Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google re-direct virus not cleaned up by TDSS killer


  • This topic is locked This topic is locked
41 replies to this topic

#1 sanne_lily

sanne_lily

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 26 June 2012 - 07:24 AM

Attached File  Attach.txt   13.38KB   0 downloadsAttached File  Attach.txt   13.38KB   0 downloads
This bug redirects me when searching on Google. As I click on the search result it will either redirect me back to Google's home page or to an entirely different page. However sometimes (say 1 in 10 times) it does not redirect (appearing error free) and this tends to be when you have closed the browser in an effort to try and start your search again. This bug also plays random audio clips (mostly promotional) even when it appears that no internet browsing pages nor programs are open - almost like a pop-up that cannot be seen.
TDSS killer did not work - or it appeared to work temporarily then it did not work when it was used a second time.
Also I cannot complete step 5 in the "Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help" to enable windows firewall as there is an error message "Windows Firewall can't change some of your settings. error code 0x80070424.
Thank you


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Admin at 22:08:37 on 2012-06-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3063.1196 [GMT 10:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\ProgramData\DatacardService\DCService.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\Dwm.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\Explorer.EXE
C:\ProgramData\DatacardService\DCSHelper.exe
C:\windows\system32\taskhost.exe
c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\Admin\Optus\Remote Diagnostics\cpmmgrd.exe
C:\windows\system32\conhost.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files\Norton PC Checkup\Engine\2.0.3.202\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\11.1.0\ScriptHelper.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG2012\avgcfgex.exe
"C:\windows\System32\svchost.exe" -k LocalServiceDns
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uDefault_Page_URL = hxxp://toshiba.msn.com
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - "c:\program files\microsoft\bingbar\7.1.361.0\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [<NO NAME>]
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [ToshibaServiceStation] c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe /hide:60
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\starto~1.lnk - c:\users\admin\optus\remote diagnostics\cpmmgrd.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{0574B48B-91E1-42C1-B8D2-82D05BEAEDC5} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{164B9CA6-B726-43BE-BDEC-F035C873922F} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{3D3BFD05-C4D9-40B0-AC0E-06AB8ABEA343} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{6B97B538-0C9F-4428-8619-45FB5F443D19} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{6E705C1F-EFED-4C2F-85BC-C96F25DD02E2} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{6E705C1F-EFED-4C2F-85BC-C96F25DD02E2}\35573716E6E61686723702960786F6E656 : DhcpNameServer = 10.4.81.103 10.4.182.20
TCP: Interfaces\{B0778957-B4A1-4975-BF67-8D9FA046E827} : DhcpNameServer = 10.5.1.9
TCP: Interfaces\{DB087E88-CBB8-4877-AA1C-6B91925CA526} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{E9EC7C21-56CC-49C0-9FE9-013BFD2478F5} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{F3047EF7-ACDE-48FF-A91C-E7B08C2BDEC2} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{F8B5D09C-8327-45B1-9027-3418727A8F69} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{FC601EEC-D03C-4598-8832-9F684FDF3498} : NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{FD7BC97C-A71D-4383-BD49-41606D1A1AFD} : DhcpNameServer = 10.143.147.147 10.143.147.148
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-30 30272]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-30 13120]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2010-7-14 65584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-6-23 172032]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-29 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-11 46448]
R2 DCService.exe;DCService.exe;c:\programdata\datacardservice\DCService.exe [2010-9-29 249856]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup\engine\2.0.3.202\SymcPCCULaunchSvc.exe [2010-6-23 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files\norton pc checkup\engine\2.0.3.202\ccSvcHst.exe [2010-6-23 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2010-3-18 189808]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-20 12920]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2010-6-23 2320920]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-7-5 14336]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.1.0\ToolbarUpdater.exe [2012-6-21 935480]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2010-6-23 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-6-23 152064]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [2010-3-6 516152]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2010-6-23 7680]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-2-19 72832]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-2-11 132352]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-2-23 66600]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-6-23 24064]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-6-23 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-6 111960]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2010-2-24 685424]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-20 257224]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-2-19 208896]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-24 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2011-8-2 18432]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-6-23 182304]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-8 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-6 1343400]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2012-06-21 23:47:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 23:47:11 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 23:46:58 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 23:46:58 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:02:08 -------- d-----w- c:\users\admin\appdata\roaming\AVG2012
2012-06-21 08:00:55 -------- d-----w- c:\users\admin\appdata\local\AVG Secure Search
2012-06-21 08:00:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-21 08:00:49 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-06-21 08:00:49 -------- d-----w- c:\program files\AVG Secure Search
2012-06-21 08:00:31 -------- d--h--w- c:\programdata\Common Files
2012-06-21 07:59:58 -------- d--h--w- C:\$AVG
2012-06-21 07:59:58 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-21 07:59:57 -------- d-----w- c:\programdata\AVG2012
2012-06-21 07:59:14 -------- d-----w- c:\program files\AVG
2012-06-21 07:56:13 -------- d-----w- c:\programdata\MFAData
2012-06-21 07:35:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 08:53:54 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-20 08:02:52 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 08:02:52 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-19 09:55:08 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62884264-adca-48da-92bb-bdd1cfabbd79}\mpengine.dll
2012-06-17 09:21:33 6737808 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-14 10:45:58 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 10:45:58 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 10:45:58 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
==================== Find3M ====================
.
2012-06-21 07:37:46 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05:38 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-20 03:16:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-18 18:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-07 11:26:29 2342400 ----a-w- c:\windows\system32\msi.dll
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23:11 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 22:09:32.20 ===============

Edited by sanne_lily, 26 June 2012 - 07:26 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 AM

Posted 27 June 2012 - 01:20 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2012 - 07:00 AM

This is the text from security check:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 17
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.0.2.54 Flash Player out of Date!
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials msseces.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2012 - 07:24 AM

I've just run combofix and no report was produced at the end...? Up popped a screen 'make changes to your computer' I clicked yes. Then up came a box with a running/percentage completing bar and then nothing.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 AM

Posted 29 June 2012 - 08:24 AM

Hello

I would like you to download an updated version of combofix.

update combofix

Delete the version of combofix you have now on your desktop and download a new one from here

Link 1
Link 2
Link 3
**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note:Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
[/list]
"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2012 - 07:46 PM

For your information - Trojan horse Patched_c.LYU continues to come up as a threat directed when I have AVG enabled. File name c:\Windows\System32\services.exe

#7 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2012 - 08:11 PM

Combo fix report is:

ComboFix 12-06-28.03 - Admin 30/06/2012 10:52:24.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3063.2052 [GMT 10:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Admin\2057.MST
c:\users\Admin\AppData\Local\assembly\tmp
c:\users\Admin\Documents\~WRL0001.tmp
c:\users\Admin\Documents\~WRL1367.tmp
c:\users\Admin\Documents\~WRL3145.tmp
c:\users\Admin\Documents\~WRL3657.tmp
c:\users\Admin\Documents\~WRL3784.tmp
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\@
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\L\00000004.@
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\L\1afb2d56
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\L\201d3dde
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\L\55490ac4
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\U\00000004.@
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\U\00000008.@
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\U\000000cb.@
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\U\80000000.@
c:\windows\Installer\{5cb23910-8596-2d67-fc0b-4b7056dafad1}\U\80000032.@
c:\windows\system32\Thumbs.db
.
Infected copy of c:\windows\system32\Services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-30 )))))))))))))))))))))))))))))))
.
.
2012-06-30 00:58 . 2012-06-30 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 08:02 . 2012-06-21 08:02 -------- d-----w- c:\users\Admin\AppData\Roaming\AVG2012
2012-06-21 08:00 . 2012-06-21 08:00 -------- d-----w- c:\users\Admin\AppData\Local\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:00 -------- d-----w- c:\program files\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:00 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:00 -------- d--h--w- c:\programdata\Common Files
2012-06-21 07:59 . 2012-06-30 00:47 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-21 07:59 . 2012-06-21 07:59 -------- d-----w- C:\$AVG
2012-06-21 07:59 . 2012-06-21 10:42 -------- d-----w- c:\programdata\AVG2012
2012-06-21 07:59 . 2012-06-21 07:59 -------- d-----w- c:\program files\AVG
2012-06-21 07:56 . 2012-06-30 00:47 -------- d-----w- c:\programdata\MFAData
2012-06-21 07:35 . 2012-06-21 07:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 08:53 . 2012-06-20 08:53 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-20 08:02 . 2012-06-20 08:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 08:02 . 2012-06-20 08:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 10:46 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 10:46 . 2012-04-20 04:57 525312 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-06-14 10:46 . 2012-04-20 05:00 759296 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2012-06-14 10:46 . 2012-04-20 04:56 860672 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-06-14 10:46 . 2012-04-20 04:56 163328 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-06-14 10:45 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 10:45 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 10:45 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 07:37 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-06-02 22:19 . 2012-06-21 23:47 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 23:47 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 23:47 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 23:47 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-21 23:47 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-21 23:47 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-21 23:47 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-21 23:46 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-21 23:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-15 03:03 . 2012-06-14 10:46 981504 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 01:05 . 2012-06-14 10:46 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44 . 2012-06-14 10:46 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-04-26 04:45 . 2012-06-14 10:46 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 04:45 . 2012-06-14 10:46 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 04:41 . 2012-06-14 10:46 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-20 03:16 . 2012-06-14 10:46 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-13 07:36 . 2012-05-01 07:54 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0932145-1B68-4ADB-BFB4-62C96A413619}\mpengine.dll
2012-04-07 11:26 . 2012-06-14 10:46 2342400 ----a-w- c:\windows\system32\msi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 01:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-21 08:00 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-21 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-11 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-02 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-03-17 1328480]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-09 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-21 1104440]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Optus Remote Diagnostics.lnk - c:\users\Admin\Optus\Remote Diagnostics\cpmmgrd.exe [2010-9-13 296448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 08:02]
.
2012-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 11:29]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 11:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{0574B48B-91E1-42C1-B8D2-82D05BEAEDC5}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{164B9CA6-B726-43BE-BDEC-F035C873922F}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{3D3BFD05-C4D9-40B0-AC0E-06AB8ABEA343}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{6B97B538-0C9F-4428-8619-45FB5F443D19}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{DB087E88-CBB8-4877-AA1C-6B91925CA526}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{E9EC7C21-56CC-49C0-9FE9-013BFD2478F5}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{F3047EF7-ACDE-48FF-A91C-E7B08C2BDEC2}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{F8B5D09C-8327-45B1-9027-3418727A8F69}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{FC601EEC-D03C-4598-8832-9F684FDF3498}: NameServer = 61.88.88.88 211.29.132.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-37820125.sys
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\ThpSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\ThpSrv.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\windows\system32\conhost.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\program files\TOSHIBA\TPHM\TPCHWMsg.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2012-06-30 11:09:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-30 01:09
.
Pre-Run: 542,893,289,472 bytes free
Post-Run: 543,540,248,576 bytes free
.
- - End Of File - - D04BFB4E2C9AABA9E1151D07A1787482

#8 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2012 - 08:13 PM

Re: how is the computer working now?
It seems to be working with the google searches now.
I will see how it goes over the next couple of days

Thank you!!!! :thumbsup: :thumbsup: :thumbsup:

#9 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 29 June 2012 - 08:16 PM

Do I now delete combo fix? AVG recognises it as a threat.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 AM

Posted 30 June 2012 - 12:01 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 01 July 2012 - 06:24 AM

