Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly Happili, Muldrop, Gemini, Rootkit?


  • This topic is locked This topic is locked
16 replies to this topic

#1 Scattered

Scattered

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 03 May 2012 - 10:57 PM

I've been having issues for about a week- at first it was simple search redirects to ip 63.209.69.107 and then it switched to a page headed with 'happili'. I ran several av programs as well as malware and spyware but nothing found the problem except hitman. According to hitman the offending virus was (at different times) muldrop or gemini. It would remove the syswow62/rpcnet.exe and rpcnet.dll (always the same filenames, always that directory) files as infected and then run fine for a day or so before the computer would start slowing down and generally behaving poorly again and then hitman would say it was back. I've run in both safe and normal boot modes and today it found rpcnet.dll as a suspicious file repeatedly. Meanwhile, my restore points were corrupted and I was unable to run chkdsk at boot without using my win7 repair disk (which I did today). Chkdsk reported everything was fine but couldn't give a log file (error 50). I would really like to avoid reinstalling the OS- I've got my laptop just the way I want it- but at this point I'm not sure if it's clean and if it is clean how do I get everything sorted and back to normal? So, at this point, I don't see the redirects anymore but after 24-36 hours of removal the computer will start slowing down and firefox begins to freeze up. Once it gets to this point it's only a matter of time before the entire system freezes up to the point that I'm unable to shut down properly or use ctrl alt delete to get into task manager to see what's going on. Here is my dds.txt and thank you for any help:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by MOM at 22:31:24 on 2012-05-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5981.3817 [GMT -5:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\windows\system32\igfxext.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Zune\ZuneNss.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\FireTrust\MailWasher Free\MailWasher.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\ctfmon.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /waitprograms
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 167.142.179.184 167.142.179.185
TCP: Interfaces\{E2625A14-F3C6-4E78-B765-99C627ABDE3D} : DhcpNameServer = 167.142.179.184 167.142.179.185
TCP: Interfaces\{E2625A14-F3C6-4E78-B765-99C627ABDE3D}\036324430393231373436373 : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{E2625A14-F3C6-4E78-B765-99C627ABDE3D}\16474777966696 : DhcpNameServer = 192.168.6.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{E2625A14-F3C6-4E78-B765-99C627ABDE3D}\2656C6B696E6E2837343 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E2625A14-F3C6-4E78-B765-99C627ABDE3D}\75169707F62747F5143636563737 : DhcpNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{E2625A14-F3C6-4E78-B765-99C627ABDE3D}\84F64756C6023416C69666F627E69616D27657563747 : DhcpNameServer = 167.142.179.184 167.142.179.185
TCP: Interfaces\{E2625A14-F3C6-4E78-B765-99C627ABDE3D}\C696E6B6379737 : DhcpNameServer = 167.142.179.184 167.142.179.185
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe" /waitprograms
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\MOM\AppData\Roaming\Mozilla\Firefox\Profiles\f5th297u.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\MOM\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\MOM\AppData\Roaming\Mozilla\Firefox\Profiles\f5th297u.default\extensions\2020Player_WEB@2020Technologies.com\plugins\NP_2020Player_WEB.dll
FF - plugin: C:\Users\MOM\AppData\Roaming\Mozilla\Firefox\Profiles\f5th297u.default\extensions\widevinemediatransformer@widevine\plugins\npwidevinemediatransformer.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R0 vididr;Acronis Virtual Disk;C:\windows\system32\DRIVERS\vididr.sys --> C:\windows\system32\DRIVERS\vididr.sys [?]
R0 vidsflt53;Acronis Disk Storage Filter (53);C:\windows\system32\DRIVERS\vsflt53.sys --> C:\windows\system32\DRIVERS\vsflt53.sys [?]
R1 aswSnx;aswSnx;C:\windows\system32\drivers\aswSnx.sys --> C:\windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\drivers\aswFsBlk.sys --> C:\windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\windows\system32\drivers\aswMonFlt.sys --> C:\windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-23 44768]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-4-27 107848]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-12 13336]
R2 regi;regi;C:\windows\system32\drivers\regi.sys --> C:\windows\system32\drivers\regi.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-23 1153368]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-11 252272]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\windows\system32\drivers\IntcHdmi.sys --> C:\windows\system32\drivers\IntcHdmi.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-10-6 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-5 135664]
S2 rpcnetp;rpcnetp;C:\Windows\System32\rpcnetp.exe [2011-10-6 17920]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 253088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-5 135664]
S3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys --> C:\windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 UsbGps;LGE CDMA USB GPS NMEA Port;C:\windows\system32\DRIVERS\lgx64gps.sys --> C:\windows\system32\DRIVERS\lgx64gps.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(1).sys [?]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(2).sys [?]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(3).sys [?]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(4).sys [?]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\windows\system32\drivers\WsAudio_DeviceS(5).sys [?]
.
=============== Created Last 30 ================
.
2012-05-03 23:56:44 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6A2716A-5F34-4566-987C-77B6E9FCD25B}\mpengine.dll
2012-05-03 20:06:17 58288 ----a-w- C:\windows\SysWow64\rpcnet.dll
2012-05-03 15:22:34 58288 ------w- C:\windows\SysWow64\rpcnet.exe
2012-05-02 23:03:25 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-02 03:07:26 287304 ----a-w- C:\windows\System32\drivers\TrufosAlt.sys
2012-04-28 18:26:10 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 18:26:09 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-27 20:16:40 -------- d-----w- C:\Program Files\HitmanPro
2012-04-27 20:16:36 -------- d-----w- C:\ProgramData\HitmanPro
2012-04-26 07:10:14 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-04-26 04:41:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 04:41:21 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 04:41:21 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-26 01:44:50 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-24 15:07:57 -------- d-----w- C:\windows\System32\MpEngineStore
2012-04-24 12:43:56 -------- d-----w- C:\Program Files\CCleaner
2012-04-24 07:10:38 -------- d-----w- C:\Users\MOM\AppData\Roaming\f-secure
2012-04-24 07:10:26 -------- d-----w- C:\ProgramData\F-Secure
2012-04-24 05:29:29 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-24 05:06:10 98816 ----a-w- C:\windows\sed.exe
2012-04-24 05:06:10 518144 ----a-w- C:\windows\SWREG.exe
2012-04-24 05:06:10 256000 ----a-w- C:\windows\PEV.exe
2012-04-24 05:06:10 208896 ----a-w- C:\windows\MBR.exe
2012-04-24 02:50:34 819032 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2012-04-24 02:50:34 69976 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2012-04-24 02:50:34 53080 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2012-04-24 02:50:20 41184 ----a-w- C:\windows\avastSS.scr
2012-04-24 02:11:32 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-24 02:11:32 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-23 14:27:58 -------- d-----w- C:\Users\MOM\AppData\Local\Xilisoft
2012-04-13 23:35:30 8741536 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 07:33:09 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 07:33:08 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 07:33:08 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 07:33:07 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-12 07:33:06 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 07:33:06 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 07:33:06 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-09 13:34:41 -------- d-----w- C:\Users\MOM\AppData\Roaming\Any DVD Cloner Express
2012-04-09 13:32:42 -------- d-----w- C:\Program Files (x86)\Any DVD Cloner Express
2012-04-04 20:06:08 -------- d-----w- C:\Users\MOM\AppData\Roaming\Sling Media
2012-04-04 20:06:08 -------- d-----w- C:\ProgramData\Sling Media
.
==================== Find3M ====================
.
2012-05-03 23:48:03 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
2012-05-03 23:45:57 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe
2012-05-03 23:45:57 17920 ----a-w- C:\windows\System32\rpcnetp.exe
2012-05-03 23:11:43 13160 ----a-w- C:\windows\SysWow64\Upgrd.exe
2012-04-28 18:20:40 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-04 20:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-21 01:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-03-06 06:53:37 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-03-06 05:59:47 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-15 17:01:50 52736 ----a-w- C:\windows\System32\drivers\usbaapl64.sys
2012-02-15 17:01:50 4547944 ----a-w- C:\windows\System32\usbaaplrc.dll
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
.
============= FINISH: 22:34:24.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 04 May 2012 - 12:06 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: avast! Antivirus
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Scattered

Scattered
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 May 2012 - 02:23 AM

Closed MSE

Checkup.txt:
Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

MVPS Hosts File
Spybot - Search & Destroy
Java™ 6 Update 31
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````



Turned off Avast & Spybot, Combofix log:

