Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Welcome to nginx error keeps popping u


  • This topic is locked This topic is locked
26 replies to this topic

#1 chisox65

chisox65

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 05 June 2012 - 05:44 PM

Recently we have been having "Welcome to nginx" screen popup when navigating to sites that we have not had problems with before. We did some searches to find out what we could about "nginx' and discovered it is a redirect malware. I have tried Malware Bytes but it comes back as clean. I found this site and noticed that this problem has popped up on others as well.

If anyone can help us out, that would be great. My wife is getting tired of it popping up while she is on her laptop.

Laptop Toshiba Satellite
Windows 7

If I need to supply anything else, please let us know.

Thank you,

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 06 June 2012 - 02:54 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 chisox65

chisox65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 06 June 2012 - 05:03 PM

Hello, Thank you. Here are the logs. No problems running any of the scripts. The nginx home page screen popopped up. I closed firefox and reopened and had no nginx screen come up.

Security Check log (checkup.txt)

Results of screen317's Security Check version 0.99.41
Windows 7 Service Pack 1 x64
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Lavasoft Ad-Watch Live! Anti-Virus
Norton Internet Security
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 31
Java version out of date!
Adobe Flash Player 10 Flash Player out of date!
Adobe Reader 9 Adobe Reader out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox (12.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Ad-Aware Antivirus AdAwareService.exe
Ad-Aware Antivirus Engine SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````


Log file (DDS.txt)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Cindy at 16:55:58 on 2012-06-06
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2069 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\TechSmith\Jing\Jing.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Aware.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\Marker.exe
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\windows\system32\svchost.exe -k defragsvc
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\Cindy\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SMARTB~1.LNK - C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1883346A-A35B-4D20-998C-7432ED952DE3} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1883346A-A35B-4D20-998C-7432ED952DE3}\2375942554334353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1883346A-A35B-4D20-998C-7432ED952DE3}\2375942554933353 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1883346A-A35B-4D20-998C-7432ED952DE3}\A61667160776D627F57657563747 : DhcpNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{1883346A-A35B-4D20-998C-7432ED952DE3}\C696E6B6379737 : DhcpNameServer = 24.217.0.5 24.217.201.67 68.113.206.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\coIEPlg.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [SMART Board Service] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe
mRun-x64: [SMART SNMP Agent] C:\Program Files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe -e
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\m3xb1ymj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.mg201.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=382fmvlah2sha
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Cindy\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Cindy\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Cindy\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R1 SbFw;SbFw;C:\windows\system32\drivers\SbFw.sys --> C:\windows\system32\drivers\SbFw.sys [?]
R1 SBRE;SBRE;C:\Windows\System32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;C:\windows\system32\drivers\sbtis.sys --> C:\windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-3-29 1161072]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-8 135664]
R2 HsfXAudioService;HsfXAudioService;C:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2010-6-22 126392]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2010-6-22 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-22 126392]
R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-5-17 2804280]
R2 sbapifs;sbapifs;C:\windows\system32\DRIVERS\sbapifs.sys --> C:\windows\system32\DRIVERS\sbapifs.sys [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 CAXHWAZL;CAXHWAZL;C:\windows\system32\DRIVERS\CAXHWAZL.sys --> C:\windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\windows\system32\DRIVERS\SBFWIM.sys --> C:\windows\system32\DRIVERS\SBFWIM.sys [?]
R3 SMARTMouseFilterx64;HID-compliant mouse;C:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys --> C:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [?]
R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys --> C:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [?]
R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys --> C:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-22 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-3-31 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-8 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\windows\system32\DRIVERS\sbfwim.sys --> C:\windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\windows\system32\drivers\sbhips.sys --> C:\windows\system32\drivers\sbhips.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-06 21:51:44 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{26B5998B-E591-43B4-9F9D-92A6B1391F87}\mpengine.dll
2012-06-05 20:06:18 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-29 21:37:26 -------- d-----w- C:\Users\Cindy\AppData\Local\Apple Computer
2012-05-29 21:37:16 34152 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-05-29 21:37:16 126312 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-05-29 21:37:16 107368 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-05-29 21:36:19 -------- d-----w- C:\Program Files\iPod
2012-05-29 21:36:18 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-29 21:36:18 -------- d-----w- C:\Program Files\iTunes
2012-05-29 21:36:18 -------- d-----w- C:\Program Files (x86)\iTunes
2012-05-29 21:35:22 -------- d-----w- C:\Users\Cindy\AppData\Local\Apple
2012-05-29 21:34:07 -------- d-----w- C:\Program Files\Bonjour
2012-05-29 21:34:07 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-05-18 13:12:40 -------- d-----w- C:\Users\Cindy\AppData\Local\CrashDumps
2012-05-08 23:39:25 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-08 23:39:25 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-08 23:39:13 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-08 23:39:08 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-08 23:39:05 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 23:39:05 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-08 23:14:21 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-08 23:13:54 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-08 23:13:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-08 23:13:45 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:13:44 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:13:43 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2012-05-08 23:13:42 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
.
==================== Find3M ====================
.
2012-04-04 20:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-21 01:44:12 98688 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-03-21 01:44:12 203888 ----a-w- C:\windows\System32\drivers\MpFilter.sys
.
============= FINISH: 16:56:32.19 ===============


Log file (Attach.txt)
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2010 6:51:23 PM
System Uptime: 6/6/2012 2:57:07 PM (2 hours ago)
.
Motherboard: TOSHIBA | | Satellite L655
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz | U2E1 | 2300/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 236.983 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP247: 5/6/2012 9:56:20 AM - Windows Update
RP248: 5/9/2012 7:22:44 AM - Windows Update
RP249: 5/13/2012 8:04:24 AM - Windows Update
RP250: 5/16/2012 3:51:23 PM - Windows Update
RP251: 5/20/2012 12:32:02 PM - Windows Update
RP252: 5/23/2012 9:12:38 PM - Windows Update
RP253: 5/29/2012 3:22:44 PM - Windows Update
RP254: 5/29/2012 4:35:25 PM - Installed iTunes
RP255: 6/2/2012 9:14:46 AM - Windows Update
RP256: 6/4/2012 10:04:43 PM - Windows Update
RP257: 6/5/2012 12:16:02 PM - Installed Jing
RP258: 6/5/2012 7:05:56 PM - Removed NetZero Launcher
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Reader X (10.1.2)
Adobe Shockwave Player 11.5
Amazon Links
Apple Application Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 2 Deluxe
Chuzzle Deluxe
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
EGP Web Plugin
Epson Event Manager
EpsonNet Setup 3.2
Escape Rosecliff Island
FATE - The Traitor Soul
FirstClass® Client
Google Talk Plugin
Google Update Helper
GSAK 8.1.0.10 (Final)
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 31
Jewel Quest 3
Jing
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netwaiting
Norton Internet Security
Penguins!
Polar Bowler
Quickbooks Financial Center
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Launcher
SMART Notebook
SMART Product Drivers
SMART Product Update
Spybot - Search & Destroy
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WildTangent Games
WildTangent ORB Game Console
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
6/6/2012 9:29:24 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
6/6/2012 9:29:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
6/6/2012 9:28:08 AM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.
6/6/2012 9:28:07 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/6/2012 9:28:06 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/6/2012 9:27:59 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/5/2012 5:52:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
6/5/2012 5:52:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
6/5/2012 5:47:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
6/5/2012 5:47:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/5/2012 5:47:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/5/2012 5:47:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/5/2012 5:47:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/5/2012 5:47:37 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache MpFilter SASKUTIL spldr SRTSP SRTSPX Wanarpv6
6/5/2012 5:47:20 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
6/3/2012 5:21:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PCCUJobMgr service.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 06 June 2012 - 06:40 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 chisox65

chisox65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 06 June 2012 - 07:46 PM

I had a problem disabling antivirus. It said I had Avira and I could not find it on the laptop. I ran Combofix anyway.