21:21:23.0441 6024 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
21:21:24.0174 6024 ============================================================
21:21:24.0174 6024 Current date / time: 2012/07/01 21:21:24.0174
21:21:24.0174 6024 SystemInfo:
21:21:24.0174 6024
21:21:24.0174 6024 OS Version: 6.1.7601 ServicePack: 1.0
21:21:24.0174 6024 Product type: Workstation
21:21:24.0174 6024 ComputerName: ADMIN-PC
21:21:24.0174 6024 UserName: Admin
21:21:24.0174 6024 Windows directory: C:\windows
21:21:24.0174 6024 System windows directory: C:\windows
21:21:24.0174 6024 Processor architecture: Intel x86
21:21:24.0174 6024 Number of processors: 4
21:21:24.0174 6024 Page size: 0x1000
21:21:24.0174 6024 Boot type: Normal boot
21:21:24.0174 6024 ============================================================
21:21:24.0673 6024 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:21:24.0673 6024 ============================================================
21:21:24.0673 6024 \Device\Harddisk0\DR0:
21:21:24.0673 6024 MBR partitions:
21:21:24.0673 6024 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48DB4800
21:21:24.0673 6024 ============================================================
21:21:24.0704 6024 C: <-> \Device\Harddisk0\DR0\Partition0
21:21:24.0704 6024 ============================================================
21:21:24.0704 6024 Initialize success
21:21:24.0704 6024 ============================================================
21:21:30.0819 6592 ============================================================
21:21:30.0819 6592 Scan started
21:21:30.0819 6592 Mode: Manual;
21:21:30.0819 6592 ============================================================
21:21:31.0506 6592 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:21:31.0506 6592 1394ohci - ok
21:21:31.0599 6592 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:21:31.0599 6592 ACPI - ok
21:21:31.0646 6592 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:21:31.0646 6592 AcpiPmi - ok
21:21:31.0709 6592 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\windows\system32\drivers\adfs.sys
21:21:31.0709 6592 adfs - ok
21:21:31.0849 6592 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
21:21:31.0880 6592 Adobe Version Cue CS4 - ok
21:21:31.0974 6592 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:21:31.0974 6592 AdobeFlashPlayerUpdateSvc - ok
21:21:32.0052 6592 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:21:32.0067 6592 adp94xx - ok
21:21:32.0099 6592 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:21:32.0099 6592 adpahci - ok
21:21:32.0145 6592 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:21:32.0161 6592 adpu320 - ok
21:21:32.0192 6592 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:21:32.0192 6592 AeLookupSvc - ok
21:21:32.0301 6592 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:21:32.0301 6592 AFD - ok
21:21:32.0411 6592 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
21:21:32.0426 6592 AgereSoftModem - ok
21:21:32.0457 6592 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:21:32.0457 6592 agp440 - ok
21:21:32.0504 6592 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:21:32.0504 6592 aic78xx - ok
21:21:32.0567 6592 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:21:32.0567 6592 ALG - ok
21:21:32.0613 6592 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:21:32.0613 6592 aliide - ok
21:21:32.0660 6592 AMD External Events Utility (3e158a239992177c895458d9457a8859) C:\windows\system32\atiesrxx.exe
21:21:32.0676 6592 AMD External Events Utility - ok
21:21:32.0707 6592 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:21:32.0707 6592 amdagp - ok
21:21:32.0754 6592 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:21:32.0754 6592 amdide - ok
21:21:32.0785 6592 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:21:32.0785 6592 AmdK8 - ok
21:21:33.0113 6592 amdkmdag (4ac9456b06b5cf56aad4c547dd3df553) C:\windows\system32\DRIVERS\atipmdag.sys
21:21:33.0222 6592 amdkmdag - ok
21:21:33.0362 6592 amdkmdap (a9db7f34f76bef9c97f3574058ffca92) C:\windows\system32\DRIVERS\atikmpag.sys
21:21:33.0378 6592 amdkmdap - ok
21:21:33.0409 6592 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:21:33.0409 6592 AmdPPM - ok
21:21:33.0471 6592 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
21:21:33.0471 6592 amdsata - ok
21:21:33.0503 6592 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:21:33.0518 6592 amdsbs - ok
21:21:33.0549 6592 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
21:21:33.0549 6592 amdxata - ok
21:21:33.0596 6592 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:21:33.0596 6592 AppID - ok
21:21:33.0643 6592 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:21:33.0643 6592 AppIDSvc - ok
21:21:33.0690 6592 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:21:33.0690 6592 Appinfo - ok
21:21:33.0799 6592 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:21:33.0799 6592 Apple Mobile Device - ok
21:21:33.0877 6592 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:21:33.0877 6592 arc - ok
21:21:33.0893 6592 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:21:33.0893 6592 arcsas - ok
21:21:33.0908 6592 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:21:33.0908 6592 AsyncMac - ok
21:21:33.0971 6592 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:21:33.0971 6592 atapi - ok
21:21:34.0314 6592 atikmdag (4ac9456b06b5cf56aad4c547dd3df553) C:\windows\system32\DRIVERS\atikmdag.sys
21:21:34.0423 6592 atikmdag - ok
21:21:34.0657 6592 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:21:34.0688 6592 AudioEndpointBuilder - ok
21:21:34.0688 6592 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:21:34.0704 6592 Audiosrv - ok
21:21:35.0063 6592 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\avgidsagent.exe
21:21:35.0156 6592 AVGIDSAgent - ok
21:21:35.0328 6592 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\windows\system32\DRIVERS\avgidsdriverx.sys
21:21:35.0343 6592 AVGIDSDriver - ok
21:21:35.0359 6592 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\windows\system32\DRIVERS\avgidsfilterx.sys
21:21:35.0359 6592 AVGIDSFilter - ok
21:21:35.0390 6592 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\windows\system32\DRIVERS\avgidshx.sys
21:21:35.0390 6592 AVGIDSHX - ok
21:21:35.0406 6592 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\windows\system32\DRIVERS\avgidsshimx.sys
21:21:35.0406 6592 AVGIDSShim - ok
21:21:35.0453 6592 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\windows\system32\DRIVERS\avgldx86.sys
21:21:35.0453 6592 Avgldx86 - ok
21:21:35.0499 6592 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\windows\system32\DRIVERS\avgmfx86.sys
21:21:35.0499 6592 Avgmfx86 - ok
21:21:35.0546 6592 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\windows\system32\DRIVERS\avgrkx86.sys
21:21:35.0562 6592 Avgrkx86 - ok
21:21:35.0593 6592 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\windows\system32\DRIVERS\avgtdix.sys
21:21:35.0593 6592 Avgtdix - ok
21:21:35.0702 6592 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
21:21:35.0702 6592 avgwd - ok
21:21:35.0749 6592 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:21:35.0749 6592 AxInstSV - ok
21:21:35.0811 6592 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:21:35.0811 6592 b06bdrv - ok
21:21:35.0858 6592 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:21:35.0858 6592 b57nd60x - ok
21:21:35.0983 6592 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
21:21:35.0999 6592 BBSvc - ok
21:21:36.0061 6592 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
21:21:36.0061 6592 BBUpdate - ok
21:21:36.0233 6592 BCM43XX (cda161020bf75b12728ae394196ad991) C:\windows\system32\DRIVERS\bcmwl6.sys
21:21:36.0295 6592 BCM43XX - ok
21:21:36.0373 6592 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:21:36.0373 6592 BcmSqlStartupSvc - ok
21:21:36.0482 6592 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:21:36.0482 6592 BDESVC - ok
21:21:36.0529 6592 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:21:36.0529 6592 Beep - ok
21:21:36.0638 6592 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
21:21:36.0638 6592 BFE - ok
21:21:36.0701 6592 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
21:21:36.0716 6592 BITS - ok
21:21:36.0747 6592 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:21:36.0747 6592 blbdrive - ok
21:21:36.0872 6592 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:21:36.0888 6592 Bonjour Service - ok
21:21:36.0935 6592 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:21:36.0935 6592 bowser - ok
21:21:36.0950 6592 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:21:36.0950 6592 BrFiltLo - ok
21:21:36.0966 6592 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:21:36.0966 6592 BrFiltUp - ok
21:21:37.0013 6592 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
21:21:37.0013 6592 BridgeMP - ok
21:21:37.0059 6592 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:21:37.0059 6592 Browser - ok
21:21:37.0106 6592 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:21:37.0106 6592 Brserid - ok
21:21:37.0122 6592 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:21:37.0122 6592 BrSerWdm - ok
21:21:37.0137 6592 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:21:37.0137 6592 BrUsbMdm - ok
21:21:37.0153 6592 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:21:37.0153 6592 BrUsbSer - ok
21:21:37.0184 6592 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:21:37.0184 6592 BTHMODEM - ok
21:21:37.0247 6592 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:21:37.0247 6592 bthserv - ok
21:21:37.0356 6592 catchme - ok
21:21:37.0387 6592 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:21:37.0387 6592 cdfs - ok
21:21:37.0418 6592 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
21:21:37.0434 6592 cdrom - ok
21:21:37.0481 6592 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:21:37.0481 6592 CertPropSvc - ok
21:21:37.0559 6592 cfWiMAXService (3653fd7871e8b5b92e9c3e2945bd293d) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
21:21:37.0559 6592 cfWiMAXService - ok
21:21:37.0590 6592 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:21:37.0590 6592 circlass - ok
21:21:37.0637 6592 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:21:37.0637 6592 CLFS - ok
21:21:37.0715 6592 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:21:37.0715 6592 clr_optimization_v2.0.50727_32 - ok
21:21:37.0777 6592 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:21:37.0777 6592 clr_optimization_v4.0.30319_32 - ok
21:21:37.0808 6592 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:21:37.0808 6592 CmBatt - ok
21:21:37.0824 6592 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:21:37.0824 6592 cmdide - ok
21:21:37.0886 6592 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:21:37.0917 6592 CNG - ok
21:21:37.0964 6592 CnxtHdAudService (c2fa222ac9db9463f801451ff65ecbe8) C:\windows\system32\drivers\CHDRT32.sys
21:21:37.0980 6592 CnxtHdAudService - ok
21:21:38.0042 6592 CnxtHdmiAudService (b43d15e98f31c82676c065a01c7f586b) C:\windows\system32\drivers\CHDMI32.sys
21:21:38.0058 6592 CnxtHdmiAudService - ok
21:21:38.0089 6592 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:21:38.0089 6592 Compbatt - ok
21:21:38.0136 6592 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:21:38.0151 6592 CompositeBus - ok
21:21:38.0151 6592 COMSysApp - ok
21:21:38.0229 6592 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:21:38.0245 6592 ConfigFree Service - ok
21:21:38.0261 6592 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:21:38.0261 6592 crcdisk - ok
21:21:38.0339 6592 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll
21:21:38.0339 6592 CryptSvc - ok
21:21:38.0401 6592 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\windows\system32\DRIVERS\ctxusbm.sys
21:21:38.0401 6592 ctxusbm - ok
21:21:38.0463 6592 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:21:38.0479 6592 DcomLaunch - ok
21:21:38.0604 6592 DCService.exe (9ac09551f559a1eeafc0b19f624c233e) C:\ProgramData\DatacardService\DCService.exe
21:21:38.0651 6592 DCService.exe - ok
21:21:38.0697 6592 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:21:38.0697 6592 defragsvc - ok
21:21:38.0744 6592 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:21:38.0744 6592 DfsC - ok
21:21:38.0807 6592 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:21:38.0822 6592 Dhcp - ok
21:21:38.0838 6592 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:21:38.0838 6592 discache - ok
21:21:38.0885 6592 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:21:38.0885 6592 Disk - ok
21:21:38.0931 6592 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:21:38.0931 6592 Dnscache - ok