ComboFix 12-05-03.03 - MOM 05/04/2012 0:44.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5981.4250 [GMT -5:00]
Running from: c:\users\MOM\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 06:47 . 2012-05-04 06:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 23:56 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D6A2716A-5F34-4566-987C-77B6E9FCD25B}\mpengine.dll
2012-05-03 20:06 . 2012-05-04 06:49 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-05-03 15:22 . 2012-05-04 04:14 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-05-02 23:03 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-02 03:07 . 2012-05-02 03:07 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-02 01:24 . 2012-05-02 01:24 -------- d-----w- c:\windows\Sun
2012-04-28 18:26 . 2012-05-01 23:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 18:26 . 2012-05-01 23:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-24 15:07 . 2012-04-24 15:08 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-24 12:43 . 2012-04-24 12:43 -------- d-----w- c:\program files\CCleaner
2012-04-24 07:10 . 2012-04-24 07:10 -------- d-----w- c:\users\MOM\AppData\Roaming\f-secure
2012-04-24 07:10 . 2012-04-24 07:10 -------- d-----w- c:\programdata\F-Secure
2012-04-24 02:50 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-24 02:50 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-24 02:50 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-24 02:50 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-24 02:50 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-24 02:50 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-24 02:50 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-24 02:50 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-24 02:15 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-24 02:11 . 2012-05-02 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-24 02:11 . 2012-04-24 02:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-23 14:27 . 2012-04-24 15:07 -------- d-----w- c:\users\MOM\AppData\Local\Xilisoft
2012-04-13 23:35 . 2012-04-13 23:35 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 22:15 . 2012-04-14 03:18 -------- d-----w- c:\users\MOM\AppData\Roaming\dvdcss
2012-04-12 07:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:33 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 13:34 . 2012-04-09 13:34 -------- d-----w- c:\users\MOM\AppData\Roaming\Any DVD Cloner Express
2012-04-09 13:32 . 2012-04-09 13:32 -------- d-----w- c:\program files (x86)\Any DVD Cloner Express
2012-04-04 20:06 . 2012-04-04 20:06 -------- d-----w- c:\users\MOM\AppData\Roaming\Sling Media
2012-04-04 20:06 . 2012-04-04 20:06 -------- d-----w- c:\programdata\Sling Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 06:49 . 2011-10-07 00:26 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-05-04 04:14 . 2011-10-07 00:49 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-05-04 04:11 . 2011-10-07 00:28 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-05-03 23:45 . 2011-10-07 00:26 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-04-28 18:20 . 2011-12-03 00:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 20:56 . 2011-10-07 17:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 20:45 . 2012-03-28 20:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-28 20:45 . 2012-03-28 20:45 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-28 20:30 . 2012-03-28 20:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-28 20:30 . 2012-03-28 20:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-21 01:44 . 2011-04-27 20:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2011-04-18 18:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-02-17 06:38 . 2012-03-14 13:15 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:15 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:15 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:15 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:01 . 2012-02-15 17:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 15:51 . 2012-02-10 15:51 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9F6C5BC4-C566-46AF-8B3D-C913357B030D}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 13:16 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 13:16 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-24_05.19.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-03 02:12 . 2012-05-04 04:13 58014 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-04 06:51 50194 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-07 00:37 . 2012-05-04 06:51 14106 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2219789292-1111759239-376084940-1001_UserData.bin
+ 2012-05-03 23:33 . 2012-05-03 20:24 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
- 2011-10-07 02:31 . 2012-04-18 16:41 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-07 02:31 . 2012-05-04 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-07 02:31 . 2012-05-04 03:22 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-10-07 02:31 . 2012-04-18 16:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-18 16:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 03:22 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-01 22:35 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-11-18 18:04 . 2011-11-18 18:04 39936 c:\windows\Installer\157d3a.msi
+ 2011-10-07 06:35 . 2012-05-01 03:08 6456 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-24 05:18 . 2012-04-24 05:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 06:49 . 2012-05-04 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 06:49 . 2012-05-04 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-24 05:18 . 2012-04-24 05:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-13 23:36 . 2012-04-13 23:36 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-04-28 18:26 . 2012-04-28 18:26 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_Plugin.exe
+ 2012-05-01 23:38 . 2012-05-01 23:39 353440 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
+ 2012-05-01 23:39 . 2012-05-01 23:39 424608 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.dll
- 2012-04-04 14:31 . 2012-04-13 23:36 253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-28 18:26 . 2012-05-01 23:39 253088 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-04-28 18:20 . 2012-04-28 18:20 157472 c:\windows\SysWOW64\javaws.exe
- 2011-12-04 07:02 . 2011-10-03 11:06 157472 c:\windows\SysWOW64\javaws.exe
+ 2012-04-28 18:20 . 2012-04-28 18:20 149280 c:\windows\SysWOW64\javaw.exe
+ 2012-04-28 18:20 . 2012-04-28 18:20 149280 c:\windows\SysWOW64\java.exe
+ 2011-10-16 04:01 . 2012-04-30 23:02 238172 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-10-07 21:43 . 2012-05-04 05:30 288670 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-04 04:17 626540 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-04 04:17 107784 c:\windows\system32\perfc009.dat
- 2012-04-13 23:35 . 2012-04-13 23:35 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2012-04-28 18:25 . 2012-04-28 18:26 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe
+ 2012-05-01 23:38 . 2012-05-01 23:38 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe
+ 2012-05-01 23:38 . 2012-05-01 23:38 462496 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.dll
+ 2011-10-07 02:14 . 2012-05-02 06:32 402280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-04-24 05:17 377412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-04 06:48 377412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-28 18:21 . 2012-04-28 18:21 207360 c:\windows\Installer\157fc7.msi
+ 2012-04-26 07:10 . 2012-04-26 07:10 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\SCEP.exe
+ 2012-04-26 07:10 . 2012-04-26 07:10 123352 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\MSE.exe
+ 2012-04-26 07:10 . 2012-04-26 07:10 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\INTUNE.exe
+ 2012-04-26 07:10 . 2012-04-26 07:10 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\FEP.exe
+ 2012-04-26 07:10 . 2012-04-26 07:10 109563 c:\windows\Installer\{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}\EPP.exe
+ 2012-04-28 18:26 . 2012-04-28 18:26 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
- 2012-04-13 23:36 . 2012-04-13 23:36 8797344 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
- 2011-10-07 16:08 . 2012-04-24 05:17 1993657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219789292-1111759239-376084940-1001-8192.dat
+ 2011-10-07 16:08 . 2012-05-04 06:48 1993657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219789292-1111759239-376084940-1001-8192.dat
+ 2011-12-26 19:05 . 2012-05-02 01:22 2267980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219789292-1111759239-376084940-1001-4096.dat
+ 2011-10-07 18:01 . 2012-05-02 01:22 3507948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219789292-1111759239-376084940-1001-12288.dat
+ 2012-03-27 00:21 . 2012-03-27 00:21 7622656 c:\windows\Installer\13370d4.msi
- 2012-04-13 23:35 . 2012-04-13 23:35 11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
+ 2012-04-28 18:25 . 2012-04-28 18:25 11589280 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll
+ 2012-04-26 04:34 . 2012-04-26 04:34 46904168 c:\windows\Installer\ab947c.msi
+ 2012-04-28 18:20 . 2012-04-28 18:20 12938752 c:\windows\Installer\157fc2.msi
+ 2012-04-28 18:14 . 2012-04-28 18:14 52920320 c:\windows\Installer\157d41.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SpybotSnD"="c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 dcxcblor;dcxcblor;c:\windows\system32\drivers\dcxcblor.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S0 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-04-27 107848]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:39]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 21:58]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 21:58]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2219789292-1111759239-376084940-1001Core.job
- c:\users\MOM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 04:17]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2219789292-1111759239-376084940-1001UA.job
- c:\users\MOM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 04:17]
.
2012-05-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-04-24 20:31]
.
2012-05-03 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2012-04-24 20:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 167.142.179.184 167.142.179.185
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab
FF - ProfilePath - c:\users\MOM\AppData\Roaming\Mozilla\Firefox\Profiles\f5th297u.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\hitmanpro35]
"ImagePath"="\??\c:\windows\system32\drivers\hitmanpro36.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\rpcnet.exe
.
**************************************************************************
.
Completion time: 2012-05-04 01:56:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 06:56
.
Pre-Run: 368,309,174,272 bytes free
Post-Run: 368,753,647,616 bytes free
.
- - End Of File - - 26A06BEBCC21502465EC080867993712




It's 2am here so I didn't really run it too much but will give it a workout tomorrow to see how it is. The little bit I did try was a resource hog fb game and that did seem to run better than it has lately. No problems running SecurityCheck, COmboFix took well over an hour- on reboot Hitman again listed rpcnet.dll as suspicious. Spybot won't update- it's set to update on start but I get an error telling me to choose files to update first- avast did it's automatic updates with no problem.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 04 May 2012 - 02:42 AM

Greetings

Did you remove MSE or did you just close it? one of the antivirus needs to be REMOVED as long as it is installed there will be services and other things still running

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Scattered

Scattered
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 May 2012 - 10:08 AM

I had just disabled it- I enabled it the other day when this started in order to scan but forgot to turn it back off so the resource use isn't an issue. Will it still interfere with avast?

