 2440 Rasl2tp - ok
18:56:27.0381 2440 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:56:27.0381 2440 RasMan - ok
18:56:27.0459 2440 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:56:27.0475 2440 RasPppoe - ok
18:56:27.0537 2440 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:56:27.0537 2440 RasSstp - ok
18:56:27.0631 2440 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:56:27.0631 2440 rdbss - ok
18:56:27.0724 2440 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:56:27.0724 2440 RDPCDD - ok
18:56:27.0818 2440 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:56:27.0818 2440 rdpdr - ok
18:56:27.0865 2440 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:56:27.0865 2440 RDPENCDD - ok
18:56:27.0974 2440 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
18:56:27.0974 2440 RDPWD - ok
18:56:28.0068 2440 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:56:28.0068 2440 RemoteAccess - ok
18:56:28.0130 2440 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:56:28.0130 2440 RemoteRegistry - ok
18:56:28.0192 2440 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:56:28.0208 2440 RpcLocator - ok
18:56:28.0286 2440 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:56:28.0286 2440 RpcSs - ok
18:56:28.0380 2440 RSELSVC - ok
18:56:28.0473 2440 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:56:28.0489 2440 rspndr - ok
18:56:28.0567 2440 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
18:56:28.0567 2440 RTL8169 - ok
18:56:28.0692 2440 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
18:56:28.0692 2440 RTL8187B - ok
18:56:28.0723 2440 RtlProt (0d60b8c10a2c5e8dd620b3fdeb1cda64) C:\Windows\system32\DRIVERS\rtlprot.sys
18:56:28.0723 2440 RtlProt - ok
18:56:28.0816 2440 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:56:28.0816 2440 SamSs - ok
18:56:28.0957 2440 SASDIFSV (4bfbb868c869a4f8486d4c36849d59cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
18:56:28.0957 2440 SASDIFSV - ok
18:56:28.0972 2440 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
18:56:28.0972 2440 SASKUTIL - ok
18:56:29.0066 2440 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:56:29.0066 2440 sbp2port - ok
18:56:29.0160 2440 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
18:56:29.0175 2440 SBSDWSCService - ok
18:56:29.0300 2440 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:56:29.0316 2440 SCardSvr - ok
18:56:29.0378 2440 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:56:29.0394 2440 Schedule - ok
18:56:29.0487 2440 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:56:29.0503 2440 SCPolicySvc - ok
18:56:29.0581 2440 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:56:29.0581 2440 SDRSVC - ok
18:56:29.0721 2440 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
18:56:29.0721 2440 SeaPort - ok
18:56:29.0799 2440 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:56:29.0799 2440 secdrv - ok
18:56:29.0846 2440 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:56:29.0846 2440 seclogon - ok
18:56:29.0924 2440 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
18:56:29.0924 2440 SENS - ok
18:56:29.0971 2440 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:56:29.0971 2440 Serenum - ok
18:56:30.0049 2440 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:56:30.0049 2440 Serial - ok
18:56:30.0096 2440 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:56:30.0096 2440 sermouse - ok
18:56:30.0174 2440 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:56:30.0189 2440 SessionEnv - ok
18:56:30.0236 2440 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:56:30.0236 2440 sffdisk - ok
18:56:30.0314 2440 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:56:30.0314 2440 sffp_mmc - ok
18:56:30.0330 2440 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:56:30.0330 2440 sffp_sd - ok
18:56:30.0361 2440 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:56:30.0376 2440 sfloppy - ok
18:56:30.0454 2440 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:56:30.0470 2440 SharedAccess - ok
18:56:30.0517 2440 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:56:30.0532 2440 ShellHWDetection - ok
18:56:30.0610 2440 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:56:30.0610 2440 sisagp - ok