21:21:38.0978 6592 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:21:38.0978 6592 dot3svc - ok
21:21:39.0009 6592 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:21:39.0025 6592 DPS - ok
21:21:39.0056 6592 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:21:39.0056 6592 drmkaud - ok
21:21:39.0119 6592 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:21:39.0150 6592 DXGKrnl - ok
21:21:39.0181 6592 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:21:39.0181 6592 EapHost - ok
21:21:39.0368 6592 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:21:39.0446 6592 ebdrv - ok
21:21:39.0555 6592 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:21:39.0555 6592 EFS - ok
21:21:39.0633 6592 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
21:21:39.0633 6592 ehRecvr - ok
21:21:39.0665 6592 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:21:39.0665 6592 ehSched - ok
21:21:39.0743 6592 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:21:39.0758 6592 elxstor - ok
21:21:39.0789 6592 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:21:39.0805 6592 ErrDev - ok
21:21:39.0852 6592 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:21:39.0867 6592 EventSystem - ok
21:21:39.0914 6592 ewusbnet (95bcb4321962028799eb2ea53319bb0c) C:\windows\system32\DRIVERS\ewusbnet.sys
21:21:39.0930 6592 ewusbnet - ok
21:21:39.0977 6592 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:21:39.0977 6592 exfat - ok
21:21:39.0992 6592 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:21:39.0992 6592 fastfat - ok
21:21:40.0055 6592 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:21:40.0070 6592 Fax - ok
21:21:40.0101 6592 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:21:40.0101 6592 fdc - ok
21:21:40.0117 6592 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:21:40.0117 6592 fdPHost - ok
21:21:40.0133 6592 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:21:40.0133 6592 FDResPub - ok
21:21:40.0148 6592 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:21:40.0148 6592 FileInfo - ok
21:21:40.0148 6592 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:21:40.0164 6592 Filetrace - ok
21:21:40.0257 6592 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:21:40.0273 6592 FLEXnet Licensing Service - ok
21:21:40.0289 6592 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:21:40.0289 6592 flpydisk - ok
21:21:40.0320 6592 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:21:40.0320 6592 FltMgr - ok
21:21:40.0398 6592 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll
21:21:40.0413 6592 FontCache - ok
21:21:40.0491 6592 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:21:40.0491 6592 FontCache3.0.0.0 - ok
21:21:40.0523 6592 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:21:40.0523 6592 FsDepends - ok
21:21:40.0585 6592 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
21:21:40.0585 6592 fssfltr - ok
21:21:40.0757 6592 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
21:21:40.0788 6592 fsssvc - ok
21:21:40.0928 6592 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:21:40.0928 6592 Fs_Rec - ok
21:21:40.0975 6592 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:21:40.0975 6592 fvevol - ok
21:21:41.0022 6592 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
21:21:41.0022 6592 FwLnk - ok
21:21:41.0053 6592 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:21:41.0053 6592 gagp30kx - ok
21:21:41.0131 6592 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
21:21:41.0162 6592 GameConsoleService - ok
21:21:41.0225 6592 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
21:21:41.0225 6592 GEARAspiWDM - ok
21:21:41.0271 6592 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:21:41.0287 6592 gpsvc - ok
21:21:41.0365 6592 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:21:41.0381 6592 gupdate - ok
21:21:41.0396 6592 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
21:21:41.0412 6592 gupdatem - ok
21:21:41.0443 6592 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:21:41.0443 6592 gusvc - ok
21:21:41.0474 6592 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:21:41.0474 6592 hcw85cir - ok
21:21:41.0537 6592 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:21:41.0537 6592 HdAudAddService - ok
21:21:41.0568 6592 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:21:41.0568 6592 HDAudBus - ok
21:21:41.0615 6592 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
21:21:41.0615 6592 HECI - ok
21:21:41.0630 6592 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:21:41.0630 6592 HidBatt - ok
21:21:41.0646 6592 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:21:41.0661 6592 HidBth - ok
21:21:41.0693 6592 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:21:41.0693 6592 HidIr - ok
21:21:41.0708 6592 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
21:21:41.0708 6592 hidserv - ok
21:21:41.0755 6592 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
21:21:41.0755 6592 HidUsb - ok
21:21:41.0786 6592 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:21:41.0786 6592 hkmsvc - ok
21:21:41.0817 6592 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:21:41.0817 6592 HomeGroupListener - ok
21:21:41.0864 6592 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:21:41.0864 6592 HomeGroupProvider - ok
21:21:41.0911 6592 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:21:41.0911 6592 HpSAMD - ok
21:21:41.0958 6592 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:21:41.0973 6592 HTTP - ok
21:21:42.0020 6592 huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\windows\system32\DRIVERS\ew_jubusenum.sys
21:21:42.0020 6592 huawei_enumerator - ok
21:21:42.0051 6592 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\windows\system32\DRIVERS\ewusbmdm.sys
21:21:42.0051 6592 hwdatacard - ok
21:21:42.0083 6592 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:21:42.0083 6592 hwpolicy - ok
21:21:42.0129 6592 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:21:42.0145 6592 i8042prt - ok
21:21:42.0192 6592 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\windows\system32\DRIVERS\iaStor.sys
21:21:42.0192 6592 iaStor - ok
21:21:42.0254 6592 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
21:21:42.0254 6592 iaStorV - ok
21:21:42.0363 6592 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:21:42.0379 6592 idsvc - ok
21:21:42.0426 6592 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:21:42.0441 6592 iirsp - ok
21:21:42.0535 6592 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:21:42.0535 6592 IKEEXT - ok
21:21:42.0597 6592 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\windows\system32\DRIVERS\Impcd.sys
21:21:42.0597 6592 Impcd - ok
21:21:42.0644 6592 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:21:42.0644 6592 intelide - ok
21:21:42.0691 6592 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:21:42.0691 6592 intelppm - ok
21:21:42.0722 6592 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:21:42.0722 6592 IPBusEnum - ok
21:21:42.0738 6592 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:21:42.0738 6592 IpFilterDriver - ok
21:21:42.0816 6592 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
21:21:42.0816 6592 iphlpsvc - ok
21:21:42.0847 6592 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:21:42.0863 6592 IPMIDRV - ok
21:21:42.0894 6592 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:21:42.0894 6592 IPNAT - ok
21:21:43.0034 6592 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
21:21:43.0034 6592 iPod Service - ok
21:21:43.0065 6592 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:21:43.0065 6592 IRENUM - ok
21:21:43.0097 6592 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:21:43.0097 6592 isapnp - ok
21:21:43.0159 6592 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:21:43.0159 6592 iScsiPrt - ok
21:21:43.0206 6592 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:21:43.0221 6592 kbdclass - ok
21:21:43.0253 6592 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:21:43.0253 6592 kbdhid - ok
21:21:43.0284 6592 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:21:43.0284 6592 KeyIso - ok
21:21:43.0299 6592 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:21:43.0299 6592 KSecDD - ok
21:21:43.0346 6592 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:21:43.0346 6592 KSecPkg - ok
21:21:43.0377 6592 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:21:43.0393 6592 KtmRm - ok
21:21:43.0440 6592 L1C (b05adcd03aaed42607371186f359d8a5) C:\windows\system32\DRIVERS\L1C62x86.sys
21:21:43.0440 6592 L1C - ok
21:21:43.0487 6592 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
21:21:43.0487 6592 LanmanServer - ok
21:21:43.0533 6592 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:21:43.0533 6592 LanmanWorkstation - ok
21:21:43.0565 6592 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:21:43.0580 6592 lltdio - ok
21:21:43.0611 6592 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:21:43.0611 6592 lltdsvc - ok
21:21:43.0627 6592 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:21:43.0627 6592 lmhosts - ok
21:21:43.0752 6592 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:21:43.0767 6592 LMS - ok
21:21:43.0799 6592 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:21:43.0799 6592 LSI_FC - ok
21:21:43.0814 6592 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:21:43.0830 6592 LSI_SAS - ok
21:21:43.0861 6592 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:21:43.0861 6592 LSI_SAS2 - ok
21:21:43.0877 6592 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:21:43.0892 6592 LSI_SCSI - ok
21:21:43.0923 6592 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:21:43.0923 6592 luafv - ok
21:21:43.0955 6592 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
21:21:43.0955 6592 Mcx2Svc - ok
21:21:43.0970 6592 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:21:43.0970 6592 megasas - ok
21:21:44.0017 6592 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:21:44.0017 6592 MegaSR - ok
21:21:44.0048 6592 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:21:44.0048 6592 MMCSS - ok
21:21:44.0064 6592 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:21:44.0064 6592 Modem - ok
21:21:44.0111 6592 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:21:44.0111 6592 monitor - ok
21:21:44.0142 6592 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
21:21:44.0142 6592 mouclass - ok
21:21:44.0189 6592 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:21:44.0189 6592 mouhid - ok
21:21:44.0235 6592 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:21:44.0251 6592 mountmgr - ok
21:21:44.0267 6592 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:21:44.0282 6592 mpio - ok
21:21:44.0298 6592 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:21:44.0313 6592 mpsdrv - ok
21:21:44.0407 6592 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
21:21:44.0407 6592 MpsSvc - ok
21:21:44.0454 6592 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:21:44.0454 6592 MRxDAV - ok
21:21:44.0501 6592 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:21:44.0501 6592 mrxsmb - ok
21:21:44.0547 6592 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:21:44.0547 6592 mrxsmb10 - ok
21:21:44.0579 6592 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:21:44.0579 6592 mrxsmb20 - ok
21:21:44.0610 6592 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:21:44.0610 6592 msahci - ok
21:21:44.0657 6592 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:21:44.0657 6592 msdsm - ok
21:21:44.0688 6592 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:21:44.0688 6592 MSDTC - ok
21:21:44.0719 6592 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:21:44.0719 6592 Msfs - ok
21:21:44.0735 6592 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:21:44.0735 6592 mshidkmdf - ok
21:21:44.0766 6592 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:21:44.0766 6592 msisadrv - ok
21:21:44.0813 6592 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:21:44.0813 6592 MSiSCSI - ok
21:21:44.0813 6592 msiserver - ok
21:21:44.0844 6592 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:21:44.0844 6592 MSKSSRV - ok
21:21:44.0859 6592 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:21:44.0875 6592 MSPCLOCK - ok
21:21:44.0875 6592 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:21:44.0875 6592 MSPQM - ok
21:21:44.0906 6592 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:21:44.0906 6592 MsRPC - ok
21:21:44.0937 6592 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:21:44.0937 6592 mssmbios - ok
21:21:45.0015 6592 MSSQL$MSSMLBIZ - ok
21:21:45.0078 6592 MSSQL$SQLEXPRESS - ok
21:21:45.0140 6592 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:21:45.0140 6592 MSSQLServerADHelper - ok