TDDSKiller:
09:04:05.0573 4924 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
09:04:06.0056 4924 ============================================================
09:04:06.0056 4924 Current date / time: 2012/05/04 09:04:06.0056
09:04:06.0056 4924 SystemInfo:
09:04:06.0056 4924
09:04:06.0056 4924 OS Version: 6.1.7601 ServicePack: 1.0
09:04:06.0056 4924 Product type: Workstation
09:04:06.0056 4924 ComputerName: MOM-LAPTOP
09:04:06.0056 4924 UserName: MOM
09:04:06.0056 4924 Windows directory: C:\windows
09:04:06.0056 4924 System windows directory: C:\windows
09:04:06.0056 4924 Running under WOW64
09:04:06.0056 4924 Processor architecture: Intel x64
09:04:06.0056 4924 Number of processors: 2
09:04:06.0056 4924 Page size: 0x1000
09:04:06.0056 4924 Boot type: Normal boot
09:04:06.0056 4924 ============================================================
09:04:06.0540 4924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:04:06.0540 4924 ============================================================
09:04:06.0540 4924 \Device\Harddisk0\DR0:
09:04:06.0540 4924 MBR partitions:
09:04:06.0540 4924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38AB3000
09:04:06.0540 4924 ============================================================
09:04:06.0555 4924 C: <-> \Device\Harddisk0\DR0\Partition0
09:04:06.0555 4924 ============================================================
09:04:06.0555 4924 Initialize success
09:04:06.0555 4924 ============================================================
09:04:08.0630 0896 ============================================================
09:04:08.0630 0896 Scan started
09:04:08.0630 0896 Mode: Manual;
09:04:08.0630 0896 ============================================================
09:04:09.0098 0896 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
09:04:09.0098 0896 1394ohci - ok
09:04:09.0145 0896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
09:04:09.0161 0896 ACPI - ok
09:04:09.0192 0896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
09:04:09.0192 0896 AcpiPmi - ok
09:04:09.0410 0896 AcrSch2Svc (ad2596d8cf9d25cc38cd06f7347a5ed5) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
09:04:09.0426 0896 AcrSch2Svc - ok
09:04:09.0582 0896 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:04:09.0582 0896 AdobeFlashPlayerUpdateSvc - ok
09:04:09.0753 0896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
09:04:09.0769 0896 adp94xx - ok
09:04:09.0816 0896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
09:04:09.0816 0896 adpahci - ok
09:04:09.0863 0896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
09:04:09.0863 0896 adpu320 - ok
09:04:09.0925 0896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
09:04:09.0925 0896 AeLookupSvc - ok
09:04:10.0019 0896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
09:04:10.0019 0896 AFD - ok
09:04:10.0081 0896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
09:04:10.0081 0896 agp440 - ok
09:04:10.0112 0896 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
09:04:10.0112 0896 ALG - ok
09:04:10.0143 0896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
09:04:10.0143 0896 aliide - ok
09:04:10.0159 0896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
09:04:10.0159 0896 amdide - ok
09:04:10.0175 0896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
09:04:10.0175 0896 AmdK8 - ok
09:04:10.0190 0896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
09:04:10.0190 0896 AmdPPM - ok
09:04:10.0237 0896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
09:04:10.0237 0896 amdsata - ok
09:04:10.0253 0896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
09:04:10.0253 0896 amdsbs - ok
09:04:10.0268 0896 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
09:04:10.0268 0896 amdxata - ok
09:04:10.0315 0896 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
09:04:10.0315 0896 AppID - ok
09:04:10.0331 0896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
09:04:10.0331 0896 AppIDSvc - ok
09:04:10.0377 0896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
09:04:10.0377 0896 Appinfo - ok
09:04:10.0502 0896 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:04:10.0502 0896 Apple Mobile Device - ok
09:04:10.0518 0896 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
09:04:10.0518 0896 arc - ok
09:04:10.0549 0896 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
09:04:10.0549 0896 arcsas - ok
09:04:10.0596 0896 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys
09:04:10.0596 0896 aswFsBlk - ok
09:04:10.0658 0896 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys
09:04:10.0658 0896 aswMonFlt - ok
09:04:10.0689 0896 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys
09:04:10.0689 0896 aswRdr - ok
09:04:10.0799 0896 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys
09:04:10.0814 0896 aswSnx - ok
09:04:10.0877 0896 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys
09:04:10.0877 0896 aswSP - ok
09:04:10.0908 0896 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys
09:04:10.0908 0896 aswTdi - ok
09:04:10.0939 0896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
09:04:10.0939 0896 AsyncMac - ok
09:04:10.0970 0896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
09:04:10.0970 0896 atapi - ok
09:04:11.0142 0896 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
09:04:11.0157 0896 athr - ok
09:04:11.0641 0896 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\drivers\atikmdag.sys
09:04:11.0688 0896 atikmdag - ok
09:04:11.0813 0896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
09:04:11.0828 0896 AudioEndpointBuilder - ok
09:04:11.0844 0896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
09:04:11.0844 0896 AudioSrv - ok
09:04:11.0984 0896 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:04:11.0984 0896 avast! Antivirus - ok
09:04:12.0047 0896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
09:04:12.0047 0896 AxInstSV - ok
09:04:12.0093 0896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
09:04:12.0093 0896 b06bdrv - ok
09:04:12.0125 0896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
09:04:12.0140 0896 b57nd60a - ok
09:04:12.0156 0896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
09:04:12.0156 0896 BDESVC - ok
09:04:12.0171 0896 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
09:04:12.0171 0896 Beep - ok
09:04:12.0281 0896 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
09:04:12.0296 0896 BFE - ok
09:04:12.0359 0896 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
09:04:12.0374 0896 BITS - ok
09:04:12.0390 0896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
09:04:12.0390 0896 blbdrive - ok
09:04:12.0499 0896 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
09:04:12.0499 0896 Bonjour Service - ok
09:04:12.0530 0896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
09:04:12.0530 0896 bowser - ok
09:04:12.0546 0896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
09:04:12.0546 0896 BrFiltLo - ok
09:04:12.0561 0896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
09:04:12.0561 0896 BrFiltUp - ok
09:04:12.0577 0896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
09:04:12.0577 0896 BridgeMP - ok
09:04:12.0624 0896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
09:04:12.0624 0896 Browser - ok
09:04:12.0655 0896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
09:04:12.0655 0896 Brserid - ok
09:04:12.0671 0896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
09:04:12.0671 0896 BrSerWdm - ok
09:04:12.0671 0896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
09:04:12.0671 0896 BrUsbMdm - ok
09:04:12.0686 0896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
09:04:12.0686 0896 BrUsbSer - ok
09:04:12.0686 0896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
09:04:12.0702 0896 BTHMODEM - ok
09:04:12.0733 0896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
09:04:12.0733 0896 bthserv - ok
09:04:12.0749 0896 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
09:04:12.0749 0896 cdfs - ok
09:04:12.0811 0896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
09:04:12.0811 0896 cdrom - ok
09:04:12.0842 0896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
09:04:12.0842 0896 CertPropSvc - ok
09:04:12.0951 0896 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
09:04:12.0951 0896 cfWiMAXService - ok
09:04:12.0983 0896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
09:04:12.0983 0896 circlass - ok
09:04:13.0029 0896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
09:04:13.0029 0896 CLFS - ok
09:04:13.0076 0896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:04:13.0092 0896 clr_optimization_v2.0.50727_32 - ok
09:04:13.0123 0896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:04:13.0139 0896 clr_optimization_v2.0.50727_64 - ok
09:04:13.0201 0896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:04:13.0201 0896 clr_optimization_v4.0.30319_32 - ok
09:04:13.0248 0896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:04:13.0248 0896 clr_optimization_v4.0.30319_64 - ok
09:04:13.0295 0896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
09:04:13.0295 0896 CmBatt - ok
09:04:13.0341 0896 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
09:04:13.0341 0896 cmdide - ok
09:04:13.0404 0896 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
09:04:13.0404 0896 CNG - ok
09:04:13.0513 0896 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\windows\system32\drivers\CHDRT64.sys
09:04:13.0513 0896 CnxtHdAudService - ok
09:04:13.0544 0896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
09:04:13.0544 0896 Compbatt - ok
09:04:13.0591 0896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
09:04:13.0591 0896 CompositeBus - ok
09:04:13.0607 0896 COMSysApp - ok
09:04:13.0700 0896 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
09:04:13.0700 0896 ConfigFree Gadget Service - ok
09:04:13.0716 0896 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
09:04:13.0716 0896 ConfigFree Service - ok
09:04:13.0747 0896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
09:04:13.0747 0896 crcdisk - ok
09:04:13.0809 0896 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
09:04:13.0809 0896 CryptSvc - ok
09:04:13.0887 0896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
09:04:13.0903 0896 DcomLaunch - ok
09:04:13.0919 0896 dcxcblor - ok
09:04:13.0965 0896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
09:04:13.0965 0896 defragsvc - ok
09:04:14.0012 0896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
09:04:14.0012 0896 DfsC - ok
09:04:14.0075 0896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
09:04:14.0075 0896 Dhcp - ok
09:04:14.0090 0896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
09:04:14.0090 0896 discache - ok
09:04:14.0121 0896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
09:04:14.0137 0896 Disk - ok
09:04:14.0153 0896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
09:04:14.0168 0896 Dnscache - ok
09:04:14.0215 0896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
09:04:14.0231 0896 dot3svc - ok
09:04:14.0277 0896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
09:04:14.0277 0896 DPS - ok
09:04:14.0309 0896 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
09:04:14.0309 0896 drmkaud - ok
09:04:14.0402 0896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
09:04:14.0418 0896 DXGKrnl - ok
09:04:14.0449 0896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
09:04:14.0449 0896 EapHost - ok
09:04:14.0683 0896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
09:04:14.0714 0896 ebdrv - ok
09:04:14.0792 0896 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
09:04:14.0808 0896 EFS - ok
09:04:14.0901 0896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
09:04:14.0901 0896 ehRecvr - ok
09:04:14.0933 0896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
09:04:14.0933 0896 ehSched - ok
09:04:14.0995 0896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
09:04:14.0995 0896 elxstor - ok
09:04:15.0073 0896 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
09:04:15.0089 0896 EPSON_EB_RPCV4_01 - ok
09:04:15.0104 0896 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
09:04:15.0104 0896 EPSON_PM_RPCV4_01 - ok
09:04:15.0135 0896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
09:04:15.0151 0896 ErrDev - ok
09:04:15.0214 0896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
09:04:15.0214 0896 EventSystem - ok
09:04:15.0245 0896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
09:04:15.0245 0896 exfat - ok
09:04:15.0292 0896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
09:04:15.0292 0896 fastfat - ok
09:04:15.0385 0896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
