Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers redirecting


  • This topic is locked This topic is locked
26 replies to this topic

#1 Richer

Richer

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 20 June 2012 - 08:24 PM

IE and Firefox are both redirecting to random websites when links are clicked in Google or Yahoo on my wife's laptop. I can normally get rid of whatever malware, spyware or viruses she gets but I can't figure this one out. I've tried various tools: rkill, Combofix, Malwarebytes, Microsoft MRT, Security Essentials, Superantispyware and TDSSKiller. Scans complete with no detections. I've checked the hosts file and the TCP/IP settings. Maybe I'm running the tools in the wrong order. HELP!!! This is driving me crazy!

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Cara at 21:41:28 on 2012-06-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2420 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = <local>;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E682AFF-4139-4350-AE50-F212DB42BA69} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E682AFF-4139-4350-AE50-F212DB42BA69}\6414E4E494E4 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3E682AFF-4139-4350-AE50-F212DB42BA69}\84F6C6964616970294E6E60254870727563737 : DhcpNameServer = 166.102.165.11 166.102.165.13
TCP: Interfaces\{3E682AFF-4139-4350-AE50-F212DB42BA69}\D4F6E6B6569784F6573756 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{3E682AFF-4139-4350-AE50-F212DB42BA69}\D4F6E6B6569784F6573756D27657563747 : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.33.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\apm46hv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-3-17 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-1-20 2320920]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-1-20 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe /s --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [?]
S2 PCCUJobMgr;Common Client Job Manager Service;"C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [?]
S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-26 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-21 01:21:19 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88E069D2-6231-4271-B63A-43C7201B417A}\mpengine.dll
2012-06-21 01:21:03 -------- d-sh--w- C:\$RECYCLE.BIN
2012-06-19 18:54:40 -------- d-----w- C:\Users\Cara\AppData\Local\{6F165C65-F007-4AE3-8E19-7A3D1647AC1A}
2012-06-19 18:54:31 -------- d-----w- C:\Users\Cara\AppData\Local\{91AEFC3F-1CF0-438E-8850-E49D9C4FA841}
2012-06-19 15:53:34 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-19 12:34:21 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-19 12:33:53 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-19 12:33:26 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-19 12:33:26 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-19 01:05:30 -------- d-----w- C:\ProgramData\SUPERSetup
2012-06-19 01:05:20 -------- d-----w- C:\Users\Cara\AppData\Local\Google
2012-06-18 22:24:24 256000 ----a-w- C:\windows\PEV.exe
2012-06-18 22:24:24 208896 ----a-w- C:\windows\MBR.exe
2012-06-18 22:24:23 98816 ----a-w- C:\windows\sed.exe
2012-06-18 22:24:23 518144 ----a-w- C:\windows\SWREG.exe
2012-06-18 22:05:28 302592 ----a-w- C:\windows\SysWow64\cmd.execf
2012-06-18 22:02:03 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-18 21:38:58 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-18 21:38:32 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-06-17 23:15:19 -------- d-----w- C:\Users\Cara\AppData\Local\{23106B63-FE79-43C1-B207-38F8B9ECEBA4}
2012-06-15 16:54:09 -------- d-----w- C:\Users\Cara\AppData\Local\{A20A5C39-9719-4117-9C2C-928FBB3F0594}
2012-06-14 17:28:38 -------- d-----w- C:\Users\Cara\AppData\Local\{16878619-2AF2-40EB-8745-4BD1C574740B}
2012-06-14 17:28:28 -------- d-----w- C:\Users\Cara\AppData\Local\{0E43526C-440F-42A3-9FFB-CEA9CC9848D2}
2012-06-14 15:02:46 -------- d-----w- C:\Users\Cara\AppData\Local\{940F84B4-3AD8-4763-94D2-C8EA78928255}
2012-06-14 15:02:36 -------- d-----w- C:\Users\Cara\AppData\Local\{2B50A814-3801-4D2F-97A8-DF5BEDC90487}
2012-06-14 14:43:23 -------- d-----w- C:\Users\Cara\AppData\Local\{95643BF1-F9BE-4A9C-976C-251A1AA49F4D}
2012-06-14 14:43:07 -------- d-----w- C:\Users\Cara\AppData\Local\{750552BC-C8C1-45F8-96D3-F2E06B43B8C5}
2012-06-14 14:39:34 -------- d-----w- C:\Users\Cara\AppData\Local\{B1BCA456-FECB-46A9-9E60-2F43604906BA}
2012-06-14 14:39:24 -------- d-----w- C:\Users\Cara\AppData\Local\{240FC407-B46C-46CA-8BDB-9929E3E8DBEF}
2012-06-14 14:36:09 -------- d-----w- C:\Users\Cara\AppData\Local\{B5EEF91B-04B0-43CE-A7B3-0BFFD916E350}
2012-06-14 14:35:59 -------- d-----w- C:\Users\Cara\AppData\Local\{98F2F537-B296-4349-A91B-2300CA63498E}
2012-06-13 17:51:47 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-06-12 16:27:21 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{056C3C04-CFE5-482A-B765-D0BCBAB6C2EB}\gapaengine.dll
2012-06-11 20:06:09 -------- d-----w- C:\Users\Cara\AppData\Local\{D7292D13-7FFA-4A93-A4D7-D735C730B3E5}
2012-06-11 20:05:59 -------- d-----w- C:\Users\Cara\AppData\Local\{33B64618-4D78-4880-95C3-6845A185F93A}
2012-06-09 19:52:18 -------- d-----w- C:\Users\Cara\AppData\Local\{06DE04B7-6759-4CD2-8933-8028857DA160}
2012-06-09 19:52:08 -------- d-----w- C:\Users\Cara\AppData\Local\{2E995DAB-14CE-4F69-A753-13DC2114F65F}
2012-06-09 19:36:04 -------- d-----w- C:\Users\Cara\AppData\Local\{DF29FB72-6E5A-41FC-95AB-4D4F84BE1E3D}
2012-06-09 19:35:55 -------- d-----w- C:\Users\Cara\AppData\Local\{D28E7BE8-9A69-4F17-B5C6-A4B9115E6791}
2012-06-07 11:40:15 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 11:40:15 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-06 15:00:39 -------- d-----w- C:\Users\Cara\AppData\Local\{54F38434-203E-48EB-AB85-71AB1142FE2A}
2012-06-06 15:00:29 -------- d-----w- C:\Users\Cara\AppData\Local\{631A73F8-3B1E-4FB7-B2B0-1FD9CCD99007}
2012-06-02 23:49:36 -------- d-----w- C:\Users\Cara\AppData\Local\{C48E42E6-902A-436D-8F0A-43447840CA7C}
2012-05-31 15:22:30 -------- d-----w- C:\Users\Cara\AppData\Local\{DD2C9BC6-DA06-48F1-A4AB-006D1CA4E3DD}
2012-05-31 15:22:20 -------- d-----w- C:\Users\Cara\AppData\Local\{5B8878E0-8AD0-4C45-B950-B8821C0B7553}
2012-05-27 01:14:17 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-27 01:14:14 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-27 01:14:14 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-04 23:29:16 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-04-07 12:31:40 3216384 ----a-w- C:\windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\windows\SysWow64\msi.dll
2012-04-04 19:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 21:41:41.27 ===============

Attached Files


Edited by Richer, 20 June 2012 - 08:45 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 21 June 2012 - 12:40 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Richer

Richer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 21 June 2012 - 08:32 PM

Thanks for the response!

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 21 June 2012 - 09:01 PM

Let me have the combofix report when it is complete



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Richer

Richer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 21 June 2012 - 09:30 PM

No problems running Combofix. Had to restart the computer after running it because I received illegal operation messages. The browsers are still redirecting but it doesn't seem as often as it was before.