Not sure if the nginx page will show up as it only showed up sporadically. I will try a few urls and let you know on the next post.

ComboFix Log

ComboFix 12-06-06.02 - Cindy 06/06/2012 19:02:53.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3933.2278 [GMT -5:00]
Running from: c:\users\Cindy\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-07 00:16 . 2012-06-07 00:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-06 21:51 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26B5998B-E591-43B4-9F9D-92A6B1391F87}\mpengine.dll
2012-06-05 20:06 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-29 21:37 . 2012-05-29 21:37 -------- d-----w- c:\users\Cindy\AppData\Roaming\Apple Computer
2012-05-29 21:37 . 2012-05-29 21:37 -------- d-----w- c:\users\Cindy\AppData\Local\Apple Computer
2012-05-29 21:37 . 2009-05-18 18:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-29 21:37 . 2008-04-17 17:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-05-29 21:37 . 2008-04-17 17:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-05-29 21:36 . 2012-05-29 21:36 -------- d-----w- c:\program files\iPod
2012-05-29 21:36 . 2012-05-29 21:37 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-29 21:36 . 2012-05-29 21:37 -------- d-----w- c:\program files\iTunes
2012-05-29 21:36 . 2012-05-29 21:37 -------- d-----w- c:\program files (x86)\iTunes
2012-05-29 21:36 . 2012-05-29 21:36 -------- d-----w- c:\programdata\Apple Computer
2012-05-29 21:35 . 2012-05-29 21:35 -------- d-----w- c:\users\Cindy\AppData\Local\Apple
2012-05-29 21:35 . 2012-05-29 21:35 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-29 21:34 . 2012-05-29 21:34 -------- d-----w- c:\program files\Common Files\Apple
2012-05-29 21:34 . 2012-05-29 21:34 -------- d-----w- c:\program files\Bonjour
2012-05-29 21:34 . 2012-05-29 21:34 -------- d-----w- c:\program files (x86)\Bonjour
2012-05-29 21:33 . 2012-05-29 21:36 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-29 21:33 . 2012-05-29 21:35 -------- d-----w- c:\programdata\Apple
2012-05-18 13:12 . 2012-06-01 18:17 -------- d-----w- c:\users\Cindy\AppData\Local\CrashDumps
2012-05-08 23:39 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 23:39 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-08 23:39 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-08 23:39 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-08 23:39 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-08 23:39 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-08 23:14 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-08 23:13 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-08 23:13 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-08 23:13 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:13 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-08 23:13 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-08 23:13 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:56 . 2011-12-12 02:51 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44 . 2011-04-27 21:25 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-21 01:44 . 2011-04-18 19:18 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="c:\program files (x86)\Ad-Aware Antivirus\AdAwareLauncher --windows-run" [X]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SMART Board Service"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe" [2011-01-25 5893488]
"SMART SNMP Agent"="c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe" [2011-01-25 1678704]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
SMART Board Tools.lnk - c:\program files (x86)\SMART Technologies\SMART Product Drivers\SMARTBoardTools.exe [2011-1-25 13320560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
R1 SASKUTIL;SASKUTIL;E:\SASKUTIL.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-04 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\DRIVERS\sbfwim.sys [x]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-03-31 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2011-04-29 55384]
S1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Ad-Aware Service;Ad-Aware Service;c:\program files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-03-29 1161072]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe [2009-12-09 126392]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2011-10-29 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 SBAMSvc;Ad-Aware;c:\program files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe [2011-05-17 2804280]
S2 sbapifs;sbapifs;c:\windows\system32\DRIVERS\sbapifs.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\DRIVERS\SBFWIM.sys [x]
S3 SMARTMouseFilterx64;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys [x]
S3 SMARTVHidMiniVistaAmd64;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [x]
S3 SMARTVTabletPCx64;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-03 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
- c:\progra~2\AD-AWA~1\AdAwareLauncher.exe [2012-03-29 17:44]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 00:06]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-09 00:06]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058674037-662203197-1718139888-1000Core.job
- c:\users\Cindy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 01:13]
.
2012-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058674037-662203197-1718139888-1000UA.job
- c:\users\Cindy\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 01:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-20 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-20 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\m3xb1ymj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://us.mg201.mail.yahoo.com/dc/launch?.partner=sbc&.gx=1&.rand=382fmvlah2sha
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.5.0.127\InstStub.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
.
**************************************************************************
.
Completion time: 2012-06-06 19:36:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-07 00:35
.
Pre-Run: 254,105,735,168 bytes free
Post-Run: 253,802,651,648 bytes free
.
- - End Of File - - 5C3FFD2497E12995D5851307F5B30377

#6 chisox65

chisox65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 06 June 2012 - 07:54 PM

I tried a couple sites that the nginx home page/error screen was occurring on and it did not appear. No problems. Any other sugestions as to what is next

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 06 June 2012 - 09:01 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 chisox65

chisox65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 06 June 2012 - 09:44 PM

Hi,

I clicked on the links to download tdsskiller and aswMBR and they opened up a tab with the Error 404 nginx screen. I closed the FF Browser and and then reopened FireFox and then clicked on the links for tdsskiller and aswMBR and the links both opened with no problems. By closing the browser and reopening the browser, we can get around the nginx screens. Here are the logs