21:21:45.0171 6592 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:21:45.0171 6592 MSTEE - ok
21:21:45.0171 6592 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:21:45.0171 6592 MTConfig - ok
21:21:45.0187 6592 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:21:45.0187 6592 Mup - ok
21:21:45.0234 6592 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:21:45.0249 6592 napagent - ok
21:21:45.0296 6592 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:21:45.0296 6592 NativeWifiP - ok
21:21:45.0390 6592 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:21:45.0390 6592 NDIS - ok
21:21:45.0437 6592 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:21:45.0437 6592 NdisCap - ok
21:21:45.0468 6592 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:21:45.0468 6592 NdisTapi - ok
21:21:45.0515 6592 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:21:45.0515 6592 Ndisuio - ok
21:21:45.0561 6592 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:21:45.0577 6592 NdisWan - ok
21:21:45.0593 6592 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:21:45.0593 6592 NDProxy - ok
21:21:45.0624 6592 Netaapl (1352e1648213551923a0a822e441553c) C:\windows\system32\DRIVERS\netaapl.sys
21:21:45.0639 6592 Netaapl - ok
21:21:45.0686 6592 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:21:45.0686 6592 NetBIOS - ok
21:21:45.0733 6592 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:21:45.0733 6592 NetBT - ok
21:21:45.0764 6592 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:21:45.0764 6592 Netlogon - ok
21:21:45.0811 6592 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:21:45.0827 6592 Netman - ok
21:21:45.0858 6592 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:21:45.0858 6592 netprofm - ok
21:21:45.0936 6592 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:21:45.0936 6592 NetTcpPortSharing - ok
21:21:45.0983 6592 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:21:45.0983 6592 nfrd960 - ok
21:21:46.0014 6592 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:21:46.0029 6592 NlaSvc - ok
21:21:46.0045 6592 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:21:46.0045 6592 Npfs - ok
21:21:46.0061 6592 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:21:46.0076 6592 nsi - ok
21:21:46.0076 6592 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:21:46.0076 6592 nsiproxy - ok
21:21:46.0201 6592 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
21:21:46.0217 6592 Ntfs - ok
21:21:46.0232 6592 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:21:46.0232 6592 Null - ok
21:21:46.0279 6592 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
21:21:46.0279 6592 nvraid - ok
21:21:46.0295 6592 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
21:21:46.0310 6592 nvstor - ok
21:21:46.0341 6592 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:21:46.0341 6592 nv_agp - ok
21:21:46.0451 6592 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:21:46.0451 6592 odserv - ok
21:21:46.0497 6592 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:21:46.0497 6592 ohci1394 - ok
21:21:46.0544 6592 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:21:46.0544 6592 ose - ok
21:21:46.0638 6592 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:21:46.0638 6592 p2pimsvc - ok
21:21:46.0700 6592 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:21:46.0700 6592 p2psvc - ok
21:21:46.0716 6592 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:21:46.0731 6592 Parport - ok
21:21:46.0763 6592 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys
21:21:46.0763 6592 partmgr - ok
21:21:46.0778 6592 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:21:46.0778 6592 Parvdm - ok
21:21:46.0809 6592 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:21:46.0809 6592 PcaSvc - ok
21:21:46.0856 6592 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:21:46.0856 6592 pci - ok
21:21:46.0872 6592 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:21:46.0872 6592 pciide - ok
21:21:46.0919 6592 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:21:46.0919 6592 pcmcia - ok
21:21:46.0934 6592 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:21:46.0934 6592 pcw - ok
21:21:46.0981 6592 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:21:46.0997 6592 PEAUTH - ok
21:21:47.0043 6592 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
21:21:47.0043 6592 PGEffect - ok
21:21:47.0153 6592 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:21:47.0184 6592 pla - ok
21:21:47.0324 6592 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:21:47.0324 6592 PlugPlay - ok
21:21:47.0355 6592 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:21:47.0355 6592 PNRPAutoReg - ok
21:21:47.0387 6592 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:21:47.0387 6592 PNRPsvc - ok
21:21:47.0449 6592 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:21:47.0449 6592 PolicyAgent - ok
21:21:47.0496 6592 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:21:47.0511 6592 Power - ok
21:21:47.0574 6592 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:21:47.0574 6592 PptpMiniport - ok
21:21:47.0589 6592 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:21:47.0589 6592 Processor - ok
21:21:47.0636 6592 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll
21:21:47.0636 6592 ProfSvc - ok
21:21:47.0667 6592 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:21:47.0667 6592 ProtectedStorage - ok
21:21:47.0714 6592 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:21:47.0714 6592 Psched - ok
21:21:47.0808 6592 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:21:47.0823 6592 ql2300 - ok
21:21:47.0964 6592 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:21:47.0964 6592 ql40xx - ok
21:21:48.0011 6592 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:21:48.0011 6592 QWAVE - ok
21:21:48.0026 6592 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:21:48.0026 6592 QWAVEdrv - ok
21:21:48.0042 6592 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:21:48.0042 6592 RasAcd - ok
21:21:48.0073 6592 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:21:48.0089 6592 RasAgileVpn - ok
21:21:48.0104 6592 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:21:48.0104 6592 RasAuto - ok
21:21:48.0135 6592 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:21:48.0135 6592 Rasl2tp - ok
21:21:48.0213 6592 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:21:48.0213 6592 RasMan - ok
21:21:48.0260 6592 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:21:48.0260 6592 RasPppoe - ok
21:21:48.0276 6592 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:21:48.0276 6592 RasSstp - ok
21:21:48.0323 6592 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:21:48.0323 6592 rdbss - ok
21:21:48.0354 6592 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:21:48.0354 6592 rdpbus - ok
21:21:48.0369 6592 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:21:48.0369 6592 RDPCDD - ok
21:21:48.0401 6592 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:21:48.0401 6592 RDPENCDD - ok
21:21:48.0416 6592 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:21:48.0416 6592 RDPREFMP - ok
21:21:48.0447 6592 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys
21:21:48.0447 6592 RDPWD - ok
21:21:48.0494 6592 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:21:48.0494 6592 rdyboost - ok
21:21:48.0525 6592 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:21:48.0541 6592 RemoteAccess - ok
21:21:48.0572 6592 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:21:48.0588 6592 RemoteRegistry - ok
21:21:48.0619 6592 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\windows\system32\Drivers\RimUsb.sys
21:21:48.0650 6592 RimUsb - ok
21:21:48.0697 6592 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\windows\system32\DRIVERS\RimSerial.sys
21:21:48.0697 6592 RimVSerPort - ok
21:21:48.0728 6592 ROOTMODEM (564297827d213f52c7a3a2ff749568ca) C:\windows\system32\Drivers\RootMdm.sys
21:21:48.0728 6592 ROOTMODEM - ok
21:21:48.0759 6592 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:21:48.0759 6592 RpcEptMapper - ok
21:21:48.0775 6592 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:21:48.0775 6592 RpcLocator - ok
21:21:48.0837 6592 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:21:48.0837 6592 RpcSs - ok
21:21:48.0869 6592 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:21:48.0869 6592 rspndr - ok
21:21:48.0931 6592 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\windows\system32\Drivers\RtsUStor.sys
21:21:48.0947 6592 RSUSBSTOR - ok
21:21:48.0978 6592 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:21:48.0978 6592 SamSs - ok
21:21:49.0025 6592 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:21:49.0040 6592 sbp2port - ok
21:21:49.0071 6592 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:21:49.0071 6592 SCardSvr - ok
21:21:49.0103 6592 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:21:49.0103 6592 scfilter - ok
21:21:49.0165 6592 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:21:49.0181 6592 Schedule - ok
21:21:49.0212 6592 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:21:49.0212 6592 SCPolicySvc - ok
21:21:49.0243 6592 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:21:49.0243 6592 SDRSVC - ok
21:21:49.0290 6592 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:21:49.0290 6592 secdrv - ok
21:21:49.0305 6592 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:21:49.0305 6592 seclogon - ok
21:21:49.0337 6592 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
21:21:49.0337 6592 SENS - ok
21:21:49.0352 6592 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:21:49.0352 6592 SensrSvc - ok
21:21:49.0383 6592 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:21:49.0383 6592 Serenum - ok
21:21:49.0446 6592 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:21:49.0446 6592 Serial - ok
21:21:49.0493 6592 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:21:49.0493 6592 sermouse - ok
21:21:49.0539 6592 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:21:49.0539 6592 SessionEnv - ok
21:21:49.0571 6592 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:21:49.0571 6592 sffdisk - ok
21:21:49.0571 6592 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:21:49.0571 6592 sffp_mmc - ok
21:21:49.0602 6592 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:21:49.0602 6592 sffp_sd - ok
21:21:49.0633 6592 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:21:49.0633 6592 sfloppy - ok
21:21:49.0711 6592 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:21:49.0711 6592 SharedAccess - ok
21:21:49.0758 6592 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:21:49.0773 6592 ShellHWDetection - ok
21:21:49.0805 6592 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:21:49.0805 6592 sisagp - ok
21:21:49.0851 6592 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:21:49.0851 6592 SiSRaid2 - ok
21:21:49.0867 6592 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:21:49.0867 6592 SiSRaid4 - ok
21:21:50.0007 6592 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
21:21:50.0007 6592 SkypeUpdate - ok
21:21:50.0039 6592 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:21:50.0039 6592 Smb - ok
21:21:50.0070 6592 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:21:50.0070 6592 SNMPTRAP - ok
21:21:50.0101 6592 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:21:50.0101 6592 spldr - ok
21:21:50.0148 6592 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:21:50.0163 6592 Spooler - ok
21:21:50.0351 6592 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:21:50.0429 6592 sppsvc - ok
21:21:50.0569 6592 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:21:50.0569 6592 sppuinotify - ok
21:21:50.0678 6592 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:21:50.0678 6592 SQLBrowser - ok
21:21:50.0694 6592 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:21:50.0694 6592 SQLWriter - ok
21:21:50.0772 6592 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:21:50.0772 6592 srv - ok
21:21:50.0803 6592 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:21:50.0803 6592 srv2 - ok
21:21:50.0819 6592 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:21:50.0819 6592 srvnet - ok
21:21:50.0850 6592 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:21:50.0865 6592 SSDPSRV - ok
21:21:50.0881 6592 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:21:50.0881 6592 SstpSvc - ok
21:21:50.0912 6592 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:21:50.0912 6592 stexstor - ok
21:21:50.0975 6592 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:21:50.0975 6592 StiSvc - ok