ComboFix 12-06-21.02 - Cara 06/21/2012 21:36:33.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2487 [GMT -4:00]
Running from: c:\users\Cara\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 02:04 . 2012-06-22 02:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 16:17 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3FF388E0-1D03-436B-965E-D1DA2B9C1BD7}\mpengine.dll
2012-06-21 02:47 . 2012-06-21 02:47 -------- d-----w- c:\program files (x86)\ESET
2012-06-21 01:21 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-19 12:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 12:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 12:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 12:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 12:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 12:33 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 12:33 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 01:05 . 2012-06-19 01:05 -------- d-----w- c:\programdata\SUPERSetup
2012-06-19 01:05 . 2012-06-19 01:44 -------- d-----w- c:\users\Cara\AppData\Local\Google
2012-06-19 01:05 . 2012-06-19 01:44 -------- d-----w- c:\program files (x86)\Google
2012-06-18 22:05 . 2012-06-18 22:05 302592 ----a-w- c:\windows\SysWow64\cmd.execf
2012-06-18 22:02 . 2012-06-18 22:02 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-18 21:39 . 2012-06-18 21:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-18 21:38 . 2012-06-18 21:38 -------- d-----w- c:\program files (x86)\Oracle
2012-06-18 21:38 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-13 17:51 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 16:27 . 2012-02-10 16:54 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{056C3C04-CFE5-482A-B765-D0BCBAB6C2EB}\gapaengine.dll
2012-06-07 11:40 . 2012-06-07 11:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 11:40 . 2012-06-07 11:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-27 01:14 . 2012-06-17 13:33 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-27 01:14 . 2012-06-17 06:03 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-27 01:14 . 2012-06-17 06:03 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 23:29 . 2011-03-07 00:49 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2011-12-16 17:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 02:21 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_01.56.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-28 01:03 . 2012-06-20 12:56 48680 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-21 11:54 38978 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-06 21:48 . 2012-06-21 11:54 12758 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3605292758-2544568638-4254560467-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-06-21 01:36 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-22 02:05 . 2012-06-22 02:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-19 01:56 . 2012-06-19 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-19 01:56 . 2012-06-19 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-22 02:05 . 2012-06-22 02:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-07 17:44 . 2012-06-21 00:20 233654 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2012-06-19 01:03 626540 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-19 18:20 626540 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-19 01:03 107784 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-06-19 18:20 107784 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-19 01:55 327484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-22 02:05 327484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2012-06-13 23:38 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-06-21 00:54 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-23 01:34 . 2012-06-22 02:05 1005924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605292758-2544568638-4254560467-1000-12288.dat
- 2011-12-23 01:34 . 2012-06-19 01:55 1005924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605292758-2544568638-4254560467-1000-12288.dat
+ 2009-07-14 02:34 . 2012-06-19 12:46 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2012-06-13 23:34 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-03-06 23:29 . 2012-06-22 02:05 23335520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605292758-2544568638-4254560467-1000-8192.dat
- 2011-03-06 23:29 . 2012-06-19 01:55 23335520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605292758-2544568638-4254560467-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-18 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\apm46hv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-21 22:11:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 02:11
ComboFix2.txt 2012-06-21 00:55
ComboFix3.txt 2012-06-19 16:56
.
Pre-Run: 477,894,848,512 bytes free
Post-Run: 477,964,369,920 bytes free
.
- - End Of File - - BD47BACFD6C6F9E70A6F4528D34C767C

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 21 June 2012 - 09:52 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 23 June 2012 - 11:11 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Richer

Richer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 25 June 2012 - 11:52 AM

Sorry about that. I went out of town this past weekend. Should I go back to your first post and start from there since it has been a few days since running the other tools?

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 25 June 2012 - 12:54 PM

No just go to post 6 and start from there



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Richer

Richer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 25 June 2012 - 06:14 PM