TDSSKiller Log

21:33:32.0822 4488 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:33:33.0337 4488 ============================================================
21:33:33.0337 4488 Current date / time: 2012/06/06 21:33:33.0337
21:33:33.0337 4488 SystemInfo:
21:33:33.0337 4488
21:33:33.0337 4488 OS Version: 6.1.7601 ServicePack: 1.0
21:33:33.0337 4488 Product type: Workstation
21:33:33.0337 4488 ComputerName: CINDY-PC
21:33:33.0337 4488 UserName: Cindy
21:33:33.0337 4488 Windows directory: C:\windows
21:33:33.0337 4488 System windows directory: C:\windows
21:33:33.0337 4488 Running under WOW64
21:33:33.0337 4488 Processor architecture: Intel x64
21:33:33.0337 4488 Number of processors: 2
21:33:33.0337 4488 Page size: 0x1000
21:33:33.0337 4488 Boot type: Normal boot
21:33:33.0337 4488 ============================================================
21:33:33.0867 4488 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:33:33.0883 4488 ============================================================
21:33:33.0883 4488 \Device\Harddisk0\DR0:
21:33:33.0883 4488 MBR partitions:
21:33:33.0883 4488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F63800
21:33:33.0883 4488 ============================================================
21:33:33.0914 4488 C: <-> \Device\Harddisk0\DR0\Partition0
21:33:33.0914 4488 ============================================================
21:33:33.0914 4488 Initialize success
21:33:33.0914 4488 ============================================================
21:33:38.0875 4932 ============================================================
21:33:38.0875 4932 Scan started
21:33:38.0875 4932 Mode: Manual;
21:33:38.0875 4932 ============================================================
21:33:39.0281 4932 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:33:39.0312 4932 1394ohci - ok
21:33:39.0374 4932 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:33:39.0390 4932 ACPI - ok
21:33:39.0421 4932 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:33:39.0437 4932 AcpiPmi - ok
21:33:39.0608 4932 Ad-Aware Service (fb182ad520910442abf146bb325de79b) C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
21:33:39.0624 4932 Ad-Aware Service - ok
21:33:39.0749 4932 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:33:39.0749 4932 AdobeARMservice - ok
21:33:39.0827 4932 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
21:33:39.0858 4932 adp94xx - ok
21:33:39.0873 4932 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
21:33:39.0905 4932 adpahci - ok
21:33:39.0920 4932 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
21:33:39.0936 4932 adpu320 - ok
21:33:39.0967 4932 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:33:39.0967 4932 AeLookupSvc - ok
21:33:40.0029 4932 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:33:40.0045 4932 AFD - ok
21:33:40.0061 4932 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:33:40.0076 4932 agp440 - ok
21:33:40.0107 4932 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:33:40.0123 4932 ALG - ok
21:33:40.0139 4932 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:33:40.0154 4932 aliide - ok
21:33:40.0170 4932 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:33:40.0185 4932 amdide - ok
21:33:40.0217 4932 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
21:33:40.0232 4932 AmdK8 - ok
21:33:40.0232 4932 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
21:33:40.0248 4932 AmdPPM - ok
21:33:40.0295 4932 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:33:40.0310 4932 amdsata - ok
21:33:40.0310 4932 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
21:33:40.0326 4932 amdsbs - ok
21:33:40.0357 4932 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:33:40.0357 4932 amdxata - ok
21:33:40.0388 4932 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:33:40.0404 4932 AppID - ok
21:33:40.0435 4932 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:33:40.0435 4932 AppIDSvc - ok
21:33:40.0466 4932 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:33:40.0466 4932 Appinfo - ok
21:33:40.0700 4932 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:33:40.0700 4932 Apple Mobile Device - ok
21:33:40.0763 4932 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
21:33:40.0794 4932 arc - ok
21:33:40.0794 4932 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
21:33:40.0825 4932 arcsas - ok
21:33:40.0841 4932 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:33:40.0856 4932 AsyncMac - ok
21:33:40.0887 4932 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:33:40.0887 4932 atapi - ok
21:33:40.0934 4932 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:33:40.0934 4932 AudioEndpointBuilder - ok
21:33:40.0950 4932 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:33:40.0950 4932 AudioSrv - ok
21:33:40.0965 4932 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:33:40.0981 4932 AxInstSV - ok
21:33:41.0028 4932 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
21:33:41.0059 4932 b06bdrv - ok
21:33:41.0075 4932 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:33:41.0090 4932 b57nd60a - ok
21:33:41.0121 4932 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:33:41.0137 4932 BDESVC - ok
21:33:41.0168 4932 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:33:41.0168 4932 Beep - ok
21:33:41.0262 4932 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:33:41.0277 4932 BFE - ok
21:33:41.0371 4932 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
21:33:41.0387 4932 BITS - ok
21:33:41.0449 4932 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
21:33:41.0449 4932 blbdrive - ok
21:33:41.0558 4932 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
21:33:41.0558 4932 Bonjour Service - ok
21:33:41.0621 4932 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:33:41.0621 4932 bowser - ok
21:33:41.0636 4932 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:33:41.0667 4932 BrFiltLo - ok
21:33:41.0683 4932 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:33:41.0699 4932 BrFiltUp - ok
21:33:41.0714 4932 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
21:33:41.0730 4932 BridgeMP - ok
21:33:41.0792 4932 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:33:41.0792 4932 Browser - ok
21:33:41.0823 4932 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:33:41.0855 4932 Brserid - ok
21:33:41.0855 4932 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:33:41.0870 4932 BrSerWdm - ok
21:33:41.0870 4932 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:33:41.0886 4932 BrUsbMdm - ok
21:33:41.0901 4932 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:33:41.0901 4932 BrUsbSer - ok
21:33:41.0917 4932 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
21:33:41.0933 4932 BTHMODEM - ok
21:33:41.0964 4932 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:33:41.0964 4932 bthserv - ok
21:33:41.0995 4932 catchme - ok
21:33:42.0089 4932 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\windows\system32\DRIVERS\CAXHWAZL.sys
21:33:42.0089 4932 CAXHWAZL - ok
21:33:42.0135 4932 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:33:42.0151 4932 cdfs - ok
21:33:42.0167 4932 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
21:33:42.0167 4932 cdrom - ok
21:33:42.0198 4932 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:33:42.0198 4932 CertPropSvc - ok
21:33:42.0229 4932 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
21:33:42.0245 4932 circlass - ok
21:33:42.0291 4932 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:33:42.0291 4932 CLFS - ok
21:33:42.0385 4932 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:33:42.0401 4932 clr_optimization_v2.0.50727_32 - ok
21:33:42.0479 4932 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:33:42.0510 4932 clr_optimization_v2.0.50727_64 - ok
21:33:42.0603 4932 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:33:42.0603 4932 clr_optimization_v4.0.30319_32 - ok
21:33:42.0666 4932 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:33:42.0666 4932 clr_optimization_v4.0.30319_64 - ok
21:33:42.0697 4932 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
21:33:42.0697 4932 CmBatt - ok
21:33:42.0728 4932 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:33:42.0759 4932 cmdide - ok
21:33:42.0822 4932 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:33:42.0822 4932 CNG - ok
21:33:42.0884 4932 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
21:33:42.0900 4932 CnxtHdAudService - ok
21:33:42.0931 4932 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
21:33:42.0931 4932 Compbatt - ok
21:33:42.0962 4932 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
21:33:42.0962 4932 CompositeBus - ok
21:33:42.0962 4932 COMSysApp - ok
21:33:42.0978 4932 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
21:33:42.0993 4932 crcdisk - ok
21:33:43.0025 4932 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:33:43.0025 4932 CryptSvc - ok
21:33:43.0071 4932 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:33:43.0071 4932 DcomLaunch - ok
21:33:43.0103 4932 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:33:43.0118 4932 defragsvc - ok
21:33:43.0149 4932 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:33:43.0149 4932 DfsC - ok
21:33:43.0181 4932 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:33:43.0181 4932 Dhcp - ok
21:33:43.0212 4932 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:33:43.0212 4932 discache - ok
21:33:43.0227 4932 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
21:33:43.0227 4932 Disk - ok
21:33:43.0259 4932 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:33:43.0259 4932 Dnscache - ok
21:33:43.0290 4932 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:33:43.0305 4932 dot3svc - ok
21:33:43.0337 4932 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:33:43.0337 4932 DPS - ok
21:33:43.0383 4932 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:33:43.0399 4932 drmkaud - ok
21:33:43.0477 4932 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:33:43.0477 4932 DXGKrnl - ok
21:33:43.0493 4932 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:33:43.0508 4932 EapHost - ok
21:33:43.0633 4932 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
21:33:43.0695 4932 ebdrv - ok
21:33:43.0805 4932 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:33:43.0805 4932 EFS - ok
21:33:43.0898 4932 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:33:43.0992 4932 ehRecvr - ok
21:33:44.0007 4932 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:33:44.0054 4932 ehSched - ok
21:33:44.0132 4932 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
21:33:44.0148 4932 elxstor - ok
21:33:44.0163 4932 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:33:44.0179 4932 ErrDev - ok
21:33:44.0226 4932 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:33:44.0226 4932 EventSystem - ok
21:33:44.0273 4932 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:33:44.0288 4932 exfat - ok
21:33:44.0304 4932 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:33:44.0335 4932 fastfat - ok
21:33:44.0382 4932 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:33:44.0397 4932 Fax - ok
21:33:44.0413 4932 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
21:33:44.0429 4932 fdc - ok
21:33:44.0460 4932 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:33:44.0460 4932 fdPHost - ok
21:33:44.0475 4932 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:33:44.0475 4932 FDResPub - ok
21:33:44.0522 4932 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:33:44.0522 4932 FileInfo - ok
21:33:44.0522 4932 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:33:44.0538 4932 Filetrace - ok
21:33:44.0569 4932 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
21:33:44.0585 4932 flpydisk - ok
21:33:44.0631 4932 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:33:44.0631 4932 FltMgr - ok
21:33:44.0694 4932 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:33:44.0694 4932 FontCache - ok
21:33:44.0787 4932 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:33:44.0803 4932 FontCache3.0.0.0 - ok
21:33:44.0865 4932 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:33:44.0881 4932 FsDepends - ok
