Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, Possible Rootkit & Hardware Issues


  • This topic is locked This topic is locked
52 replies to this topic

#1 Stealthxusa

Stealthxusa

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 June 2012 - 12:33 PM

Issue 1 - Google, Bing and Yahoo search redirects to various other bogus search and system/anti-virus pages.
Issue 2 - Although Maleware-Bytes finishes its scans clean, the laptop consistently shuts itself down when running a full antivirus scan via McAfee or ESET.
Issue 3 - Spybot S&D reports that possible rootkit activity exists. However upon running a detection scan also causes the system to shut the laptop down.

My efforts towards fixing this thus far have been a complete and dismal failure. Being obviously beyond my depth here, I clearly need guidance from the gurus.
Thanks!

Silvio

dds.txt
===================================
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by SilvioG at 11:35:02 on 2012-06-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6079.3935 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\taskhost.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Windows\System32\ThpSrv.exe
C:\windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k WindowsMobile
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\windows\system32\taskhost.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - C:\Program Files (x86)\WS_FTP Pro\wsbho2K0.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Analytics Opt-out Browser Add-on: {75ef13ce-b59e-41ba-8a5a-a944031bd8b4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120424174819.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: WeatherBlink: {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll
uRun: [AdobeBridge]
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\windows\WindowsMobile\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0AA036AF-4899-40FB-BC80-C666842CA38A} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0AA036AF-4899-40FB-BC80-C666842CA38A}\377716 : DhcpNameServer = 10.60.0.1
TCP: Interfaces\{0AA036AF-4899-40FB-BC80-C666842CA38A}\D49646E696768647E45647 : DhcpNameServer = 192.168.2.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: WsftpBrowserHelper Class: {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files (x86)\WS_FTP Pro\wsbho2K0.dll
BHO-X64: Ipswitch.WsftpBrowserHelper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Analytics Opt-out Browser Add-on: {75EF13CE-B59E-41ba-8A5A-A944031BD8B4} - C:\Program Files (x86)\Google\Google Analytics Opt-Out\gaoptout.dll
BHO-X64: Google Analytics Opt-out Browser Add-on - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120424174819.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: WeatherBlink: {f20de5e0-2a6e-4c54-985f-1cf59551ce39} - C:\Program Files (x86)\WeatherBlink\bar\1.bin\gcbar.dll
mRun-x64: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-14 13336]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-4-2 517632]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-6-10 249936]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-7-17 199272]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-7-17 210584]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-7-17 162192]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-6-5 1122296]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-6-5 838136]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-14 2314240]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-14 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-5 824688]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-1 136176]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-5 1153368]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-6-5 166528]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 257696]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-7-24 1038088]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-1 136176]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-05 16:03:41 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2012-06-05 16:03:38 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-05 14:36:30 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-05 14:36:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-05-20 13:44:18 -------- d-----w- C:\Program Files (x86)\ESET
2012-05-17 11:30:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-17 11:30:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-17 11:30:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-17 11:30:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-17 11:30:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-17 11:30:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-17 11:30:25 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-12 09:55:02 1544704 ----a-w- C:\windows\System32\DWrite.dll
2012-05-12 09:55:02 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-05-12 09:54:58 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-12 09:54:57 3146240 ----a-w- C:\windows\System32\win32k.sys
2012-05-12 09:54:56 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 09:54:56 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-12 09:54:22 75120 ----a-w- C:\windows\System32\drivers\partmgr.sys
2012-05-12 09:54:13 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-05-12 09:54:09 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2012-05-12 09:54:09 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:54:08 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:54:08 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2012-05-12 09:54:08 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
.
==================== Find3M ====================
.
2012-05-05 17:02:12 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:02:12 419488 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:02:08 8769696 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 00:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 11:43:31.74 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:38 PM

Posted 08 June 2012 - 08:20 PM

Hi,

Please run the following:

download Farbar Recovery Scan Tool and save it to a flash drive.
(you need the 64bit version)
Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]type exit and reboot the computer normally

[*]FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 June 2012 - 10:37 PM

frst64 scan log
===============

Scan result of Farbar Recovery Scan Tool Version: 09-06-2012
Ran by SYSTEM at 08-06-2012 23:25:01
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8312352 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1870120 2009-10-15] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [506208 2009-10-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [911160 2009-10-26] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM-x32\...\Run: [TUSBSleepChargeSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [x]
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1675160 2012-03-21] (McAfee, Inc.)
HKLM-x32\...\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe" [174424 2009-05-08] (Yahoo! Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [40376 2012-03-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [640440 2012-03-26] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2011-12-02] (RealNetworks, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [3349488 2012-05-10] (Safer-Networking Ltd.)
HKU\SilvioG\...\Run: [AdobeBridge] [x]
HKU\SilvioG\...\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

==================== Services (Whitelisted) ======

3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [284016 2008-08-15] (Adobe Systems Incorporated)
3 FLEXnet Licensing Service 64; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe" [1038088 2010-07-24] (Acresso Software Inc.)
2 McAfee SiteAdvisor Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-01-28] (Alcatel-Lucent)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-02-02] (Alcatel-Lucent)
2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 mcmscsvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNaiAnn; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McNASvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
3 McODS; "C:\Program Files\McAfee\VirusScan\mcods.exe" [502032 2012-03-22] (McAfee, Inc.)
2 McProxy; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [199272 2012-03-20] (McAfee, Inc.)
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [210584 2012-03-20] (McAfee, Inc.)
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [162192 2012-03-20] (McAfee, Inc.)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [249936 2011-01-27] (McAfee, Inc.)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1122296 2012-05-10] (Safer-Networking Ltd.)
2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [838136 2012-05-10] (Safer-Networking Ltd.)
2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [166528 2012-03-22] (Safer-Networking Ltd.)
3 ServiceLayer; "C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe" [430592 2008-04-07] (Nokia.)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [531520 2009-10-21] (TOSHIBA Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2314240 2009-09-30] (Intel Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 61883; C:\Windows\System32\Drivers\61883.sys [60288 2009-07-13] (Microsoft Corporation)
2 adfs; C:\Windows\SysWow64\Drivers\adfs.sys [74720 2008-08-14] (Adobe Systems, Inc.)
3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [65264 2012-02-22] (McAfee, Inc.)
3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [160792 2012-02-22] (McAfee, Inc.)
3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [229528 2012-02-22] (McAfee, Inc.)
3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [487296 2012-02-22] (McAfee, Inc.)
0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [647208 2012-02-22] (McAfee, Inc.)
1 mfenlfk; C:\Windows\System32\Drivers\mfenlfk.sys [75936 2012-02-22] (McAfee, Inc.)
3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [100912 2012-02-22] (McAfee, Inc.)
0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [289664 2012-02-22] (McAfee, Inc.)
3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-01-28] (Printing Communications Assoc., Inc. (PCAUSA))
0 TVALZ; C:\Windows\System32\DRIVERS\TVALZ_O.SYS [26840 2009-07-14] (TOSHIBA Corporation)
3 mfeavfk01; [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-08 23:24 - 2012-06-08 23:25 - 00000000 ____D C:\FRST
2012-06-08 07:53 - 2012-06-08 07:53 - 00004573 ____A C:\Users\SilvioG\Desktop\Attach.zip
2012-06-08 07:52 - 2012-06-08 07:52 - 00014574 ____A C:\Users\SilvioG\Desktop\Attach.txt
2012-06-08 07:51 - 2012-06-08 07:51 - 00031814 ____A C:\Users\SilvioG\Desktop\DDS.txt
2012-06-08 07:02 - 2012-06-07 11:00 - 00607260 ____R (Swearware) C:\Users\SilvioG\Desktop\dds.scr
2012-06-07 11:35 - 2012-06-07 11:37 - 00000000 ____D C:\Users\SilvioG\Desktop\Directory Links
2012-06-07 11:33 - 2012-06-07 11:35 - 00000000 ____D C:\Users\SilvioG\Desktop\Web Links
2012-06-07 11:04 - 2012-06-07 11:03 - 01571600 ____A C:\Users\SilvioG\Desktop\Bleepingcomputer_MalwrRmvlPrep.pdf
2012-06-07 10:56 - 2012-06-08 09:09 - 00000519 ____A C:\Users\SilvioG\Desktop\Before You Post About A Problem.website
2012-06-07 10:55 - 2012-06-07 10:55 - 00000444 ____A C:\Users\SilvioG\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs - BleepingComputer.com.website
2012-06-05 08:03 - 2012-06-05 08:04 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-05 08:03 - 2012-06-05 08:03 - 00002144 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-06-05 08:03 - 2009-01-25 09:14 - 00017272 ____A (Safer Networking Limited) C:\Windows\System32\sdnclean64.exe
2012-06-05 07:15 - 2012-06-06 04:04 - 00000000 ____D C:\Users\SilvioG\Desktop\Misc Apps
2012-06-05 06:36 - 2012-06-06 04:05 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-05 06:36 - 2012-06-05 06:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-05 06:36 - 2012-06-05 06:36 - 00001229 ____A C:\Users\SilvioG\Desktop\Spybot - Search & Destroy.lnk
2012-05-31 03:05 - 2012-05-31 03:05 - 00295992 ____A C:\Windows\Minidump\053112-22183-01.dmp
2012-05-20 05:44 - 2012-05-20 05:44 - 00000000 ____D C:\Program Files (x86)\ESET
2012-05-17 03:29 - 2012-05-17 03:30 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-12 01:55 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 01:55 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 01:54 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-12 01:54 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-12 01:54 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-12 01:54 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 01:54 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-12 01:54 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys

