Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Happili Redirect Problem


  • This topic is locked This topic is locked
27 replies to this topic

#1 tawcoma26

tawcoma26

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 24 April 2012 - 03:51 AM

Hello everyone, I did a search for help and google led me back here. I've used help here once before and it worked the last time, so I figured you guys could help me again.

My girlfriends laptop has recently started experiencing Happili and other link redirects. I ran Hijackthis, Malwarebytes, AVG, and currently running Eset right now. Thanks for the help in advance.

BC AdBot (Login to Remove)

 


#2 tawcoma26

tawcoma26
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 24 April 2012 - 09:22 PM

Found one virus through ESET. I'll post up its exact name soon.

#3 tawcoma26

tawcoma26
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 25 April 2012 - 12:01 AM

Here's the found file from ESET.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 25 April 2012 - 01:55 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 tawcoma26

tawcoma26
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 25 April 2012 - 01:47 PM

Here's the TEXT Copies of the scans you requested. They are in order of how you asked to use them.

I do have to say I haven't had any redirects to Happili since removing that Trojan with ESET. Although I haven't used Google search quite as much.



Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 14
Java version out of date!
Adobe Flash Player 10.1.53.64 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````







.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tiffy at 11:39:55 on 2012-04-25
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1114 [GMT -7:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\windows\system32\svchost.exe -k HPService
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\windows\system32\wuauclt.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Tiffy\Downloads\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AIRMOU~1.LNK - C:\Program Files (x86)\Air Mouse\Air Mouse\Air Mouse.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C271F27A-4D88-4C5A-BB56-90134879BC76} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{C271F27A-4D88-4C5A-BB56-90134879BC76}\16474777966696 : DhcpNameServer = 192.168.5.1
TCP: Interfaces\{C271F27A-4D88-4C5A-BB56-90134879BC76}\255737379616E6370225025537 : DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{C271F27A-4D88-4C5A-BB56-90134879BC76}\745716D6E4564777F627B613 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C271F27A-4D88-4C5A-BB56-90134879BC76}\D69745F65736860243740284F6473707F647 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tiffy\AppData\Roaming\Mozilla\Firefox\Profiles\4wznsxg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox4\components\avgssff9.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-1-31 7391072]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2011-2-8 269520]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-9-27 373640]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-5-31 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\windows\system32\drivers\LMIRfsDriver.sys --> C:\windows\system32\drivers\LMIRfsDriver.sys [?]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-3-24 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-5-20 135664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-24 07:24:01 -------- d-----w- C:\Program Files (x86)\ESET
.
==================== Find3M ====================
.
2012-04-04 22:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-02-21 10:58:20 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
============= FINISH: 11:40:57.21 ===============






.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/20/2010 9:58:48 PM
System Uptime: 4/25/2012 9:10:42 AM (2 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 188.39 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP124: 11/23/2011 1:05:02 PM - Windows Update
RP125: 12/6/2011 8:39:29 PM - Device Driver Package Install: AlexP
RP126: 12/23/2011 2:50:22 AM - Scheduled Checkpoint
RP127: 1/27/2012 11:24:24 PM - Scheduled Checkpoint
RP128: 2/3/2012 6:18:53 PM - Installed iTunes
RP129: 2/16/2012 2:22:13 AM - Scheduled Checkpoint
RP130: 4/19/2012 12:30:24 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.1)
Amazon Links
Apple Application Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.80
Bejeweled 2 Deluxe
BitTorrent
Blackhawk Striker 2
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.0
CL-Eye Driver
Compatibility Pack for the 2007 Office system
D3DX10
ESET Online Scanner v3
Faerie Solitaire
FATE Undiscovered Realms
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Java™ 6 Update 14
Junk Mail filter update
Label@Once 1.0
LogMeIn
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mobile Mouse Server
Monopoly
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MyITLab ActiveX Installer 2, 9, 8, 65535
Mystery P.I. - The Vegas Heist
NetZero Launcher
Pando Media Booster
Polar Bowler
Quickbooks Financial Center
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Scrabble Plus
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Launcher
Skype™ 5.5
Spelling Dictionaries Support For Adobe Reader 9
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
TOSHIBA Media Controller
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
ToshibaRegistration
Turbo Trio
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Virtual Families
Virtual Villagers - The Secret City
Visual Studio 2008 x64 Redistributables
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
XviD & MP3 Codec Pack (remove only)
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
4/24/2012 12:45:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Tiffy-PC\Tiffy SID (S-1-5-21-355405788-4047401311-817144018-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/24/2012 12:45:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Tiffy-PC\Tiffy SID (S-1-5-21-355405788-4047401311-817144018-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/24/2012 11:06:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ASPI32
4/24/2012 11:06:16 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
4/23/2012 11:52:03 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 25 April 2012 - 05:07 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 tawcoma26

tawcoma26
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 26 April 2012 - 12:40 AM

just a quick question...when you say reboot do you mean literally rebooting the computer (erasing all files) or just a simple restarting of the computer?

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 26 April 2012 - 01:22 AM

restart the computer only
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tawcoma26

tawcoma26
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 26 April 2012 - 07:25 PM

Had a problem with Kaspersky. I couldnt find it anywhere other than the name Kaspersky in a log. Also, AVG turned on towards the end of the scan.