19:12:04.0597 3808 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:12:05.0000 3808 ============================================================
19:12:05.0000 3808 Current date / time: 2012/06/25 19:12:05.0000
19:12:05.0000 3808 SystemInfo:
19:12:05.0000 3808
19:12:05.0000 3808 OS Version: 6.1.7601 ServicePack: 1.0
19:12:05.0000 3808 Product type: Workstation
19:12:05.0000 3808 ComputerName: CARA-PC
19:12:05.0001 3808 UserName: Cara
19:12:05.0001 3808 Windows directory: C:\windows
19:12:05.0001 3808 System windows directory: C:\windows
19:12:05.0001 3808 Running under WOW64
19:12:05.0001 3808 Processor architecture: Intel x64
19:12:05.0001 3808 Number of processors: 4
19:12:05.0001 3808 Page size: 0x1000
19:12:05.0001 3808 Boot type: Normal boot
19:12:05.0001 3808 ============================================================
19:12:05.0356 3808 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:12:05.0361 3808 ============================================================
19:12:05.0361 3808 \Device\Harddisk0\DR0:
19:12:05.0361 3808 MBR partitions:
19:12:05.0361 3808 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48E1B000
19:12:05.0361 3808 ============================================================
19:12:05.0383 3808 C: <-> \Device\Harddisk0\DR0\Partition0
19:12:05.0383 3808 ============================================================
19:12:05.0383 3808 Initialize success
19:12:05.0383 3808 ============================================================
19:12:09.0808 4304 ============================================================
19:12:09.0808 4304 Scan started
19:12:09.0808 4304 Mode: Manual;
19:12:09.0808 4304 ============================================================
19:12:10.0193 4304 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:12:10.0196 4304 1394ohci - ok
19:12:10.0284 4304 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:12:10.0287 4304 ACPI - ok
19:12:10.0322 4304 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:12:10.0323 4304 AcpiPmi - ok
19:12:10.0433 4304 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:12:10.0435 4304 AdobeARMservice - ok
19:12:10.0509 4304 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:12:10.0514 4304 adp94xx - ok
19:12:10.0560 4304 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:12:10.0564 4304 adpahci - ok
19:12:10.0658 4304 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:12:10.0661 4304 adpu320 - ok
19:12:10.0685 4304 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:12:10.0686 4304 AeLookupSvc - ok
19:12:10.0754 4304 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:12:10.0760 4304 AFD - ok
19:12:10.0798 4304 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:12:10.0800 4304 agp440 - ok
19:12:10.0833 4304 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:12:10.0835 4304 ALG - ok
19:12:10.0882 4304 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:12:10.0883 4304 aliide - ok
19:12:10.0927 4304 AMD External Events Utility (57b773d82e8cc3c6d7e02cc8a6632043) C:\windows\system32\atiesrxx.exe
19:12:10.0929 4304 AMD External Events Utility - ok
19:12:10.0952 4304 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:12:10.0953 4304 amdide - ok
19:12:10.0998 4304 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:12:11.0000 4304 AmdK8 - ok
19:12:11.0327 4304 amdkmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atipmdag.sys
19:12:11.0438 4304 amdkmdag - ok
19:12:11.0602 4304 amdkmdap (8149db73be27950ec72767a1193153a6) C:\windows\system32\DRIVERS\atikmpag.sys
19:12:11.0604 4304 amdkmdap - ok
19:12:11.0628 4304 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:12:11.0629 4304 AmdPPM - ok
19:12:11.0692 4304 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:12:11.0694 4304 amdsata - ok
19:12:11.0728 4304 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:12:11.0731 4304 amdsbs - ok
19:12:11.0766 4304 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:12:11.0767 4304 amdxata - ok
19:12:11.0811 4304 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:12:11.0813 4304 AppID - ok
19:12:11.0850 4304 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:12:11.0851 4304 AppIDSvc - ok
19:12:11.0879 4304 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:12:11.0880 4304 Appinfo - ok
19:12:11.0964 4304 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:12:11.0965 4304 Apple Mobile Device - ok
19:12:12.0008 4304 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:12:12.0010 4304 arc - ok
19:12:12.0024 4304 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:12:12.0026 4304 arcsas - ok
19:12:12.0043 4304 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:12:12.0044 4304 AsyncMac - ok
19:12:12.0075 4304 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:12:12.0075 4304 atapi - ok
19:12:12.0387 4304 atikmdag (aefaf27f1b7e52c705df4fb6c96732f6) C:\windows\system32\DRIVERS\atikmdag.sys
19:12:12.0487 4304 atikmdag - ok
19:12:12.0632 4304 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:12:12.0638 4304 AudioEndpointBuilder - ok
19:12:12.0644 4304 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:12:12.0647 4304 AudioSrv - ok
19:12:12.0700 4304 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:12:12.0702 4304 AxInstSV - ok
19:12:12.0768 4304 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:12:12.0773 4304 b06bdrv - ok
19:12:12.0806 4304 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:12:12.0810 4304 b57nd60a - ok
19:12:12.0997 4304 BCM43XX (5b5c36b2ec500462a715db6bcbaf5da7) C:\windows\system32\DRIVERS\bcmwl664.sys
19:12:13.0054 4304 BCM43XX - ok
19:12:13.0161 4304 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:12:13.0163 4304 BDESVC - ok
19:12:13.0211 4304 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:12:13.0212 4304 Beep - ok
19:12:13.0293 4304 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:12:13.0300 4304 BFE - ok
19:12:13.0348 4304 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
19:12:13.0357 4304 BITS - ok
19:12:13.0402 4304 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:12:13.0403 4304 blbdrive - ok
19:12:13.0488 4304 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:12:13.0492 4304 Bonjour Service - ok
19:12:13.0531 4304 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:12:13.0533 4304 bowser - ok
19:12:13.0583 4304 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:12:13.0584 4304 BrFiltLo - ok
19:12:13.0599 4304 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:12:13.0600 4304 BrFiltUp - ok
19:12:13.0655 4304 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:12:13.0657 4304 BridgeMP - ok
19:12:13.0701 4304 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:12:13.0703 4304 Browser - ok
19:12:13.0732 4304 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:12:13.0736 4304 Brserid - ok
19:12:13.0768 4304 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:12:13.0769 4304 BrSerWdm - ok
19:12:13.0779 4304 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:12:13.0780 4304 BrUsbMdm - ok
19:12:13.0787 4304 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:12:13.0788 4304 BrUsbSer - ok
19:12:13.0805 4304 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:12:13.0806 4304 BTHMODEM - ok
19:12:13.0841 4304 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:12:13.0843 4304 bthserv - ok
19:12:13.0856 4304 catchme - ok
19:12:13.0881 4304 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:12:13.0883 4304 cdfs - ok
19:12:13.0930 4304 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
19:12:13.0932 4304 cdrom - ok
19:12:13.0978 4304 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:12:13.0979 4304 CertPropSvc - ok
19:12:14.0017 4304 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:12:14.0018 4304 circlass - ok
19:12:14.0060 4304 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:12:14.0063 4304 CLFS - ok
19:12:14.0123 4304 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:12:14.0125 4304 clr_optimization_v2.0.50727_32 - ok
19:12:14.0177 4304 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:12:14.0178 4304 clr_optimization_v2.0.50727_64 - ok
19:12:14.0285 4304 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:12:14.0287 4304 clr_optimization_v4.0.30319_32 - ok
19:12:14.0363 4304 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:12:14.0365 4304 clr_optimization_v4.0.30319_64 - ok
19:12:14.0393 4304 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:12:14.0394 4304 CmBatt - ok
19:12:14.0420 4304 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:12:14.0421 4304 cmdide - ok
19:12:14.0491 4304 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:12:14.0496 4304 CNG - ok
19:12:14.0563 4304 CnxtHdAudService (25c58ee97be0416a373e3e4f855206b5) C:\windows\system32\drivers\CHDRT64.sys
19:12:14.0570 4304 CnxtHdAudService - ok
19:12:14.0599 4304 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:12:14.0600 4304 Compbatt - ok
19:12:14.0627 4304 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
19:12:14.0628 4304 CompositeBus - ok
19:12:14.0635 4304 COMSysApp - ok
19:12:14.0653 4304 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:12:14.0654 4304 crcdisk - ok
19:12:14.0693 4304 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
19:12:14.0696 4304 CryptSvc - ok
19:12:14.0742 4304 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:12:14.0747 4304 DcomLaunch - ok
19:12:14.0785 4304 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:12:14.0788 4304 defragsvc - ok
19:12:14.0830 4304 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:12:14.0832 4304 DfsC - ok
19:12:14.0911 4304 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:12:14.0915 4304 Dhcp - ok
19:12:14.0954 4304 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:12:14.0956 4304 discache - ok
19:12:14.0984 4304 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:12:14.0985 4304 Disk - ok
19:12:15.0029 4304 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:12:15.0032 4304 Dnscache - ok
19:12:15.0066 4304 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:12:15.0069 4304 dot3svc - ok
19:12:15.0106 4304 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:12:15.0109 4304 DPS - ok
19:12:15.0134 4304 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:12:15.0135 4304 drmkaud - ok
19:12:15.0208 4304 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:12:15.0217 4304 DXGKrnl - ok
19:12:15.0258 4304 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:12:15.0260 4304 EapHost - ok
19:12:15.0430 4304 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:12:15.0481 4304 ebdrv - ok
19:12:15.0606 4304 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:12:15.0607 4304 EFS - ok
19:12:15.0690 4304 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:12:15.0696 4304 ehRecvr - ok
19:12:15.0721 4304 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:12:15.0723 4304 ehSched - ok
19:12:15.0797 4304 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:12:15.0802 4304 elxstor - ok
19:12:15.0824 4304 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:12:15.0825 4304 ErrDev - ok
19:12:15.0870 4304 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:12:15.0874 4304 EventSystem - ok
19:12:15.0914 4304 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:12:15.0916 4304 exfat - ok
19:12:15.0940 4304 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:12:15.0943 4304 fastfat - ok