09:04:15.0401 0896 Fax - ok
09:04:15.0401 0896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
09:04:15.0401 0896 fdc - ok
09:04:15.0416 0896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
09:04:15.0432 0896 fdPHost - ok
09:04:15.0448 0896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
09:04:15.0448 0896 FDResPub - ok
09:04:15.0463 0896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
09:04:15.0463 0896 FileInfo - ok
09:04:15.0479 0896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
09:04:15.0479 0896 Filetrace - ok
09:04:15.0494 0896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
09:04:15.0494 0896 flpydisk - ok
09:04:15.0557 0896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
09:04:15.0572 0896 FltMgr - ok
09:04:15.0682 0896 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
09:04:15.0697 0896 FontCache - ok
09:04:15.0760 0896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:04:15.0760 0896 FontCache3.0.0.0 - ok
09:04:15.0791 0896 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
09:04:15.0791 0896 FsDepends - ok
09:04:15.0838 0896 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
09:04:15.0838 0896 Fs_Rec - ok
09:04:15.0884 0896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
09:04:15.0884 0896 fvevol - ok
09:04:15.0916 0896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
09:04:15.0916 0896 gagp30kx - ok
09:04:16.0040 0896 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
09:04:16.0040 0896 GameConsoleService - ok
09:04:16.0103 0896 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
09:04:16.0103 0896 GEARAspiWDM - ok
09:04:16.0196 0896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
09:04:16.0212 0896 gpsvc - ok
09:04:16.0306 0896 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:04:16.0306 0896 gupdate - ok
09:04:16.0337 0896 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:04:16.0337 0896 gupdatem - ok
09:04:16.0384 0896 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
09:04:16.0384 0896 gusvc - ok
09:04:16.0415 0896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
09:04:16.0415 0896 hcw85cir - ok
09:04:16.0477 0896 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
09:04:16.0477 0896 HdAudAddService - ok
09:04:16.0508 0896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
09:04:16.0508 0896 HDAudBus - ok
09:04:16.0508 0896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
09:04:16.0508 0896 HidBatt - ok
09:04:16.0540 0896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
09:04:16.0540 0896 HidBth - ok
09:04:16.0555 0896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
09:04:16.0555 0896 HidIr - ok
09:04:16.0586 0896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
09:04:16.0586 0896 hidserv - ok
09:04:16.0618 0896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
09:04:16.0618 0896 HidUsb - ok
09:04:16.0680 0896 HitmanProScheduler (4d4897ea19c389fbb900378bf57e660f) C:\Program Files\HitmanPro\hmpsched.exe
09:04:16.0680 0896 HitmanProScheduler - ok
09:04:16.0742 0896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
09:04:16.0742 0896 hkmsvc - ok
09:04:16.0789 0896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
09:04:16.0805 0896 HomeGroupListener - ok
09:04:16.0852 0896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
09:04:16.0852 0896 HomeGroupProvider - ok
09:04:16.0883 0896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
09:04:16.0883 0896 HpSAMD - ok
09:04:16.0945 0896 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\windows\system32\Drivers\ANDROIDUSB.sys
09:04:16.0945 0896 HTCAND64 - ok
09:04:17.0039 0896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
09:04:17.0039 0896 HTTP - ok
09:04:17.0070 0896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
09:04:17.0086 0896 hwpolicy - ok
09:04:17.0101 0896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
09:04:17.0101 0896 i8042prt - ok
09:04:17.0148 0896 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
09:04:17.0148 0896 iaStor - ok
09:04:17.0226 0896 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:04:17.0226 0896 IAStorDataMgrSvc - ok
09:04:17.0288 0896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
09:04:17.0288 0896 iaStorV - ok
09:04:17.0351 0896 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:04:17.0351 0896 IDriverT - ok
09:04:17.0460 0896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:04:17.0460 0896 idsvc - ok
09:04:18.0006 0896 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\windows\system32\DRIVERS\igdkmd64.sys
09:04:18.0084 0896 igfx - ok
09:04:18.0178 0896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
09:04:18.0178 0896 iirsp - ok
09:04:18.0271 0896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
09:04:18.0287 0896 IKEEXT - ok
09:04:18.0349 0896 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\windows\system32\drivers\IntcHdmi.sys
09:04:18.0349 0896 IntcHdmiAddService - ok
09:04:18.0365 0896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
09:04:18.0365 0896 intelide - ok
09:04:18.0412 0896 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
09:04:18.0412 0896 intelppm - ok
09:04:18.0427 0896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
09:04:18.0427 0896 IPBusEnum - ok
09:04:18.0474 0896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
09:04:18.0474 0896 IpFilterDriver - ok
09:04:18.0568 0896 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
09:04:18.0568 0896 iphlpsvc - ok
09:04:18.0599 0896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
09:04:18.0599 0896 IPMIDRV - ok
09:04:18.0614 0896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
09:04:18.0614 0896 IPNAT - ok
09:04:18.0739 0896 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
09:04:18.0739 0896 iPod Service - ok
09:04:18.0770 0896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
09:04:18.0770 0896 IRENUM - ok
09:04:18.0786 0896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
09:04:18.0802 0896 isapnp - ok
09:04:18.0833 0896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
09:04:18.0833 0896 iScsiPrt - ok
09:04:18.0911 0896 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
09:04:18.0911 0896 IviRegMgr - ok
09:04:18.0942 0896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
09:04:18.0942 0896 kbdclass - ok
09:04:18.0958 0896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
09:04:18.0958 0896 kbdhid - ok
09:04:19.0004 0896 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:04:19.0004 0896 KeyIso - ok
09:04:19.0020 0896 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
09:04:19.0036 0896 KSecDD - ok
09:04:19.0051 0896 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
09:04:19.0051 0896 KSecPkg - ok
09:04:19.0067 0896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
09:04:19.0067 0896 ksthunk - ok
09:04:19.0129 0896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
09:04:19.0129 0896 KtmRm - ok
09:04:19.0176 0896 L1C (2377ec4cc3e356655b996f39b43486b6) C:\windows\system32\DRIVERS\L1C62x64.sys
09:04:19.0176 0896 L1C - ok
09:04:19.0254 0896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
09:04:19.0270 0896 LanmanServer - ok
09:04:19.0316 0896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
09:04:19.0316 0896 LanmanWorkstation - ok
09:04:19.0348 0896 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
09:04:19.0348 0896 lltdio - ok
09:04:19.0410 0896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
09:04:19.0410 0896 lltdsvc - ok
09:04:19.0441 0896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
09:04:19.0441 0896 lmhosts - ok
09:04:19.0488 0896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
09:04:19.0488 0896 LSI_FC - ok
09:04:19.0504 0896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
09:04:19.0504 0896 LSI_SAS - ok
09:04:19.0504 0896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
09:04:19.0519 0896 LSI_SAS2 - ok
09:04:19.0519 0896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
09:04:19.0519 0896 LSI_SCSI - ok
09:04:19.0550 0896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
09:04:19.0566 0896 luafv - ok
09:04:19.0597 0896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
09:04:19.0613 0896 Mcx2Svc - ok
09:04:19.0613 0896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
09:04:19.0613 0896 megasas - ok
09:04:19.0660 0896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
09:04:19.0660 0896 MegaSR - ok
09:04:19.0691 0896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
09:04:19.0691 0896 MMCSS - ok
09:04:19.0706 0896 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
09:04:19.0706 0896 Modem - ok
09:04:19.0722 0896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
09:04:19.0722 0896 monitor - ok
09:04:19.0769 0896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
09:04:19.0769 0896 mouclass - ok
09:04:19.0784 0896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
09:04:19.0800 0896 mouhid - ok
09:04:19.0831 0896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
09:04:19.0831 0896 mountmgr - ok
09:04:19.0925 0896 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
09:04:19.0925 0896 MozillaMaintenance - ok
09:04:19.0987 0896 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
09:04:19.0987 0896 MpFilter - ok
09:04:20.0034 0896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
09:04:20.0034 0896 mpio - ok
09:04:20.0065 0896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
09:04:20.0065 0896 mpsdrv - ok
09:04:20.0159 0896 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
09:04:20.0174 0896 MpsSvc - ok
09:04:20.0237 0896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
09:04:20.0237 0896 MRxDAV - ok
09:04:20.0268 0896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
09:04:20.0284 0896 mrxsmb - ok
09:04:20.0315 0896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
09:04:20.0330 0896 mrxsmb10 - ok
09:04:20.0362 0896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
09:04:20.0362 0896 mrxsmb20 - ok
09:04:20.0362 0896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
09:04:20.0377 0896 msahci - ok
09:04:20.0424 0896 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
09:04:20.0424 0896 msdsm - ok
09:04:20.0471 0896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
09:04:20.0471 0896 MSDTC - ok
09:04:20.0502 0896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
09:04:20.0502 0896 Msfs - ok
09:04:20.0518 0896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
09:04:20.0518 0896 mshidkmdf - ok
09:04:20.0533 0896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
09:04:20.0533 0896 msisadrv - ok
09:04:20.0580 0896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
09:04:20.0580 0896 MSiSCSI - ok
09:04:20.0596 0896 msiserver - ok
09:04:20.0627 0896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
09:04:20.0627 0896 MSKSSRV - ok
09:04:20.0720 0896 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
09:04:20.0720 0896 MsMpSvc - ok
09:04:20.0720 0896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
09:04:20.0736 0896 MSPCLOCK - ok
09:04:20.0752 0896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
09:04:20.0752 0896 MSPQM - ok
09:04:20.0814 0896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
09:04:20.0814 0896 MsRPC - ok
09:04:20.0830 0896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
09:04:20.0845 0896 mssmbios - ok
09:04:20.0861 0896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
09:04:20.0861 0896 MSTEE - ok
09:04:20.0861 0896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
09:04:20.0861 0896 MTConfig - ok
09:04:20.0892 0896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
09:04:20.0892 0896 Mup - ok
09:04:20.0970 0896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
09:04:20.0986 0896 napagent - ok
09:04:21.0017 0896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
09:04:21.0017 0896 NativeWifiP - ok
09:04:21.0095 0896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
09:04:21.0095 0896 NDIS - ok
09:04:21.0126 0896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
09:04:21.0126 0896 NdisCap - ok
09:04:21.0157 0896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
09:04:21.0173 0896 NdisTapi - ok
09:04:21.0220 0896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
09:04:21.0220 0896 Ndisuio - ok
09:04:21.0266 0896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
09:04:21.0266 0896 NdisWan - ok
09:04:21.0329 0896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
09:04:21.0329 0896 NDProxy - ok
09:04:21.0344 0896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
09:04:21.0360 0896 NetBIOS - ok
09:04:21.0407 0896 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
09:04:21.0422 0896 NetBT - ok