ComboFix 12-04-26.01 - Tiffy 04/26/2012 17:02:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.2940.1427 [GMT -7:00]
Running from: c:\users\Tiffy\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tiffy\AppData\Local\Temp\7zS532E\HPSLPSVC64.DLL
c:\users\Tiffy\AppData\Roaming\Mozilla\Firefox\Profiles\4wznsxg4.default\extensions\{6a6c24eb-d20e-4e82-a1b1-c806aa466079}
c:\users\Tiffy\AppData\Roaming\Mozilla\Firefox\Profiles\4wznsxg4.default\extensions\{6a6c24eb-d20e-4e82-a1b1-c806aa466079}\chrome\xulcache.jar
c:\users\Tiffy\AppData\Roaming\Mozilla\Firefox\Profiles\4wznsxg4.default\extensions\{6a6c24eb-d20e-4e82-a1b1-c806aa466079}\defaults\preferences\xulcache.js
c:\users\Tiffy\AppData\Roaming\Mozilla\Firefox\Profiles\4wznsxg4.default\extensions\{6a6c24eb-d20e-4e82-a1b1-c806aa466079}\install.rdf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
((((((((((((((((((((((((( Files Created from 2012-03-27 to 2012-04-27 )))))))))))))))))))))))))))))))
.
.
2012-04-27 00:10 . 2012-04-27 00:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 07:24 . 2012-04-24 07:24 -------- d-----w- c:\program files (x86)\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 22:56 . 2011-06-13 01:01 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-21 10:58 . 2011-06-20 07:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-08-17 1294136]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG10\avgtray.exe" [2012-01-18 2339168]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-17 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Air Mouse.lnk - c:\program files (x86)\Air Mouse\Air Mouse\Air Mouse.exe [2010-10-6 1032368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG10\avgchsva.exe /sync\0c:\progra~2\AVG\AVG10\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 135664]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2010-09-27 373640]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2010-05-31 15928]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-07-07 65904]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 05:17]
.
2012-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-21 05:17]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2008-09-25 195080]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2010-05-31 57928]
"combofix"="c:\combofix\CF2794.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Tiffy\AppData\Roaming\Mozilla\Firefox\Profiles\4wznsxg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-04-26 17:21:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-27 00:21
.
Pre-Run: 205,047,685,120 bytes free
Post-Run: 204,359,237,632 bytes free
.
- - End Of File - - 966904EB47A52330A2C251DC1D1615E9

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 26 April 2012 - 08:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 tawcoma26

tawcoma26
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 26 April 2012 - 09:18 PM

As I ran the ASWMBR scanner, the computer shut off and a "blue screen" came up.