============ 3 Months Modified Files and Folders =============

2012-06-08 19:09 - 2011-12-20 10:05 - 00000304 ____A C:\Windows\Tasks\jgakllyizk.job
2012-06-08 19:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-08 19:09 - 2009-07-13 20:51 - 00067422 ____A C:\Windows\setupact.log
2012-06-08 19:08 - 2010-07-14 09:57 - 01335134 ____A C:\Windows\WindowsUpdate.log
2012-06-08 19:02 - 2012-03-30 11:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-08 18:58 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-08 18:58 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-08 18:57 - 2011-06-01 09:41 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-08 09:09 - 2012-06-07 10:56 - 00000519 ____A C:\Users\SilvioG\Desktop\Before You Post About A Problem.website
2012-06-08 09:05 - 2011-06-01 09:41 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-08 07:53 - 2012-06-08 07:53 - 00004573 ____A C:\Users\SilvioG\Desktop\Attach.zip
2012-06-08 07:52 - 2012-06-08 07:52 - 00014574 ____A C:\Users\SilvioG\Desktop\Attach.txt
2012-06-08 07:51 - 2012-06-08 07:51 - 00031814 ____A C:\Users\SilvioG\Desktop\DDS.txt
2012-06-07 11:41 - 2009-07-13 21:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-07 11:37 - 2012-06-07 11:35 - 00000000 ____D C:\Users\SilvioG\Desktop\Directory Links
2012-06-07 11:35 - 2012-06-07 11:33 - 00000000 ____D C:\Users\SilvioG\Desktop\Web Links
2012-06-07 11:24 - 2011-07-29 20:46 - 00000000 ____D C:\Users\SilvioG\AppData\Local\CutePDF Writer
2012-06-07 11:03 - 2012-06-07 11:04 - 01571600 ____A C:\Users\SilvioG\Desktop\Bleepingcomputer_MalwrRmvlPrep.pdf
2012-06-07 11:01 - 2010-07-15 19:14 - 00000000 ____D C:\!_Malware Removal Setup
2012-06-07 11:00 - 2012-06-08 07:02 - 00607260 ____R (Swearware) C:\Users\SilvioG\Desktop\dds.scr
2012-06-07 10:55 - 2012-06-07 10:55 - 00000444 ____A C:\Users\SilvioG\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs - BleepingComputer.com.website
2012-06-07 10:13 - 2012-03-04 09:38 - 00765010 ____A C:\Windows\ntbtlog.txt
2012-06-06 04:07 - 2009-07-13 18:34 - 00442696 ____R C:\Windows\System32\Drivers\etc\hosts
2012-06-06 04:05 - 2012-06-05 06:36 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-06-06 04:04 - 2012-06-05 07:15 - 00000000 ____D C:\Users\SilvioG\Desktop\Misc Apps
2012-06-05 08:04 - 2012-06-05 08:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-06-05 08:03 - 2012-06-05 08:03 - 00002144 ____A C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2012-06-05 06:38 - 2012-06-05 06:36 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2012-06-05 06:36 - 2012-06-05 06:36 - 00001229 ____A C:\Users\SilvioG\Desktop\Spybot - Search & Destroy.lnk
2012-06-03 04:01 - 2010-07-27 09:41 - 00000000 ____D C:\Users\SilvioG\AppData\Roaming\vlc
2012-06-02 11:45 - 2010-07-14 22:23 - 00000000 ____D C:\Users\SilvioG\AppData\LocalLow
2012-06-02 10:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2012-05-31 03:05 - 2012-05-31 03:05 - 00295992 ____A C:\Windows\Minidump\053112-22183-01.dmp
2012-05-31 03:05 - 2010-07-18 07:51 - 745366720 ____A C:\Windows\MEMORY.DMP
2012-05-31 03:05 - 2010-07-18 07:51 - 00000000 ____D C:\Windows\Minidump
2012-05-20 05:44 - 2012-05-20 05:44 - 00000000 ____D C:\Program Files (x86)\ESET
2012-05-20 05:44 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2012-05-20 04:55 - 2010-07-15 21:24 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-05-20 03:45 - 2010-07-19 07:12 - 00000000 ____D C:\Software & Serials
2012-05-17 03:30 - 2012-05-17 03:29 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-05-13 04:11 - 2010-07-16 22:48 - 00000000 ____D C:\Program Files (x86)\McAfee
2012-05-13 04:11 - 2009-07-13 20:45 - 03055480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-13 04:10 - 2009-12-11 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-13 04:08 - 2010-07-18 15:39 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-13 04:08 - 2010-07-14 10:12 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-13 03:57 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2012-05-05 17:43 - 2010-07-18 09:24 - 00000000 ____D C:\Users\SilvioG\AppData\Roaming\Apple Computer
2012-05-05 09:02 - 2012-04-14 05:02 - 08769696 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-05-05 09:02 - 2012-03-30 11:24 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-05 09:02 - 2011-07-25 21:00 - 00070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-02 04:06 - 2011-08-31 14:04 - 00000000 ____D C:\Program Files (x86)\Auction Sentry 4
2012-04-24 19:45 - 2009-12-11 22:43 - 00263122 ____A C:\Windows\PFRO.log
2012-04-22 11:49 - 2010-07-23 20:51 - 00000000 ____D C:\_AcroTemp
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts
2012-04-16 12:03 - 2012-04-16 12:03 - 00001037 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-04-05 22:43 - 2010-07-14 22:46 - 00000000 ____D C:\!DOCS
2012-04-04 11:56 - 2010-07-15 21:24 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-03 06:19 - 2010-07-18 08:10 - 00000000 ____D C:\Tom_Hess
2012-03-30 22:05 - 2012-05-12 01:54 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-12 01:54 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-12 01:54 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-12 01:54 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-12 01:54 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-29 04:36 - 2012-03-29 04:34 - 00000000 ____D C:\Program Files\iTunes
2012-03-29 04:36 - 2012-03-29 04:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-03-29 04:34 - 2012-03-29 04:34 - 00000000 ____D C:\Program Files\iPod
2012-03-25 04:25 - 2012-03-25 04:23 - 00000000 ____D C:\Users\SilvioG\Desktop\System Apps
2012-03-25 04:24 - 2011-12-21 12:41 - 00000000 ____D C:\Users\SilvioG\Desktop\Malware Removal 2011-12-21
2012-03-25 04:23 - 2012-03-25 04:18 - 00000000 ____D C:\Users\SilvioG\Desktop\Home Builder Design
2012-03-19 23:09 - 2010-07-15 22:11 - 00000039 ____A C:\Windows\vbaddin.ini
2012-03-19 23:04 - 2009-07-13 18:34 - 00000545 ____A C:\Windows\win.ini
2012-03-16 23:58 - 2012-05-12 01:54 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6078.85 MB
Available physical RAM: 5373.79 MB
Total Pagefile: 6077 MB
Available Pagefile: 5359.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105322W0F) (Fixed) (Total:453.89 GB) (Free:258.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (USB20FD) (Removable) (Total:3.73 GB) (Free:1.27 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 3824 MB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 453 GB 1501 MB
Partition 3 Primary 10 GB 455 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105322W0F NTFS Partition 453 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3823 MB 24 KB

======================================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F USB20FD FAT32 Removable 3823 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-06-07 20:17

======================= End Of Log ==========================

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:38 PM

Posted 08 June 2012 - 10:53 PM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\Run: [] [x]
HKLM-x32\...\Run: [] [x]
2012-06-08 19:09 - 2011-12-20 10:05 - 00000304 ____A C:\Windows\Tasks\jgakllyizk.job
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Now restart, let it boot normally and tell me how it went.


NEXT



Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • As we are only looking for a log of what is on the machine right now > choose to skip whatever is found
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 June 2012 - 11:20 PM

Farbar/ Fix run ran successfully
Fixlog as follows:
================================

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-06-2012
Ran by SYSTEM at 2012-06-09 00:12:46 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Tasks\jgakllyizk.job moved successfully.

==== End of Fixlog ====

Now about to run TDSSkiller

#6 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 08 June 2012 - 11:32 PM

Ran TDSSkiller.