09:04:21.0454 0896 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:04:21.0469 0896 Netlogon - ok
09:04:21.0516 0896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
09:04:21.0532 0896 Netman - ok
09:04:21.0564 0896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
09:04:21.0564 0896 netprofm - ok
09:04:21.0626 0896 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:04:21.0642 0896 NetTcpPortSharing - ok
09:04:21.0673 0896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
09:04:21.0673 0896 nfrd960 - ok
09:04:21.0735 0896 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
09:04:21.0751 0896 NisDrv - ok
09:04:21.0860 0896 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
09:04:21.0860 0896 NisSrv - ok
09:04:21.0923 0896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
09:04:21.0938 0896 NlaSvc - ok
09:04:21.0954 0896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
09:04:21.0954 0896 Npfs - ok
09:04:21.0954 0896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
09:04:21.0969 0896 nsi - ok
09:04:21.0969 0896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
09:04:21.0969 0896 nsiproxy - ok
09:04:22.0125 0896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
09:04:22.0141 0896 Ntfs - ok
09:04:22.0219 0896 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
09:04:22.0219 0896 Null - ok
09:04:22.0281 0896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
09:04:22.0297 0896 nvraid - ok
09:04:22.0313 0896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
09:04:22.0313 0896 nvstor - ok
09:04:22.0359 0896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
09:04:22.0359 0896 nv_agp - ok
09:04:22.0391 0896 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\windows\system32\DRIVERS\o2flash.exe
09:04:22.0391 0896 O2FLASH - ok
09:04:22.0422 0896 O2MDGRDR (3840f61d55dbf32f4b88fa15fb03c461) C:\windows\system32\DRIVERS\o2mdgx64.sys
09:04:22.0422 0896 O2MDGRDR - ok
09:04:22.0437 0896 O2SDGRDR (fa1eed3a10992eba9a39172b50346434) C:\windows\system32\DRIVERS\o2sdgx64.sys
09:04:22.0437 0896 O2SDGRDR - ok
09:04:22.0484 0896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
09:04:22.0484 0896 ohci1394 - ok
09:04:22.0531 0896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
09:04:22.0531 0896 p2pimsvc - ok
09:04:22.0578 0896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
09:04:22.0593 0896 p2psvc - ok
09:04:22.0625 0896 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
09:04:22.0625 0896 Parport - ok
09:04:22.0656 0896 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
09:04:22.0671 0896 partmgr - ok
09:04:22.0687 0896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
09:04:22.0703 0896 PcaSvc - ok
09:04:22.0734 0896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
09:04:22.0734 0896 pci - ok
09:04:22.0749 0896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
09:04:22.0749 0896 pciide - ok
09:04:22.0765 0896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
09:04:22.0781 0896 pcmcia - ok
09:04:22.0796 0896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
09:04:22.0796 0896 pcw - ok
09:04:22.0874 0896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
09:04:22.0874 0896 PEAUTH - ok
09:04:22.0968 0896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
09:04:22.0968 0896 PerfHost - ok
09:04:23.0108 0896 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
09:04:23.0108 0896 PGEffect - ok
09:04:23.0249 0896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
09:04:23.0280 0896 pla - ok
09:04:23.0327 0896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
09:04:23.0342 0896 PlugPlay - ok
09:04:23.0358 0896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
09:04:23.0358 0896 PNRPAutoReg - ok
09:04:23.0405 0896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
09:04:23.0405 0896 PNRPsvc - ok
09:04:23.0467 0896 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
09:04:23.0467 0896 Point64 - ok
09:04:23.0514 0896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
09:04:23.0529 0896 PolicyAgent - ok
09:04:23.0561 0896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
09:04:23.0576 0896 Power - ok
09:04:23.0639 0896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
09:04:23.0639 0896 PptpMiniport - ok
09:04:23.0670 0896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
09:04:23.0670 0896 Processor - ok
09:04:23.0701 0896 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
09:04:23.0717 0896 ProfSvc - ok
09:04:23.0748 0896 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:04:23.0748 0896 ProtectedStorage - ok
09:04:23.0810 0896 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
09:04:23.0810 0896 Psched - ok
09:04:23.0841 0896 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
09:04:23.0841 0896 QIOMem - ok
09:04:23.0966 0896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
09:04:23.0997 0896 ql2300 - ok
09:04:24.0060 0896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
09:04:24.0075 0896 ql40xx - ok
09:04:24.0107 0896 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
09:04:24.0122 0896 QWAVE - ok
09:04:24.0138 0896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
09:04:24.0138 0896 QWAVEdrv - ok
09:04:24.0153 0896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
09:04:24.0153 0896 RasAcd - ok
09:04:24.0185 0896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
09:04:24.0185 0896 RasAgileVpn - ok
09:04:24.0216 0896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
09:04:24.0216 0896 RasAuto - ok
09:04:24.0263 0896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
09:04:24.0263 0896 Rasl2tp - ok
09:04:24.0309 0896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
09:04:24.0309 0896 RasMan - ok
09:04:24.0325 0896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
09:04:24.0325 0896 RasPppoe - ok
09:04:24.0341 0896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
09:04:24.0341 0896 RasSstp - ok
09:04:24.0372 0896 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
09:04:24.0387 0896 rdbss - ok
09:04:24.0387 0896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
09:04:24.0387 0896 rdpbus - ok
09:04:24.0403 0896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
09:04:24.0403 0896 RDPCDD - ok
09:04:24.0434 0896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
09:04:24.0434 0896 RDPENCDD - ok
09:04:24.0450 0896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
09:04:24.0450 0896 RDPREFMP - ok
09:04:24.0497 0896 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
09:04:24.0497 0896 RDPWD - ok
09:04:24.0559 0896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
09:04:24.0559 0896 rdyboost - ok
09:04:24.0590 0896 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
09:04:24.0590 0896 regi - ok
09:04:24.0621 0896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
09:04:24.0637 0896 RemoteAccess - ok
09:04:24.0653 0896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
09:04:24.0668 0896 RemoteRegistry - ok
09:04:24.0668 0896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
09:04:24.0684 0896 RpcEptMapper - ok
09:04:24.0699 0896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
09:04:24.0699 0896 RpcLocator - ok
09:04:24.0824 0896 rpcnet (6684437f3628ef237c354f77d33426d1) C:\windows\SysWOW64\rpcnet.exe
09:04:24.0840 0896 rpcnet - ok
09:04:24.0902 0896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
09:04:24.0918 0896 RpcSs - ok
09:04:24.0965 0896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
09:04:24.0965 0896 rspndr - ok
09:04:25.0074 0896 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
09:04:25.0074 0896 rtl8192se - ok
09:04:25.0121 0896 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:04:25.0121 0896 SamSs - ok
09:04:25.0167 0896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
09:04:25.0167 0896 sbp2port - ok
09:04:25.0339 0896 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
09:04:25.0355 0896 SBSDWSCService - ok
09:04:25.0386 0896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
09:04:25.0401 0896 SCardSvr - ok
09:04:25.0448 0896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
09:04:25.0448 0896 scfilter - ok
09:04:25.0557 0896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
09:04:25.0573 0896 Schedule - ok
09:04:25.0620 0896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
09:04:25.0620 0896 SCPolicySvc - ok
09:04:25.0667 0896 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
09:04:25.0667 0896 sdbus - ok
09:04:25.0729 0896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
09:04:25.0745 0896 SDRSVC - ok
09:04:25.0760 0896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
09:04:25.0776 0896 secdrv - ok
09:04:25.0807 0896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
09:04:25.0807 0896 seclogon - ok
09:04:25.0823 0896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
09:04:25.0838 0896 SENS - ok
09:04:25.0854 0896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
09:04:25.0854 0896 SensrSvc - ok
09:04:25.0885 0896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
09:04:25.0885 0896 Serenum - ok
09:04:25.0916 0896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
09:04:25.0916 0896 Serial - ok
09:04:25.0963 0896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
09:04:25.0963 0896 sermouse - ok
09:04:26.0025 0896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
09:04:26.0025 0896 SessionEnv - ok
09:04:26.0072 0896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
09:04:26.0072 0896 sffdisk - ok
09:04:26.0088 0896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
09:04:26.0088 0896 sffp_mmc - ok
09:04:26.0103 0896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
09:04:26.0103 0896 sffp_sd - ok
09:04:26.0103 0896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
09:04:26.0103 0896 sfloppy - ok
09:04:26.0166 0896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
09:04:26.0166 0896 SharedAccess - ok
09:04:26.0228 0896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
09:04:26.0244 0896 ShellHWDetection - ok
09:04:26.0259 0896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
09:04:26.0259 0896 SiSRaid2 - ok
09:04:26.0259 0896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
09:04:26.0275 0896 SiSRaid4 - ok
09:04:26.0306 0896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
09:04:26.0306 0896 Smb - ok
09:04:26.0384 0896 snapman (32cde417100c530964e79c53b4e994ca) C:\windows\system32\DRIVERS\snapman.sys
09:04:26.0384 0896 snapman - ok
09:04:26.0415 0896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
09:04:26.0415 0896 SNMPTRAP - ok
09:04:26.0431 0896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
09:04:26.0431 0896 spldr - ok
09:04:26.0478 0896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
09:04:26.0493 0896 Spooler - ok
09:04:26.0743 0896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
09:04:26.0790 0896 sppsvc - ok
09:04:26.0883 0896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
09:04:26.0883 0896 sppuinotify - ok
09:04:26.0946 0896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
09:04:26.0946 0896 srv - ok
09:04:26.0993 0896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
09:04:26.0993 0896 srv2 - ok
09:04:27.0024 0896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
09:04:27.0024 0896 srvnet - ok
09:04:27.0055 0896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
09:04:27.0071 0896 SSDPSRV - ok
09:04:27.0086 0896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
09:04:27.0086 0896 SstpSvc - ok
09:04:27.0102 0896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
09:04:27.0102 0896 stexstor - ok
09:04:27.0180 0896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
09:04:27.0195 0896 stisvc - ok
09:04:27.0242 0896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
09:04:27.0242 0896 swenum - ok
09:04:27.0289 0896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
09:04:27.0305 0896 swprv - ok
09:04:27.0367 0896 SynTP (12a35e44d8647985fcdb8d298a590134) C:\windows\system32\DRIVERS\SynTP.sys
09:04:27.0367 0896 SynTP - ok
09:04:27.0523 0896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
09:04:27.0554 0896 SysMain - ok
09:04:27.0648 0896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
09:04:27.0648 0896 TabletInputService - ok
09:04:27.0710 0896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
09:04:27.0710 0896 TapiSrv - ok
09:04:27.0741 0896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
09:04:27.0757 0896 TBS - ok
09:04:27.0944 0896 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
09:04:27.0975 0896 Tcpip - ok
09:04:28.0194 0896 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