19:05:47.0986 4120 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
19:05:48.0678 4120 ============================================================
19:05:48.0678 4120 Current date / time: 2012/04/26 19:05:48.0678
19:05:48.0678 4120 SystemInfo:
19:05:48.0678 4120
19:05:48.0678 4120 OS Version: 6.1.7600 ServicePack: 0.0
19:05:48.0678 4120 Product type: Workstation
19:05:48.0678 4120 ComputerName: TIFFY-PC
19:05:48.0678 4120 UserName: Tiffy
19:05:48.0678 4120 Windows directory: C:\windows
19:05:48.0678 4120 System windows directory: C:\windows
19:05:48.0679 4120 Running under WOW64
19:05:48.0679 4120 Processor architecture: Intel x64
19:05:48.0679 4120 Number of processors: 2
19:05:48.0679 4120 Page size: 0x1000
19:05:48.0679 4120 Boot type: Normal boot
19:05:48.0679 4120 ============================================================
19:05:50.0273 4120 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:05:50.0282 4120 Drive \Device\Harddisk1\DR1 - Size: 0xF5F00000 (3.84 Gb), SectorSize: 0x200, Cylinders: 0x1F5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:05:50.0287 4120 ============================================================
19:05:50.0287 4120 \Device\Harddisk0\DR0:
19:05:50.0287 4120 MBR partitions:
19:05:50.0287 4120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F1B000
19:05:50.0287 4120 \Device\Harddisk1\DR1:
19:05:50.0288 4120 MBR partitions:
19:05:50.0288 4120 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x7AD800
19:05:50.0288 4120 ============================================================
19:05:50.0315 4120 C: <-> \Device\Harddisk0\DR0\Partition0
19:05:50.0315 4120 ============================================================
19:05:50.0315 4120 Initialize success
19:05:50.0315 4120 ============================================================
19:05:52.0483 3088 ============================================================
19:05:52.0483 3088 Scan started
19:05:52.0483 3088 Mode: Manual;
19:05:52.0483 3088 ============================================================
19:05:53.0102 3088 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
19:05:53.0108 3088 1394ohci - ok
19:05:53.0170 3088 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
19:05:53.0175 3088 ACPI - ok
19:05:53.0237 3088 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
19:05:53.0239 3088 AcpiPmi - ok
19:05:53.0351 3088 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:05:53.0352 3088 AdobeARMservice - ok
19:05:53.0426 3088 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:05:53.0435 3088 adp94xx - ok
19:05:53.0512 3088 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:05:53.0519 3088 adpahci - ok
19:05:53.0578 3088 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:05:53.0583 3088 adpu320 - ok
19:05:53.0631 3088 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:05:53.0632 3088 AeLookupSvc - ok
19:05:53.0746 3088 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
19:05:53.0754 3088 AFD - ok
19:05:53.0860 3088 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
19:05:53.0861 3088 AgereModemAudio - ok
19:05:53.0994 3088 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys
19:05:54.0013 3088 AgereSoftModem - ok
19:05:54.0049 3088 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
19:05:54.0052 3088 agp440 - ok
19:05:54.0108 3088 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:05:54.0111 3088 ALG - ok
19:05:54.0187 3088 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
19:05:54.0189 3088 aliide - ok
19:05:54.0196 3088 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
19:05:54.0199 3088 amdide - ok
19:05:54.0209 3088 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:05:54.0213 3088 AmdK8 - ok
19:05:54.0221 3088 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:05:54.0226 3088 AmdPPM - ok
19:05:54.0280 3088 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
19:05:54.0284 3088 amdsata - ok
19:05:54.0337 3088 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:05:54.0342 3088 amdsbs - ok
19:05:54.0387 3088 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
19:05:54.0393 3088 amdxata - ok
19:05:54.0445 3088 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
19:05:54.0449 3088 AppID - ok
19:05:54.0488 3088 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:05:54.0491 3088 AppIDSvc - ok
19:05:54.0516 3088 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
19:05:54.0518 3088 Appinfo - ok
19:05:54.0671 3088 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:05:54.0673 3088 Apple Mobile Device - ok
19:05:54.0737 3088 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:05:54.0741 3088 arc - ok
19:05:54.0752 3088 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:05:54.0756 3088 arcsas - ok
19:05:54.0799 3088 ASPI32 - ok
19:05:54.0846 3088 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:05:54.0849 3088 AsyncMac - ok
19:05:54.0897 3088 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
19:05:54.0900 3088 atapi - ok
19:05:54.0997 3088 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
19:05:55.0008 3088 AudioEndpointBuilder - ok
19:05:55.0021 3088 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
19:05:55.0028 3088 AudioSrv - ok
19:05:55.0639 3088 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
19:05:55.0825 3088 AVGIDSAgent - ok
19:05:55.0982 3088 AVGIDSDriver (e6671e90d38c88764412e07c9d9b3d63) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
19:05:55.0984 3088 AVGIDSDriver - ok
19:05:56.0041 3088 AVGIDSEH (1553b388e0f0462c25ad8f30c3c29e83) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
19:05:56.0044 3088 AVGIDSEH - ok
19:05:56.0059 3088 AVGIDSFilter (dca426a66739e75f51a72160dfb945ad) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
19:05:56.0060 3088 AVGIDSFilter - ok
19:05:56.0112 3088 Avgldx64 (ff7383388a7d2283dae5831abc2b0720) C:\windows\system32\DRIVERS\avgldx64.sys
19:05:56.0119 3088 Avgldx64 - ok
19:05:56.0156 3088 Avgmfx64 (997d002827d3e3dcbbb25bf46db161ab) C:\windows\system32\DRIVERS\avgmfx64.sys
19:05:56.0159 3088 Avgmfx64 - ok
19:05:56.0214 3088 Avgrkx64 (bccfe3374c887075cde2ac8fdb1cb2f8) C:\windows\system32\DRIVERS\avgrkx64.sys
19:05:56.0217 3088 Avgrkx64 - ok
19:05:56.0252 3088 Avgtdia (0d49adcebe243b79366ea523b647519a) C:\windows\system32\DRIVERS\avgtdia.sys
19:05:56.0259 3088 Avgtdia - ok
19:05:56.0434 3088 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
19:05:56.0439 3088 avgwd - ok
19:05:56.0515 3088 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
19:05:56.0519 3088 AxInstSV - ok
19:05:56.0594 3088 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:05:56.0603 3088 b06bdrv - ok
19:05:56.0659 3088 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:05:56.0665 3088 b57nd60a - ok
19:05:56.0715 3088 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:05:56.0719 3088 BDESVC - ok
19:05:56.0743 3088 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:05:56.0745 3088 Beep - ok
19:05:56.0828 3088 BFE (4992c609a6315671463e30f6512bc022) C:\windows\System32\bfe.dll
19:05:56.0839 3088 BFE - ok
19:05:56.0892 3088 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
19:05:56.0908 3088 BITS - ok
19:05:56.0980 3088 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:05:56.0983 3088 blbdrive - ok
19:05:57.0132 3088 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:05:57.0139 3088 Bonjour Service - ok
19:05:57.0183 3088 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
19:05:57.0185 3088 bowser - ok
19:05:57.0212 3088 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:05:57.0214 3088 BrFiltLo - ok
19:05:57.0231 3088 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:05:57.0233 3088 BrFiltUp - ok
19:05:57.0278 3088 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:05:57.0282 3088 BridgeMP - ok
19:05:57.0318 3088 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
19:05:57.0322 3088 Browser - ok
19:05:57.0352 3088 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:05:57.0359 3088 Brserid - ok
19:05:57.0384 3088 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:05:57.0387 3088 BrSerWdm - ok
19:05:57.0408 3088 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:05:57.0411 3088 BrUsbMdm - ok
19:05:57.0419 3088 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:05:57.0423 3088 BrUsbSer - ok