482 objects were processed with no infections detected.
TDSSKiller log generated:
================================
00:22:59.0670 7156 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:23:00.0622 7156 ============================================================
00:23:00.0622 7156 Current date / time: 2012/06/09 00:23:00.0622
00:23:00.0622 7156 SystemInfo:
00:23:00.0622 7156
00:23:00.0622 7156 OS Version: 6.1.7601 ServicePack: 1.0
00:23:00.0622 7156 Product type: Workstation
00:23:00.0622 7156 ComputerName: RAPTOR
00:23:00.0622 7156 UserName: SilvioG
00:23:00.0622 7156 Windows directory: C:\windows
00:23:00.0622 7156 System windows directory: C:\windows
00:23:00.0622 7156 Running under WOW64
00:23:00.0622 7156 Processor architecture: Intel x64
00:23:00.0622 7156 Number of processors: 8
00:23:00.0622 7156 Page size: 0x1000
00:23:00.0622 7156 Boot type: Normal boot
00:23:00.0622 7156 ============================================================
00:23:02.0119 7156 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:23:02.0135 7156 Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:23:02.0135 7156 ============================================================
00:23:02.0135 7156 \Device\Harddisk0\DR0:
00:23:02.0135 7156 MBR partitions:
00:23:02.0135 7156 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BC8000
00:23:02.0135 7156 \Device\Harddisk1\DR1:
00:23:02.0135 7156 MBR partitions:
00:23:02.0135 7156 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0
00:23:02.0135 7156 ============================================================
00:23:02.0166 7156 C: <-> \Device\Harddisk0\DR0\Partition0
00:23:02.0166 7156 ============================================================
00:23:02.0166 7156 Initialize success
00:23:02.0166 7156 ============================================================
00:24:30.0759 2604 ============================================================
00:24:30.0759 2604 Scan started
00:24:30.0759 2604 Mode: Manual; TDLFS;
00:24:30.0759 2604 ============================================================
00:24:31.0273 2604 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
00:24:31.0289 2604 1394ohci - ok
00:24:31.0367 2604 61883 (e0a8525a951addb4655bc2068566407d) C:\windows\system32\DRIVERS\61883.sys
00:24:31.0367 2604 61883 - ok
00:24:31.0398 2604 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
00:24:31.0414 2604 ACPI - ok
00:24:31.0414 2604 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
00:24:31.0461 2604 AcpiPmi - ok
00:24:31.0507 2604 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\windows\system32\drivers\adfs.sys
00:24:31.0554 2604 adfs - ok
00:24:31.0741 2604 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
00:24:31.0788 2604 Adobe Version Cue CS4 - ok
00:24:31.0882 2604 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:24:31.0913 2604 AdobeARMservice - ok
00:24:32.0116 2604 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:24:32.0116 2604 AdobeFlashPlayerUpdateSvc - ok
00:24:32.0163 2604 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
00:24:32.0178 2604 adp94xx - ok
00:24:32.0225 2604 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
00:24:32.0241 2604 adpahci - ok
00:24:32.0256 2604 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
00:24:32.0272 2604 adpu320 - ok
00:24:32.0287 2604 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
00:24:32.0303 2604 AeLookupSvc - ok
00:24:32.0381 2604 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
00:24:32.0381 2604 AFD - ok
00:24:32.0428 2604 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
00:24:32.0428 2604 agp440 - ok
00:24:32.0459 2604 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
00:24:32.0459 2604 ALG - ok
00:24:32.0475 2604 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
00:24:32.0475 2604 aliide - ok
00:24:32.0506 2604 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
00:24:32.0506 2604 amdide - ok
00:24:32.0537 2604 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
00:24:32.0537 2604 AmdK8 - ok
00:24:32.0553 2604 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
00:24:32.0568 2604 AmdPPM - ok
00:24:32.0584 2604 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
00:24:32.0631 2604 amdsata - ok
00:24:32.0677 2604 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
00:24:32.0693 2604 amdsbs - ok
00:24:32.0693 2604 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
00:24:32.0740 2604 amdxata - ok
00:24:32.0787 2604 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
00:24:32.0833 2604 AppID - ok
00:24:32.0849 2604 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
00:24:32.0849 2604 AppIDSvc - ok
00:24:32.0911 2604 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
00:24:32.0927 2604 Appinfo - ok
00:24:33.0052 2604 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:24:33.0099 2604 Apple Mobile Device - ok
00:24:33.0145 2604 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
00:24:33.0145 2604 arc - ok
00:24:33.0161 2604 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
00:24:33.0161 2604 arcsas - ok
00:24:33.0192 2604 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
00:24:33.0192 2604 AsyncMac - ok
00:24:33.0239 2604 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
00:24:33.0239 2604 atapi - ok
00:24:33.0317 2604 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:24:33.0348 2604 AudioEndpointBuilder - ok
00:24:33.0364 2604 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:24:33.0364 2604 AudioSrv - ok
00:24:33.0411 2604 Avc (16fabe84916623d0607e4a975544032c) C:\windows\system32\DRIVERS\avc.sys
00:24:33.0426 2604 Avc - ok
00:24:33.0473 2604 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
00:24:33.0504 2604 AxInstSV - ok
00:24:33.0567 2604 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
00:24:33.0582 2604 b06bdrv - ok
00:24:33.0613 2604 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
00:24:33.0629 2604 b57nd60a - ok
00:24:33.0691 2604 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
00:24:33.0691 2604 BDESVC - ok
00:24:33.0691 2604 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
00:24:33.0707 2604 Beep - ok
00:24:33.0785 2604 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
00:24:33.0832 2604 BFE - ok
00:24:33.0957 2604 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
00:24:34.0019 2604 BITS - ok
00:24:34.0066 2604 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
00:24:34.0066 2604 blbdrive - ok
00:24:34.0191 2604 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
00:24:34.0222 2604 Bonjour Service - ok
00:24:34.0284 2604 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
00:24:34.0315 2604 bowser - ok
00:24:34.0347 2604 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
00:24:34.0347 2604 BrFiltLo - ok
00:24:34.0347 2604 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
00:24:34.0362 2604 BrFiltUp - ok
00:24:34.0409 2604 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
00:24:34.0440 2604 Browser - ok
00:24:34.0471 2604 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
00:24:34.0487 2604 Brserid - ok
00:24:34.0503 2604 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
00:24:34.0518 2604 BrSerWdm - ok
00:24:34.0518 2604 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
00:24:34.0534 2604 BrUsbMdm - ok
00:24:34.0534 2604 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
00:24:34.0534 2604 BrUsbSer - ok
00:24:34.0534 2604 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
00:24:34.0549 2604 BTHMODEM - ok
00:24:34.0581 2604 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
00:24:34.0581 2604 bthserv - ok
00:24:34.0612 2604 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
00:24:34.0612 2604 cdfs - ok
00:24:34.0721 2604 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
00:24:34.0768 2604 cdrom - ok
00:24:34.0799 2604 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:24:34.0830 2604 CertPropSvc - ok
00:24:34.0877 2604 cfwids (274ce03459896006f7a5069266e0469e) C:\windows\system32\drivers\cfwids.sys
00:24:34.0924 2604 cfwids - ok
00:24:35.0017 2604 cfWiMAXService (adbdc69a0c25361870a1ac009d29f960) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
00:24:35.0049 2604 cfWiMAXService - ok
00:24:35.0080 2604 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
00:24:35.0080 2604 circlass - ok
00:24:35.0142 2604 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
00:24:35.0142 2604 CLFS - ok
00:24:35.0205 2604 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:24:35.0205 2604 clr_optimization_v2.0.50727_32 - ok
00:24:35.0251 2604 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:24:35.0251 2604 clr_optimization_v2.0.50727_64 - ok
00:24:35.0361 2604 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:24:35.0423 2604 clr_optimization_v4.0.30319_32 - ok
00:24:35.0454 2604 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:24:35.0501 2604 clr_optimization_v4.0.30319_64 - ok
00:24:35.0532 2604 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
00:24:35.0532 2604 CmBatt - ok
00:24:35.0563 2604 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
00:24:35.0563 2604 cmdide - ok
00:24:35.0641 2604 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
00:24:35.0673 2604 CNG - ok
00:24:35.0719 2604 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
00:24:35.0719 2604 Compbatt - ok
00:24:35.0735 2604 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
00:24:35.0782 2604 CompositeBus - ok
00:24:35.0782 2604 COMSysApp - ok
00:24:35.0875 2604 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
00:24:35.0922 2604 ConfigFree Service - ok
00:24:35.0953 2604 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
00:24:35.0953 2604 crcdisk - ok
00:24:36.0016 2604 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
00:24:36.0047 2604 CryptSvc - ok
00:24:36.0109 2604 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:24:36.0125 2604 DcomLaunch - ok
00:24:36.0172 2604 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
00:24:36.0172 2604 defragsvc - ok
00:24:36.0219 2604 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
00:24:36.0250 2604 DfsC - ok
00:24:36.0297 2604 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
00:24:36.0297 2604 Dhcp - ok
00:24:36.0312 2604 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
00:24:36.0312 2604 discache - ok
00:24:36.0343 2604 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
00:24:36.0343 2604 Disk - ok
00:24:36.0375 2604 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
00:24:36.0406 2604 Dnscache - ok
00:24:36.0453 2604 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
00:24:36.0484 2604 dot3svc - ok
00:24:36.0531 2604 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
00:24:36.0531 2604 DPS - ok