09:04:28.0209 0896 TCPIP6 - ok
09:04:28.0319 0896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
09:04:28.0319 0896 tcpipreg - ok
09:04:28.0350 0896 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
09:04:28.0350 0896 tdcmdpst - ok
09:04:28.0381 0896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
09:04:28.0381 0896 TDPIPE - ok
09:04:28.0428 0896 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
09:04:28.0428 0896 TDTCP - ok
09:04:28.0475 0896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
09:04:28.0475 0896 tdx - ok
09:04:28.0537 0896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
09:04:28.0537 0896 TermDD - ok
09:04:28.0584 0896 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
09:04:28.0599 0896 TermService - ok
09:04:28.0615 0896 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
09:04:28.0631 0896 Themes - ok
09:04:28.0662 0896 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
09:04:28.0677 0896 Thpdrv - ok
09:04:28.0677 0896 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
09:04:28.0677 0896 Thpevm - ok
09:04:28.0740 0896 Thpsrv (6146eac71ae3c9da17b0e33632082b7b) C:\windows\system32\ThpSrv.exe
09:04:28.0755 0896 Thpsrv - ok
09:04:28.0787 0896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
09:04:28.0802 0896 THREADORDER - ok
09:04:28.0911 0896 timounter (6adc063fd51f03ef0cab3e716a725bd2) C:\windows\system32\DRIVERS\timntr.sys
09:04:28.0927 0896 timounter - ok
09:04:29.0036 0896 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
09:04:29.0036 0896 TMachInfo - ok
09:04:29.0052 0896 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
09:04:29.0052 0896 TODDSrv - ok
09:04:29.0145 0896 TosCoSrv (06c61275adc64f1e36240a2287998a5e) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
09:04:29.0145 0896 TosCoSrv - ok
09:04:29.0192 0896 TOSHIBA eco Utility Service (32ff64d06a91daa0331c624aff442679) C:\Program Files\TOSHIBA\TECO\TecoService.exe
09:04:29.0208 0896 TOSHIBA eco Utility Service - ok
09:04:29.0239 0896 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
09:04:29.0239 0896 TOSHIBA HDD SSD Alert Service - ok
09:04:29.0333 0896 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
09:04:29.0333 0896 tos_sps64 - ok
09:04:29.0426 0896 TPCHSrv (bdfea7a014d8e4a29323ec6e32d30fca) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
09:04:29.0442 0896 TPCHSrv - ok
09:04:29.0551 0896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
09:04:29.0567 0896 TrkWks - ok
09:04:29.0613 0896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
09:04:29.0629 0896 TrustedInstaller - ok
09:04:29.0660 0896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
09:04:29.0660 0896 tssecsrv - ok
09:04:29.0707 0896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
09:04:29.0707 0896 TsUsbFlt - ok
09:04:29.0769 0896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
09:04:29.0785 0896 tunnel - ok
09:04:29.0801 0896 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
09:04:29.0801 0896 TVALZ - ok
09:04:29.0832 0896 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
09:04:29.0832 0896 TVALZFL - ok
09:04:29.0847 0896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
09:04:29.0863 0896 uagp35 - ok
09:04:29.0894 0896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
09:04:29.0894 0896 udfs - ok
09:04:29.0925 0896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
09:04:29.0925 0896 UI0Detect - ok
09:04:29.0972 0896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
09:04:29.0988 0896 uliagpkx - ok
09:04:30.0019 0896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
09:04:30.0019 0896 umbus - ok
09:04:30.0035 0896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
09:04:30.0035 0896 UmPass - ok
09:04:30.0081 0896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
09:04:30.0081 0896 upnphost - ok
09:04:30.0128 0896 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
09:04:30.0128 0896 USBAAPL64 - ok
09:04:30.0191 0896 usbbus (5fcc71487888589a9244af54cfefab29) C:\windows\system32\DRIVERS\lgx64bus.sys
09:04:30.0206 0896 usbbus - ok
09:04:30.0222 0896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
09:04:30.0222 0896 usbccgp - ok
09:04:30.0284 0896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
09:04:30.0284 0896 usbcir - ok
09:04:30.0315 0896 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\windows\system32\DRIVERS\lgx64diag.sys
09:04:30.0315 0896 UsbDiag - ok
09:04:30.0331 0896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
09:04:30.0347 0896 usbehci - ok
09:04:30.0362 0896 UsbGps (8e36e68c0b7fa174012a61a290351e49) C:\windows\system32\DRIVERS\lgx64gps.sys
09:04:30.0362 0896 UsbGps - ok
09:04:30.0393 0896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
09:04:30.0393 0896 usbhub - ok
09:04:30.0425 0896 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\windows\system32\DRIVERS\lgx64modem.sys
09:04:30.0425 0896 USBModem - ok
09:04:30.0456 0896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
09:04:30.0456 0896 usbohci - ok
09:04:30.0471 0896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
09:04:30.0471 0896 usbprint - ok
09:04:30.0487 0896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
09:04:30.0487 0896 USBSTOR - ok
09:04:30.0518 0896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
09:04:30.0518 0896 usbuhci - ok
09:04:30.0565 0896 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
09:04:30.0565 0896 usbvideo - ok
09:04:30.0581 0896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
09:04:30.0596 0896 UxSms - ok
09:04:30.0643 0896 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
09:04:30.0643 0896 VaultSvc - ok
09:04:30.0674 0896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
09:04:30.0674 0896 vdrvroot - ok
09:04:30.0752 0896 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
09:04:30.0752 0896 vds - ok
09:04:30.0768 0896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
09:04:30.0768 0896 vga - ok
09:04:30.0783 0896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
09:04:30.0783 0896 VgaSave - ok
09:04:30.0815 0896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
09:04:30.0830 0896 vhdmp - ok
09:04:30.0861 0896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
09:04:30.0861 0896 viaide - ok
09:04:30.0908 0896 vididr (96a4f56cbba3dcf5d90cda1bc218d040) C:\windows\system32\DRIVERS\vididr.sys
09:04:30.0924 0896 vididr - ok
09:04:30.0971 0896 vidsflt53 (c69a784bec737cd7460ebf3c3834d65e) C:\windows\system32\DRIVERS\vsflt53.sys
09:04:30.0971 0896 vidsflt53 - ok
09:04:30.0986 0896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
09:04:31.0002 0896 volmgr - ok
09:04:31.0064 0896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
09:04:31.0080 0896 volmgrx - ok
09:04:31.0111 0896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
09:04:31.0111 0896 volsnap - ok
09:04:31.0142 0896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
09:04:31.0158 0896 vsmraid - ok
09:04:31.0329 0896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
09:04:31.0345 0896 VSS - ok
09:04:31.0439 0896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
09:04:31.0439 0896 vwifibus - ok
09:04:31.0470 0896 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
09:04:31.0470 0896 vwififlt - ok
09:04:31.0485 0896 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
09:04:31.0485 0896 vwifimp - ok
09:04:31.0548 0896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
09:04:31.0548 0896 W32Time - ok
09:04:31.0563 0896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
09:04:31.0563 0896 WacomPen - ok
09:04:31.0610 0896 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:04:31.0610 0896 WANARP - ok
09:04:31.0626 0896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
09:04:31.0626 0896 Wanarpv6 - ok
09:04:31.0797 0896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
09:04:31.0813 0896 WatAdminSvc - ok
09:04:31.0969 0896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
09:04:31.0985 0896 wbengine - ok
09:04:32.0063 0896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
09:04:32.0078 0896 WbioSrvc - ok
09:04:32.0141 0896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
09:04:32.0156 0896 wcncsvc - ok
09:04:32.0172 0896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
09:04:32.0172 0896 WcsPlugInService - ok
09:04:32.0187 0896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
09:04:32.0187 0896 Wd - ok
09:04:32.0265 0896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
09:04:32.0265 0896 Wdf01000 - ok
09:04:32.0281 0896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
09:04:32.0297 0896 WdiServiceHost - ok
09:04:32.0297 0896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
09:04:32.0312 0896 WdiSystemHost - ok
09:04:32.0359 0896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
09:04:32.0375 0896 WebClient - ok
09:04:32.0406 0896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
09:04:32.0421 0896 Wecsvc - ok
09:04:32.0437 0896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
09:04:32.0453 0896 wercplsupport - ok
09:04:32.0468 0896 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
09:04:32.0484 0896 WerSvc - ok
09:04:32.0499 0896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
09:04:32.0499 0896 WfpLwf - ok
09:04:32.0531 0896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
09:04:32.0531 0896 WIMMount - ok
09:04:32.0577 0896 WinDefend - ok
09:04:32.0593 0896 WinHttpAutoProxySvc - ok
09:04:32.0655 0896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
09:04:32.0655 0896 Winmgmt - ok
09:04:32.0843 0896 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
09:04:32.0874 0896 WinRM - ok
09:04:32.0999 0896 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
09:04:32.0999 0896 WinUSB - ok
09:04:33.0077 0896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
09:04:33.0092 0896 Wlansvc - ok
09:04:33.0108 0896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
09:04:33.0108 0896 WmiAcpi - ok
09:04:33.0139 0896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
09:04:33.0155 0896 wmiApSrv - ok
09:04:33.0170 0896 WMPNetworkSvc - ok
09:04:33.0295 0896 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe
09:04:33.0295 0896 WMZuneComm - ok
09:04:33.0326 0896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
09:04:33.0342 0896 WPCSvc - ok
09:04:33.0373 0896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
09:04:33.0389 0896 WPDBusEnum - ok
09:04:33.0420 0896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
09:04:33.0420 0896 ws2ifsl - ok
09:04:33.0498 0896 WsAudio_DeviceS(1) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(1).sys
09:04:33.0498 0896 WsAudio_DeviceS(1) - ok
09:04:33.0529 0896 WsAudio_DeviceS(2) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(2).sys
09:04:33.0529 0896 WsAudio_DeviceS(2) - ok
09:04:33.0545 0896 WsAudio_DeviceS(3) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(3).sys
09:04:33.0545 0896 WsAudio_DeviceS(3) - ok
09:04:33.0576 0896 WsAudio_DeviceS(4) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(4).sys
09:04:33.0576 0896 WsAudio_DeviceS(4) - ok
09:04:33.0607 0896 WsAudio_DeviceS(5) (ad12f5c7251bb8d575d560894e73cbba) C:\windows\system32\drivers\WsAudio_DeviceS(5).sys
09:04:33.0607 0896 WsAudio_DeviceS(5) - ok
09:04:33.0654 0896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
09:04:33.0669 0896 wscsvc - ok
09:04:33.0669 0896 WSearch - ok
09:04:33.0872 0896 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
09:04:33.0903 0896 wuauserv - ok
09:04:34.0028 0896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
09:04:34.0028 0896 WudfPf - ok
09:04:34.0059 0896 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
09:04:34.0059 0896 WUDFRd - ok
09:04:34.0122 0896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
09:04:34.0122 0896 wudfsvc - ok
09:04:34.0153 0896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
09:04:34.0169 0896 WwanSvc - ok
09:04:34.0747 0896 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe
09:04:34.0825 0896 ZuneNetworkSvc - ok
09:04:34.0918 0896 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
09:04:34.0918 0896 ZuneWlanCfgSvc - ok
09:04:34.0950 0896 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
09:04:35.0028 0896 \Device\Harddisk0\DR0 - ok
09:04:35.0028 0896 Boot (0x1200) (746854939d6f376005540ac5c30945c3) \Device\Harddisk0\DR0\Partition0
09:04:35.0028 0896 \Device\Harddisk0\DR0\Partition0 - ok
09:04:35.0028 0896 ============================================================
09:04:35.0028 0896 Scan finished
09:04:35.0028 0896 ============================================================
09:04:35.0059 1132 Detected object count: 0
09:04:35.0059 1132 Actual detected object count: 0