19:12:16.0024 4304 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:12:16.0031 4304 Fax - ok
19:12:16.0055 4304 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:12:16.0056 4304 fdc - ok
19:12:16.0086 4304 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:12:16.0087 4304 fdPHost - ok
19:12:16.0102 4304 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:12:16.0103 4304 FDResPub - ok
19:12:16.0118 4304 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:12:16.0119 4304 FileInfo - ok
19:12:16.0135 4304 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:12:16.0136 4304 Filetrace - ok
19:12:16.0152 4304 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:12:16.0154 4304 flpydisk - ok
19:12:16.0203 4304 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:12:16.0206 4304 FltMgr - ok
19:12:16.0289 4304 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:12:16.0300 4304 FontCache - ok
19:12:16.0356 4304 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:12:16.0358 4304 FontCache3.0.0.0 - ok
19:12:16.0395 4304 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:12:16.0396 4304 FsDepends - ok
19:12:16.0429 4304 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:12:16.0430 4304 Fs_Rec - ok
19:12:16.0479 4304 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:12:16.0481 4304 fvevol - ok
19:12:16.0510 4304 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
19:12:16.0511 4304 FwLnk - ok
19:12:16.0548 4304 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:12:16.0550 4304 gagp30kx - ok
19:12:16.0575 4304 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:12:16.0576 4304 GEARAspiWDM - ok
19:12:16.0639 4304 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:12:16.0647 4304 gpsvc - ok
19:12:16.0668 4304 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:12:16.0669 4304 hcw85cir - ok
19:12:16.0722 4304 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:12:16.0726 4304 HdAudAddService - ok
19:12:16.0753 4304 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
19:12:16.0755 4304 HDAudBus - ok
19:12:16.0790 4304 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
19:12:16.0791 4304 HECIx64 - ok
19:12:16.0825 4304 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:12:16.0826 4304 HidBatt - ok
19:12:16.0839 4304 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:12:16.0841 4304 HidBth - ok
19:12:16.0856 4304 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:12:16.0857 4304 HidIr - ok
19:12:16.0876 4304 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:12:16.0877 4304 hidserv - ok
19:12:16.0926 4304 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:12:16.0927 4304 HidUsb - ok
19:12:16.0966 4304 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:12:16.0968 4304 hkmsvc - ok
19:12:17.0009 4304 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:12:17.0012 4304 HomeGroupListener - ok
19:12:17.0050 4304 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:12:17.0053 4304 HomeGroupProvider - ok
19:12:17.0091 4304 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:12:17.0093 4304 HpSAMD - ok
19:12:17.0161 4304 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:12:17.0168 4304 HTTP - ok
19:12:17.0202 4304 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:12:17.0203 4304 hwpolicy - ok
19:12:17.0239 4304 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
19:12:17.0241 4304 i8042prt - ok
19:12:17.0291 4304 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
19:12:17.0293 4304 iaStor - ok
19:12:17.0352 4304 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:12:17.0356 4304 iaStorV - ok
19:12:17.0458 4304 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:12:17.0467 4304 idsvc - ok
19:12:18.0003 4304 igfx (898ab5bfed7040d7ab07af01885eb944) C:\windows\system32\DRIVERS\igdkmd64.sys
19:12:18.0176 4304 igfx - ok
19:12:18.0298 4304 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:12:18.0299 4304 iirsp - ok
19:12:18.0372 4304 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:12:18.0381 4304 IKEEXT - ok
19:12:18.0434 4304 Impcd (4b6363cd4610bb848531bb260b15dfcc) C:\windows\system32\DRIVERS\Impcd.sys
19:12:18.0436 4304 Impcd - ok
19:12:18.0475 4304 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys
19:12:18.0478 4304 IntcDAud - ok
19:12:18.0497 4304 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:12:18.0498 4304 intelide - ok
19:12:18.0539 4304 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:12:18.0540 4304 intelppm - ok
19:12:18.0564 4304 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:12:18.0566 4304 IPBusEnum - ok
19:12:18.0603 4304 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:12:18.0605 4304 IpFilterDriver - ok
19:12:18.0674 4304 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:12:18.0680 4304 iphlpsvc - ok
19:12:18.0707 4304 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:12:18.0709 4304 IPMIDRV - ok
19:12:18.0745 4304 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:12:18.0747 4304 IPNAT - ok
19:12:18.0861 4304 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
19:12:18.0870 4304 iPod Service - ok
19:12:18.0907 4304 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:12:18.0908 4304 IRENUM - ok
19:12:18.0929 4304 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:12:18.0930 4304 isapnp - ok
19:12:18.0958 4304 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:12:18.0962 4304 iScsiPrt - ok
19:12:19.0003 4304 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
19:12:19.0005 4304 kbdclass - ok
19:12:19.0045 4304 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
19:12:19.0046 4304 kbdhid - ok
19:12:19.0083 4304 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:12:19.0084 4304 KeyIso - ok
19:12:19.0105 4304 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:12:19.0106 4304 KSecDD - ok
19:12:19.0129 4304 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:12:19.0131 4304 KSecPkg - ok
19:12:19.0168 4304 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:12:19.0170 4304 ksthunk - ok
19:12:19.0226 4304 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:12:19.0230 4304 KtmRm - ok
19:12:19.0267 4304 L1C (55480b9c63f3f91a8ebbadcbf28fe581) C:\windows\system32\DRIVERS\L1C62x64.sys
19:12:19.0268 4304 L1C - ok
19:12:19.0308 4304 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
19:12:19.0311 4304 LanmanServer - ok
19:12:19.0354 4304 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:12:19.0357 4304 LanmanWorkstation - ok
19:12:19.0396 4304 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:12:19.0397 4304 lltdio - ok
19:12:19.0449 4304 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:12:19.0453 4304 lltdsvc - ok
19:12:19.0471 4304 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:12:19.0473 4304 lmhosts - ok
19:12:19.0582 4304 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
19:12:19.0585 4304 LMS - ok
19:12:19.0621 4304 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:12:19.0623 4304 LSI_FC - ok
19:12:19.0644 4304 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:12:19.0646 4304 LSI_SAS - ok
19:12:19.0687 4304 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:12:19.0688 4304 LSI_SAS2 - ok
19:12:19.0716 4304 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:12:19.0718 4304 LSI_SCSI - ok
19:12:19.0760 4304 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:12:19.0761 4304 luafv - ok
19:12:19.0803 4304 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:12:19.0805 4304 Mcx2Svc - ok
19:12:19.0826 4304 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:12:19.0827 4304 megasas - ok
19:12:19.0869 4304 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:12:19.0873 4304 MegaSR - ok
19:12:19.0907 4304 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:12:19.0909 4304 MMCSS - ok
19:12:19.0932 4304 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:12:19.0933 4304 Modem - ok
19:12:19.0961 4304 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:12:19.0962 4304 monitor - ok
19:12:19.0994 4304 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:12:19.0995 4304 mouclass - ok
19:12:20.0045 4304 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:12:20.0046 4304 mouhid - ok
19:12:20.0103 4304 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:12:20.0105 4304 mountmgr - ok
19:12:20.0168 4304 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:12:20.0170 4304 MozillaMaintenance - ok
19:12:20.0238 4304 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
19:12:20.0241 4304 MpFilter - ok
19:12:20.0272 4304 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:12:20.0274 4304 mpio - ok
19:12:20.0305 4304 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:12:20.0306 4304 mpsdrv - ok
19:12:20.0393 4304 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:12:20.0402 4304 MpsSvc - ok
19:12:20.0442 4304 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:12:20.0444 4304 MRxDAV - ok
19:12:20.0476 4304 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:12:20.0478 4304 mrxsmb - ok
19:12:20.0523 4304 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:12:20.0525 4304 mrxsmb10 - ok
19:12:20.0546 4304 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:12:20.0547 4304 mrxsmb20 - ok
19:12:20.0568 4304 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
19:12:20.0568 4304 msahci - ok
19:12:20.0599 4304 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:12:20.0601 4304 msdsm - ok
19:12:20.0634 4304 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:12:20.0636 4304 MSDTC - ok
19:12:20.0677 4304 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:12:20.0677 4304 Msfs - ok
19:12:20.0701 4304 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:12:20.0702 4304 mshidkmdf - ok
19:12:20.0726 4304 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:12:20.0727 4304 msisadrv - ok
19:12:20.0756 4304 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:12:20.0759 4304 MSiSCSI - ok
19:12:20.0763 4304 msiserver - ok
19:12:20.0798 4304 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:12:20.0800 4304 MSKSSRV - ok
19:12:20.0867 4304 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:12:20.0868 4304 MsMpSvc - ok
19:12:20.0899 4304 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:12:20.0900 4304 MSPCLOCK - ok
19:12:20.0921 4304 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:12:20.0922 4304 MSPQM - ok
19:12:20.0966 4304 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:12:20.0970 4304 MsRPC - ok
19:12:21.0004 4304 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
19:12:21.0005 4304 mssmbios - ok
19:12:21.0037 4304 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:12:21.0039 4304 MSTEE - ok
19:12:21.0054 4304 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:12:21.0055 4304 MTConfig - ok
19:12:21.0070 4304 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:12:21.0071 4304 Mup - ok
19:12:21.0126 4304 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:12:21.0131 4304 napagent - ok
19:12:21.0176 4304 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:12:21.0180 4304 NativeWifiP - ok
19:12:21.0271 4304 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:12:21.0280 4304 NDIS - ok
19:12:21.0324 4304 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:12:21.0326 4304 NdisCap - ok
19:12:21.0343 4304 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:12:21.0344 4304 NdisTapi - ok