00:24:36.0562 2604 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
00:24:36.0562 2604 drmkaud - ok
00:24:36.0687 2604 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
00:24:36.0733 2604 DXGKrnl - ok
00:24:36.0765 2604 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
00:24:36.0765 2604 EapHost - ok
00:24:37.0030 2604 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
00:24:37.0061 2604 ebdrv - ok
00:24:37.0201 2604 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
00:24:37.0233 2604 EFS - ok
00:24:37.0326 2604 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
00:24:37.0373 2604 ehRecvr - ok
00:24:37.0404 2604 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
00:24:37.0404 2604 ehSched - ok
00:24:37.0482 2604 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
00:24:37.0498 2604 elxstor - ok
00:24:37.0513 2604 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
00:24:37.0529 2604 ErrDev - ok
00:24:37.0576 2604 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
00:24:37.0576 2604 EventSystem - ok
00:24:37.0607 2604 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
00:24:37.0623 2604 exfat - ok
00:24:37.0685 2604 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
00:24:37.0685 2604 fastfat - ok
00:24:37.0794 2604 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
00:24:37.0841 2604 Fax - ok
00:24:37.0857 2604 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
00:24:37.0872 2604 fdc - ok
00:24:37.0888 2604 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
00:24:37.0888 2604 fdPHost - ok
00:24:37.0903 2604 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
00:24:37.0903 2604 FDResPub - ok
00:24:37.0919 2604 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
00:24:37.0919 2604 FileInfo - ok
00:24:37.0935 2604 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
00:24:37.0935 2604 Filetrace - ok
00:24:38.0044 2604 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:24:38.0106 2604 FLEXnet Licensing Service - ok
00:24:38.0215 2604 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
00:24:38.0262 2604 FLEXnet Licensing Service 64 - ok
00:24:38.0403 2604 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
00:24:38.0403 2604 flpydisk - ok
00:24:38.0449 2604 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
00:24:38.0481 2604 FltMgr - ok
00:24:38.0590 2604 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
00:24:38.0637 2604 FontCache - ok
00:24:38.0715 2604 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:24:38.0761 2604 FontCache3.0.0.0 - ok
00:24:38.0777 2604 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
00:24:38.0777 2604 FsDepends - ok
00:24:38.0839 2604 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
00:24:38.0871 2604 fssfltr - ok
00:24:39.0073 2604 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:24:39.0151 2604 fsssvc - ok
00:24:39.0276 2604 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
00:24:39.0307 2604 Fs_Rec - ok
00:24:39.0370 2604 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
00:24:39.0370 2604 fvevol - ok
00:24:39.0401 2604 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
00:24:39.0432 2604 FwLnk - ok
00:24:39.0479 2604 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
00:24:39.0479 2604 gagp30kx - ok
00:24:39.0526 2604 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:24:39.0573 2604 GEARAspiWDM - ok
00:24:39.0697 2604 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
00:24:39.0697 2604 gpsvc - ok
00:24:39.0807 2604 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:39.0807 2604 gupdate - ok
00:24:39.0853 2604 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:24:39.0853 2604 gupdatem - ok
00:24:39.0885 2604 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
00:24:39.0885 2604 hcw85cir - ok
00:24:39.0947 2604 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
00:24:39.0994 2604 HdAudAddService - ok
00:24:40.0025 2604 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
00:24:40.0025 2604 HDAudBus - ok
00:24:40.0056 2604 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
00:24:40.0103 2604 HECIx64 - ok
00:24:40.0119 2604 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
00:24:40.0119 2604 HidBatt - ok
00:24:40.0134 2604 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
00:24:40.0134 2604 HidBth - ok
00:24:40.0165 2604 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
00:24:40.0165 2604 HidIr - ok
00:24:40.0181 2604 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
00:24:40.0181 2604 hidserv - ok
00:24:40.0212 2604 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
00:24:40.0243 2604 HidUsb - ok
00:24:40.0290 2604 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
00:24:40.0321 2604 hkmsvc - ok
00:24:40.0368 2604 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
00:24:40.0399 2604 HomeGroupListener - ok
00:24:40.0446 2604 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
00:24:40.0446 2604 HomeGroupProvider - ok
00:24:40.0493 2604 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
00:24:40.0524 2604 HpSAMD - ok
00:24:40.0618 2604 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
00:24:40.0633 2604 HTTP - ok
00:24:40.0680 2604 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
00:24:40.0680 2604 hwpolicy - ok
00:24:40.0711 2604 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
00:24:40.0711 2604 i8042prt - ok
00:24:40.0774 2604 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
00:24:40.0774 2604 iaStor - ok
00:24:40.0836 2604 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:24:40.0883 2604 IAStorDataMgrSvc - ok
00:24:40.0961 2604 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
00:24:41.0008 2604 iaStorV - ok
00:24:41.0086 2604 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
00:24:41.0133 2604 IDriverT - ok
00:24:41.0242 2604 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:24:41.0304 2604 idsvc - ok
00:24:41.0413 2604 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
00:24:41.0413 2604 iirsp - ok
00:24:41.0523 2604 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
00:24:41.0554 2604 IKEEXT - ok
00:24:41.0710 2604 IntcAzAudAddService (450bec18b45bccfdc923e11f856dbda7) C:\windows\system32\drivers\RTKVHD64.sys
00:24:41.0741 2604 IntcAzAudAddService - ok
00:24:41.0897 2604 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
00:24:41.0897 2604 intelide - ok
00:24:41.0928 2604 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
00:24:41.0928 2604 intelppm - ok
00:24:41.0975 2604 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
00:24:41.0975 2604 IPBusEnum - ok
00:24:42.0022 2604 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:24:42.0069 2604 IpFilterDriver - ok
00:24:42.0115 2604 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
00:24:42.0147 2604 iphlpsvc - ok
00:24:42.0178 2604 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
00:24:42.0225 2604 IPMIDRV - ok
00:24:42.0240 2604 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
00:24:42.0240 2604 IPNAT - ok
00:24:42.0396 2604 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
00:24:42.0443 2604 iPod Service - ok
00:24:42.0474 2604 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
00:24:42.0474 2604 IRENUM - ok
00:24:42.0505 2604 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
00:24:42.0505 2604 isapnp - ok
00:24:42.0537 2604 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
00:24:42.0568 2604 iScsiPrt - ok
00:24:42.0630 2604 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
00:24:42.0630 2604 kbdclass - ok
00:24:42.0693 2604 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
00:24:42.0739 2604 kbdhid - ok
00:24:42.0771 2604 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:24:42.0786 2604 KeyIso - ok
00:24:42.0817 2604 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
00:24:42.0849 2604 KSecDD - ok
00:24:42.0895 2604 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
00:24:42.0942 2604 KSecPkg - ok
00:24:42.0942 2604 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
00:24:42.0958 2604 ksthunk - ok
00:24:42.0989 2604 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
00:24:43.0005 2604 KtmRm - ok
00:24:43.0067 2604 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
00:24:43.0098 2604 LanmanServer - ok
00:24:43.0129 2604 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
00:24:43.0161 2604 LanmanWorkstation - ok
00:24:43.0270 2604 LBTServ (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
00:24:43.0317 2604 LBTServ - ok
00:24:43.0348 2604 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\windows\system32\DRIVERS\LHidFilt.Sys
00:24:43.0379 2604 LHidFilt - ok
00:24:43.0410 2604 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
00:24:43.0426 2604 lltdio - ok
00:24:43.0457 2604 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
00:24:43.0473 2604 lltdsvc - ok
00:24:43.0488 2604 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
00:24:43.0488 2604 lmhosts - ok
00:24:43.0519 2604 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\windows\system32\DRIVERS\LMouFilt.Sys
00:24:43.0551 2604 LMouFilt - ok
00:24:43.0644 2604 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:24:43.0722 2604 LMS - ok
00:24:43.0785 2604 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
00:24:43.0785 2604 LSI_FC - ok
00:24:43.0785 2604 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
00:24:43.0800 2604 LSI_SAS - ok
00:24:43.0800 2604 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
00:24:43.0816 2604 LSI_SAS2 - ok
00:24:43.0831 2604 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
00:24:43.0831 2604 LSI_SCSI - ok
00:24:43.0863 2604 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
00:24:43.0863 2604 luafv - ok
00:24:43.0956 2604 McAfee SiteAdvisor Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:24:44.0003 2604 McAfee SiteAdvisor Service - ok
00:24:44.0050 2604 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
00:24:44.0097 2604 McciCMService - ok
00:24:44.0175 2604 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe
00:24:44.0206 2604 McciCMService64 - ok
00:24:44.0221 2604 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:24:44.0221 2604 McMPFSvc - ok
00:24:44.0221 2604 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:24:44.0237 2604 mcmscsvc - ok
00:24:44.0237 2604 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:24:44.0237 2604 McNaiAnn - ok
00:24:44.0268 2604 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:24:44.0268 2604 McNASvc - ok
00:24:44.0331 2604 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe
00:24:44.0346 2604 McODS - ok
00:24:44.0346 2604 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:24:44.0362 2604 McProxy - ok