19:05:57.0446 3088 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:05:57.0450 3088 BTHMODEM - ok
19:05:57.0492 3088 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:05:57.0496 3088 bthserv - ok
19:05:57.0550 3088 catchme - ok
19:05:57.0592 3088 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:05:57.0595 3088 cdfs - ok
19:05:57.0641 3088 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
19:05:57.0645 3088 cdrom - ok
19:05:57.0696 3088 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
19:05:57.0700 3088 CertPropSvc - ok
19:05:57.0800 3088 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:05:57.0804 3088 cfWiMAXService - ok
19:05:57.0844 3088 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:05:57.0847 3088 circlass - ok
19:05:57.0889 3088 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:05:57.0895 3088 CLFS - ok
19:05:57.0959 3088 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:05:57.0971 3088 clr_optimization_v2.0.50727_32 - ok
19:05:58.0009 3088 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:05:58.0013 3088 clr_optimization_v2.0.50727_64 - ok
19:05:58.0090 3088 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:05:58.0111 3088 clr_optimization_v4.0.30319_32 - ok
19:05:58.0150 3088 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:05:58.0153 3088 clr_optimization_v4.0.30319_64 - ok
19:05:58.0192 3088 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:05:58.0195 3088 CmBatt - ok
19:05:58.0220 3088 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
19:05:58.0223 3088 cmdide - ok
19:05:58.0260 3088 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
19:05:58.0269 3088 CNG - ok
19:05:58.0318 3088 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:05:58.0320 3088 Compbatt - ok
19:05:58.0353 3088 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
19:05:58.0355 3088 CompositeBus - ok
19:05:58.0376 3088 COMSysApp - ok
19:05:58.0465 3088 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
19:05:58.0466 3088 ConfigFree Gadget Service - ok
19:05:58.0495 3088 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:05:58.0497 3088 ConfigFree Service - ok
19:05:58.0540 3088 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:05:58.0543 3088 crcdisk - ok
19:05:58.0600 3088 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
19:05:58.0603 3088 CryptSvc - ok
19:05:58.0695 3088 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
19:05:58.0705 3088 DcomLaunch - ok
19:05:58.0783 3088 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:05:58.0790 3088 defragsvc - ok
19:05:58.0849 3088 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
19:05:58.0852 3088 DfsC - ok
19:05:58.0883 3088 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
19:05:58.0889 3088 Dhcp - ok
19:05:58.0909 3088 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:05:58.0911 3088 discache - ok
19:05:58.0962 3088 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:05:58.0966 3088 Disk - ok
19:05:59.0014 3088 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
19:05:59.0018 3088 Dnscache - ok
19:05:59.0074 3088 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
19:05:59.0080 3088 dot3svc - ok
19:05:59.0131 3088 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\windows\system32\DRIVERS\Dot4.sys
19:05:59.0136 3088 Dot4 - ok
19:05:59.0194 3088 Dot4Print (85135ad27e79b689335c08167d917cde) C:\windows\system32\DRIVERS\Dot4Prt.sys
19:05:59.0197 3088 Dot4Print - ok
19:05:59.0223 3088 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\windows\system32\DRIVERS\dot4usb.sys
19:05:59.0226 3088 dot4usb - ok
19:05:59.0253 3088 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
19:05:59.0256 3088 DPS - ok
19:05:59.0278 3088 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:05:59.0280 3088 drmkaud - ok
19:05:59.0357 3088 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
19:05:59.0374 3088 DXGKrnl - ok
19:05:59.0427 3088 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:05:59.0430 3088 EapHost - ok
19:05:59.0601 3088 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:05:59.0664 3088 ebdrv - ok
19:05:59.0759 3088 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\System32\lsass.exe
19:05:59.0761 3088 EFS - ok
19:05:59.0835 3088 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
19:05:59.0848 3088 ehRecvr - ok
19:05:59.0872 3088 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:05:59.0876 3088 ehSched - ok
19:05:59.0967 3088 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:05:59.0977 3088 elxstor - ok
19:05:59.0996 3088 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
19:05:59.0999 3088 ErrDev - ok
19:06:00.0069 3088 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:06:00.0075 3088 EventSystem - ok
19:06:00.0107 3088 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:06:00.0112 3088 exfat - ok
19:06:00.0141 3088 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:06:00.0145 3088 fastfat - ok
19:06:00.0209 3088 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
19:06:00.0220 3088 Fax - ok
19:06:00.0242 3088 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:06:00.0246 3088 fdc - ok
19:06:00.0286 3088 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:06:00.0288 3088 fdPHost - ok
19:06:00.0302 3088 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:06:00.0304 3088 FDResPub - ok
19:06:00.0332 3088 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:06:00.0335 3088 FileInfo - ok
19:06:00.0345 3088 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:06:00.0349 3088 Filetrace - ok
19:06:00.0355 3088 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:06:00.0359 3088 flpydisk - ok
19:06:00.0409 3088 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
19:06:00.0413 3088 FltMgr - ok
19:06:00.0510 3088 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
19:06:00.0529 3088 FontCache - ok
19:06:00.0591 3088 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:06:00.0594 3088 FontCache3.0.0.0 - ok
19:06:00.0650 3088 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:06:00.0653 3088 FsDepends - ok
19:06:00.0662 3088 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:06:00.0665 3088 Fs_Rec - ok
19:06:00.0719 3088 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
19:06:00.0722 3088 fvevol - ok
19:06:00.0774 3088 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
19:06:00.0776 3088 FwLnk - ok
19:06:00.0824 3088 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:06:00.0827 3088 gagp30kx - ok
19:06:00.0912 3088 GameConsoleService (4fbccbdd99a75c9efbc90392cf32af61) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:06:00.0917 3088 GameConsoleService - ok
19:06:00.0971 3088 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:06:00.0974 3088 GEARAspiWDM - ok
19:06:01.0034 3088 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
19:06:01.0047 3088 gpsvc - ok
19:06:01.0162 3088 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:06:01.0165 3088 gupdate - ok
19:06:01.0194 3088 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:06:01.0196 3088 gupdatem - ok
19:06:01.0238 3088 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:06:01.0243 3088 gusvc - ok
19:06:01.0265 3088 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:06:01.0268 3088 hcw85cir - ok
19:06:01.0296 3088 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
19:06:01.0302 3088 HdAudAddService - ok
19:06:01.0349 3088 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:06:01.0352 3088 HDAudBus - ok
19:06:01.0367 3088 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:06:01.0370 3088 HidBatt - ok
19:06:01.0381 3088 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:06:01.0385 3088 HidBth - ok
19:06:01.0396 3088 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:06:01.0399 3088 HidIr - ok
19:06:01.0424 3088 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:06:01.0428 3088 hidserv - ok
19:06:01.0484 3088 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
19:06:01.0487 3088 HidUsb - ok
19:06:01.0526 3088 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
19:06:01.0531 3088 hkmsvc - ok
19:06:01.0557 3088 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
19:06:01.0562 3088 HomeGroupListener - ok
19:06:01.0598 3088 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