19:12:21.0398 4304 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:12:21.0400 4304 Ndisuio - ok
19:12:21.0445 4304 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:12:21.0448 4304 NdisWan - ok
19:12:21.0483 4304 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:12:21.0484 4304 NDProxy - ok
19:12:21.0513 4304 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:12:21.0514 4304 NetBIOS - ok
19:12:21.0554 4304 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:12:21.0557 4304 NetBT - ok
19:12:21.0616 4304 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:12:21.0617 4304 Netlogon - ok
19:12:21.0653 4304 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:12:21.0657 4304 Netman - ok
19:12:21.0695 4304 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:12:21.0700 4304 netprofm - ok
19:12:21.0755 4304 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:12:21.0757 4304 NetTcpPortSharing - ok
19:12:21.0792 4304 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:12:21.0793 4304 nfrd960 - ok
19:12:21.0847 4304 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
19:12:21.0849 4304 NisDrv - ok
19:12:21.0912 4304 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
19:12:21.0915 4304 NisSrv - ok
19:12:21.0968 4304 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:12:21.0971 4304 NlaSvc - ok
19:12:22.0001 4304 Norton PC Checkup Application Launcher - ok
19:12:22.0027 4304 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:12:22.0028 4304 Npfs - ok
19:12:22.0056 4304 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:12:22.0058 4304 nsi - ok
19:12:22.0065 4304 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:12:22.0066 4304 nsiproxy - ok
19:12:22.0179 4304 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:12:22.0195 4304 Ntfs - ok
19:12:22.0297 4304 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:12:22.0299 4304 Null - ok
19:12:22.0342 4304 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:12:22.0344 4304 nvraid - ok
19:12:22.0375 4304 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:12:22.0378 4304 nvstor - ok
19:12:22.0421 4304 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:12:22.0423 4304 nv_agp - ok
19:12:22.0443 4304 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:12:22.0445 4304 ohci1394 - ok
19:12:22.0475 4304 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:12:22.0479 4304 p2pimsvc - ok
19:12:22.0524 4304 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:12:22.0529 4304 p2psvc - ok
19:12:22.0555 4304 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:12:22.0557 4304 Parport - ok
19:12:22.0590 4304 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:12:22.0592 4304 partmgr - ok
19:12:22.0622 4304 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:12:22.0624 4304 PcaSvc - ok
19:12:22.0657 4304 PCCUJobMgr - ok
19:12:22.0688 4304 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:12:22.0690 4304 pci - ok
19:12:22.0701 4304 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
19:12:22.0702 4304 pciide - ok
19:12:22.0741 4304 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:12:22.0743 4304 pcmcia - ok
19:12:22.0760 4304 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:12:22.0760 4304 pcw - ok
19:12:22.0801 4304 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:12:22.0808 4304 PEAUTH - ok
19:12:22.0878 4304 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:12:22.0879 4304 PerfHost - ok
19:12:22.0923 4304 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:12:22.0924 4304 PGEffect - ok
19:12:23.0027 4304 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:12:23.0042 4304 pla - ok
19:12:23.0077 4304 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:12:23.0082 4304 PlugPlay - ok
19:12:23.0102 4304 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:12:23.0103 4304 PNRPAutoReg - ok
19:12:23.0131 4304 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:12:23.0133 4304 PNRPsvc - ok
19:12:23.0195 4304 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:12:23.0201 4304 PolicyAgent - ok
19:12:23.0234 4304 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:12:23.0236 4304 Power - ok
19:12:23.0299 4304 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:12:23.0301 4304 PptpMiniport - ok
19:12:23.0320 4304 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:12:23.0321 4304 Processor - ok
19:12:23.0359 4304 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
19:12:23.0362 4304 ProfSvc - ok
19:12:23.0394 4304 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:12:23.0395 4304 ProtectedStorage - ok
19:12:23.0446 4304 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:12:23.0448 4304 Psched - ok
19:12:23.0554 4304 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:12:23.0570 4304 ql2300 - ok
19:12:23.0695 4304 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:12:23.0697 4304 ql40xx - ok
19:12:23.0729 4304 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:12:23.0732 4304 QWAVE - ok
19:12:23.0750 4304 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:12:23.0751 4304 QWAVEdrv - ok
19:12:23.0779 4304 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:12:23.0780 4304 RasAcd - ok
19:12:23.0818 4304 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:12:23.0819 4304 RasAgileVpn - ok
19:12:23.0843 4304 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:12:23.0845 4304 RasAuto - ok
19:12:23.0889 4304 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:12:23.0891 4304 Rasl2tp - ok
19:12:23.0945 4304 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:12:23.0949 4304 RasMan - ok
19:12:23.0974 4304 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:12:23.0976 4304 RasPppoe - ok
19:12:24.0007 4304 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:12:24.0009 4304 RasSstp - ok
19:12:24.0058 4304 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:12:24.0061 4304 rdbss - ok
19:12:24.0092 4304 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:12:24.0093 4304 rdpbus - ok
19:12:24.0103 4304 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:12:24.0104 4304 RDPCDD - ok
19:12:24.0130 4304 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:12:24.0131 4304 RDPENCDD - ok
19:12:24.0147 4304 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:12:24.0147 4304 RDPREFMP - ok
19:12:24.0182 4304 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
19:12:24.0185 4304 RDPWD - ok
19:12:24.0226 4304 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:12:24.0228 4304 rdyboost - ok
19:12:24.0265 4304 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:12:24.0267 4304 RemoteAccess - ok
19:12:24.0296 4304 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:12:24.0299 4304 RemoteRegistry - ok
19:12:24.0311 4304 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:12:24.0313 4304 RpcEptMapper - ok
19:12:24.0332 4304 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:12:24.0333 4304 RpcLocator - ok
19:12:24.0388 4304 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:12:24.0391 4304 RpcSs - ok
19:12:24.0419 4304 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:12:24.0421 4304 rspndr - ok
19:12:24.0464 4304 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\windows\system32\Drivers\RtsUStor.sys
19:12:24.0467 4304 RSUSBSTOR - ok
19:12:24.0494 4304 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:12:24.0495 4304 SamSs - ok
19:12:24.0527 4304 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:12:24.0529 4304 sbp2port - ok
19:12:24.0560 4304 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:12:24.0563 4304 SCardSvr - ok
19:12:24.0588 4304 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:12:24.0589 4304 scfilter - ok
19:12:24.0664 4304 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:12:24.0677 4304 Schedule - ok
19:12:24.0711 4304 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:12:24.0712 4304 SCPolicySvc - ok
19:12:24.0738 4304 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:12:24.0741 4304 SDRSVC - ok
19:12:24.0801 4304 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:12:24.0802 4304 secdrv - ok
19:12:24.0829 4304 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:12:24.0830 4304 seclogon - ok
19:12:24.0855 4304 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:12:24.0857 4304 SENS - ok
19:12:24.0864 4304 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:12:24.0866 4304 SensrSvc - ok
19:12:24.0893 4304 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:12:24.0894 4304 Serenum - ok
19:12:24.0906 4304 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:12:24.0907 4304 Serial - ok
19:12:24.0938 4304 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:12:24.0940 4304 sermouse - ok
19:12:24.0984 4304 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:12:24.0986 4304 SessionEnv - ok
19:12:25.0009 4304 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:12:25.0011 4304 sffdisk - ok
19:12:25.0025 4304 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:12:25.0026 4304 sffp_mmc - ok
19:12:25.0042 4304 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:12:25.0043 4304 sffp_sd - ok
19:12:25.0061 4304 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:12:25.0062 4304 sfloppy - ok
19:12:25.0131 4304 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:12:25.0136 4304 SharedAccess - ok
19:12:25.0187 4304 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:12:25.0191 4304 ShellHWDetection - ok
19:12:25.0215 4304 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:12:25.0216 4304 SiSRaid2 - ok
19:12:25.0243 4304 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:12:25.0244 4304 SiSRaid4 - ok
19:12:25.0258 4304 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:12:25.0260 4304 Smb - ok
19:12:25.0310 4304 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:12:25.0311 4304 SNMPTRAP - ok
19:12:25.0325 4304 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:12:25.0326 4304 spldr - ok
19:12:25.0384 4304 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:12:25.0390 4304 Spooler - ok
19:12:25.0594 4304 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:12:25.0664 4304 sppsvc - ok
19:12:25.0754 4304 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:12:25.0756 4304 sppuinotify - ok
19:12:25.0826 4304 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:12:25.0830 4304 srv - ok
19:12:25.0856 4304 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:12:25.0860 4304 srv2 - ok
19:12:25.0890 4304 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:12:25.0892 4304 srvnet - ok
19:12:25.0924 4304 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:12:25.0927 4304 SSDPSRV - ok
19:12:25.0939 4304 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:12:25.0941 4304 SstpSvc - ok
19:12:25.0966 4304 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:12:25.0967 4304 stexstor - ok
19:12:26.0040 4304 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:12:26.0046 4304 stisvc - ok
19:12:26.0071 4304 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
19:12:26.0072 4304 swenum - ok
19:12:26.0121 4304 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:12:26.0127 4304 swprv - ok
19:12:26.0192 4304 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
19:12:26.0195 4304 SynTP - ok
19:12:26.0317 4304 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:12:26.0336 4304 SysMain - ok