aswMBR did *not* ask to dl extra definitions- while running the system shut down and gave me the windows didn't shut down properly screen, I selected 'start Windows normally' and it started back up fine, hitman did find the rpcnet.dll suspicious again (interestingly, no update warning from spybot), re-ran aswMBR:



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-04 09:47:20
-----------------------------
09:47:20.695 OS Version: Windows x64 6.1.7601 Service Pack 1
09:47:20.695 Number of processors: 2 586 0x170A
09:47:20.695 ComputerName: MOM-LAPTOP UserName: MOM
09:47:22.411 Initialize success
09:47:22.582 AVAST engine defs: 12050400
09:47:27.761 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:47:27.761 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
09:47:27.777 Disk 0 MBR read successfully
09:47:27.777 Disk 0 MBR scan
09:47:27.793 Disk 0 Windows VISTA default MBR code
09:47:27.793 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
09:47:27.808 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464230 MB offset 3074048
09:47:27.855 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11209 MB offset 953817088
09:47:27.886 Disk 0 scanning C:\windows\system32\drivers
09:47:40.101 Service scanning
09:47:57.776 Modules scanning
09:47:57.776 Disk 0 trace - called modules:
09:47:57.823 ntoskrnl.exe CLASSPNP.SYS disk.sys vsflt53.sys thpdrv.sys
09:47:57.838 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80060fa060]
09:47:57.838 3 CLASSPNP.SYS[fffff88001c5143f] -> nt!IofCallDriver -> [0xfffffa80060f6250]
09:47:57.854 5 vsflt53.sys[fffff88000e92cfd] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80060f7060]
09:47:59.398 AVAST engine scan C:\windows
09:48:03.142 AVAST engine scan C:\windows\system32
09:51:04.267 AVAST engine scan C:\windows\system32\drivers
09:51:24.063 AVAST engine scan C:\Users\MOM
10:03:25.107 AVAST engine scan C:\ProgramData
10:04:23.716 Scan finished successfully
10:04:40.533 Disk 0 MBR has been saved successfully to "C:\Users\MOM\Desktop\MBR.dat"
10:04:40.549 The log file has been saved successfully to "C:\Users\MOM\Desktop\aswMBR.txt"