18:56:30.0704 2440 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:56:30.0704 2440 SiSRaid2 - ok
18:56:30.0798 2440 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:56:30.0798 2440 SiSRaid4 - ok
18:56:30.0985 2440 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:56:31.0078 2440 slsvc - ok
18:56:31.0172 2440 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:56:31.0172 2440 SLUINotify - ok
18:56:31.0219 2440 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:56:31.0219 2440 SNMPTRAP - ok
18:56:31.0281 2440 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
18:56:31.0297 2440 Sony Ericsson PCCompanion - ok
18:56:31.0375 2440 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:56:31.0375 2440 spldr - ok
18:56:31.0437 2440 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:56:31.0437 2440 Spooler - ok
18:56:31.0546 2440 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:56:31.0562 2440 srv - ok
18:56:31.0593 2440 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:56:31.0593 2440 srv2 - ok
18:56:31.0671 2440 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:56:31.0687 2440 srvnet - ok
18:56:31.0718 2440 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:56:31.0734 2440 SSDPSRV - ok
18:56:31.0812 2440 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:56:31.0827 2440 SstpSvc - ok
18:56:31.0890 2440 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:56:31.0890 2440 stisvc - ok
18:56:31.0999 2440 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:56:31.0999 2440 swenum - ok
18:56:32.0061 2440 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:56:32.0077 2440 swprv - ok
18:56:32.0170 2440 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:56:32.0170 2440 Symc8xx - ok
18:56:32.0202 2440 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:56:32.0202 2440 Sym_hi - ok
18:56:32.0295 2440 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:56:32.0311 2440 Sym_u3 - ok
18:56:32.0342 2440 SynTP (8fe2c9649ffe62143965f8d16b08be28) C:\Windows\system32\DRIVERS\SynTP.sys
18:56:32.0358 2440 SynTP - ok
18:56:32.0482 2440 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:56:32.0482 2440 SysMain - ok
18:56:32.0529 2440 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:56:32.0529 2440 TabletInputService - ok
18:56:32.0623 2440 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:56:32.0638 2440 TapiSrv - ok
18:56:32.0732 2440 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:56:32.0732 2440 TBS - ok
18:56:32.0810 2440 Tcpip (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\drivers\tcpip.sys
18:56:32.0826 2440 Tcpip - ok
18:56:32.0982 2440 Tcpip6 (16731b631f28f63cd9f4cb60940e7ddd) C:\Windows\system32\DRIVERS\tcpip.sys
18:56:32.0997 2440 Tcpip6 - ok
18:56:33.0106 2440 tcpipreg (3fc13f09af9be487c7b4fac4070a036c) C:\Windows\system32\drivers\tcpipreg.sys
18:56:33.0106 2440 tcpipreg - ok
18:56:33.0138 2440 tdcmdpst (6fdfba25002ce4bac463ac866ae71405) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:56:33.0138 2440 tdcmdpst - ok
18:56:33.0231 2440 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:56:33.0231 2440 TDPIPE - ok
18:56:33.0278 2440 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:56:33.0278 2440 TDTCP - ok
18:56:33.0325 2440 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:56:33.0325 2440 tdx - ok
18:56:33.0434 2440 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:56:33.0465 2440 TermDD - ok
18:56:33.0528 2440 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:56:33.0528 2440 TermService - ok
18:56:33.0637 2440 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:56:33.0652 2440 Themes - ok
18:56:33.0684 2440 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:56:33.0684 2440 THREADORDER - ok
18:56:33.0808 2440 TMachInfo (fb8448d1b0da00d70c28adf9282b31bb) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:56:33.0808 2440 TMachInfo - ok
18:56:33.0855 2440 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
18:56:33.0855 2440 TNaviSrv - ok
18:56:33.0933 2440 TODDSrv (c5ac715b65b01788abc22d10749dddd8) C:\Windows\system32\TODDSrv.exe
18:56:33.0949 2440 TODDSrv - ok
18:56:34.0042 2440 TosCoSrv (5557e7f940cbcf09be43379f551f6689) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:56:34.0042 2440 TosCoSrv - ok