19:06:01.0603 3088 HomeGroupProvider - ok
19:06:01.0639 3088 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
19:06:01.0643 3088 HpSAMD - ok
19:06:01.0721 3088 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
19:06:01.0732 3088 HTTP - ok
19:06:01.0759 3088 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
19:06:01.0760 3088 hwpolicy - ok
19:06:01.0804 3088 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:06:01.0807 3088 i8042prt - ok
19:06:01.0880 3088 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\windows\system32\DRIVERS\iaStor.sys
19:06:01.0884 3088 iaStor - ok
19:06:01.0952 3088 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
19:06:01.0960 3088 iaStorV - ok
19:06:02.0059 3088 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:06:02.0074 3088 idsvc - ok
19:06:02.0471 3088 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
19:06:02.0659 3088 igfx - ok
19:06:02.0777 3088 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:06:02.0780 3088 iirsp - ok
19:06:02.0851 3088 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
19:06:02.0865 3088 IKEEXT - ok
19:06:02.0998 3088 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
19:06:03.0028 3088 IntcAzAudAddService - ok
19:06:03.0131 3088 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
19:06:03.0134 3088 intelide - ok
19:06:03.0175 3088 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:06:03.0177 3088 intelppm - ok
19:06:03.0225 3088 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:06:03.0229 3088 IPBusEnum - ok
19:06:03.0243 3088 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:06:03.0246 3088 IpFilterDriver - ok
19:06:03.0291 3088 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
19:06:03.0300 3088 iphlpsvc - ok
19:06:03.0329 3088 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
19:06:03.0332 3088 IPMIDRV - ok
19:06:03.0360 3088 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:06:03.0364 3088 IPNAT - ok
19:06:03.0488 3088 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
19:06:03.0503 3088 iPod Service - ok
19:06:03.0551 3088 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:06:03.0554 3088 IRENUM - ok
19:06:03.0574 3088 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
19:06:03.0577 3088 isapnp - ok
19:06:03.0595 3088 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
19:06:03.0600 3088 iScsiPrt - ok
19:06:03.0643 3088 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:06:03.0646 3088 kbdclass - ok
19:06:03.0654 3088 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
19:06:03.0657 3088 kbdhid - ok
19:06:03.0682 3088 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
19:06:03.0684 3088 KeyIso - ok
19:06:03.0701 3088 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
19:06:03.0705 3088 KSecDD - ok
19:06:03.0736 3088 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
19:06:03.0741 3088 KSecPkg - ok
19:06:03.0773 3088 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:06:03.0775 3088 ksthunk - ok
19:06:03.0811 3088 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:06:03.0820 3088 KtmRm - ok
19:06:03.0893 3088 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
19:06:03.0899 3088 LanmanServer - ok
19:06:03.0925 3088 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
19:06:03.0930 3088 LanmanWorkstation - ok
19:06:03.0977 3088 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:06:03.0979 3088 lltdio - ok
19:06:04.0018 3088 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:06:04.0026 3088 lltdsvc - ok
19:06:04.0042 3088 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:06:04.0044 3088 lmhosts - ok
19:06:04.0149 3088 LMIGuardianSvc (450c65471411c8d7cf1e2a886bc73f42) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
19:06:04.0155 3088 LMIGuardianSvc - ok
19:06:04.0171 3088 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys
19:06:04.0172 3088 LMIInfo - ok
19:06:04.0194 3088 LMIMaint (a2544af343a3c45b92dc8bed8f5e0fb5) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
19:06:04.0196 3088 LMIMaint - ok
19:06:04.0208 3088 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\windows\system32\DRIVERS\lmimirr.sys
19:06:04.0211 3088 lmimirr - ok
19:06:04.0217 3088 LMIRfsClientNP - ok
19:06:04.0280 3088 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\windows\system32\drivers\LMIRfsDriver.sys
19:06:04.0282 3088 LMIRfsDriver - ok
19:06:04.0291 3088 LogMeIn (5aaa4186e0558546af5faa8eadca5e35) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
19:06:04.0294 3088 LogMeIn - ok
19:06:04.0350 3088 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:06:04.0354 3088 LSI_FC - ok
19:06:04.0373 3088 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:06:04.0378 3088 LSI_SAS - ok
19:06:04.0387 3088 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:06:04.0391 3088 LSI_SAS2 - ok
19:06:04.0403 3088 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:06:04.0407 3088 LSI_SCSI - ok
19:06:04.0444 3088 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:06:04.0447 3088 luafv - ok
19:06:04.0476 3088 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
19:06:04.0481 3088 Mcx2Svc - ok
19:06:04.0504 3088 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:06:04.0507 3088 megasas - ok
19:06:04.0526 3088 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:06:04.0533 3088 MegaSR - ok
19:06:04.0633 3088 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:06:04.0637 3088 Microsoft Office Groove Audit Service - ok
19:06:04.0669 3088 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:06:04.0672 3088 MMCSS - ok
19:06:04.0687 3088 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:06:04.0688 3088 Modem - ok
19:06:04.0715 3088 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:06:04.0717 3088 monitor - ok
19:06:04.0756 3088 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:06:04.0759 3088 mouclass - ok
19:06:04.0800 3088 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:06:04.0803 3088 mouhid - ok
19:06:04.0821 3088 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
19:06:04.0823 3088 mountmgr - ok
19:06:04.0847 3088 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
19:06:04.0852 3088 mpio - ok
19:06:04.0871 3088 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:06:04.0874 3088 mpsdrv - ok
19:06:04.0936 3088 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\windows\system32\mpssvc.dll
19:06:04.0951 3088 MpsSvc - ok
19:06:04.0987 3088 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
19:06:04.0992 3088 MRxDAV - ok
19:06:05.0031 3088 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
19:06:05.0034 3088 mrxsmb - ok
19:06:05.0087 3088 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:06:05.0092 3088 mrxsmb10 - ok
19:06:05.0112 3088 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:06:05.0114 3088 mrxsmb20 - ok
19:06:05.0133 3088 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
19:06:05.0137 3088 msahci - ok
19:06:05.0164 3088 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
19:06:05.0169 3088 msdsm - ok
19:06:05.0200 3088 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:06:05.0205 3088 MSDTC - ok
19:06:05.0227 3088 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:06:05.0230 3088 Msfs - ok
19:06:05.0240 3088 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:06:05.0243 3088 mshidkmdf - ok
19:06:05.0262 3088 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
19:06:05.0265 3088 msisadrv - ok
19:06:05.0318 3088 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:06:05.0323 3088 MSiSCSI - ok
19:06:05.0329 3088 msiserver - ok
19:06:05.0380 3088 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:06:05.0382 3088 MSKSSRV - ok
19:06:05.0425 3088 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:06:05.0428 3088 MSPCLOCK - ok
19:06:05.0437 3088 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:06:05.0441 3088 MSPQM - ok
19:06:05.0471 3088 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
19:06:05.0479 3088 MsRPC - ok
19:06:05.0495 3088 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:06:05.0497 3088 mssmbios - ok
19:06:05.0514 3088 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:06:05.0518 3088 MSTEE - ok
19:06:05.0534 3088 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:06:05.0537 3088 MTConfig - ok