21:21:51.0006 6592 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:21:51.0021 6592 swenum - ok
21:21:51.0053 6592 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:21:51.0068 6592 swprv - ok
21:21:51.0115 6592 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
21:21:51.0115 6592 SynTP - ok
21:21:51.0209 6592 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:21:51.0224 6592 SysMain - ok
21:21:51.0255 6592 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:21:51.0271 6592 TabletInputService - ok
21:21:51.0302 6592 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:21:51.0318 6592 TapiSrv - ok
21:21:51.0333 6592 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:21:51.0333 6592 TBS - ok
21:21:51.0474 6592 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys
21:21:51.0489 6592 Tcpip - ok
21:21:51.0521 6592 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys
21:21:51.0521 6592 TCPIP6 - ok
21:21:51.0552 6592 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:21:51.0567 6592 tcpipreg - ok
21:21:51.0583 6592 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:21:51.0583 6592 tdcmdpst - ok
21:21:51.0630 6592 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:21:51.0630 6592 TDPIPE - ok
21:21:51.0661 6592 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:21:51.0661 6592 TDTCP - ok
21:21:51.0708 6592 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:21:51.0708 6592 tdx - ok
21:21:51.0739 6592 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:21:51.0739 6592 TermDD - ok
21:21:51.0786 6592 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:21:51.0801 6592 TermService - ok
21:21:51.0817 6592 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:21:51.0817 6592 Themes - ok
21:21:51.0864 6592 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys
21:21:51.0879 6592 Thpdrv - ok
21:21:51.0895 6592 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS
21:21:51.0895 6592 Thpevm - ok
21:21:51.0942 6592 Thpsrv (32c625d61d2c7cb1eaac3f094d0887c1) C:\windows\system32\ThpSrv.exe
21:21:51.0942 6592 Thpsrv - ok
21:21:51.0973 6592 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:21:51.0973 6592 THREADORDER - ok
21:21:52.0051 6592 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:21:52.0051 6592 TMachInfo - ok
21:21:52.0098 6592 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\windows\system32\TODDSrv.exe
21:21:52.0113 6592 TODDSrv - ok
21:21:52.0176 6592 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:21:52.0176 6592 TosCoSrv - ok
21:21:52.0223 6592 TOSHIBA Bluetooth Service (05fe4c62e05c2f974500a02c91032877) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
21:21:52.0223 6592 TOSHIBA Bluetooth Service - ok
21:21:52.0269 6592 TOSHIBA eco Utility Service (c2b3b621d6b6ebbedc4fbcac712a3a6c) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:21:52.0269 6592 TOSHIBA eco Utility Service - ok
21:21:52.0316 6592 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:21:52.0316 6592 TOSHIBA HDD SSD Alert Service - ok
21:21:52.0347 6592 Tosrfcom - ok
21:21:52.0379 6592 tosrfec (9ee240f7029771b21cc6200be6516d60) C:\windows\system32\DRIVERS\tosrfec.sys
21:21:52.0379 6592 tosrfec - ok
21:21:52.0457 6592 TPCHSrv (7a3015457209333d5d08ff10a8f0c120) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:21:52.0457 6592 TPCHSrv - ok
21:21:52.0472 6592 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:21:52.0488 6592 TrkWks - ok
21:21:52.0535 6592 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:21:52.0550 6592 TrustedInstaller - ok
21:21:52.0581 6592 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:21:52.0581 6592 tssecsrv - ok
21:21:52.0628 6592 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:21:52.0628 6592 TsUsbFlt - ok
21:21:52.0675 6592 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:21:52.0675 6592 tunnel - ok
21:21:52.0722 6592 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:21:52.0722 6592 TVALZ - ok
21:21:52.0737 6592 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
21:21:52.0737 6592 TVALZFL - ok
21:21:52.0769 6592 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:21:52.0769 6592 uagp35 - ok
21:21:52.0815 6592 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:21:52.0815 6592 udfs - ok
21:21:52.0831 6592 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:21:52.0847 6592 UI0Detect - ok
21:21:52.0878 6592 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:21:52.0878 6592 uliagpkx - ok
21:21:52.0909 6592 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:21:52.0925 6592 umbus - ok
21:21:52.0940 6592 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:21:52.0940 6592 UmPass - ok
21:21:53.0159 6592 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:21:53.0174 6592 UNS - ok
21:21:53.0299 6592 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:21:53.0299 6592 upnphost - ok
21:21:53.0361 6592 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\windows\system32\Drivers\usbaapl.sys
21:21:53.0377 6592 USBAAPL - ok
21:21:53.0408 6592 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
21:21:53.0408 6592 usbccgp - ok
21:21:53.0439 6592 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:21:53.0439 6592 usbcir - ok
21:21:53.0471 6592 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
21:21:53.0471 6592 usbehci - ok
21:21:53.0502 6592 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
21:21:53.0502 6592 usbhub - ok
21:21:53.0533 6592 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
21:21:53.0549 6592 usbohci - ok
21:21:53.0580 6592 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:21:53.0580 6592 usbprint - ok
21:21:53.0627 6592 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys
21:21:53.0627 6592 usbscan - ok
21:21:53.0658 6592 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:21:53.0673 6592 USBSTOR - ok
21:21:53.0689 6592 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
21:21:53.0689 6592 usbuhci - ok
21:21:53.0736 6592 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
21:21:53.0736 6592 usbvideo - ok
21:21:53.0767 6592 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:21:53.0767 6592 UxSms - ok
21:21:53.0783 6592 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:21:53.0783 6592 VaultSvc - ok
21:21:53.0845 6592 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:21:53.0845 6592 vdrvroot - ok
21:21:53.0892 6592 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:21:53.0907 6592 vds - ok
21:21:53.0954 6592 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:21:53.0954 6592 vga - ok
21:21:53.0970 6592 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:21:53.0970 6592 VgaSave - ok
21:21:54.0017 6592 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:21:54.0017 6592 vhdmp - ok
21:21:54.0063 6592 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:21:54.0063 6592 viaagp - ok
21:21:54.0095 6592 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:21:54.0095 6592 ViaC7 - ok
21:21:54.0141 6592 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:21:54.0141 6592 viaide - ok
21:21:54.0235 6592 VMCService (6e021d6da429ad7288fe8322e2bba96b) C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
21:21:54.0235 6592 VMCService - ok
21:21:54.0266 6592 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:21:54.0266 6592 volmgr - ok
21:21:54.0313 6592 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:21:54.0313 6592 volmgrx - ok
21:21:54.0360 6592 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:21:54.0360 6592 volsnap - ok
21:21:54.0391 6592 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:21:54.0391 6592 vsmraid - ok
21:21:54.0469 6592 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:21:54.0485 6592 VSS - ok
21:21:54.0625 6592 vToolbarUpdater11.1.0 (5fa45791413acce628d5361458f32dde) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
21:21:54.0641 6592 vToolbarUpdater11.1.0 - ok
21:21:54.0765 6592 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:21:54.0765 6592 vwifibus - ok
21:21:54.0797 6592 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:21:54.0797 6592 vwififlt - ok
21:21:54.0828 6592 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\windows\system32\DRIVERS\vwifimp.sys
21:21:54.0828 6592 vwifimp - ok
21:21:54.0890 6592 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:21:54.0890 6592 W32Time - ok
21:21:54.0906 6592 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:21:54.0906 6592 WacomPen - ok
21:21:54.0968 6592 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:21:54.0968 6592 WANARP - ok
21:21:54.0968 6592 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:21:54.0968 6592 Wanarpv6 - ok
21:21:55.0093 6592 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
21:21:55.0249 6592 WatAdminSvc - ok
21:21:55.0343 6592 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:21:55.0374 6592 wbengine - ok
21:21:55.0389 6592 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:21:55.0405 6592 WbioSrvc - ok
21:21:55.0436 6592 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:21:55.0436 6592 wcncsvc - ok
21:21:55.0452 6592 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:21:55.0452 6592 WcsPlugInService - ok
21:21:55.0499 6592 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:21:55.0499 6592 Wd - ok
21:21:55.0545 6592 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:21:55.0545 6592 Wdf01000 - ok
21:21:55.0577 6592 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:21:55.0577 6592 WdiServiceHost - ok
21:21:55.0577 6592 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:21:55.0592 6592 WdiSystemHost - ok
21:21:55.0623 6592 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
21:21:55.0639 6592 WebClient - ok
21:21:55.0655 6592 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:21:55.0655 6592 Wecsvc - ok
21:21:55.0686 6592 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:21:55.0701 6592 wercplsupport - ok
21:21:55.0733 6592 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:21:55.0733 6592 WerSvc - ok
21:21:55.0764 6592 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:21:55.0764 6592 WfpLwf - ok
21:21:55.0779 6592 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:21:55.0779 6592 WIMMount - ok
21:21:55.0904 6592 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:21:55.0920 6592 WinDefend - ok
21:21:55.0920 6592 WinHttpAutoProxySvc - ok
21:21:55.0982 6592 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:21:55.0982 6592 Winmgmt - ok
21:21:56.0076 6592 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:21:56.0091 6592 WinRM - ok
21:21:56.0169 6592 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
21:21:56.0169 6592 WinUsb - ok
21:21:56.0232 6592 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:21:56.0247 6592 Wlansvc - ok
21:21:56.0372 6592 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:21:56.0372 6592 wlcrasvc - ok
21:21:56.0528 6592 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:21:56.0559 6592 wlidsvc - ok
21:21:56.0684 6592 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:21:56.0684 6592 WmiAcpi - ok
21:21:56.0747 6592 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:21:56.0747 6592 wmiApSrv - ok
21:21:56.0903 6592 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:21:56.0918 6592 WMPNetworkSvc - ok
21:21:56.0934 6592 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:21:56.0949 6592 WPCSvc - ok
21:21:56.0981 6592 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:21:56.0981 6592 WPDBusEnum - ok
21:21:57.0043 6592 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:21:57.0043 6592 ws2ifsl - ok
21:21:57.0105 6592 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
21:21:57.0105 6592 wscsvc - ok
21:21:57.0105 6592 WSearch - ok
21:21:57.0246 6592 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll
21:21:57.0277 6592 wuauserv - ok
21:21:57.0417 6592 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:21:57.0417 6592 WudfPf - ok
21:21:57.0449 6592 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:21:57.0449 6592 WUDFRd - ok
21:21:57.0495 6592 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:21:57.0511 6592 wudfsvc - ok
21:21:57.0542 6592 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:21:57.0558 6592 WwanSvc - ok
21:21:57.0667 6592 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:21:57.0948 6592 \Device\Harddisk0\DR0 - ok
21:21:57.0963 6592 Boot (0x1200) (6200021b1f81b1853e19e46a9deafe09) \Device\Harddisk0\DR0\Partition0
21:21:57.0963 6592 \Device\Harddisk0\DR0\Partition0 - ok
21:21:57.0963 6592 ============================================================
21:21:57.0963 6592 Scan finished
21:21:57.0963 6592 ============================================================
21:21:57.0979 6568 Detected object count: 0
21:21:57.0979 6568 Actual detected object count: 0