Laptop is running very well this morning- used Firefox coffeecup with no problems, ran it simultaneously with Chrome, transferred files from desktop via network- running smoothly, responding quickly, definite improvement.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 04 May 2012 - 12:09 PM

Hello

Will it still interfere with avast? it will interfere with the computer


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Scattered

Scattered
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 May 2012 - 12:56 PM

Uninstalled MSE

Closed Avast

Dragged cfscript- combofix started, updated, re-started, ran:



ComboFix 12-05-04.03 - MOM 05/04/2012 12:29:49.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5981.3857 [GMT -5:00]
Running from: c:\users\MOM\Downloads\ComboFix.exe
Command switches used :: c:\users\MOM\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-04-04 to 2012-05-04 )))))))))))))))))))))))))))))))
.
.
2012-05-04 17:37 . 2012-05-04 17:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-04 14:42 . 2012-05-04 15:32 -------- d-----w- c:\users\Public\eBooks
2012-05-03 20:06 . 2012-05-04 17:38 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll
2012-05-03 15:22 . 2012-05-04 04:14 58288 ------w- c:\windows\SysWow64\rpcnet.exe
2012-05-02 03:07 . 2012-05-02 03:07 287304 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys
2012-05-02 01:24 . 2012-05-02 01:24 -------- d-----w- c:\windows\Sun
2012-04-28 18:26 . 2012-05-01 23:39 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 18:26 . 2012-05-01 23:39 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-28 18:14 . 2012-04-28 18:15 -------- d-----w- c:\program files\Microsoft Silverlight
2012-04-28 18:14 . 2012-04-28 18:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-04-27 20:16 . 2012-04-27 20:17 -------- d-----w- c:\program files\HitmanPro
2012-04-27 20:16 . 2012-04-27 23:06 -------- d-----w- c:\programdata\HitmanPro
2012-04-26 04:41 . 2012-04-26 04:41 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 04:41 . 2012-04-26 04:41 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 04:41 . 2012-04-26 04:41 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-26 01:44 . 2012-04-28 18:20 476904 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-04-24 15:07 . 2012-04-24 15:08 -------- d-----w- c:\windows\system32\MpEngineStore
2012-04-24 12:43 . 2012-04-24 12:43 -------- d-----w- c:\program files\CCleaner
2012-04-24 07:10 . 2012-04-24 07:10 -------- d-----w- c:\users\MOM\AppData\Roaming\f-secure
2012-04-24 07:10 . 2012-04-24 07:10 -------- d-----w- c:\programdata\F-Secure
2012-04-24 02:50 . 2012-03-06 23:04 337240 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-04-24 02:50 . 2012-03-06 23:01 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-04-24 02:50 . 2012-03-06 23:04 819032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-04-24 02:50 . 2012-03-06 23:02 53080 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-04-24 02:50 . 2012-03-06 23:01 59224 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-04-24 02:50 . 2012-03-06 23:01 69976 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-04-24 02:50 . 2012-03-06 23:15 41184 ----a-w- c:\windows\avastSS.scr
2012-04-24 02:50 . 2012-03-06 23:15 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-04-24 02:15 . 2012-03-06 23:15 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-04-24 02:11 . 2012-05-02 03:22 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-24 02:11 . 2012-04-24 02:18 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-23 14:27 . 2012-04-24 15:07 -------- d-----w- c:\users\MOM\AppData\Local\Xilisoft
2012-04-13 23:35 . 2012-04-13 23:35 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-13 22:15 . 2012-04-14 03:18 -------- d-----w- c:\users\MOM\AppData\Roaming\dvdcss
2012-04-12 07:33 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:33 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:33 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:33 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:33 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:33 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:33 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 13:34 . 2012-04-09 13:34 -------- d-----w- c:\users\MOM\AppData\Roaming\Any DVD Cloner Express
2012-04-09 13:32 . 2012-04-09 13:32 -------- d-----w- c:\program files (x86)\Any DVD Cloner Express
2012-04-04 20:06 . 2012-04-04 20:06 -------- d-----w- c:\users\MOM\AppData\Roaming\Sling Media
2012-04-04 20:06 . 2012-04-04 20:06 -------- d-----w- c:\programdata\Sling Media
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 17:38 . 2011-10-07 00:26 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-05-04 14:41 . 2011-10-07 00:28 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
2012-05-04 14:40 . 2011-10-07 00:26 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
2012-05-04 04:14 . 2011-10-07 00:49 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe
2012-04-28 18:20 . 2011-12-03 00:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 20:56 . 2011-10-07 17:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-28 20:45 . 2012-03-28 20:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-03-28 20:45 . 2012-03-28 20:45 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-28 20:30 . 2012-03-28 20:30 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-28 20:30 . 2012-03-28 20:30 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-17 06:38 . 2012-03-14 13:15 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 13:15 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 13:15 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 13:15 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 17:01 . 2012-02-15 17:01 52736 ----a-w- c:\windows\system32\drivers\usbaapl64.sys
2012-02-15 17:01 . 2012-02-15 17:01 4547944 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-02-10 06:36 . 2012-03-14 13:16 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 13:16 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-05-04_06.50.15 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-24 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-04 07:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-05-04 07:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-24 03:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-24 03:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-04 07:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-09-03 02:12 . 2012-05-04 13:22 58220 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-04 17:40 50218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-07 00:37 . 2012-05-04 17:40 14202 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2219789292-1111759239-376084940-1001_UserData.bin
- 2012-05-04 06:49 . 2012-05-04 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 17:38 . 2012-05-04 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-04 17:38 . 2012-05-04 17:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-04 06:49 . 2012-05-04 06:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-04 07:11 . 2012-05-04 07:10 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-10-07 21:43 . 2012-05-04 17:22 288670 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2011-10-07 21:43 . 2012-05-04 05:30 288670 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-05-04 17:24 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-05-04 17:24 106756 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-05-04 17:37 377412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-04 06:48 377412 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-10-07 16:08 . 2012-05-04 06:48 1993657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219789292-1111759239-376084940-1001-8192.dat
+ 2011-10-07 16:08 . 2012-05-04 17:37 1993657 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2219789292-1111759239-376084940-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-03 39408]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-06-22 2637824]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-06 4241512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SpybotSnD"="c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\C:\0autocheck autochk *
.
R1 dcxcblor;dcxcblor;c:\windows\system32\drivers\dcxcblor.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 253088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [x]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [x]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [x]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [x]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [x]
S0 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]
S0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\DRIVERS\vsflt53.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2012-04-27 107848]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-11 252272]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\Toshiba\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 23:39]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 21:58]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-05 21:58]
.
2012-05-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2219789292-1111759239-376084940-1001Core.job
- c:\users\MOM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 04:17]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2219789292-1111759239-376084940-1001UA.job
- c:\users\MOM\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-05 04:17]
.
2012-05-02 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-04-24 20:31]
.
2012-05-04 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SDUpdate.exe [2012-04-24 20:31]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-06 23:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-20 503864]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-06-22 395392]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 167.142.179.184 167.142.179.185
DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab
FF - ProfilePath - c:\users\MOM\AppData\Roaming\Mozilla\Firefox\Profiles\f5th297u.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\windows\SysWOW64\rpcnet.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-05-04 12:47:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-04 17:47
ComboFix2.txt 2012-05-04 06:56
.
Pre-Run: 368,070,156,288 bytes free
Post-Run: 367,769,882,624 bytes free
.
- - End Of File - - F5E59E5C06965DFF3523D780BD711E96



I did have to reboot, and when it restarted hitman did again find rpcnet.dll as suspicious.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 04 May 2012 - 02:23 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.1
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Scattered

Scattered
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 May 2012 - 03:21 PM

installed revo- uninstalled Adobe Reader and Java

installed Adobe Reader

installed Java

ran CCleaner

ran MBAM (I think this may be the cleanest mbam log I've ever seen):


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.04.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MOM :: MOM-LAPTOP [administrator]

5/4/2012 2:53:53 PM
mbam-log-2012-05-04 (14-53-53).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205853
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



installed HijackThis- right click options did *not* include 'run as administrator'. Checked other files at random and the option showed up as it should. Clicked on Do a System Scan and save a logfile and an error came up:
for some reason your system denied write access to the Hosts file etc- possibly because teatimer is installed? Clicked okay, scan ran, error came up with an empty notepad saying it couldn't save so I clicked scan again and then 'save log':


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:16:04 PM, on 5/4/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SpybotSnD] "C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} (SlingHealth Class) - http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: O2FLASH - Unknown owner - C:\windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\windows\SysWOW64\rpcnet.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11778 bytes


System does seem to be running really well today- before it was like it was stuck in tar and just moving the mouse was an effort. I am concerned about all of the 'Unknown owner' entries in the mbam log- is that normal? Laptop did not reboot at any point in this part of the process so I don't know if hitman will raise its ugly head again on the rpcnet file.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 04 May 2012 - 04:20 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Scattered

Scattered
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 May 2012 - 11:07 PM

Ran Hijackthis- I like the stikynote's though so I left that one.

Turned off avast and spybot. Ran Esat twice- it told me both times that Windows Defender was running though it wasn't so I restarted the computer (hitman found rpcnet.dll as suspicious again and spybot again wouldn't update telling me to choose a file first) and then ran Esat. Esat found nothing and there was no log to save only the finish button and the option to 'uninstall application on close'.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 04 May 2012 - 11:17 PM

Hello

(hitman found rpcnet.dll as suspicious again and spybot again wouldn't update reinstall spybot and rpcnet.dll is an OK file

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wrong time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standard today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.


  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)

    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Scattered

Scattered
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 05 May 2012 - 12:35 AM

Uninstalled Combofix

Ran otcleanit

Uninstalled Avast, Spybot and Hitman (I think- not entirely sure it's really gone).

Installed MSE, WinPatrol and purchased mbam pro.

I love revo but doesn't it quit working after 30 days? If not, I will definitely add it to my desktop as well.

The computer has been running great tonight though I'm a little nervous because, as I mentioned in the original post, this problem would go away for a while then show back up so I will keep a close eye on things the next 2 days (going by what it was doing if it's coming back it should be showing up by then). Thank you so much for your help, Gringo! I've dealt with several of these on my own, a few with assistance but it's been awhile since I ran into one (coincidentally, not since I put our old desktop in my 21 year old son's room- imagine that.) and what I skills I had I've lost lol!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:35 PM

Posted 05 May 2012 - 12:53 AM

Greetings

I love revo but doesn't it quit working after 30 days? If not, I will definitely add it to my desktop as well.

there was two on the page I linked to - one is free forever!!


You are more than welcome and you did a very good job!!


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Scattered

Scattered
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 07 May 2012 - 10:09 PM

Still running well, Gringo- thanks again and go ahead and close the thread if you like :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users