19:12:26.0434 4304 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:12:26.0436 4304 TabletInputService - ok
19:12:26.0461 4304 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:12:26.0465 4304 TapiSrv - ok
19:12:26.0491 4304 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:12:26.0493 4304 TBS - ok
19:12:26.0641 4304 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:12:26.0660 4304 Tcpip - ok
19:12:26.0862 4304 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:12:26.0872 4304 TCPIP6 - ok
19:12:26.0991 4304 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:12:26.0993 4304 tcpipreg - ok
19:12:27.0019 4304 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:12:27.0020 4304 tdcmdpst - ok
19:12:27.0039 4304 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:12:27.0040 4304 TDPIPE - ok
19:12:27.0072 4304 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:12:27.0073 4304 TDTCP - ok
19:12:27.0118 4304 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:12:27.0120 4304 tdx - ok
19:12:27.0160 4304 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
19:12:27.0162 4304 TermDD - ok
19:12:27.0211 4304 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:12:27.0219 4304 TermService - ok
19:12:27.0241 4304 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:12:27.0243 4304 Themes - ok
19:12:27.0273 4304 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
19:12:27.0274 4304 Thpdrv - ok
19:12:27.0302 4304 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
19:12:27.0302 4304 Thpevm - ok
19:12:27.0340 4304 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
19:12:27.0346 4304 Thpsrv - ok
19:12:27.0373 4304 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:12:27.0374 4304 THREADORDER - ok
19:12:27.0462 4304 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:12:27.0463 4304 TMachInfo - ok
19:12:27.0484 4304 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\windows\system32\TODDSrv.exe
19:12:27.0487 4304 TODDSrv - ok
19:12:27.0572 4304 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:12:27.0577 4304 TosCoSrv - ok
19:12:27.0626 4304 TOSHIBA Bluetooth Service (895f6972480306cb2a2a246991e34c68) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
19:12:27.0629 4304 TOSHIBA Bluetooth Service - ok
19:12:27.0687 4304 TOSHIBA eco Utility Service (3e6756677e16532d235c6cb20614f369) C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:12:27.0690 4304 TOSHIBA eco Utility Service - ok
19:12:27.0750 4304 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:12:27.0751 4304 TOSHIBA HDD SSD Alert Service - ok
19:12:27.0775 4304 Tosrfcom - ok
19:12:27.0812 4304 tosrfec (11699d47b3491d86249c168496d55c92) C:\windows\system32\DRIVERS\tosrfec.sys
19:12:27.0813 4304 tosrfec - ok
19:12:27.0873 4304 TPCHSrv (97687d094aa597da366e1194b218cc6c) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:12:27.0882 4304 TPCHSrv - ok
19:12:27.0907 4304 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:12:27.0909 4304 TrkWks - ok
19:12:27.0973 4304 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:12:27.0976 4304 TrustedInstaller - ok
19:12:28.0015 4304 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:12:28.0016 4304 tssecsrv - ok
19:12:28.0066 4304 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:12:28.0068 4304 TsUsbFlt - ok
19:12:28.0110 4304 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:12:28.0112 4304 tunnel - ok
19:12:28.0144 4304 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:12:28.0144 4304 TVALZ - ok
19:12:28.0174 4304 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
19:12:28.0175 4304 TVALZFL - ok
19:12:28.0214 4304 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:12:28.0216 4304 uagp35 - ok
19:12:28.0273 4304 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:12:28.0277 4304 udfs - ok
19:12:28.0320 4304 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:12:28.0322 4304 UI0Detect - ok
19:12:28.0358 4304 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:12:28.0360 4304 uliagpkx - ok
19:12:28.0379 4304 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:12:28.0380 4304 umbus - ok
19:12:28.0421 4304 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:12:28.0422 4304 UmPass - ok
19:12:28.0618 4304 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
19:12:28.0641 4304 UNS - ok
19:12:28.0755 4304 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:12:28.0760 4304 upnphost - ok
19:12:28.0818 4304 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
19:12:28.0819 4304 USBAAPL64 - ok
19:12:28.0850 4304 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:12:28.0852 4304 usbccgp - ok
19:12:28.0878 4304 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:12:28.0880 4304 usbcir - ok
19:12:28.0908 4304 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
19:12:28.0909 4304 usbehci - ok
19:12:28.0953 4304 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:12:28.0957 4304 usbhub - ok
19:12:28.0986 4304 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
19:12:28.0987 4304 usbohci - ok
19:12:29.0012 4304 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:12:29.0013 4304 usbprint - ok
19:12:29.0042 4304 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:12:29.0043 4304 USBSTOR - ok
19:12:29.0062 4304 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:12:29.0063 4304 usbuhci - ok
19:12:29.0112 4304 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:12:29.0114 4304 usbvideo - ok
19:12:29.0142 4304 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:12:29.0144 4304 UxSms - ok
19:12:29.0171 4304 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:12:29.0172 4304 VaultSvc - ok
19:12:29.0190 4304 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:12:29.0190 4304 vdrvroot - ok
19:12:29.0249 4304 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:12:29.0256 4304 vds - ok
19:12:29.0293 4304 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:12:29.0294 4304 vga - ok
19:12:29.0305 4304 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:12:29.0306 4304 VgaSave - ok
19:12:29.0338 4304 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:12:29.0340 4304 vhdmp - ok
19:12:29.0354 4304 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:12:29.0355 4304 viaide - ok
19:12:29.0368 4304 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:12:29.0369 4304 volmgr - ok
19:12:29.0411 4304 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:12:29.0414 4304 volmgrx - ok
19:12:29.0452 4304 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:12:29.0454 4304 volsnap - ok
19:12:29.0492 4304 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:12:29.0494 4304 vsmraid - ok
19:12:29.0617 4304 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:12:29.0634 4304 VSS - ok
19:12:29.0746 4304 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:12:29.0748 4304 vwifibus - ok
19:12:29.0771 4304 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:12:29.0773 4304 vwififlt - ok
19:12:29.0821 4304 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:12:29.0826 4304 W32Time - ok
19:12:29.0853 4304 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:12:29.0855 4304 WacomPen - ok
19:12:29.0891 4304 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:12:29.0893 4304 WANARP - ok
19:12:29.0896 4304 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:12:29.0896 4304 Wanarpv6 - ok
19:12:29.0995 4304 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:12:30.0009 4304 WatAdminSvc - ok
19:12:30.0116 4304 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:12:30.0132 4304 wbengine - ok
19:12:30.0239 4304 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:12:30.0242 4304 WbioSrvc - ok
19:12:30.0290 4304 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:12:30.0294 4304 wcncsvc - ok
19:12:30.0320 4304 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:12:30.0322 4304 WcsPlugInService - ok
19:12:30.0370 4304 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:12:30.0370 4304 Wd - ok
19:12:30.0411 4304 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:12:30.0418 4304 Wdf01000 - ok
19:12:30.0431 4304 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:12:30.0434 4304 WdiServiceHost - ok
19:12:30.0437 4304 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:12:30.0439 4304 WdiSystemHost - ok
19:12:30.0491 4304 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:12:30.0494 4304 WebClient - ok
19:12:30.0521 4304 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:12:30.0525 4304 Wecsvc - ok
19:12:30.0540 4304 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:12:30.0542 4304 wercplsupport - ok
19:12:30.0568 4304 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:12:30.0570 4304 WerSvc - ok
19:12:30.0622 4304 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:12:30.0623 4304 WfpLwf - ok
19:12:30.0640 4304 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:12:30.0642 4304 WIMMount - ok
19:12:30.0705 4304 WinDefend - ok
19:12:30.0736 4304 WinHttpAutoProxySvc - ok
19:12:30.0797 4304 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:12:30.0800 4304 Winmgmt - ok
19:12:30.0938 4304 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:12:30.0959 4304 WinRM - ok
19:12:31.0097 4304 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
19:12:31.0098 4304 WinUsb - ok
19:12:31.0159 4304 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:12:31.0168 4304 Wlansvc - ok
19:12:31.0237 4304 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:12:31.0238 4304 wlcrasvc - ok
19:12:31.0437 4304 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:12:31.0460 4304 wlidsvc - ok
19:12:31.0564 4304 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:12:31.0566 4304 WmiAcpi - ok
19:12:31.0616 4304 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:12:31.0618 4304 wmiApSrv - ok
19:12:31.0661 4304 WMPNetworkSvc - ok
19:12:31.0683 4304 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:12:31.0684 4304 WPCSvc - ok
19:12:31.0715 4304 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:12:31.0718 4304 WPDBusEnum - ok
19:12:31.0745 4304 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:12:31.0746 4304 ws2ifsl - ok
19:12:31.0786 4304 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
19:12:31.0789 4304 wscsvc - ok
19:12:31.0791 4304 WSearch - ok
19:12:31.0935 4304 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
19:12:31.0977 4304 wuauserv - ok
19:12:32.0086 4304 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:12:32.0088 4304 WudfPf - ok
19:12:32.0143 4304 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:12:32.0145 4304 WUDFRd - ok
19:12:32.0188 4304 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:12:32.0190 4304 wudfsvc - ok
19:12:32.0215 4304 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:12:32.0219 4304 WwanSvc - ok
19:12:32.0244 4304 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:12:32.0459 4304 \Device\Harddisk0\DR0 - ok
19:12:32.0466 4304 Boot (0x1200) (0391ca46bfc964832a4a70c50657fa50) \Device\Harddisk0\DR0\Partition0
19:12:32.0467 4304 \Device\Harddisk0\DR0\Partition0 - ok
19:12:32.0468 4304 ============================================================
19:12:32.0468 4304 Scan finished
19:12:32.0468 4304 ============================================================
19:12:32.0476 4640 Detected object count: 0
19:12:32.0476 4640 Actual detected object count: 0