21:33:44.0928 4932 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:33:44.0928 4932 Fs_Rec - ok
21:33:44.0959 4932 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:33:44.0975 4932 fvevol - ok
21:33:45.0006 4932 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
21:33:45.0037 4932 gagp30kx - ok
21:33:45.0162 4932 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
21:33:45.0177 4932 GameConsoleService - ok
21:33:45.0209 4932 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:33:45.0209 4932 GEARAspiWDM - ok
21:33:45.0255 4932 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:33:45.0255 4932 gpsvc - ok
21:33:45.0302 4932 grmnusb (2ed7ff3e1ada4092632393781518b3a7) C:\windows\system32\drivers\grmnusb.sys
21:33:45.0318 4932 grmnusb - ok
21:33:45.0396 4932 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:45.0396 4932 gupdate - ok
21:33:45.0443 4932 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:33:45.0443 4932 gupdatem - ok
21:33:45.0474 4932 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:33:45.0505 4932 hcw85cir - ok
21:33:45.0552 4932 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:33:45.0567 4932 HdAudAddService - ok
21:33:45.0583 4932 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
21:33:45.0583 4932 HDAudBus - ok
21:33:45.0614 4932 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
21:33:45.0630 4932 HidBatt - ok
21:33:45.0630 4932 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
21:33:45.0645 4932 HidBth - ok
21:33:45.0661 4932 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
21:33:45.0677 4932 HidIr - ok
21:33:45.0708 4932 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
21:33:45.0708 4932 hidserv - ok
21:33:45.0739 4932 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:33:45.0755 4932 HidUsb - ok
21:33:45.0786 4932 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:33:45.0786 4932 hkmsvc - ok
21:33:45.0833 4932 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:33:45.0833 4932 HomeGroupListener - ok
21:33:45.0864 4932 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:33:45.0864 4932 HomeGroupProvider - ok
21:33:45.0895 4932 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:33:45.0911 4932 HpSAMD - ok
21:33:46.0020 4932 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\windows\SysWOW64\XAudio64.dll
21:33:46.0020 4932 HsfXAudioService - ok
21:33:46.0098 4932 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\windows\system32\DRIVERS\CAX_DPV.sys
21:33:46.0129 4932 HSF_DPV - ok
21:33:46.0269 4932 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:33:46.0269 4932 HTTP - ok
21:33:46.0301 4932 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:33:46.0301 4932 hwpolicy - ok
21:33:46.0332 4932 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
21:33:46.0332 4932 i8042prt - ok
21:33:46.0379 4932 iaStor (be7d72fcf442c26975942007e0831241) C:\windows\system32\DRIVERS\iaStor.sys
21:33:46.0379 4932 iaStor - ok
21:33:46.0441 4932 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:33:46.0457 4932 iaStorV - ok
21:33:46.0566 4932 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:33:46.0628 4932 IDriverT - ok
21:33:46.0737 4932 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:33:46.0784 4932 idsvc - ok
21:33:47.0205 4932 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
21:33:47.0408 4932 igfx - ok
21:33:47.0533 4932 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
21:33:47.0564 4932 iirsp - ok
21:33:47.0611 4932 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:33:47.0627 4932 IKEEXT - ok
21:33:47.0658 4932 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:33:47.0673 4932 intelide - ok
21:33:47.0705 4932 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
21:33:47.0705 4932 intelppm - ok
21:33:47.0736 4932 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:33:47.0736 4932 IPBusEnum - ok
21:33:47.0767 4932 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:33:47.0783 4932 IpFilterDriver - ok
21:33:47.0892 4932 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:33:47.0907 4932 iphlpsvc - ok
21:33:47.0939 4932 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:33:47.0970 4932 IPMIDRV - ok
21:33:48.0001 4932 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:33:48.0017 4932 IPNAT - ok
21:33:48.0110 4932 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
21:33:48.0126 4932 iPod Service - ok
21:33:48.0141 4932 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:33:48.0157 4932 IRENUM - ok
21:33:48.0188 4932 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:33:48.0219 4932 isapnp - ok
21:33:48.0251 4932 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:33:48.0282 4932 iScsiPrt - ok
21:33:48.0313 4932 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
21:33:48.0313 4932 kbdclass - ok
21:33:48.0344 4932 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
21:33:48.0344 4932 kbdhid - ok
21:33:48.0375 4932 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:48.0375 4932 KeyIso - ok
21:33:48.0422 4932 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:33:48.0422 4932 KSecDD - ok
21:33:48.0453 4932 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:33:48.0453 4932 KSecPkg - ok
21:33:48.0485 4932 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:33:48.0485 4932 ksthunk - ok
21:33:48.0516 4932 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:33:48.0531 4932 KtmRm - ok
21:33:48.0547 4932 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
21:33:48.0547 4932 L1C - ok
21:33:48.0578 4932 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
21:33:48.0594 4932 LanmanServer - ok
21:33:48.0609 4932 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:33:48.0609 4932 LanmanWorkstation - ok
21:33:48.0641 4932 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:33:48.0641 4932 lltdio - ok
21:33:48.0672 4932 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:33:48.0672 4932 lltdsvc - ok
21:33:48.0687 4932 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:33:48.0687 4932 lmhosts - ok
21:33:48.0719 4932 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
21:33:48.0734 4932 LSI_FC - ok
21:33:48.0750 4932 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
21:33:48.0765 4932 LSI_SAS - ok
21:33:48.0765 4932 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:33:48.0781 4932 LSI_SAS2 - ok
21:33:48.0797 4932 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:33:48.0812 4932 LSI_SCSI - ok
21:33:48.0843 4932 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:33:48.0843 4932 luafv - ok
21:33:49.0015 4932 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:33:49.0031 4932 McComponentHostService - ok
21:33:49.0077 4932 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:33:49.0077 4932 Mcx2Svc - ok
21:33:49.0109 4932 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\windows\system32\DRIVERS\mdmxsdk.sys
21:33:49.0124 4932 mdmxsdk - ok
21:33:49.0140 4932 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
21:33:49.0155 4932 megasas - ok
21:33:49.0171 4932 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
21:33:49.0187 4932 MegaSR - ok
21:33:49.0265 4932 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
21:33:49.0296 4932 Microsoft Office Groove Audit Service - ok
21:33:49.0311 4932 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:33:49.0327 4932 MMCSS - ok
21:33:49.0343 4932 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:33:49.0343 4932 Modem - ok
21:33:49.0343 4932 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:33:49.0343 4932 monitor - ok
21:33:49.0374 4932 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:33:49.0374 4932 mouclass - ok
21:33:49.0389 4932 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:33:49.0389 4932 mouhid - ok
21:33:49.0421 4932 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:33:49.0421 4932 mountmgr - ok
21:33:49.0514 4932 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:33:49.0545 4932 MozillaMaintenance - ok
21:33:49.0592 4932 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
21:33:49.0592 4932 MpFilter - ok
21:33:49.0639 4932 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:33:49.0655 4932 mpio - ok
21:33:49.0701 4932 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:33:49.0717 4932 mpsdrv - ok
21:33:49.0811 4932 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:33:49.0826 4932 MpsSvc - ok
21:33:49.0857 4932 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:33:49.0889 4932 MRxDAV - ok
21:33:49.0951 4932 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:33:49.0951 4932 mrxsmb - ok
21:33:50.0013 4932 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:33:50.0013 4932 mrxsmb10 - ok
21:33:50.0045 4932 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:33:50.0045 4932 mrxsmb20 - ok
21:33:50.0076 4932 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:33:50.0076 4932 msahci - ok
21:33:50.0107 4932 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:33:50.0123 4932 msdsm - ok
21:33:50.0154 4932 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:33:50.0185 4932 MSDTC - ok
21:33:50.0232 4932 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:33:50.0232 4932 Msfs - ok
21:33:50.0247 4932 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:33:50.0247 4932 mshidkmdf - ok
21:33:50.0279 4932 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:33:50.0279 4932 msisadrv - ok
21:33:50.0325 4932 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:33:50.0325 4932 MSiSCSI - ok
21:33:50.0341 4932 msiserver - ok
21:33:50.0357 4932 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:33:50.0372 4932 MSKSSRV - ok
21:33:50.0450 4932 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:33:50.0466 4932 MsMpSvc - ok
21:33:50.0481 4932 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:33:50.0513 4932 MSPCLOCK - ok
21:33:50.0513 4932 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:33:50.0528 4932 MSPQM - ok
21:33:50.0559 4932 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:33:50.0559 4932 MsRPC - ok
21:33:50.0575 4932 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
21:33:50.0575 4932 mssmbios - ok
21:33:50.0606 4932 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:33:50.0622 4932 MSTEE - ok
21:33:50.0637 4932 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
21:33:50.0637 4932 MTConfig - ok
21:33:50.0653 4932 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:33:50.0653 4932 Mup - ok
21:33:50.0700 4932 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:33:50.0700 4932 napagent - ok
21:33:50.0747 4932 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:33:50.0747 4932 NativeWifiP - ok
21:33:50.0840 4932 NAVENG (251bdfbc76acc5590c8975dee780147e) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\ENG64.SYS
21:33:50.0871 4932 NAVENG - ok
21:33:50.0949 4932 NAVEX15 (d3862ab9e0008d30685494e1035a1ce7) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\VirusDefs\20091209.020\EX64.SYS
21:33:50.0965 4932 NAVEX15 - ok
21:33:51.0121 4932 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
21:33:51.0137 4932 NDIS - ok
21:33:51.0168 4932 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:33:51.0168 4932 NdisCap - ok
21:33:51.0199 4932 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:33:51.0199 4932 NdisTapi - ok
21:33:51.0215 4932 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:33:51.0215 4932 Ndisuio - ok
21:33:51.0246 4932 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:33:51.0246 4932 NdisWan - ok
21:33:51.0277 4932 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:33:51.0277 4932 NDProxy - ok
21:33:51.0324 4932 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:33:51.0324 4932 NetBIOS - ok
21:33:51.0386 4932 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:33:51.0386 4932 NetBT - ok
21:33:51.0417 4932 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:51.0417 4932 Netlogon - ok
21:33:51.0464 4932 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:33:51.0464 4932 Netman - ok
21:33:51.0495 4932 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:33:51.0495 4932 netprofm - ok