00:24:44.0424 2604 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
00:24:44.0471 2604 McShield - ok
00:24:44.0596 2604 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
00:24:44.0627 2604 Mcx2Svc - ok
00:24:44.0705 2604 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
00:24:44.0705 2604 megasas - ok
00:24:44.0752 2604 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
00:24:44.0752 2604 MegaSR - ok
00:24:44.0783 2604 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\windows\system32\drivers\mfeapfk.sys
00:24:44.0830 2604 mfeapfk - ok
00:24:44.0861 2604 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\windows\system32\drivers\mfeavfk.sys
00:24:44.0892 2604 mfeavfk - ok
00:24:44.0939 2604 mfeavfk01 - ok
00:24:44.0970 2604 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
00:24:45.0017 2604 mfefire - ok
00:24:45.0064 2604 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\windows\system32\drivers\mfefirek.sys
00:24:45.0095 2604 mfefirek - ok
00:24:45.0157 2604 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\windows\system32\drivers\mfehidk.sys
00:24:45.0204 2604 mfehidk - ok
00:24:45.0235 2604 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\windows\system32\DRIVERS\mfenlfk.sys
00:24:45.0267 2604 mfenlfk - ok
00:24:45.0313 2604 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\windows\system32\drivers\mferkdet.sys
00:24:45.0345 2604 mferkdet - ok
00:24:45.0469 2604 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
00:24:45.0501 2604 mfevtp - ok
00:24:45.0547 2604 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\windows\system32\drivers\mfewfpk.sys
00:24:45.0579 2604 mfewfpk - ok
00:24:45.0703 2604 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:24:45.0750 2604 Microsoft Office Groove Audit Service - ok
00:24:45.0781 2604 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:24:45.0797 2604 MMCSS - ok
00:24:45.0813 2604 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
00:24:45.0813 2604 Modem - ok
00:24:45.0828 2604 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
00:24:45.0828 2604 monitor - ok
00:24:45.0891 2604 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
00:24:45.0891 2604 mouclass - ok
00:24:45.0922 2604 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
00:24:45.0922 2604 mouhid - ok
00:24:45.0969 2604 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
00:24:45.0969 2604 mountmgr - ok
00:24:46.0015 2604 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
00:24:46.0062 2604 mpio - ok
00:24:46.0078 2604 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
00:24:46.0093 2604 mpsdrv - ok
00:24:46.0187 2604 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
00:24:46.0187 2604 MpsSvc - ok
00:24:46.0265 2604 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
00:24:46.0312 2604 MREMP50 - ok
00:24:46.0359 2604 MREMP50a64 - ok
00:24:46.0359 2604 MREMPR5 - ok
00:24:46.0374 2604 MRENDIS5 - ok
00:24:46.0390 2604 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
00:24:46.0437 2604 MRESP50 - ok
00:24:46.0452 2604 MRESP50a64 - ok
00:24:46.0499 2604 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
00:24:46.0546 2604 MRxDAV - ok
00:24:46.0593 2604 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
00:24:46.0624 2604 mrxsmb - ok
00:24:46.0702 2604 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:24:46.0749 2604 mrxsmb10 - ok
00:24:46.0764 2604 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:24:46.0795 2604 mrxsmb20 - ok
00:24:46.0842 2604 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
00:24:46.0889 2604 msahci - ok
00:24:46.0936 2604 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
00:24:46.0983 2604 msdsm - ok
00:24:46.0998 2604 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
00:24:47.0014 2604 MSDTC - ok
00:24:47.0061 2604 MSDV (72949a24d37a20a54b3d4d3dadbb55e9) C:\windows\system32\DRIVERS\msdv.sys
00:24:47.0076 2604 MSDV - ok
00:24:47.0092 2604 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
00:24:47.0092 2604 Msfs - ok
00:24:47.0107 2604 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
00:24:47.0123 2604 mshidkmdf - ok
00:24:47.0123 2604 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
00:24:47.0123 2604 msisadrv - ok
00:24:47.0154 2604 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
00:24:47.0170 2604 MSiSCSI - ok
00:24:47.0170 2604 msiserver - ok
00:24:47.0279 2604 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
00:24:47.0279 2604 MSK80Service - ok
00:24:47.0310 2604 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
00:24:47.0310 2604 MSKSSRV - ok
00:24:47.0326 2604 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
00:24:47.0341 2604 MSPCLOCK - ok
00:24:47.0341 2604 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
00:24:47.0341 2604 MSPQM - ok
00:24:47.0404 2604 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
00:24:47.0435 2604 MsRPC - ok
00:24:47.0482 2604 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
00:24:47.0482 2604 mssmbios - ok
00:24:47.0513 2604 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
00:24:47.0513 2604 MSTEE - ok
00:24:47.0529 2604 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
00:24:47.0544 2604 MTConfig - ok
00:24:47.0560 2604 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
00:24:47.0560 2604 Mup - ok
00:24:47.0638 2604 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
00:24:47.0669 2604 napagent - ok
00:24:47.0731 2604 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
00:24:47.0747 2604 NativeWifiP - ok
00:24:47.0809 2604 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
00:24:47.0809 2604 NDIS - ok
00:24:47.0841 2604 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
00:24:47.0841 2604 NdisCap - ok
00:24:47.0872 2604 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
00:24:47.0887 2604 NdisTapi - ok
00:24:47.0934 2604 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
00:24:47.0965 2604 Ndisuio - ok
00:24:48.0012 2604 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
00:24:48.0043 2604 NdisWan - ok
00:24:48.0106 2604 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
00:24:48.0137 2604 NDProxy - ok
00:24:48.0168 2604 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
00:24:48.0184 2604 NetBIOS - ok
00:24:48.0231 2604 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
00:24:48.0231 2604 NetBT - ok
00:24:48.0277 2604 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:24:48.0277 2604 Netlogon - ok
00:24:48.0324 2604 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
00:24:48.0324 2604 Netman - ok
00:24:48.0371 2604 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
00:24:48.0371 2604 netprofm - ok
00:24:48.0418 2604 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:24:48.0433 2604 NetTcpPortSharing - ok
00:24:48.0449 2604 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
00:24:48.0449 2604 nfrd960 - ok
00:24:48.0496 2604 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
00:24:48.0527 2604 NlaSvc - ok
00:24:48.0558 2604 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
00:24:48.0558 2604 Npfs - ok
00:24:48.0574 2604 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
00:24:48.0574 2604 nsi - ok
00:24:48.0589 2604 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
00:24:48.0589 2604 nsiproxy - ok
00:24:48.0745 2604 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
00:24:48.0792 2604 Ntfs - ok
00:24:48.0917 2604 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
00:24:48.0917 2604 Null - ok
00:24:48.0964 2604 NVHDA (857fb74754ebff94ee3ad40788740916) C:\windows\system32\drivers\nvhda64v.sys
00:24:48.0995 2604 NVHDA - ok
00:24:49.0869 2604 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\windows\system32\DRIVERS\nvlddmkm.sys
00:24:49.0962 2604 nvlddmkm - ok
00:24:50.0103 2604 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
00:24:50.0149 2604 nvraid - ok
00:24:50.0165 2604 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
00:24:50.0212 2604 nvstor - ok
00:24:50.0337 2604 nvsvc (8a55543c379b0582f0c33db447d1c892) C:\windows\system32\nvvsvc.exe
00:24:50.0352 2604 nvsvc - ok
00:24:50.0368 2604 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
00:24:50.0383 2604 nv_agp - ok
00:24:50.0493 2604 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:24:50.0539 2604 odserv - ok
00:24:50.0586 2604 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
00:24:50.0586 2604 ohci1394 - ok
00:24:50.0633 2604 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:24:50.0680 2604 ose - ok
00:24:50.0742 2604 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:24:50.0742 2604 p2pimsvc - ok
00:24:50.0789 2604 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
00:24:50.0789 2604 p2psvc - ok
00:24:50.0820 2604 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
00:24:50.0836 2604 Parport - ok
00:24:50.0867 2604 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
00:24:50.0914 2604 partmgr - ok
00:24:50.0929 2604 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
00:24:50.0929 2604 PcaSvc - ok
00:24:50.0992 2604 pccsmcfd (81b5e63131090879ad6ef9f32109b88d) C:\windows\system32\DRIVERS\pccsmcfdx64.sys
00:24:51.0023 2604 pccsmcfd - ok
00:24:51.0070 2604 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
00:24:51.0117 2604 pci - ok
00:24:51.0148 2604 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
00:24:51.0148 2604 pciide - ok
00:24:51.0179 2604 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
00:24:51.0179 2604 pcmcia - ok
00:24:51.0226 2604 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\windows\system32\Drivers\pcouffin.sys
00:24:51.0273 2604 pcouffin - ok
00:24:51.0273 2604 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
00:24:51.0273 2604 pcw - ok
00:24:51.0335 2604 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
00:24:51.0351 2604 PEAUTH - ok
00:24:51.0444 2604 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
00:24:51.0444 2604 PerfHost - ok
00:24:51.0491 2604 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
00:24:51.0522 2604 PGEffect - ok
00:24:51.0694 2604 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
00:24:51.0725 2604 pla - ok
00:24:51.0819 2604 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
00:24:51.0850 2604 PlugPlay - ok
00:24:51.0865 2604 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
00:24:51.0865 2604 PNRPAutoReg - ok
00:24:51.0897 2604 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:24:51.0897 2604 PNRPsvc - ok
00:24:51.0943 2604 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
00:24:51.0975 2604 PolicyAgent - ok
00:24:52.0006 2604 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
00:24:52.0006 2604 Power - ok
00:24:52.0084 2604 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