#11 Richer

Richer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 25 June 2012 - 06:56 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-25 19:15:29
-----------------------------
19:15:29.892 OS Version: Windows x64 6.1.7601 Service Pack 1
19:15:29.892 Number of processors: 4 586 0x2505
19:15:29.893 ComputerName: CARA-PC UserName: Cara
19:15:31.125 Initialize success
19:16:52.142 AVAST engine defs: 12062501
19:17:16.646 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:17:16.649 Disk 0 Vendor: TOSHIBA_ GH10 Size: 610480MB BusType: 3
19:17:16.665 Disk 0 MBR read successfully
19:17:16.667 Disk 0 MBR scan
19:17:16.671 Disk 0 Windows VISTA default MBR code
19:17:16.685 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:17:16.719 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597046 MB offset 3074048
19:17:16.764 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11933 MB offset 1225824256
19:17:16.834 Disk 0 scanning C:\windows\system32\drivers
19:17:28.641 Service scanning
19:18:13.910 Modules scanning
19:18:13.917 Disk 0 trace - called modules:
19:18:14.008 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys ACPI.sys iaStor.sys hal.dll
19:18:14.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c04060]
19:18:14.342 3 CLASSPNP.SYS[fffff88001b6d43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004c03060]
19:18:14.346 5 thpdrv.sys[fffff88001ab5cc0] -> nt!IofCallDriver -> [0xfffffa80049566c0]
19:18:14.351 7 ACPI.sys[fffff88000f6e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800495b050]
19:18:15.790 AVAST engine scan C:\windows
19:18:20.223 AVAST engine scan C:\windows\system32
19:22:00.366 AVAST engine scan C:\windows\system32\drivers
19:22:16.033 AVAST engine scan C:\Users\Cara
19:51:40.087 AVAST engine scan C:\ProgramData
19:53:22.934 File: C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A57CBD8C-724B-44E0-A357-901B84D9C2CE}\offreg.dll **HIDDEN**
19:53:23.010 Scan finished successfully
19:54:46.989 Disk 0 MBR has been saved successfully to "C:\MBR.dat"
19:54:47.005 The log file has been saved successfully to "C:\aswMBR.txt"

#12 Richer

Richer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 25 June 2012 - 08:21 PM

A few days before posting this topic, I ran Malwarebytes Anti-Malware. Below is the log. Maybe it didn't remove everything.

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Cara :: CARA-PC [administrator]

6/18/2012 12:18:55 PM
mbam-log-2012-06-18 (12-18-55).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 377878
Time elapsed: 51 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Users\Cara\AppData\Local\AOL\Adobe\yhuctdt.dll (Trojan.Happili.XGen) -> Delete on reboot.

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Users\Cara\AppData\Local\AOL\Adobe\yhuctdt.dll",CreateInstance -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Cara\AppData\Local\AOL\Adobe\yhuctdt.dll (Trojan.Happili.XGen) -> Delete on reboot.
C:\Users\Cara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UV9ZCA85\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Cara\AppData\Local\Temp\0.2813785811533336 (Trojan.Happili) -> Quarantined and deleted successfully.
C:\Users\Cara\Downloads\DownloadSetup (1).exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\Cara\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.

(end)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 25 June 2012 - 08:41 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Richer

Richer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 25 June 2012 - 09:08 PM

No problems running Combofix. Browsers are still redirecting.