21:33:51.0573 4932 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:33:51.0589 4932 NetTcpPortSharing - ok
21:33:51.0636 4932 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
21:33:51.0651 4932 nfrd960 - ok
21:33:51.0745 4932 NIS (43cf5d42fe4475e8e1e74be484b7e33a) C:\Program Files (x86)\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe
21:33:51.0745 4932 NIS - ok
21:33:51.0807 4932 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:33:51.0839 4932 NisDrv - ok
21:33:51.0917 4932 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:33:51.0963 4932 NisSrv - ok
21:33:51.0995 4932 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:33:51.0995 4932 NlaSvc - ok
21:33:52.0057 4932 Norton PC Checkup Application Launcher - ok
21:33:52.0104 4932 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:33:52.0104 4932 Npfs - ok
21:33:52.0135 4932 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:33:52.0135 4932 nsi - ok
21:33:52.0151 4932 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:33:52.0151 4932 nsiproxy - ok
21:33:52.0244 4932 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:33:52.0260 4932 Ntfs - ok
21:33:52.0385 4932 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:33:52.0385 4932 Null - ok
21:33:52.0416 4932 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:33:52.0431 4932 nvraid - ok
21:33:52.0447 4932 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:33:52.0463 4932 nvstor - ok
21:33:52.0494 4932 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:33:52.0509 4932 nv_agp - ok
21:33:52.0665 4932 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:33:52.0697 4932 odserv - ok
21:33:52.0728 4932 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:33:52.0743 4932 ohci1394 - ok
21:33:52.0775 4932 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:33:52.0790 4932 ose - ok
21:33:52.0853 4932 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:33:52.0853 4932 p2pimsvc - ok
21:33:52.0884 4932 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:33:52.0884 4932 p2psvc - ok
21:33:52.0899 4932 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
21:33:52.0931 4932 Parport - ok
21:33:52.0962 4932 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
21:33:52.0962 4932 partmgr - ok
21:33:53.0009 4932 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:33:53.0009 4932 PcaSvc - ok
21:33:53.0133 4932 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
21:33:53.0133 4932 PCCUJobMgr - ok
21:33:53.0165 4932 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:33:53.0165 4932 pci - ok
21:33:53.0196 4932 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
21:33:53.0196 4932 pciide - ok
21:33:53.0243 4932 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
21:33:53.0274 4932 pcmcia - ok
21:33:53.0305 4932 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:33:53.0305 4932 pcw - ok
21:33:53.0336 4932 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:33:53.0336 4932 PEAUTH - ok
21:33:53.0414 4932 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:33:53.0430 4932 PerfHost - ok
21:33:53.0477 4932 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
21:33:53.0477 4932 PGEffect - ok
21:33:53.0539 4932 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:33:53.0570 4932 pla - ok
21:33:53.0601 4932 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:33:53.0617 4932 PlugPlay - ok
21:33:53.0633 4932 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:33:53.0633 4932 PNRPAutoReg - ok
21:33:53.0664 4932 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:33:53.0664 4932 PNRPsvc - ok
21:33:53.0695 4932 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:33:53.0695 4932 PolicyAgent - ok
21:33:53.0726 4932 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:33:53.0742 4932 Power - ok
21:33:53.0789 4932 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:33:53.0789 4932 PptpMiniport - ok
21:33:53.0820 4932 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
21:33:53.0851 4932 Processor - ok
21:33:53.0867 4932 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:33:53.0882 4932 ProfSvc - ok
21:33:53.0898 4932 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:53.0898 4932 ProtectedStorage - ok
21:33:53.0945 4932 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:33:53.0945 4932 Psched - ok
21:33:53.0976 4932 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
21:33:53.0976 4932 QIOMem - ok
21:33:54.0038 4932 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
21:33:54.0069 4932 ql2300 - ok
21:33:54.0194 4932 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
21:33:54.0210 4932 ql40xx - ok
21:33:54.0257 4932 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:33:54.0272 4932 QWAVE - ok
21:33:54.0288 4932 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:33:54.0303 4932 QWAVEdrv - ok
21:33:54.0335 4932 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:33:54.0350 4932 RasAcd - ok
21:33:54.0366 4932 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:33:54.0366 4932 RasAgileVpn - ok
21:33:54.0413 4932 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:33:54.0413 4932 RasAuto - ok
21:33:54.0444 4932 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:33:54.0444 4932 Rasl2tp - ok
21:33:54.0475 4932 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:33:54.0475 4932 RasMan - ok
21:33:54.0491 4932 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:33:54.0491 4932 RasPppoe - ok
21:33:54.0506 4932 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:33:54.0506 4932 RasSstp - ok
21:33:54.0553 4932 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:33:54.0553 4932 rdbss - ok
21:33:54.0584 4932 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
21:33:54.0600 4932 rdpbus - ok
21:33:54.0615 4932 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:33:54.0615 4932 RDPCDD - ok
21:33:54.0647 4932 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:33:54.0647 4932 RDPENCDD - ok
21:33:54.0647 4932 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:33:54.0647 4932 RDPREFMP - ok
21:33:54.0693 4932 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:33:54.0709 4932 RDPWD - ok
21:33:54.0740 4932 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:33:54.0740 4932 rdyboost - ok
21:33:54.0771 4932 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:33:54.0787 4932 RemoteAccess - ok
21:33:54.0803 4932 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:33:54.0818 4932 RemoteRegistry - ok
21:33:54.0849 4932 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\windows\system32\Drivers\RimUsb_AMD64.sys
21:33:54.0849 4932 RimUsb - ok
21:33:54.0896 4932 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:33:54.0896 4932 RpcEptMapper - ok
21:33:54.0912 4932 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:33:54.0927 4932 RpcLocator - ok
21:33:54.0974 4932 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:33:54.0974 4932 RpcSs - ok
21:33:55.0005 4932 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:33:55.0005 4932 rspndr - ok
21:33:55.0037 4932 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
21:33:55.0037 4932 RSUSBSTOR - ok
21:33:55.0099 4932 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
21:33:55.0115 4932 rtl8192se - ok
21:33:55.0146 4932 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:33:55.0146 4932 SamSs - ok
21:33:55.0161 4932 SASKUTIL - ok
21:33:55.0505 4932 SBAMSvc (c7d53053541a448febb1373abbaf79ef) C:\Program Files (x86)\Ad-Aware Antivirus\Engine\SBAMSvc.exe
21:33:55.0520 4932 SBAMSvc - ok
21:33:55.0661 4932 sbapifs (db7f9394b2f2d446df14d46c61b0e94b) C:\windows\system32\DRIVERS\sbapifs.sys
21:33:55.0661 4932 sbapifs - ok
21:33:55.0707 4932 SbFw (cdb954c736d51dc5fa712c039af4f683) C:\windows\system32\drivers\SbFw.sys
21:33:55.0723 4932 SbFw - ok
21:33:55.0817 4932 SBFWIMCL (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\sbfwim.sys
21:33:55.0817 4932 SBFWIMCL - ok
21:33:55.0817 4932 SBFWIMCLMP (5de22e3cb6140213da2e0599b08d525c) C:\windows\system32\DRIVERS\SBFWIM.sys
21:33:55.0817 4932 SBFWIMCLMP - ok
21:33:55.0879 4932 sbhips (a5bc45f8c2f30350e7566799c86b2f5d) C:\windows\system32\drivers\sbhips.sys
21:33:55.0910 4932 sbhips - ok
21:33:55.0941 4932 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:33:55.0973 4932 sbp2port - ok
21:33:56.0019 4932 SBRE (fd833bee2fd9befdc0afd1941a306d9e) C:\windows\system32\drivers\SBREdrv.sys
21:33:56.0019 4932 SBRE - ok
21:33:56.0082 4932 SbTis (f9955774a6bf0a5ca696f591c7b80a79) C:\windows\system32\drivers\sbtis.sys
21:33:56.0082 4932 SbTis - ok
21:33:56.0144 4932 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:33:56.0160 4932 SCardSvr - ok
21:33:56.0175 4932 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:33:56.0207 4932 scfilter - ok
21:33:56.0269 4932 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:33:56.0285 4932 Schedule - ok
21:33:56.0316 4932 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:33:56.0316 4932 SCPolicySvc - ok
21:33:56.0331 4932 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:33:56.0347 4932 SDRSVC - ok
21:33:56.0394 4932 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:33:56.0394 4932 secdrv - ok
21:33:56.0425 4932 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:33:56.0425 4932 seclogon - ok
21:33:56.0456 4932 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
21:33:56.0456 4932 SENS - ok
21:33:56.0472 4932 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:33:56.0487 4932 SensrSvc - ok
21:33:56.0503 4932 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
21:33:56.0519 4932 Serenum - ok
21:33:56.0534 4932 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
21:33:56.0550 4932 Serial - ok
21:33:56.0581 4932 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
21:33:56.0597 4932 sermouse - ok
21:33:56.0643 4932 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:33:56.0643 4932 SessionEnv - ok
21:33:56.0675 4932 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:33:56.0690 4932 sffdisk - ok
21:33:56.0706 4932 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:33:56.0721 4932 sffp_mmc - ok
21:33:56.0737 4932 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:33:56.0753 4932 sffp_sd - ok
21:33:56.0784 4932 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
21:33:56.0784 4932 sfloppy - ok
21:33:56.0924 4932 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:33:56.0924 4932 SharedAccess - ok
21:33:56.0987 4932 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:33:56.0987 4932 ShellHWDetection - ok
21:33:57.0018 4932 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:33:57.0049 4932 SiSRaid2 - ok
21:33:57.0080 4932 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
21:33:57.0096 4932 SiSRaid4 - ok
21:33:57.0143 4932 SMARTMouseFilterx64 (078fd5f4cc92699643beb7efc5c2b64f) C:\windows\system32\DRIVERS\SMARTMouseFilterx64.sys
21:33:57.0143 4932 SMARTMouseFilterx64 - ok
21:33:57.0158 4932 SMARTVHidMiniVistaAmd64 (f7989516e1f2ea5f010345887dbf662f) C:\windows\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
21:33:57.0158 4932 SMARTVHidMiniVistaAmd64 - ok
21:33:57.0221 4932 SMARTVTabletPCx64 (539e31cdc10927153972cedd83a3d121) C:\windows\system32\DRIVERS\SMARTVTabletPCx64.sys
21:33:57.0221 4932 SMARTVTabletPCx64 - ok
21:33:57.0236 4932 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:33:57.0267 4932 Smb - ok
21:33:57.0299 4932 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:33:57.0299 4932 SNMPTRAP - ok
21:33:57.0330 4932 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:33:57.0330 4932 spldr - ok
21:33:57.0377 4932 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:33:57.0377 4932 Spooler - ok
21:33:57.0548 4932 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:33:57.0626 4932 sppsvc - ok
21:33:57.0751 4932 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:33:57.0767 4932 sppuinotify - ok
21:33:57.0845 4932 SRTSP (6820b710c7225d489223d4a6e1ac3e16) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSP64.SYS
21:33:57.0860 4932 SRTSP - ok
21:33:57.0891 4932 SRTSPX (7159e3dea683fd88c10da6cf9997162f) C:\windows\system32\drivers\NISx64\1105000.07F\SRTSPX64.SYS
21:33:57.0907 4932 SRTSPX - ok