#12 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 01 July 2012 - 07:20 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 21:25:36
-----------------------------
21:25:36.261 OS Version: Windows 6.1.7601 Service Pack 1
21:25:36.261 Number of processors: 4 586 0x2502
21:25:36.261 ComputerName: ADMIN-PC UserName: Admin
21:25:37.665 Initialize success
21:27:24.715 AVAST engine defs: 12070100
21:44:06.721 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-01 21:44:26
-----------------------------
21:44:26.978 OS Version: Windows 6.1.7601 Service Pack 1
21:44:26.978 Number of processors: 4 586 0x2502
21:44:26.978 ComputerName: ADMIN-PC UserName: Admin
21:44:28.522 Initialize success
21:44:32.953 AVAST engine defs: 12070100
21:44:35.792 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:44:35.792 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
21:44:35.823 Disk 0 MBR read successfully
21:44:35.823 Disk 0 MBR scan
21:44:35.823 Disk 0 Windows VISTA default MBR code
21:44:35.839 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
21:44:35.854 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596841 MB offset 3074048
21:44:35.886 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 12138 MB offset 1225404416
21:44:35.932 Disk 0 scanning sectors +1250263040
21:44:36.026 Disk 0 scanning C:\windows\system32\drivers
21:44:47.352 Service scanning
21:45:37.041 Modules scanning
21:45:52.672 Disk 0 trace - called modules:
21:45:52.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys halmacpi.dll ACPI.sys iaStor.sys
21:45:52.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8823c518]
21:45:52.703 3 CLASSPNP.SYS[8bb9a59e] -> nt!IofCallDriver -> \Device\THPDRV1[0x8823b808]
21:45:52.719 5 thpdrv.sys[8bdd999f] -> nt!IofCallDriver -> [0x866fd950]
21:45:52.719 7 ACPI.sys[8b4433d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8599d028]
21:45:54.076 AVAST engine scan C:\windows
21:45:57.992 AVAST engine scan C:\windows\system32
21:49:15.824 AVAST engine scan C:\windows\system32\drivers
21:49:34.435 AVAST engine scan C:\Users\Admin
22:00:04.478 AVAST engine scan C:\ProgramData
22:02:42.939 Scan finished successfully
22:19:57.841 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
22:19:57.841 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 AM