00:24:52.0131 2604 PptpMiniport - ok
00:24:52.0162 2604 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
00:24:52.0162 2604 Processor - ok
00:24:52.0209 2604 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
00:24:52.0209 2604 ProfSvc - ok
00:24:52.0240 2604 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:24:52.0240 2604 ProtectedStorage - ok
00:24:52.0302 2604 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
00:24:52.0302 2604 Psched - ok
00:24:52.0333 2604 PxHlpa64 (901dba98359966a62a6548596988e931) C:\windows\system32\Drivers\PxHlpa64.sys
00:24:52.0365 2604 PxHlpa64 - ok
00:24:52.0505 2604 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
00:24:52.0521 2604 ql2300 - ok
00:24:52.0661 2604 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
00:24:52.0661 2604 ql40xx - ok
00:24:52.0708 2604 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
00:24:52.0708 2604 QWAVE - ok
00:24:52.0755 2604 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
00:24:52.0755 2604 QWAVEdrv - ok
00:24:52.0833 2604 RapiMgr (a55e7d0d873b2c97585b3b5926ac6ade) C:\windows\WindowsMobile\rapimgr.dll
00:24:52.0864 2604 RapiMgr - ok
00:24:52.0864 2604 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
00:24:52.0864 2604 RasAcd - ok
00:24:52.0895 2604 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
00:24:52.0895 2604 RasAgileVpn - ok
00:24:52.0926 2604 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
00:24:52.0942 2604 RasAuto - ok
00:24:52.0989 2604 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
00:24:53.0020 2604 Rasl2tp - ok
00:24:53.0051 2604 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
00:24:53.0082 2604 RasMan - ok
00:24:53.0113 2604 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
00:24:53.0113 2604 RasPppoe - ok
00:24:53.0129 2604 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
00:24:53.0129 2604 RasSstp - ok
00:24:53.0176 2604 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
00:24:53.0207 2604 rdbss - ok
00:24:53.0223 2604 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
00:24:53.0223 2604 rdpbus - ok
00:24:53.0254 2604 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
00:24:53.0254 2604 RDPCDD - ok
00:24:53.0269 2604 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
00:24:53.0269 2604 RDPENCDD - ok
00:24:53.0269 2604 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
00:24:53.0269 2604 RDPREFMP - ok
00:24:53.0316 2604 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
00:24:53.0363 2604 RDPWD - ok
00:24:53.0410 2604 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
00:24:53.0457 2604 rdyboost - ok
00:24:53.0488 2604 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
00:24:53.0488 2604 RemoteAccess - ok
00:24:53.0519 2604 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
00:24:53.0519 2604 RemoteRegistry - ok
00:24:53.0550 2604 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys
00:24:53.0597 2604 rimspci - ok
00:24:53.0613 2604 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys
00:24:53.0659 2604 risdpcie - ok
00:24:53.0691 2604 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys
00:24:53.0722 2604 rixdpcie - ok
00:24:53.0737 2604 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
00:24:53.0753 2604 RpcEptMapper - ok
00:24:53.0769 2604 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
00:24:53.0784 2604 RpcLocator - ok
00:24:53.0847 2604 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:24:53.0847 2604 RpcSs - ok
00:24:53.0878 2604 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
00:24:53.0878 2604 rspndr - ok
00:24:53.0940 2604 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
00:24:53.0987 2604 RTL8167 - ok
00:24:54.0112 2604 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
00:24:54.0143 2604 rtl8192se - ok
00:24:54.0174 2604 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:24:54.0174 2604 SamSs - ok
00:24:54.0205 2604 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
00:24:54.0237 2604 sbp2port - ok
00:24:54.0424 2604 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
00:24:54.0502 2604 SBSDWSCService - ok
00:24:54.0533 2604 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
00:24:54.0549 2604 SCardSvr - ok
00:24:54.0611 2604 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
00:24:54.0642 2604 scfilter - ok
00:24:54.0736 2604 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
00:24:54.0783 2604 Schedule - ok
00:24:54.0829 2604 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:24:54.0829 2604 SCPolicySvc - ok
00:24:54.0907 2604 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
00:24:54.0939 2604 sdbus - ok
00:24:54.0985 2604 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
00:24:55.0017 2604 SDRSVC - ok
00:24:55.0173 2604 SDScannerService (e1f35f902b825c7b18236271f398dda2) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
00:24:55.0188 2604 SDScannerService - ok
00:24:55.0251 2604 SDUpdateService (2db434f4ce96b3fb65d44b3ad5a4de3e) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
00:24:55.0313 2604 SDUpdateService - ok
00:24:55.0344 2604 SDWSCService (59dce6783f9ed27eb72c81466e363bf8) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
00:24:55.0344 2604 SDWSCService - ok
00:24:55.0469 2604 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
00:24:55.0469 2604 secdrv - ok
00:24:55.0500 2604 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
00:24:55.0531 2604 seclogon - ok
00:24:55.0563 2604 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
00:24:55.0563 2604 SENS - ok
00:24:55.0578 2604 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
00:24:55.0578 2604 SensrSvc - ok
00:24:55.0594 2604 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
00:24:55.0609 2604 Serenum - ok
00:24:55.0625 2604 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
00:24:55.0625 2604 Serial - ok
00:24:55.0687 2604 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
00:24:55.0703 2604 sermouse - ok
00:24:55.0797 2604 ServiceLayer (9d38320bb32230349379df5ddbbf7fce) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
00:24:55.0859 2604 ServiceLayer - ok
00:24:55.0906 2604 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
00:24:55.0937 2604 SessionEnv - ok
00:24:55.0953 2604 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
00:24:55.0953 2604 sffdisk - ok
00:24:55.0968 2604 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
00:24:55.0968 2604 sffp_mmc - ok
00:24:55.0968 2604 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
00:24:56.0015 2604 sffp_sd - ok
00:24:56.0046 2604 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
00:24:56.0046 2604 sfloppy - ok
00:24:56.0093 2604 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
00:24:56.0109 2604 SharedAccess - ok
00:24:56.0140 2604 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
00:24:56.0171 2604 ShellHWDetection - ok
00:24:56.0187 2604 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
00:24:56.0187 2604 SiSRaid2 - ok
00:24:56.0202 2604 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
00:24:56.0202 2604 SiSRaid4 - ok
00:24:56.0233 2604 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
00:24:56.0249 2604 Smb - ok
00:24:56.0280 2604 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
00:24:56.0280 2604 SNMPTRAP - ok
00:24:56.0296 2604 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
00:24:56.0296 2604 spldr - ok
00:24:56.0374 2604 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
00:24:56.0421 2604 Spooler - ok
00:24:56.0701 2604 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
00:24:56.0717 2604 sppsvc - ok
00:24:56.0842 2604 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
00:24:56.0842 2604 sppuinotify - ok
00:24:56.0920 2604 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
00:24:56.0967 2604 srv - ok
00:24:57.0029 2604 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
00:24:57.0076 2604 srv2 - ok
00:24:57.0138 2604 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS
00:24:57.0138 2604 SrvHsfHDA - ok
00:24:57.0247 2604 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS
00:24:57.0263 2604 SrvHsfV92 - ok
00:24:57.0419 2604 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS
00:24:57.0435 2604 SrvHsfWinac - ok
00:24:57.0481 2604 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
00:24:57.0528 2604 srvnet - ok
00:24:57.0559 2604 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
00:24:57.0559 2604 SSDPSRV - ok
00:24:57.0575 2604 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
00:24:57.0591 2604 SstpSvc - ok
00:24:57.0606 2604 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
00:24:57.0606 2604 stexstor - ok
00:24:57.0684 2604 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
00:24:57.0715 2604 stisvc - ok
00:24:57.0747 2604 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
00:24:57.0762 2604 swenum - ok
00:24:57.0793 2604 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
00:24:57.0809 2604 swprv - ok
00:24:57.0871 2604 SynTP (e28ca52ecf8cb6eb04b34de440ba260e) C:\windows\system32\DRIVERS\SynTP.sys
00:24:57.0918 2604 SynTP - ok
00:24:58.0074 2604 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
00:24:58.0090 2604 SysMain - ok
00:24:58.0215 2604 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
00:24:58.0261 2604 TabletInputService - ok
00:24:58.0293 2604 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
00:24:58.0324 2604 TapiSrv - ok
00:24:58.0339 2604 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
00:24:58.0339 2604 TBS - ok
00:24:58.0511 2604 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
00:24:58.0573 2604 Tcpip - ok
00:24:58.0745 2604 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
00:24:58.0761 2604 TCPIP6 - ok
00:24:58.0839 2604 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
00:24:58.0870 2604 tcpipreg - ok
00:24:58.0901 2604 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
00:24:58.0932 2604 tdcmdpst - ok
00:24:58.0963 2604 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
00:24:58.0963 2604 TDPIPE - ok
00:24:59.0010 2604 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
00:24:59.0041 2604 TDTCP - ok
00:24:59.0104 2604 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
00:24:59.0135 2604 tdx - ok
00:24:59.0182 2604 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
00:24:59.0213 2604 TermDD - ok
00:24:59.0275 2604 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
00:24:59.0307 2604 TermService - ok
00:24:59.0322 2604 TFsExDisk - ok
00:24:59.0353 2604 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
00:24:59.0353 2604 Themes - ok
00:24:59.0369 2604 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
00:24:59.0416 2604 Thpdrv - ok