21:33:57.0969 4932 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:33:57.0985 4932 srv - ok
21:33:58.0001 4932 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:33:58.0016 4932 srv2 - ok
21:33:58.0047 4932 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
21:33:58.0079 4932 SrvHsfHDA - ok
21:33:58.0172 4932 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
21:33:58.0203 4932 SrvHsfV92 - ok
21:33:58.0359 4932 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
21:33:58.0391 4932 SrvHsfWinac - ok
21:33:58.0437 4932 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:33:58.0437 4932 srvnet - ok
21:33:58.0469 4932 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:33:58.0469 4932 SSDPSRV - ok
21:33:58.0484 4932 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:33:58.0484 4932 SstpSvc - ok
21:33:58.0531 4932 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
21:33:58.0547 4932 stexstor - ok
21:33:58.0593 4932 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:33:58.0593 4932 stisvc - ok
21:33:58.0640 4932 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
21:33:58.0640 4932 swenum - ok
21:33:58.0671 4932 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:33:58.0687 4932 swprv - ok
21:33:58.0749 4932 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
21:33:58.0749 4932 SynTP - ok
21:33:58.0827 4932 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:33:58.0843 4932 SysMain - ok
21:33:58.0968 4932 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:33:58.0968 4932 TabletInputService - ok
21:33:59.0015 4932 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:33:59.0015 4932 TapiSrv - ok
21:33:59.0046 4932 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:33:59.0061 4932 TBS - ok
21:33:59.0202 4932 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
21:33:59.0217 4932 Tcpip - ok
21:33:59.0436 4932 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
21:33:59.0451 4932 TCPIP6 - ok
21:33:59.0576 4932 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:33:59.0576 4932 tcpipreg - ok
21:33:59.0607 4932 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:33:59.0607 4932 tdcmdpst - ok
21:33:59.0623 4932 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:33:59.0639 4932 TDPIPE - ok
21:33:59.0670 4932 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:33:59.0685 4932 TDTCP - ok
21:33:59.0732 4932 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:33:59.0732 4932 tdx - ok
21:33:59.0748 4932 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
21:33:59.0748 4932 TermDD - ok
21:33:59.0810 4932 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:33:59.0826 4932 TermService - ok
21:33:59.0841 4932 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:33:59.0857 4932 Themes - ok
21:33:59.0873 4932 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:33:59.0873 4932 THREADORDER - ok
21:33:59.0982 4932 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:33:59.0982 4932 TMachInfo - ok
21:34:00.0029 4932 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
21:34:00.0029 4932 TODDSrv - ok
21:34:00.0138 4932 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:34:00.0138 4932 TosCoSrv - ok
21:34:00.0200 4932 TOSHIBA eco Utility Service (2ab7a4697462edb0c9dfafc529746ba9) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:34:00.0216 4932 TOSHIBA eco Utility Service - ok
21:34:00.0263 4932 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:34:00.0263 4932 TOSHIBA HDD SSD Alert Service - ok
21:34:00.0325 4932 TPCHSrv (570080ad1278381b066848ffe72973cd) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:34:00.0341 4932 TPCHSrv - ok
21:34:00.0450 4932 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:34:00.0465 4932 TrkWks - ok
21:34:00.0512 4932 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:34:00.0559 4932 TrustedInstaller - ok
21:34:00.0621 4932 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:34:00.0653 4932 tssecsrv - ok
21:34:00.0699 4932 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:34:00.0731 4932 TsUsbFlt - ok
21:34:00.0762 4932 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:34:00.0762 4932 tunnel - ok
21:34:00.0793 4932 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:34:00.0793 4932 TVALZ - ok
21:34:00.0824 4932 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
21:34:00.0824 4932 TVALZFL - ok
21:34:00.0855 4932 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
21:34:00.0871 4932 uagp35 - ok
21:34:00.0918 4932 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:34:00.0949 4932 udfs - ok
21:34:00.0980 4932 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:34:00.0996 4932 UI0Detect - ok
21:34:01.0027 4932 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:34:01.0074 4932 uliagpkx - ok
21:34:01.0105 4932 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
21:34:01.0105 4932 umbus - ok
21:34:01.0136 4932 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
21:34:01.0152 4932 UmPass - ok
21:34:01.0183 4932 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:34:01.0183 4932 upnphost - ok
21:34:01.0214 4932 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:34:01.0214 4932 usbccgp - ok
21:34:01.0245 4932 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:34:01.0292 4932 usbcir - ok
21:34:01.0308 4932 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
21:34:01.0308 4932 usbehci - ok
21:34:01.0323 4932 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
21:34:01.0339 4932 usbhub - ok
21:34:01.0370 4932 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:34:01.0386 4932 usbohci - ok
21:34:01.0417 4932 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
21:34:01.0433 4932 usbprint - ok
21:34:01.0448 4932 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:34:01.0479 4932 USBSTOR - ok
21:34:01.0511 4932 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
21:34:01.0511 4932 usbuhci - ok
21:34:01.0557 4932 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
21:34:01.0557 4932 usbvideo - ok
21:34:01.0589 4932 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:34:01.0589 4932 UxSms - ok
21:34:01.0620 4932 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:34:01.0620 4932 VaultSvc - ok
21:34:01.0651 4932 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:34:01.0651 4932 vdrvroot - ok
21:34:01.0698 4932 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:34:01.0713 4932 vds - ok
21:34:01.0745 4932 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:34:01.0760 4932 vga - ok
21:34:01.0760 4932 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:34:01.0776 4932 VgaSave - ok
21:34:01.0807 4932 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:34:01.0823 4932 vhdmp - ok
21:34:01.0869 4932 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:34:01.0885 4932 viaide - ok
21:34:01.0901 4932 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:34:01.0901 4932 volmgr - ok
21:34:01.0947 4932 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:34:01.0947 4932 volmgrx - ok
21:34:01.0979 4932 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:34:01.0979 4932 volsnap - ok
21:34:02.0010 4932 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
21:34:02.0041 4932 vsmraid - ok
21:34:02.0119 4932 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:34:02.0150 4932 VSS - ok
21:34:02.0275 4932 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:34:02.0275 4932 vwifibus - ok
21:34:02.0291 4932 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:34:02.0291 4932 vwififlt - ok
21:34:02.0337 4932 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:34:02.0353 4932 W32Time - ok
21:34:02.0384 4932 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
21:34:02.0384 4932 WacomPen - ok
21:34:02.0415 4932 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:34:02.0415 4932 WANARP - ok
21:34:02.0415 4932 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:34:02.0415 4932 Wanarpv6 - ok
21:34:02.0509 4932 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:34:02.0525 4932 WatAdminSvc - ok
21:34:02.0603 4932 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:34:02.0618 4932 wbengine - ok
21:34:02.0743 4932 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:34:02.0759 4932 WbioSrvc - ok
21:34:02.0805 4932 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:34:02.0805 4932 wcncsvc - ok
21:34:02.0837 4932 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:34:02.0852 4932 WcsPlugInService - ok
21:34:02.0899 4932 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
21:34:02.0930 4932 Wd - ok
21:34:02.0961 4932 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:34:02.0977 4932 Wdf01000 - ok
21:34:03.0008 4932 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:34:03.0008 4932 WdiServiceHost - ok
21:34:03.0008 4932 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:34:03.0008 4932 WdiSystemHost - ok
21:34:03.0039 4932 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:34:03.0055 4932 WebClient - ok
21:34:03.0086 4932 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:34:03.0086 4932 Wecsvc - ok
21:34:03.0133 4932 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:34:03.0133 4932 wercplsupport - ok
21:34:03.0133 4932 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:34:03.0149 4932 WerSvc - ok
21:34:03.0195 4932 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:34:03.0195 4932 WfpLwf - ok
21:34:03.0227 4932 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:34:03.0242 4932 WIMMount - ok
21:34:03.0320 4932 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\windows\system32\DRIVERS\CAX_CNXT.sys
21:34:03.0320 4932 winachsf - ok
21:34:03.0414 4932 WinDefend - ok
21:34:03.0429 4932 WinHttpAutoProxySvc - ok
21:34:03.0507 4932 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:34:03.0539 4932 Winmgmt - ok
21:34:03.0648 4932 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:34:03.0663 4932 WinRM - ok
21:34:03.0788 4932 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
21:34:03.0819 4932 WinUsb - ok
21:34:03.0897 4932 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:34:03.0913 4932 Wlansvc - ok
21:34:04.0069 4932 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:34:04.0100 4932 wlidsvc - ok
21:34:04.0209 4932 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:34:04.0209 4932 WmiAcpi - ok
21:34:04.0272 4932 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:34:04.0319 4932 wmiApSrv - ok
21:34:04.0381 4932 WMPNetworkSvc - ok
21:34:04.0412 4932 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:34:04.0428 4932 WPCSvc - ok
21:34:04.0459 4932 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:34:04.0459 4932 WPDBusEnum - ok
21:34:04.0490 4932 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:34:04.0490 4932 ws2ifsl - ok
21:34:04.0537 4932 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
21:34:04.0537 4932 wscsvc - ok
21:34:04.0537 4932 WSearch - ok
21:34:04.0646 4932 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:34:04.0662 4932 wuauserv - ok
21:34:04.0771 4932 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:34:04.0771 4932 WudfPf - ok
21:34:04.0818 4932 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:34:04.0849 4932 WUDFRd - ok
21:34:04.0880 4932 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:34:04.0880 4932 wudfsvc - ok
21:34:04.0911 4932 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:34:04.0927 4932 WwanSvc - ok
21:34:04.0974 4932 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\windows\system32\DRIVERS\XAudio64.sys
21:34:04.0974 4932 XAudio - ok
21:34:04.0989 4932 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:34:05.0161 4932 \Device\Harddisk0\DR0 - ok
21:34:05.0177 4932 Boot (0x1200) (aff6170ddc74f7884e1370d55838cbbd) \Device\Harddisk0\DR0\Partition0
21:34:05.0177 4932 \Device\Harddisk0\DR0\Partition0 - ok
21:34:05.0177 4932 ============================================================
21:34:05.0177 4932 Scan finished
21:34:05.0177 4932 ============================================================
21:34:05.0208 3220 Detected object count: 0
21:34:05.0208 3220 Actual detected object count: 0