18:56:34.0089 2440 TOSHIBA eco Utility Service (4d689051684eb542187395dc14f28a7f) C:\Program Files\TOSHIBA\TECO\TecoService.exe
18:56:34.0089 2440 TOSHIBA eco Utility Service - ok
18:56:34.0167 2440 TOSHIBA HDD SSD Alert Service (b792d35b8bdc5fc4106808ff5c7770ab) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:56:34.0167 2440 TOSHIBA HDD SSD Alert Service - ok
18:56:34.0261 2440 tos_sps32 (4399a9bf7d8f49991a07fd86590a1619) C:\Windows\system32\DRIVERS\tos_sps32.sys
18:56:34.0261 2440 tos_sps32 - ok
18:56:34.0432 2440 TPCHSrv (507759e00572524834940dae5caff007) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
18:56:34.0448 2440 TPCHSrv - ok
18:56:34.0526 2440 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:56:34.0526 2440 TrkWks - ok
18:56:34.0604 2440 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:56:34.0604 2440 TrustedInstaller - ok
18:56:34.0651 2440 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:56:34.0651 2440 tssecsrv - ok
18:56:34.0744 2440 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:56:34.0744 2440 tunmp - ok
18:56:34.0776 2440 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:56:34.0776 2440 tunnel - ok
18:56:34.0869 2440 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:56:34.0869 2440 TVALZ - ok
18:56:34.0978 2440 TVALZFL (009aecd4c19209b09669a6615ea1e889) C:\Windows\system32\DRIVERS\TVALZFL.sys
18:56:34.0978 2440 TVALZFL - ok
18:56:35.0025 2440 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:56:35.0025 2440 uagp35 - ok
18:56:35.0150 2440 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:56:35.0150 2440 udfs - ok
18:56:35.0244 2440 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:56:35.0259 2440 UI0Detect - ok
18:56:35.0290 2440 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:56:35.0290 2440 uliagpkx - ok
18:56:35.0322 2440 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:56:35.0322 2440 uliahci - ok
18:56:35.0415 2440 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:56:35.0431 2440 UlSata - ok
18:56:35.0540 2440 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:56:35.0540 2440 ulsata2 - ok
18:56:35.0634 2440 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:56:35.0634 2440 umbus - ok
18:56:35.0743 2440 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:56:35.0743 2440 upnphost - ok
18:56:35.0821 2440 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:56:35.0821 2440 usbccgp - ok
18:56:35.0899 2440 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:56:35.0899 2440 usbcir - ok
18:56:35.0930 2440 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:56:35.0930 2440 usbehci - ok
18:56:35.0992 2440 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:56:35.0992 2440 usbhub - ok
18:56:36.0086 2440 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:56:36.0086 2440 usbohci - ok
18:56:36.0164 2440 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:56:36.0164 2440 usbprint - ok
18:56:36.0289 2440 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
18:56:36.0289 2440 usbscan - ok
18:56:36.0351 2440 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:56:36.0351 2440 USBSTOR - ok
18:56:36.0460 2440 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:56:36.0460 2440 usbuhci - ok
18:56:36.0554 2440 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:56:36.0554 2440 usbvideo - ok
18:56:36.0601 2440 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys
18:56:36.0616 2440 usb_rndisx - ok
18:56:36.0726 2440 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:56:36.0726 2440 UxSms - ok
18:56:36.0788 2440 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:56:36.0788 2440 vds - ok
18:56:36.0866 2440 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:56:36.0882 2440 vga - ok
18:56:36.0897 2440 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:56:36.0897 2440 VgaSave - ok
18:56:36.0991 2440 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:56:36.0991 2440 viaagp - ok
18:56:37.0069 2440 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:56:37.0069 2440 ViaC7 - ok
18:56:37.0100 2440 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:56:37.0100 2440 viaide - ok
18:56:37.0225 2440 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:56:37.0240 2440 volmgr - ok