19:06:05.0580 3088 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:06:05.0583 3088 Mup - ok
19:06:05.0629 3088 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
19:06:05.0638 3088 napagent - ok
19:06:05.0696 3088 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:06:05.0702 3088 NativeWifiP - ok
19:06:05.0763 3088 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
19:06:05.0778 3088 NDIS - ok
19:06:05.0816 3088 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:06:05.0819 3088 NdisCap - ok
19:06:05.0859 3088 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:06:05.0861 3088 NdisTapi - ok
19:06:05.0873 3088 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
19:06:05.0875 3088 Ndisuio - ok
19:06:05.0891 3088 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
19:06:05.0895 3088 NdisWan - ok
19:06:05.0914 3088 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
19:06:05.0917 3088 NDProxy - ok
19:06:05.0930 3088 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:06:05.0933 3088 NetBIOS - ok
19:06:05.0960 3088 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
19:06:05.0964 3088 NetBT - ok
19:06:05.0993 3088 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
19:06:05.0995 3088 Netlogon - ok
19:06:06.0058 3088 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:06:06.0066 3088 Netman - ok
19:06:06.0106 3088 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:06:06.0114 3088 netprofm - ok
19:06:06.0184 3088 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:06:06.0188 3088 NetTcpPortSharing - ok
19:06:06.0242 3088 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:06:06.0245 3088 nfrd960 - ok
19:06:06.0304 3088 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
19:06:06.0311 3088 NlaSvc - ok
19:06:06.0324 3088 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:06:06.0327 3088 Npfs - ok
19:06:06.0342 3088 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:06:06.0344 3088 nsi - ok
19:06:06.0357 3088 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:06:06.0358 3088 nsiproxy - ok
19:06:06.0494 3088 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
19:06:06.0521 3088 Ntfs - ok
19:06:06.0609 3088 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:06:06.0611 3088 Null - ok
19:06:06.0661 3088 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
19:06:06.0666 3088 nvraid - ok
19:06:06.0693 3088 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
19:06:06.0697 3088 nvstor - ok
19:06:06.0732 3088 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
19:06:06.0736 3088 nv_agp - ok
19:06:06.0891 3088 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:06:06.0900 3088 odserv - ok
19:06:06.0926 3088 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
19:06:06.0929 3088 ohci1394 - ok
19:06:07.0004 3088 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:06:07.0008 3088 ose - ok
19:06:07.0055 3088 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:06:07.0062 3088 p2pimsvc - ok
19:06:07.0095 3088 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:06:07.0103 3088 p2psvc - ok
19:06:07.0131 3088 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:06:07.0135 3088 Parport - ok
19:06:07.0157 3088 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
19:06:07.0160 3088 partmgr - ok
19:06:07.0181 3088 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:06:07.0186 3088 PcaSvc - ok
19:06:07.0207 3088 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
19:06:07.0213 3088 pci - ok
19:06:07.0225 3088 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
19:06:07.0228 3088 pciide - ok
19:06:07.0256 3088 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:06:07.0261 3088 pcmcia - ok
19:06:07.0282 3088 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:06:07.0285 3088 pcw - ok
19:06:07.0339 3088 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:06:07.0350 3088 PEAUTH - ok
19:06:07.0409 3088 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:06:07.0413 3088 PerfHost - ok
19:06:07.0512 3088 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
19:06:07.0537 3088 pla - ok
19:06:07.0602 3088 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
19:06:07.0610 3088 PlugPlay - ok
19:06:07.0636 3088 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:06:07.0640 3088 PNRPAutoReg - ok
19:06:07.0666 3088 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:06:07.0672 3088 PNRPsvc - ok
19:06:07.0715 3088 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
19:06:07.0723 3088 PolicyAgent - ok
19:06:07.0758 3088 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:06:07.0763 3088 Power - ok
19:06:07.0848 3088 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
19:06:07.0852 3088 PptpMiniport - ok
19:06:07.0873 3088 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:06:07.0876 3088 Processor - ok
19:06:07.0910 3088 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
19:06:07.0915 3088 ProfSvc - ok
19:06:07.0937 3088 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
19:06:07.0940 3088 ProtectedStorage - ok
19:06:07.0990 3088 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
19:06:07.0993 3088 Psched - ok
19:06:08.0101 3088 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:06:08.0126 3088 ql2300 - ok
19:06:08.0249 3088 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:06:08.0253 3088 ql40xx - ok
19:06:08.0293 3088 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:06:08.0300 3088 QWAVE - ok
19:06:08.0317 3088 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:06:08.0320 3088 QWAVEdrv - ok
19:06:08.0327 3088 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:06:08.0331 3088 RasAcd - ok
19:06:08.0389 3088 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:06:08.0392 3088 RasAgileVpn - ok
19:06:08.0433 3088 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:06:08.0438 3088 RasAuto - ok
19:06:08.0453 3088 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
19:06:08.0457 3088 Rasl2tp - ok
19:06:08.0490 3088 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
19:06:08.0497 3088 RasMan - ok
19:06:08.0515 3088 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:06:08.0518 3088 RasPppoe - ok
19:06:08.0540 3088 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:06:08.0543 3088 RasSstp - ok
19:06:08.0575 3088 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
19:06:08.0582 3088 rdbss - ok
19:06:08.0599 3088 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:06:08.0602 3088 rdpbus - ok
19:06:08.0621 3088 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:06:08.0622 3088 RDPCDD - ok
19:06:08.0684 3088 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:06:08.0685 3088 RDPENCDD - ok
19:06:08.0702 3088 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:06:08.0703 3088 RDPREFMP - ok
19:06:08.0718 3088 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
19:06:08.0723 3088 RDPWD - ok
19:06:08.0776 3088 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
19:06:08.0782 3088 rdyboost - ok
19:06:08.0810 3088 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:06:08.0815 3088 RemoteAccess - ok
19:06:08.0849 3088 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:06:08.0855 3088 RemoteRegistry - ok
19:06:08.0910 3088 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys
19:06:08.0913 3088 RimUsb - ok
19:06:08.0938 3088 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:06:08.0941 3088 RpcEptMapper - ok
19:06:08.0952 3088 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:06:08.0955 3088 RpcLocator - ok
19:06:08.0995 3088 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
19:06:09.0002 3088 RpcSs - ok
19:06:09.0061 3088 RSELSVC - ok
19:06:09.0114 3088 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:06:09.0117 3088 rspndr - ok
19:06:09.0183 3088 RSUSBSTOR (8c22f21c924413d4e109995f748e18bb) C:\windows\system32\Drivers\RtsUStor.sys
19:06:09.0186 3088 RSUSBSTOR - ok
19:06:09.0242 3088 RTL8167 (f65f171165fbb613f7aa3cc78e8cab42) C:\windows\system32\DRIVERS\Rt64win7.sys
19:06:09.0247 3088 RTL8167 - ok
19:06:09.0326 3088 RTL8187B (945ab249d12cbe044782430c6013aa1a) C:\windows\system32\DRIVERS\RTL8187B.sys
19:06:09.0333 3088 RTL8187B - ok
19:06:09.0339 3088 RtsUIR - ok
19:06:09.0371 3088 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
19:06:09.0373 3088 SamSs - ok