aswMBR Log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-06 21:36:08
-----------------------------
21:36:08.511 OS Version: Windows x64 6.1.7601 Service Pack 1
21:36:08.511 Number of processors: 2 586 0x170A
21:36:08.511 ComputerName: CINDY-PC UserName: Cindy
21:36:09.291 Initialize success
21:36:38.276 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:36:38.276 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 305245MB BusType: 3
21:36:38.323 Disk 0 MBR read successfully
21:36:38.323 Disk 0 MBR scan
21:36:38.339 Disk 0 Windows VISTA default MBR code
21:36:38.339 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:36:38.370 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294599 MB offset 3074048
21:36:38.401 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9145 MB offset 606412800
21:36:38.432 Disk 0 scanning C:\windows\system32\drivers
21:36:45.842 Service scanning
21:37:26.387 Modules scanning
21:37:26.403 Disk 0 trace - called modules:
21:37:26.434 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:37:26.449 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800487d060]
21:37:26.465 3 CLASSPNP.SYS[fffff88001b9543f] -> nt!IofCallDriver -> [0xfffffa800466d640]
21:37:26.465 5 ACPI.sys[fffff88000f9e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004672050]
21:37:26.481 Scan finished successfully
21:37:47.806 Disk 0 MBR has been saved successfully to "C:\Users\Cindy\Desktop\MBR.dat"
21:37:47.821 The log file has been saved successfully to "C:\Users\Cindy\Desktop\aswMBR.txt"