18:56:37.0303 2440 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:56:37.0303 2440 volmgrx - ok
18:56:37.0428 2440 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:56:37.0443 2440 volsnap - ok
18:56:37.0521 2440 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:56:37.0521 2440 vsmraid - ok
18:56:37.0646 2440 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:56:37.0662 2440 VSS - ok
18:56:37.0771 2440 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:56:37.0771 2440 W32Time - ok
18:56:37.0818 2440 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:56:37.0818 2440 WacomPen - ok
18:56:37.0880 2440 wampmysqld - ok
18:56:37.0927 2440 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:37.0927 2440 Wanarp - ok
18:56:37.0927 2440 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:56:37.0927 2440 Wanarpv6 - ok
18:56:38.0036 2440 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:56:38.0052 2440 wcncsvc - ok
18:56:38.0083 2440 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:56:38.0083 2440 WcsPlugInService - ok
18:56:38.0176 2440 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:56:38.0176 2440 Wd - ok
18:56:38.0208 2440 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:56:38.0208 2440 Wdf01000 - ok
18:56:38.0301 2440 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:56:38.0301 2440 WdiServiceHost - ok
18:56:38.0301 2440 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:56:38.0317 2440 WdiSystemHost - ok
18:56:38.0364 2440 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:56:38.0364 2440 WebClient - ok
18:56:38.0457 2440 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:56:38.0473 2440 Wecsvc - ok
18:56:38.0488 2440 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:56:38.0504 2440 wercplsupport - ok
18:56:38.0566 2440 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:56:38.0566 2440 WerSvc - ok
18:56:38.0644 2440 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:56:38.0660 2440 WinDefend - ok
18:56:38.0660 2440 WinHttpAutoProxySvc - ok
18:56:38.0785 2440 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:56:38.0785 2440 Winmgmt - ok
18:56:38.0863 2440 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:56:38.0894 2440 WinRM - ok
18:56:39.0019 2440 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:56:39.0034 2440 Wlansvc - ok
18:56:39.0144 2440 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:56:39.0159 2440 wlidsvc - ok
18:56:39.0237 2440 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:56:39.0237 2440 WmiAcpi - ok
18:56:39.0378 2440 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:56:39.0378 2440 wmiApSrv - ok
18:56:39.0502 2440 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:56:39.0518 2440 WMPNetworkSvc - ok
18:56:39.0643 2440 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:56:39.0643 2440 WPCSvc - ok
18:56:39.0674 2440 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:56:39.0690 2440 WPDBusEnum - ok
18:56:39.0877 2440 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:56:39.0877 2440 WPFFontCache_v0400 - ok
18:56:39.0970 2440 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:56:39.0970 2440 ws2ifsl - ok
18:56:40.0017 2440 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
18:56:40.0017 2440 wscsvc - ok
18:56:40.0080 2440 WSearch - ok
18:56:40.0173 2440 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:56:40.0204 2440 wuauserv - ok
18:56:40.0282 2440 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:56:40.0282 2440 WUDFRd - ok
18:56:40.0329 2440 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:56:40.0329 2440 wudfsvc - ok
18:56:40.0376 2440 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
18:56:40.0438 2440 \Device\Harddisk0\DR0 - ok
18:56:40.0438 2440 Boot (0x1200) (e68b456f1e41c4488749748d242358e2) \Device\Harddisk0\DR0\Partition0
18:56:40.0438 2440 \Device\Harddisk0\DR0\Partition0 - ok
18:56:40.0438 2440 ============================================================
18:56:40.0438 2440 Scan finished
18:56:40.0438 2440 ============================================================
18:56:40.0470 2148 Detected object count: 0
18:56:40.0470 2148 Actual detected object count: 0
18:57:57.0846 3180 Deinitialize success