00:24:59.0431 2604 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
00:24:59.0478 2604 Thpevm - ok
00:24:59.0509 2604 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
00:24:59.0525 2604 Thpsrv - ok
00:24:59.0556 2604 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:24:59.0556 2604 THREADORDER - ok
00:24:59.0619 2604 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:24:59.0650 2604 TMachInfo - ok
00:24:59.0697 2604 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
00:24:59.0743 2604 TODDSrv - ok
00:24:59.0837 2604 TosCoSrv (f82188fc76cfe174dc35a46e0bfc4da7) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:24:59.0884 2604 TosCoSrv - ok
00:24:59.0915 2604 TOSHIBA eco Utility Service (6938cbd31b47092b042420a5fd2e9aae) C:\Program Files\TOSHIBA\TECO\TecoService.exe
00:24:59.0962 2604 TOSHIBA eco Utility Service - ok
00:24:59.0993 2604 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:25:00.0040 2604 TOSHIBA HDD SSD Alert Service - ok
00:25:00.0118 2604 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
00:25:00.0165 2604 tos_sps64 - ok
00:25:00.0243 2604 TPCHSrv (bdfea7a014d8e4a29323ec6e32d30fca) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
00:25:00.0305 2604 TPCHSrv - ok
00:25:00.0399 2604 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
00:25:00.0399 2604 TrkWks - ok
00:25:00.0461 2604 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
00:25:00.0461 2604 TrustedInstaller - ok
00:25:00.0523 2604 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
00:25:00.0570 2604 tssecsrv - ok
00:25:00.0601 2604 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
00:25:00.0648 2604 TsUsbFlt - ok
00:25:00.0711 2604 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
00:25:00.0757 2604 tunnel - ok
00:25:00.0789 2604 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:25:00.0820 2604 TVALZ - ok
00:25:00.0851 2604 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
00:25:00.0882 2604 TVALZFL - ok
00:25:00.0913 2604 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
00:25:00.0913 2604 uagp35 - ok
00:25:00.0976 2604 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
00:25:01.0007 2604 udfs - ok
00:25:01.0038 2604 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
00:25:01.0038 2604 UI0Detect - ok
00:25:01.0101 2604 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
00:25:01.0101 2604 uliagpkx - ok
00:25:01.0116 2604 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
00:25:01.0163 2604 umbus - ok
00:25:01.0179 2604 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
00:25:01.0179 2604 UmPass - ok
00:25:01.0397 2604 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:25:01.0491 2604 UNS - ok
00:25:01.0615 2604 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
00:25:01.0631 2604 upnphost - ok
00:25:01.0693 2604 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
00:25:01.0740 2604 USBAAPL64 - ok
00:25:01.0787 2604 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
00:25:01.0818 2604 usbccgp - ok
00:25:01.0865 2604 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
00:25:01.0881 2604 usbcir - ok
00:25:01.0896 2604 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
00:25:01.0927 2604 usbehci - ok
00:25:01.0974 2604 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
00:25:02.0005 2604 usbhub - ok
00:25:02.0021 2604 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
00:25:02.0052 2604 usbohci - ok
00:25:02.0083 2604 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
00:25:02.0083 2604 usbprint - ok
00:25:02.0130 2604 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
00:25:02.0130 2604 usbscan - ok
00:25:02.0146 2604 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:25:02.0177 2604 USBSTOR - ok
00:25:02.0193 2604 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
00:25:02.0224 2604 usbuhci - ok
00:25:02.0255 2604 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
00:25:02.0286 2604 usbvideo - ok
00:25:02.0333 2604 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
00:25:02.0333 2604 usb_rndisx - ok
00:25:02.0349 2604 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
00:25:02.0349 2604 UxSms - ok
00:25:02.0395 2604 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:25:02.0395 2604 VaultSvc - ok
00:25:02.0458 2604 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
00:25:02.0473 2604 vdrvroot - ok
00:25:02.0536 2604 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
00:25:02.0583 2604 vds - ok
00:25:02.0629 2604 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
00:25:02.0629 2604 vga - ok
00:25:02.0676 2604 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
00:25:02.0676 2604 VgaSave - ok
00:25:02.0707 2604 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
00:25:02.0754 2604 vhdmp - ok
00:25:02.0801 2604 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
00:25:02.0801 2604 viaide - ok
00:25:02.0832 2604 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
00:25:02.0879 2604 volmgr - ok
00:25:02.0941 2604 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
00:25:02.0941 2604 volmgrx - ok
00:25:02.0973 2604 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
00:25:03.0019 2604 volsnap - ok
00:25:03.0051 2604 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
00:25:03.0051 2604 vsmraid - ok
00:25:03.0207 2604 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
00:25:03.0253 2604 VSS - ok
00:25:03.0394 2604 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
00:25:03.0394 2604 vwifibus - ok
00:25:03.0409 2604 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
00:25:03.0425 2604 vwififlt - ok
00:25:03.0425 2604 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
00:25:03.0425 2604 vwifimp - ok
00:25:03.0487 2604 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
00:25:03.0487 2604 W32Time - ok
00:25:03.0503 2604 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
00:25:03.0503 2604 WacomPen - ok
00:25:03.0565 2604 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:25:03.0612 2604 WANARP - ok
00:25:03.0612 2604 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:25:03.0612 2604 Wanarpv6 - ok
00:25:03.0831 2604 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
00:25:03.0893 2604 WatAdminSvc - ok
00:25:04.0033 2604 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
00:25:04.0096 2604 wbengine - ok
00:25:04.0221 2604 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
00:25:04.0221 2604 WbioSrvc - ok
00:25:04.0299 2604 WcesComm (8bda6db43aa54e8bb5e0794541ddc209) C:\windows\WindowsMobile\wcescomm.dll
00:25:04.0330 2604 WcesComm - ok
00:25:04.0392 2604 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
00:25:04.0392 2604 wcncsvc - ok
00:25:04.0408 2604 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
00:25:04.0408 2604 WcsPlugInService - ok
00:25:04.0439 2604 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
00:25:04.0455 2604 Wd - ok
00:25:04.0501 2604 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
00:25:04.0517 2604 Wdf01000 - ok
00:25:04.0533 2604 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:25:04.0548 2604 WdiServiceHost - ok
00:25:04.0548 2604 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:25:04.0548 2604 WdiSystemHost - ok
00:25:04.0595 2604 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
00:25:04.0626 2604 WebClient - ok
00:25:04.0673 2604 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
00:25:04.0689 2604 Wecsvc - ok
00:25:04.0704 2604 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
00:25:04.0704 2604 wercplsupport - ok
00:25:04.0735 2604 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
00:25:04.0735 2604 WerSvc - ok
00:25:04.0782 2604 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
00:25:04.0782 2604 WfpLwf - ok
00:25:04.0798 2604 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
00:25:04.0798 2604 WIMMount - ok
00:25:04.0845 2604 WinDefend - ok
00:25:04.0845 2604 WinHttpAutoProxySvc - ok
00:25:04.0923 2604 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
00:25:04.0923 2604 Winmgmt - ok
00:25:05.0094 2604 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
00:25:05.0157 2604 WinRM - ok
00:25:05.0281 2604 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
00:25:05.0313 2604 WinUsb - ok
00:25:05.0406 2604 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
00:25:05.0422 2604 Wlansvc - ok
00:25:05.0500 2604 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:25:05.0531 2604 wlcrasvc - ok
00:25:05.0749 2604 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:25:05.0781 2604 wlidsvc - ok
00:25:05.0905 2604 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
00:25:05.0905 2604 WmiAcpi - ok
00:25:05.0968 2604 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
00:25:05.0968 2604 wmiApSrv - ok
00:25:05.0999 2604 WMPNetworkSvc - ok
00:25:06.0015 2604 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
00:25:06.0015 2604 WPCSvc - ok
00:25:06.0061 2604 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
00:25:06.0061 2604 WPDBusEnum - ok
00:25:06.0093 2604 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
00:25:06.0093 2604 ws2ifsl - ok
00:25:06.0108 2604 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
00:25:06.0108 2604 wscsvc - ok
00:25:06.0124 2604 WSearch - ok
00:25:06.0327 2604 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
00:25:06.0342 2604 wuauserv - ok
00:25:06.0483 2604 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
00:25:06.0529 2604 WudfPf - ok
00:25:06.0561 2604 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
00:25:06.0607 2604 WUDFRd - ok
00:25:06.0654 2604 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
00:25:06.0685 2604 wudfsvc - ok
00:25:06.0732 2604 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
00:25:06.0732 2604 WwanSvc - ok
00:25:06.0888 2604 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:25:06.0966 2604 YahooAUService - ok
00:25:06.0997 2604 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
00:25:07.0372 2604 \Device\Harddisk0\DR0 - ok
00:25:07.0372 2604 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:25:09.0743 2604 \Device\Harddisk1\DR1 - ok
00:25:09.0774 2604 Boot (0x1200) (50f8ed0b7de62b0aac0c5797184c840c) \Device\Harddisk0\DR0\Partition0
00:25:09.0774 2604 \Device\Harddisk0\DR0\Partition0 - ok
00:25:09.0774 2604 Boot (0x1200) (6659c93649fdfb33195df83acd56b919) \Device\Harddisk1\DR1\Partition0
00:25:09.0774 2604 \Device\Harddisk1\DR1\Partition0 - ok
00:25:09.0774 2604 ============================================================
00:25:09.0774 2604 Scan finished
00:25:09.0774 2604 ============================================================
00:25:09.0774 7084 Detected object count: 0
00:25:09.0774 7084 Actual detected object count: 0
00:25:24.0204 5140 Deinitialize success