Posted 01 July 2012 - 01:17 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 sanne_lily

sanne_lily
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 02 July 2012 - 09:07 AM

Hi Gringo

here it is:

ComboFix 12-06-28.03 - Admin 02/07/2012 23:57:32.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3063.1950 [GMT 10:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-02 to 2012-07-02 )))))))))))))))))))))))))))))))
.
.
2012-07-02 14:03 . 2012-07-02 14:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 23:47 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 23:47 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 23:47 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 23:47 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 23:47 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 23:47 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 23:47 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 23:46 . 2012-06-02 05:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 23:46 . 2012-06-02 05:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-21 08:02 . 2012-06-21 08:02 -------- d-----w- c:\users\Admin\AppData\Roaming\AVG2012
2012-06-21 08:00 . 2012-06-21 08:00 -------- d-----w- c:\users\Admin\AppData\Local\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:50 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:00 -------- d-----w- c:\program files\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:00 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-06-21 08:00 . 2012-06-21 08:00 -------- d--h--w- c:\programdata\Common Files
2012-06-21 07:59 . 2012-07-01 23:23 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-21 07:59 . 2012-06-21 07:59 -------- d-----w- C:\$AVG
2012-06-21 07:59 . 2012-06-21 10:42 -------- d-----w- c:\programdata\AVG2012
2012-06-21 07:59 . 2012-06-21 07:59 -------- d-----w- c:\program files\AVG
2012-06-21 07:56 . 2012-07-02 10:54 -------- d-----w- c:\programdata\MFAData
2012-06-21 07:35 . 2012-06-21 07:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-20 08:53 . 2012-06-20 08:53 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-20 08:02 . 2012-06-20 08:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-20 08:02 . 2012-06-20 08:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 10:45 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 10:45 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 10:45 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-21 07:37 . 2009-07-13 23:11 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-04-18 18:50 . 2012-04-18 18:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-13 07:36 . 2012-05-01 07:54 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0932145-1B68-4ADB-BFB4-62C96A413619}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 01:28 1307928 ----a-w- c:\program files\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-21 08:00 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-21 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-08-11 39408]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-05-02 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-03-17 1328480]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-09 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-07-04 2072576]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-11 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-26 421736]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-21 1104440]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Start Optus Remote Diagnostics.lnk - c:\users\Admin\Optus\Remote Diagnostics\cpmmgrd.exe [2010-9-13 296448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]
S2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI32.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 08:02]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 11:29]
.
2012-07-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-02 11:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{0574B48B-91E1-42C1-B8D2-82D05BEAEDC5}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{164B9CA6-B726-43BE-BDEC-F035C873922F}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{3D3BFD05-C4D9-40B0-AC0E-06AB8ABEA343}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{6B97B538-0C9F-4428-8619-45FB5F443D19}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{DB087E88-CBB8-4877-AA1C-6B91925CA526}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{E9EC7C21-56CC-49C0-9FE9-013BFD2478F5}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{F3047EF7-ACDE-48FF-A91C-E7B08C2BDEC2}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{F8B5D09C-8327-45B1-9027-3418727A8F69}: NameServer = 61.88.88.88 211.29.132.12
TCP: Interfaces\{FC601EEC-D03C-4598-8832-9F684FDF3498}: NameServer = 61.88.88.88 211.29.132.12
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-03 00:04:39
ComboFix-quarantined-files.txt 2012-07-02 14:04
ComboFix2.txt 2012-06-30 01:09
.
Pre-Run: 542,338,760,704 bytes free
Post-Run: 542,141,497,344 bytes free
.
- - End Of File - - B339D30C416D01F96298EE71600DA899


I have not had many problems with my computer now - from what I can tell! :thumbup2:

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:18 AM

Posted 02 July 2012 - 04:26 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users