Thank you for your time.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 06 June 2012 - 09:54 PM

Greetings

Uninstall firefox and if asked about user data or settings then remove them also (bookmarks can be backed up)


restart the computer and reinstall firefox and see if it still has the same problem and report back to me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 chisox65

chisox65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 06 June 2012 - 09:58 PM

Will do it tomorrow after work. Heading to bed. Thanks

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 06 June 2012 - 10:04 PM

No problem and see you then


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 chisox65

chisox65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 07 June 2012 - 05:42 PM

I had uninstalled and reinstalled Firefox following your instructions.

I did get a 404 error with the word nginx below it when going to a web site. So I shut down the browser and reopened it and then tried to go to the same site and was able to with no problems. Confusing!

Any ideas?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 07 June 2012 - 09:07 PM

still getting the error?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 chisox65

chisox65
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:00 PM

Posted 08 June 2012 - 06:57 AM

still getting the error?


gringo

Only got it once and it was a 404 error. Continued going to other sites that we received the nginx home error before and did not receive it this time. Not sure what is going on. Does not seem to effect anything else.

Tried a few sites this morning and received no errors.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:00 PM

Posted 08 June 2012 - 07:48 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: Avira Desktop
AV: Lavasoft Ad-Watch Live! Anti-Virus
AV: Norton Internet Security


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.




:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users