19:06:09.0408 3088 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
19:06:09.0412 3088 sbp2port - ok
19:06:09.0451 3088 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:06:09.0457 3088 SCardSvr - ok
19:06:09.0470 3088 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
19:06:09.0474 3088 scfilter - ok
19:06:09.0561 3088 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
19:06:09.0580 3088 Schedule - ok
19:06:09.0609 3088 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
19:06:09.0610 3088 SCPolicySvc - ok
19:06:09.0649 3088 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
19:06:09.0655 3088 SDRSVC - ok
19:06:09.0728 3088 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:06:09.0729 3088 secdrv - ok
19:06:09.0738 3088 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
19:06:09.0742 3088 seclogon - ok
19:06:09.0764 3088 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:06:09.0768 3088 SENS - ok
19:06:09.0784 3088 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:06:09.0789 3088 SensrSvc - ok
19:06:09.0813 3088 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:06:09.0816 3088 Serenum - ok
19:06:09.0854 3088 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:06:09.0858 3088 Serial - ok
19:06:09.0885 3088 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:06:09.0888 3088 sermouse - ok
19:06:09.0929 3088 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
19:06:09.0934 3088 SessionEnv - ok
19:06:09.0940 3088 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
19:06:09.0945 3088 sffdisk - ok
19:06:09.0963 3088 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
19:06:09.0966 3088 sffp_mmc - ok
19:06:09.0973 3088 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
19:06:09.0978 3088 sffp_sd - ok
19:06:09.0985 3088 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:06:09.0988 3088 sfloppy - ok
19:06:10.0056 3088 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:06:10.0062 3088 SharedAccess - ok
19:06:10.0091 3088 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
19:06:10.0098 3088 ShellHWDetection - ok
19:06:10.0119 3088 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:06:10.0122 3088 SiSRaid2 - ok
19:06:10.0133 3088 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:06:10.0137 3088 SiSRaid4 - ok
19:06:10.0157 3088 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:06:10.0161 3088 Smb - ok
19:06:10.0206 3088 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:06:10.0209 3088 SNMPTRAP - ok
19:06:10.0240 3088 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:06:10.0243 3088 spldr - ok
19:06:10.0311 3088 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
19:06:10.0320 3088 Spooler - ok
19:06:10.0529 3088 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
19:06:10.0584 3088 sppsvc - ok
19:06:10.0672 3088 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:06:10.0677 3088 sppuinotify - ok
19:06:10.0723 3088 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
19:06:10.0730 3088 srv - ok
19:06:10.0762 3088 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
19:06:10.0768 3088 srv2 - ok
19:06:10.0796 3088 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
19:06:10.0799 3088 srvnet - ok
19:06:10.0839 3088 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:06:10.0844 3088 SSDPSRV - ok
19:06:10.0861 3088 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:06:10.0865 3088 SstpSvc - ok
19:06:10.0903 3088 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:06:10.0907 3088 stexstor - ok
19:06:10.0978 3088 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
19:06:10.0990 3088 stisvc - ok
19:06:11.0010 3088 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:06:11.0012 3088 swenum - ok
19:06:11.0070 3088 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:06:11.0082 3088 swprv - ok
19:06:11.0146 3088 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
19:06:11.0152 3088 SynTP - ok
19:06:11.0257 3088 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
19:06:11.0286 3088 SysMain - ok
19:06:11.0379 3088 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
19:06:11.0384 3088 TabletInputService - ok
19:06:11.0413 3088 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
19:06:11.0420 3088 TapiSrv - ok
19:06:11.0437 3088 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:06:11.0441 3088 TBS - ok
19:06:11.0575 3088 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
19:06:11.0607 3088 Tcpip - ok
19:06:11.0809 3088 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
19:06:11.0834 3088 TCPIP6 - ok
19:06:11.0949 3088 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
19:06:11.0951 3088 tcpipreg - ok
19:06:12.0026 3088 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:06:12.0029 3088 tdcmdpst - ok
19:06:12.0052 3088 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:06:12.0055 3088 TDPIPE - ok
19:06:12.0069 3088 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:06:12.0072 3088 TDTCP - ok
19:06:12.0094 3088 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
19:06:12.0098 3088 tdx - ok
19:06:12.0114 3088 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
19:06:12.0117 3088 TermDD - ok
19:06:12.0177 3088 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
19:06:12.0193 3088 TermService - ok
19:06:12.0211 3088 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:06:12.0214 3088 Themes - ok
19:06:12.0247 3088 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:06:12.0250 3088 THREADORDER - ok
19:06:12.0342 3088 TMachInfo (32577b987ae5401038451bb392cb8d89) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:06:12.0343 3088 TMachInfo - ok
19:06:12.0369 3088 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
19:06:12.0376 3088 TODDSrv - ok
19:06:12.0483 3088 TosCoSrv (4db8c79bcea76063b83b13410366a1f7) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:06:12.0490 3088 TosCoSrv - ok
19:06:12.0543 3088 TOSHIBA eco Utility Service (32ff64d06a91daa0331c624aff442679) C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:06:12.0547 3088 TOSHIBA eco Utility Service - ok
19:06:12.0617 3088 TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:06:12.0619 3088 TOSHIBA HDD SSD Alert Service - ok
19:06:12.0703 3088 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
19:06:12.0712 3088 tos_sps64 - ok
19:06:12.0788 3088 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:06:12.0803 3088 TPCHSrv - ok
19:06:12.0904 3088 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:06:12.0909 3088 TrkWks - ok
19:06:12.0954 3088 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
19:06:12.0958 3088 TrustedInstaller - ok
19:06:12.0998 3088 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
19:06:13.0001 3088 tssecsrv - ok
19:06:13.0054 3088 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
19:06:13.0057 3088 tunnel - ok
19:06:13.0107 3088 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:06:13.0110 3088 TVALZ - ok
19:06:13.0160 3088 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
19:06:13.0163 3088 TVALZFL - ok
19:06:13.0189 3088 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:06:13.0192 3088 uagp35 - ok
19:06:13.0246 3088 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
19:06:13.0253 3088 udfs - ok
19:06:13.0295 3088 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:06:13.0301 3088 UI0Detect - ok
19:06:13.0341 3088 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
19:06:13.0344 3088 uliagpkx - ok
19:06:13.0389 3088 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
19:06:13.0392 3088 umbus - ok
19:06:13.0422 3088 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:06:13.0424 3088 UmPass - ok
19:06:13.0464 3088 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:06:13.0471 3088 upnphost - ok
19:06:13.0529 3088 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:06:13.0548 3088 USBAAPL64 - ok
19:06:13.0581 3088 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\windows\system32\drivers\usbaudio.sys
19:06:13.0585 3088 usbaudio - ok
19:06:13.0629 3088 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
19:06:13.0633 3088 usbccgp - ok
19:06:13.0638 3088 USBCCID - ok
19:06:13.0696 3088 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
19:06:13.0699 3088 usbcir - ok
19:06:13.0731 3088 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