#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:38 PM

Posted 08 June 2012 - 11:36 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#8 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 June 2012 - 12:42 AM

Combofix completed. Looks like it found some fun stuff, too.
Generated log:

ComboFix 12-06-08.02 - SilvioG 06/09/2012 0:45.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6079.4232 [GMT -4:00]
Running from: c:\users\SilvioG\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\WeatherBlink
c:\program files (x86)\WeatherBlink\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\WeatherBlink\bar\1.bin\chrome\gcffxtbr.jar
c:\program files (x86)\WeatherBlink\bar\1.bin\gcauxstb.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcdlghk.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcdyn.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcfeedmg.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gchighin.exe
c:\program files (x86)\WeatherBlink\bar\1.bin\gchttpct.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcidle.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcimpipe.exe
c:\program files (x86)\WeatherBlink\bar\1.bin\gcmedint.exe
c:\program files (x86)\WeatherBlink\bar\1.bin\gcmlbtn.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcmsg.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcradio.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcregfft.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcregiet.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcscript.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcskplay.exe
c:\program files (x86)\WeatherBlink\bar\1.bin\gctpinst.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\gcuabtn.dll
c:\program files (x86)\WeatherBlink\bar\1.bin\INSTALL.RDF
c:\program files (x86)\WeatherBlink\bar\1.bin\LOGO.BMP
c:\program files (x86)\WeatherBlink\bar\1.bin\NPgcStub.dll
c:\program files (x86)\WeatherBlink\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\WeatherBlink\bar\Message\COMMON.T8S
c:\program files (x86)\WeatherBlink\bar\Settings\s_pid.dat
c:\program files (x86)\WeatherBlinkEI
c:\users\SilvioG\AppData\Roaming\inst.exe
c:\users\SilvioG\AppData\Roaming\vso_ts_preview.xml
c:\windows\system32\Thumbs.db
.
.
((((((((((((((((((((((((( Files Created from 2012-05-09 to 2012-06-09 )))))))))))))))))))))))))))))))
.
.
2012-06-09 07:24 . 2012-06-09 07:25 -------- d-----w- C:\FRST
2012-06-05 16:03 . 2009-01-25 17:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2012-06-05 16:03 . 2012-06-05 16:04 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-06-05 14:36 . 2012-06-06 12:05 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-05 14:36 . 2012-06-05 14:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-05-20 13:44 . 2012-05-20 13:44 -------- d-----w- c:\program files (x86)\ESET
2012-05-17 11:30 . 2012-05-17 11:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-05-17 11:30 . 2012-05-17 11:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-05-17 11:30 . 2012-05-17 11:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-05-17 11:30 . 2012-05-17 11:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-05-17 11:30 . 2012-05-17 11:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-05-17 11:30 . 2012-05-17 11:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-05-17 11:30 . 2012-05-17 11:30 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-05-17 11:29 . 2012-05-17 11:30 -------- d-----w- c:\program files (x86)\QuickTime
2012-05-12 09:55 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 09:55 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 09:54 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-12 09:54 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-05-12 09:54 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-12 09:54 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-12 09:54 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 09:54 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-12 09:54 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-12 09:54 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-12 09:54 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-12 09:54 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-12 09:54 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 17:02 . 2012-03-30 19:24 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 17:02 . 2011-07-26 05:00 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-05 17:02 . 2012-04-14 13:02 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-04 19:56 . 2010-07-16 05:24 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160]
"YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-12-02 296056]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2012-05-10 3349488]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-7-15 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-07-25 1038088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-05 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-02-02 517632]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2012-03-20 162192]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-05-10 1122296]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-05-10 838136]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-03-22 166528]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:02]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:41]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-01 17:41]
.
2011-01-23 c:\windows\Tasks\TASK20110123143927.job
- c:\program files (x86)\WS_FTP Pro\wsftppro.exe [2010-11-15 23:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-03 8312352]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Notify-SDWinLogon - SDWinLogon.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Yahoo! Mail - c:\windows\system32\regsvr32
AddRemove-YInstHelper - c:\windows\system32\regsvr32
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Completion time: 2012-06-09 01:07:58 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-09 05:07
.
Pre-Run: 277,200,867,328 bytes free
Post-Run: 277,069,680,640 bytes free
.
- - End Of File - - 82E313EBDA2502D9590F16262013D3EE

#9 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:38 PM

Posted 09 June 2012 - 07:22 AM

Hi,

Please do the following:

  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#10 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 June 2012 - 08:08 AM

MBAM complete - no threats found.
Now starting up ESET online scan.
MBAM log generated:
===============================================
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.09.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SilvioG :: RAPTOR [administrator]

6/9/2012 8:27:32 AM
mbam-log-2012-06-09 (08-27-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215769
Time elapsed: 3 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#11 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 June 2012 - 10:12 AM

Attempted running the ESET online scanner with the parameters you indicated.
The laptop shut itself down in the middle of the process again.
Is there possibly a temp directory somewhere you could suggest that I might find indication of what point/what it hit when it shut down?

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:38 PM

Posted 09 June 2012 - 10:36 AM

I'm not sure of a way of noting where it crashes other than watching what it is scanning when it does it.

Remove all the temp files first, then try again in safe mode with networking:

Download TFC to your desktop
Mirror
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean


NEXT

To Enter Safemode
  • Go to Start> Shut off your Computer> Restart
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • this will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll up to Safemode with networking
  • Then press the Enter Key on your Keyboard
  • go into your usual account

now give ESET another try

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 June 2012 - 11:48 AM

Did as instructed;
TFC took a approximately 11 minutes to complete. During its reboot the system BSODed.
Manually booted up again to normal, the reran TFC (to be sure that all it was trying to delete actually got deleted).
2nd reboot came up normal.
Rebooted to safe mode with networking.
Reran ESET online scanner.
It ran for approximately 15 minutes before the system shut itself down again.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:05:38 PM

Posted 09 June 2012 - 01:28 PM

ok

let's try a different scanner

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC Now button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
    Post the contents of the ActiveScan report

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Stealthxusa

Stealthxusa
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 09 June 2012 - 02:24 PM

I ran Panda Activescan as specified.
It made it to 11%, 32070 files - before shutting down the laptop.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users