ComboFix 12-06-25.04 - Cara 06/25/2012 21:51:38.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2623 [GMT -4:00]
Running from: c:\users\Cara\Desktop\ComboFix.exe
Command switches used :: c:\users\Cara\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-26 to 2012-06-26 )))))))))))))))))))))))))))))))
.
.
2012-06-26 01:57 . 2012-06-26 01:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-26 01:29 . 2012-06-26 01:29 -------- d-----w- c:\users\Cara\AppData\Local\Macromedia
2012-06-26 01:04 . 2012-06-26 01:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-25 12:51 . 2012-06-25 12:51 -------- d-----w- c:\windows\en
2012-06-25 12:47 . 2012-06-25 12:47 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a2caf7081cd52d007\MeshBetaRemover.exe
2012-06-25 12:47 . 2012-06-25 12:47 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a21b7a961cd52d006\DSETUP.dll
2012-06-25 12:47 . 2012-06-25 12:47 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a21b7a961cd52d006\DXSETUP.exe
2012-06-25 12:47 . 2012-06-25 12:47 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a21b7a961cd52d006\dsetup32.dll
2012-06-21 02:47 . 2012-06-21 02:47 -------- d-----w- c:\program files (x86)\ESET
2012-06-19 12:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 12:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 12:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 12:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 12:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 12:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 12:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 12:33 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 12:33 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-19 01:05 . 2012-06-19 01:05 -------- d-----w- c:\programdata\SUPERSetup
2012-06-19 01:05 . 2012-06-19 01:44 -------- d-----w- c:\users\Cara\AppData\Local\Google
2012-06-19 01:05 . 2012-06-19 01:44 -------- d-----w- c:\program files (x86)\Google
2012-06-18 22:05 . 2012-06-18 22:05 302592 ----a-w- c:\windows\SysWow64\cmd.execf
2012-06-18 22:02 . 2012-06-18 22:02 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-18 21:39 . 2012-06-18 21:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-18 21:38 . 2012-06-18 21:38 -------- d-----w- c:\program files (x86)\Oracle
2012-06-18 21:38 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-13 17:51 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-07 11:40 . 2012-06-07 11:40 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-07 11:40 . 2012-06-07 11:40 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-26 01:27 . 2011-07-05 21:59 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 12:49 . 2012-06-25 12:49 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-31 04:04 . 2012-06-25 16:18 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A57CBD8C-724B-44E0-A357-901B84D9C2CE}\mpengine.dll
2012-05-31 04:04 . 2012-06-25 01:19 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-04 23:29 . 2011-03-07 00:49 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-04 19:56 . 2011-12-16 17:31 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-30 11:35 . 2012-05-10 02:21 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-19_01.56.36 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-08 22:50 . 2012-03-08 22:50 49016 c:\windows\SysWOW64\sirenacm.dll
- 2010-11-10 06:54 . 2010-11-10 06:54 49016 c:\windows\SysWOW64\sirenacm.dll
+ 2010-10-28 01:03 . 2012-06-25 12:54 48992 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-26 01:47 38994 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-06 21:48 . 2012-06-26 01:59 13110 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3605292758-2544568638-4254560467-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-06-21 01:36 94640 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-06-25 12:47 . 2012-06-25 12:47 30720 c:\windows\Installer\790c8.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 74240 c:\windows\Installer\790c3.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 23552 c:\windows\Installer\790be.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 29696 c:\windows\Installer\790b9.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 60416 c:\windows\Installer\790b3.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 29184 c:\windows\Installer\7904e.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 67072 c:\windows\Installer\79045.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 39936 c:\windows\Installer\78e86.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 74240 c:\windows\Installer\78e81.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 26112 c:\windows\Installer\78e79.msi
+ 2012-06-25 12:50 . 2012-06-25 12:50 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-06-25 15:09 . 2012-06-25 15:09 61440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\6f2890f46db84bc57f09b9e898dcc0e2\WindowsLiveWriter.ni.exe
+ 2012-06-25 15:34 . 2012-06-25 15:34 80896 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\b139a1cda26d066860aaa83ff1f0ff91\WindowsLive.Writer.Passport.ni.dll
+ 2012-06-26 01:57 . 2012-06-26 01:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-19 01:56 . 2012-06-19 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-19 01:56 . 2012-06-19 01:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-26 01:57 . 2012-06-26 01:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-08 22:37 . 2012-03-08 22:37 302448 c:\windows\WLXPGSS.SCR
+ 2012-06-26 01:04 . 2012-06-26 01:27 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-06-26 01:04 . 2012-06-26 01:27 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2011-03-29 00:31 . 2011-03-29 00:31 209280 c:\windows\SysWOW64\LIVESSP.DLL
+ 2011-03-07 17:44 . 2012-06-25 01:07 233998 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 02:36 . 2012-06-25 20:01 626540 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-19 01:03 626540 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-25 20:01 107784 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-19 01:03 107784 c:\windows\system32\perfc009.dat
+ 2012-06-26 01:04 . 2012-06-26 01:27 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe
+ 2011-03-29 01:11 . 2011-03-29 01:11 252800 c:\windows\system32\LIVESSP.DLL
- 2010-09-21 21:49 . 2010-09-21 21:49 252800 c:\windows\system32\LIVESSP.DLL
- 2009-07-14 05:01 . 2012-06-19 01:55 327484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-26 01:57 327484 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-10-28 02:03 . 2010-10-28 02:03 153600 c:\windows\Installer\790ae.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 509952 c:\windows\Installer\79097.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 635904 c:\windows\Installer\7908d.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 468480 c:\windows\Installer\7906b.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 625664 c:\windows\Installer\7905c.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 276480 c:\windows\Installer\7902c.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 205824 c:\windows\Installer\78fd7.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 775168 c:\windows\Installer\78fce.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 715264 c:\windows\Installer\78ee6.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 136704 c:\windows\Installer\78ebd.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 429056 c:\windows\Installer\78eb8.msi
+ 2012-06-25 15:34 . 2012-06-25 15:34 634368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\bdd46a26ce7bdf525935a8f749582f27\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 891392 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fde371df4eed408b0611b5746655803e\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2012-06-25 15:09 . 2012-06-25 15:09 780800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\ebe797d14df7e907371da3a1662dab6f\WindowsLive.Writer.Controls.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 122368 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e27dd50210bed6d2b453e9477146e1c9\WindowsLive.Writer.Extensibility.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d52eba13edf8fcdfeec4764164319c2c\WindowsLive.Writer.BrowserControl.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 665600 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cb1ae89f088d0e74bd461cf5d3a32cf1\WindowsLive.Writer.Interop.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 871424 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\caeb427eec30805ba61d4d6a575a8a3a\WindowsLive.Writer.BlogClient.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 146432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7868ce7aef400105ccd415151a24053e\WindowsLive.Writer.Instrumentation.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 328192 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\76d1ee2da5d966f20e3ffa55b89c96f2\WindowsLive.Writer.Mshtml.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 156672 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\68e3097a2465cdbc3d61b919c309ce0a\WindowsLive.Writer.HtmlParser.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 326144 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5b335503bc9b547e960407aee5c86cb3\WindowsLive.Writer.SpellChecker.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5a361ed04d214905d7213dd3a8d8e48e\WindowsLive.Writer.FileDestinations.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 101376 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\44b1907dd0854a35bde93fb53d1db776\WindowsLive.Writer.Api.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 374272 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\315bb426fe9c648562b1ead5e3cd989d\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 222720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\3212bd156ec4eee886a0b48ec506e835\WindowsLive.Client.ni.dll
+ 2012-06-26 01:04 . 2012-06-26 01:27 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-26 01:04 . 2012-06-26 01:27 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
+ 2009-07-14 04:45 . 2012-06-21 00:54 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-06-13 23:38 7111262 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-23 01:34 . 2012-06-26 01:45 1057460 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605292758-2544568638-4254560467-1000-12288.dat
+ 2012-06-25 12:47 . 2012-06-25 12:47 2146304 c:\windows\Installer\790a8.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 4250112 c:\windows\Installer\7909d.msi
+ 2010-10-28 02:03 . 2010-10-28 02:03 4175360 c:\windows\Installer\79092.msi
+ 2010-10-28 02:03 . 2010-10-28 02:03 3410944 c:\windows\Installer\79087.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 5124096 c:\windows\Installer\79081.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 6661632 c:\windows\Installer\79077.msi
+ 2010-10-28 02:03 . 2010-10-28 02:03 1070592 c:\windows\Installer\79061.msi
+ 2010-10-28 02:03 . 2010-10-28 02:03 1492992 c:\windows\Installer\79053.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 3105792 c:\windows\Installer\7903f.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 6195200 c:\windows\Installer\79034.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 6363136 c:\windows\Installer\78fef.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 3734016 c:\windows\Installer\78fc5.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 2957312 c:\windows\Installer\78f7d.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 8313856 c:\windows\Installer\78f63.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 5868544 c:\windows\Installer\78f5e.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 5535744 c:\windows\Installer\78f40.msp
+ 2012-06-25 12:47 . 2012-06-25 12:47 3312128 c:\windows\Installer\78f0a.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 8332288 c:\windows\Installer\78eee.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 2310656 c:\windows\Installer\78ed6.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 1139712 c:\windows\Installer\78ece.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 4004864 c:\windows\Installer\78ec2.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 2932224 c:\windows\Installer\78eb3.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 7710720 c:\windows\Installer\78e9f.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 4426240 c:\windows\Installer\78e9a.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 9433088 c:\windows\Installer\78e8b.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 8822784 c:\windows\Installer\78e75.msi
+ 2010-09-23 07:17 . 2010-09-23 07:17 1204584 c:\windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502\wlarp.exe
+ 2012-06-25 15:09 . 2012-06-25 15:09 7025152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f6cac6d0e82d3714667b5fe78442bb26\WindowsLive.Writer.PostEditor.ni.dll
+ 2012-06-25 15:09 . 2012-06-25 15:09 2193408 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\adb0e58139fd3acff774fafea2b34d5f\WindowsLive.Writer.CoreServices.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 1346560 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\a77dc72d1b8dab87fdbf73252925c3de\WindowsLive.Writer.Localization.ni.dll
+ 2012-06-25 15:34 . 2012-06-25 15:34 1285632 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\2a7f76b6857454c1216089b694d7d72a\WindowsLive.Writer.ApplicationFramework.ni.dll
- 2009-07-14 02:34 . 2012-06-13 23:34 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-06-19 12:46 10747904 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-06-26 01:04 . 2012-06-26 01:27 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
+ 2011-03-06 23:29 . 2012-06-26 01:57 24753757 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3605292758-2544568638-4254560467-1000-8192.dat
+ 2010-10-28 02:03 . 2010-10-28 02:03 11846656 c:\windows\Installer\78fbc.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 14624256 c:\windows\Installer\78fb4.msp
+ 2010-10-28 02:03 . 2010-10-28 02:03 34193408 c:\windows\Installer\78f88.msi
+ 2010-10-28 02:03 . 2010-10-28 02:03 13850624 c:\windows\Installer\78f47.msi
+ 2012-06-25 12:47 . 2012-06-25 12:47 22647296 c:\windows\Installer\78f1d.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\SymcPCCULaunchSvc.exe [x]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 250056]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-18 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 01:27]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 410648]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Cara\AppData\Roaming\Mozilla\Firefox\Profiles\apm46hv9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.6.22\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-25 22:02:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-26 02:02
ComboFix2.txt 2012-06-22 02:11
ComboFix3.txt 2012-06-21 00:55
ComboFix4.txt 2012-06-19 16:56
.
Pre-Run: 493,215,076,352 bytes free
Post-Run: 492,996,161,536 bytes free
.
- - End Of File - - F5606B2169CAB99BDAA0F7F82F05156E

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:03 PM

Posted 25 June 2012 - 09:20 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users