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 07 April 2012 - 08:39 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::

File::
C:\Users\Michelle\AppData\Roaming\Google\Google\ruamntmv.dll

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 08 April 2012 - 12:42 PM

I cant get combofix to run. I tried it in regular and safe mode. It does the first box but it never goes to the blue screen.

Any suggestions?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 08 April 2012 - 02:23 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 08 April 2012 - 02:41 PM

Okay. So I had to run that in Safemode. It kept freexing otherwise.

Here is the log.

OTL logfile created on: 4/8/2012 3:32:10 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Michelle\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 84.28% Memory free
5.94 Gb Paging File | 5.69 Gb Available in Paging File | 95.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.79 Gb Total Space | 158.57 Gb Free Space | 55.10% Space Free | Partition Type: NTFS

Computer Name: MICHELLE-PC | User Name: Michelle | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Michelle\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV - (wampmysqld) -- %systemroot%\system32\com0com.dll File not found
SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (ipsec) -- %systemroot%\system32\tavsvc.dll File not found
SRV - (inspect) -- %systemroot%\system32\lxce_device.dll File not found
SRV - (generichidservice) -- %systemroot%\system32\webrootenterpriseclientservice.dll File not found
SRV - (Sony Ericsson PCCompanion) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (PassThru Service) -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (camsvc) -- C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe (TOSHIBA)
SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation)
SRV - (TPCHSrv) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV - (TMachInfo) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (RSELSVC) -- C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe (TOSHIBA Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (aeqegrqm) -- C:\Windows\system32\drivers\aeqegrqm.sys File not found
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (htcnprot) -- C:\Windows\System32\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (RTL8187B) -- C:\Windows\System32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (HTCAND32) -- C:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (TVALZFL) -- C:\Windows\System32\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows ® Codename Longhorn DDK provider)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE - HKLM\..\SearchScopes\{75C98131-54C0-4002-B3A9-391BC15BA6E3}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB_enUS478
IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\..\SearchScopes\{75C98131-54C0-4002-B3A9-391BC15BA6E3}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSHB
IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2
IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-iobit
IE - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Media Software and Services Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michelle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\widgetruntime@surfsecret.com: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2010/09/06 20:06:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/06 18:52:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/23 00:20:52 | 000,000,000 | ---D | M]

[2012/04/06 22:06:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michelle\AppData\Roaming\Mozilla\Extensions
[2012/04/06 18:52:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/11 09:09:53 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/03/13 00:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/03/13 00:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 00:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Michelle\AppData\Local\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michelle\AppData\Local\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michelle\AppData\Local\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Michelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/07 18:11:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cfFncEnabler.exe] C:\Program Files\TOSHIBA\ConfigFree\cfFncEnabler.exe (Toshiba Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2441505634-2020984227-1343173905-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B5000AA-FF92-48A3-A5FD-27C3B6EDA01C}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855BDFB4-0AD2-41EA-9306-C2E3D7F27272}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C75C381-3FC4-4004-870F-5613A79DC7B0}: DhcpNameServer = 192.168.42.129
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Michelle\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/07 23:03:24 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/04/07 18:18:12 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/07 18:18:12 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Local\temp
[2012/04/07 18:11:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/07 17:19:51 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/04/07 16:41:25 | 004,452,637 | R--- | C] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
[2012/04/06 22:06:23 | 000,000,000 | ---D | C] -- C:\Users\Michelle\AppData\Roaming\Mozilla
[2012/04/06 17:13:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/06 17:13:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/06 17:13:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/06 17:12:26 | 000,000,000 | R--D | C] -- C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/04/06 17:12:26 | 000,000,000 | R--D | C] -- C:\Users\Michelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/04/06 16:59:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/06 16:52:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/05 21:37:53 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/01 21:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/04/01 21:20:25 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012/03/20 10:47:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/20 10:18:35 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/20 03:08:00 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/03/20 03:07:58 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/03/20 03:07:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/03/20 03:07:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/03/20 03:07:57 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/03/20 03:07:54 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/03/19 08:35:02 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/19 08:34:52 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/19 08:34:52 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/19 08:34:52 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/19 08:34:52 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/19 08:34:52 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/19 08:31:19 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll

========== Files - Modified Within 30 Days ==========

[2012/04/08 15:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/08 15:30:16 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 15:30:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/08 15:09:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/08 14:34:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2441505634-2020984227-1343173905-1000UA.job
[2012/04/08 10:38:56 | 000,606,602 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/08 10:38:56 | 000,105,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/08 10:31:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/07 19:19:26 | 000,000,512 | ---- | M] () -- C:\Users\Michelle\Desktop\MBR.dat
[2012/04/07 18:11:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/04/07 16:41:20 | 004,452,637 | R--- | M] (Swearware) -- C:\Users\Michelle\Desktop\ComboFix.exe
[2012/04/07 16:34:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2441505634-2020984227-1343173905-1000Core.job
[2012/04/07 12:41:20 | 000,000,162 | -H-- | M] () -- C:\Users\Michelle\Desktop\~$cument.rtf
[2012/04/07 12:39:25 | 000,001,377 | ---- | M] () -- C:\Users\Michelle\Desktop\Document.rtf
[2012/04/07 08:57:28 | 000,000,000 | ---- | M] () -- C:\Users\Michelle\defogger_reenable
[2012/04/07 08:55:23 | 000,050,477 | ---- | M] () -- C:\Users\Michelle\Desktop\Defogger.exe
[2012/04/06 18:52:55 | 000,000,841 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/06 18:52:55 | 000,000,817 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/06 06:02:10 | 000,002,068 | ---- | M] () -- C:\Users\Michelle\Desktop\Google Chrome.lnk
[2012/04/06 06:02:10 | 000,002,030 | ---- | M] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/05 17:04:36 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 18:26:37 | 000,060,416 | ---- | M] () -- C:\Users\Michelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/01 21:25:04 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/04/01 21:09:22 | 000,000,287 | ---- | M] () -- C:\Windows\wininit.ini
[2012/03/30 07:43:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/30 07:43:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/29 10:57:30 | 000,000,855 | RH-- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120405-170040.backup
[2012/03/20 10:18:35 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/20 03:29:51 | 000,340,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/04/07 19:19:26 | 000,000,512 | ---- | C] () -- C:\Users\Michelle\Desktop\MBR.dat
[2012/04/07 12:41:20 | 000,000,162 | -H-- | C] () -- C:\Users\Michelle\Desktop\~$cument.rtf
[2012/04/07 12:39:25 | 000,001,377 | ---- | C] () -- C:\Users\Michelle\Desktop\Document.rtf
[2012/04/07 08:57:28 | 000,000,000 | ---- | C] () -- C:\Users\Michelle\defogger_reenable
[2012/04/07 08:55:25 | 000,050,477 | ---- | C] () -- C:\Users\Michelle\Desktop\Defogger.exe
[2012/04/06 18:52:55 | 000,000,841 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/06 18:52:55 | 000,000,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/06 18:52:55 | 000,000,817 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/04/06 17:13:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/06 17:13:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/06 17:13:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/06 17:13:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/06 17:13:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/05 17:04:36 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/04 16:33:03 | 000,002,068 | ---- | C] () -- C:\Users\Michelle\Desktop\Google Chrome.lnk
[2012/04/04 16:33:03 | 000,002,030 | ---- | C] () -- C:\Users\Michelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/04/04 16:29:52 | 000,000,920 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2441505634-2020984227-1343173905-1000UA.job
[2012/04/04 16:29:52 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2441505634-2020984227-1343173905-1000Core.job
[2012/04/01 21:25:04 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/04/01 21:21:42 | 000,001,779 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/30 07:43:30 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/03/30 07:43:30 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/03/29 14:24:22 | 000,000,287 | ---- | C] () -- C:\Windows\wininit.ini
[2011/10/08 16:02:54 | 000,000,243 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/10/08 16:02:54 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/10/08 16:01:55 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2011/10/08 15:59:41 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/10/08 10:23:52 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/07/06 20:15:13 | 000,000,680 | ---- | C] () -- C:\Users\Michelle\AppData\Local\d3d9caps.dat
[2010/09/08 07:55:35 | 000,855,641 | ---- | C] () -- C:\Users\Michelle\AppData\Roaming\PandaIDProtectHelp.chm
[2010/06/06 10:20:02 | 000,065,344 | ---- | C] () -- C:\Windows\System32\PDFreDirectMonNT.dll

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:19 AM

Posted 08 April 2012 - 09:31 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :Files
    C:\Users\Michelle\AppData\Roaming\Google\Google\ruamntmv.dll
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 08 April 2012 - 09:36 PM

No reboot was necessary.
Here is the log!


========== FILES ==========
C:\Users\Michelle\AppData\Roaming\Google\Google\ruamntmv.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Michelle\Downloads\cmd.bat deleted successfully.
C:\Users\Michelle\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Michelle
->Java cache emptied: 16439622 bytes

User: Public

Total Java Files Cleaned = 16.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Michelle
->Flash cache emptied: 11063986 bytes

User: Public

Total Flash Files Cleaned = 11.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04082012_223530

#15 unagimaki

unagimaki
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 08 April 2012 - 09:42 PM

The computer seems to be doing better. The recycling bin works now. I havent had any redirects or random radio stations. I cant get my windows firewall to work still. When I go to turn it on it says "Security center can't turn on windows firewall".

I appreciate all your help thus far!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users