19:06:13.0733 3088 usbehci - ok
19:06:13.0792 3088 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
19:06:13.0799 3088 usbhub - ok
19:06:13.0832 3088 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\drivers\usbohci.sys
19:06:13.0836 3088 usbohci - ok
19:06:13.0877 3088 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:06:13.0880 3088 usbprint - ok
19:06:13.0923 3088 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
19:06:13.0926 3088 usbscan - ok
19:06:13.0970 3088 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:06:13.0974 3088 USBSTOR - ok
19:06:14.0009 3088 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\DRIVERS\usbuhci.sys
19:06:14.0012 3088 usbuhci - ok
19:06:14.0066 3088 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
19:06:14.0071 3088 usbvideo - ok
19:06:14.0098 3088 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:06:14.0101 3088 UxSms - ok
19:06:14.0125 3088 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\windows\system32\lsass.exe
19:06:14.0127 3088 VaultSvc - ok
19:06:14.0176 3088 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
19:06:14.0179 3088 vdrvroot - ok
19:06:14.0253 3088 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
19:06:14.0265 3088 vds - ok
19:06:14.0290 3088 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:06:14.0294 3088 vga - ok
19:06:14.0319 3088 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:06:14.0322 3088 VgaSave - ok
19:06:14.0338 3088 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
19:06:14.0344 3088 vhdmp - ok
19:06:14.0352 3088 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
19:06:14.0356 3088 viaide - ok
19:06:14.0383 3088 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
19:06:14.0386 3088 volmgr - ok
19:06:14.0431 3088 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
19:06:14.0437 3088 volmgrx - ok
19:06:14.0472 3088 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
19:06:14.0479 3088 volsnap - ok
19:06:14.0536 3088 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:06:14.0541 3088 vsmraid - ok
19:06:14.0647 3088 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
19:06:14.0675 3088 VSS - ok
19:06:14.0790 3088 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\System32\drivers\vwifibus.sys
19:06:14.0792 3088 vwifibus - ok
19:06:14.0812 3088 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:06:14.0817 3088 vwififlt - ok
19:06:14.0860 3088 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:06:14.0869 3088 W32Time - ok
19:06:14.0896 3088 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:06:14.0899 3088 WacomPen - ok
19:06:14.0950 3088 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:06:14.0954 3088 WANARP - ok
19:06:14.0959 3088 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:06:14.0962 3088 Wanarpv6 - ok
19:06:15.0094 3088 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:06:15.0115 3088 WatAdminSvc - ok
19:06:15.0216 3088 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
19:06:15.0244 3088 wbengine - ok
19:06:15.0343 3088 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:06:15.0350 3088 WbioSrvc - ok
19:06:15.0396 3088 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
19:06:15.0420 3088 wcncsvc - ok
19:06:15.0443 3088 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:06:15.0448 3088 WcsPlugInService - ok
19:06:15.0483 3088 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:06:15.0486 3088 Wd - ok
19:06:15.0530 3088 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:06:15.0543 3088 Wdf01000 - ok
19:06:15.0558 3088 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:06:15.0563 3088 WdiServiceHost - ok
19:06:15.0569 3088 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:06:15.0574 3088 WdiSystemHost - ok
19:06:15.0624 3088 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
19:06:15.0632 3088 WebClient - ok
19:06:15.0661 3088 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:06:15.0668 3088 Wecsvc - ok
19:06:15.0689 3088 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:06:15.0693 3088 wercplsupport - ok
19:06:15.0733 3088 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:06:15.0738 3088 WerSvc - ok
19:06:15.0816 3088 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:06:15.0819 3088 WfpLwf - ok
19:06:15.0838 3088 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:06:15.0841 3088 WIMMount - ok
19:06:15.0905 3088 WinDefend - ok
19:06:15.0918 3088 WinHttpAutoProxySvc - ok
19:06:15.0984 3088 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:06:15.0988 3088 Winmgmt - ok
19:06:16.0107 3088 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
19:06:16.0139 3088 WinRM - ok
19:06:16.0258 3088 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
19:06:16.0261 3088 WinUsb - ok
19:06:16.0334 3088 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:06:16.0351 3088 Wlansvc - ok
19:06:16.0564 3088 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:06:16.0597 3088 wlidsvc - ok
19:06:16.0705 3088 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:06:16.0707 3088 WmiAcpi - ok
19:06:16.0772 3088 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:06:16.0777 3088 wmiApSrv - ok
19:06:16.0834 3088 WMPNetworkSvc - ok
19:06:16.0864 3088 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:06:16.0869 3088 WPCSvc - ok
19:06:16.0886 3088 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
19:06:16.0891 3088 WPDBusEnum - ok
19:06:16.0920 3088 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:06:16.0922 3088 ws2ifsl - ok
19:06:16.0972 3088 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
19:06:16.0976 3088 wscsvc - ok
19:06:16.0983 3088 WSearch - ok
19:06:17.0125 3088 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
19:06:17.0162 3088 wuauserv - ok
19:06:17.0274 3088 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
19:06:17.0277 3088 WudfPf - ok
19:06:17.0303 3088 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
19:06:17.0307 3088 WUDFRd - ok
19:06:17.0335 3088 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
19:06:17.0339 3088 wudfsvc - ok
19:06:17.0366 3088 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:06:17.0373 3088 WwanSvc - ok
19:06:17.0426 3088 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:06:17.0489 3088 \Device\Harddisk0\DR0 - ok
19:06:17.0497 3088 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
19:06:17.0551 3088 \Device\Harddisk1\DR1 - ok
19:06:17.0567 3088 Boot (0x1200) (c90924e1b86e734e8944ebe91163990d) \Device\Harddisk0\DR0\Partition0
19:06:17.0568 3088 \Device\Harddisk0\DR0\Partition0 - ok
19:06:17.0575 3088 Boot (0x1200) (2f61a7181ce6577e0f6dd91f5d1344e5) \Device\Harddisk1\DR1\Partition0
19:06:17.0578 3088 \Device\Harddisk1\DR1\Partition0 - ok
19:06:17.0579 3088 ============================================================
19:06:17.0579 3088 Scan finished
19:06:17.0579 3088 ============================================================
19:06:17.0602 3048 Detected object count: 0
19:06:17.0602 3048 Actual detected object count: 0
19:06:56.0019 5224 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 26 April 2012 - 09:23 PM

Hello


As I ran the ASWMBR scanner, the computer shut off and a "blue screen" came up.

try and run it once more


you have not let me know how the computer is doing - is it still redirecting and if it is I need to know which browsers are redirecting - check all that are installed on the computer


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 28 April 2012 - 11:23 PM

Greetings,



This is just a friendly little bump to remind you that we have not finished this yet,


If you are having problems or you just need more time - just let me know and we will work it out.



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:01 PM

Posted 02 May 2012 - 12:14 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tawcoma26

tawcoma26
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:01 AM

Posted 02 May 2012 - 10:40 PM

I want to apologize for not replying back in time. I do want to say thanks for your help. I have rarely used the computer since the blue screen shut down but it has not happended since. Also the redirects havent happened either.

What exactly should I do next?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users