Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse Dropper.Generic_c.mmi


  • This topic is locked This topic is locked
15 replies to this topic

#1 mrs. greenbean

mrs. greenbean

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 19 July 2012 - 08:53 PM

I have seen other forums with the same issue I am currently having. Even thought about follow those instructions. However, since every resolution is specific to the user I deemed it neccesary to get my own resolution.

Specs are as folllows:

Laptop: Toshiba Satellite C655
Windows 7 Home Premium (Service Pack 1)
Processor: Intel Celeron CPU B800
System: 64 bit

Installed and Ran Norton Security Suite
Did clean up a few things but could not remove this Trojan horse dropper.generic_c.mmi

Uninstalled Norton

Installed MBAM

Results:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.19.14

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alicia :: ALICIA-LAPTOP [administrator]

Protection: Enabled

7/19/2012 5:41:51 PM
mbam-log-2012-07-19 (17-41-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 192503
Time elapsed: 4 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)


Installed AVG and ran scan but cannot figure out how to pull the log for you.

I would really like to be able to fix this myself eventhough I'm not a computer geek. Thanks for your time and assistance in advance

BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 19 July 2012 - 09:08 PM

Hello Victim,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the ADD REPLY button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.


Do you have a USB Flash Drive you can use?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 21 July 2012 - 04:26 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 mrs. greenbean

mrs. greenbean
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 21 July 2012 - 06:02 PM

Sorry for the delay, had to work today.

Yes I do have a flash drive.

#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 21 July 2012 - 08:48 PM

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list][/quote]

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 mrs. greenbean

mrs. greenbean
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 22 July 2012 - 06:42 PM

frst log:

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 22-07-2012 18:30:44
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167256 2011-04-07] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [391000 2011-04-07] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [418136 2011-04-07] (Intel Corporation)
HKLM\...\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [dleamon.exe] "C:\Program Files (x86)\Dell V310-V510 Series\dleamon.exe" [770728 2011-01-23] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Dell V310-V510 Series\ezprint.exe" [139944 2011-01-23] ()
HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1147488 2012-07-17] ()
HKU\Alicia\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\Alicia\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-10-14] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-13] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 dleaCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [45224 2010-05-21] ()
2 dlea_device; C:\windows\system32\dleacoms.exe -service [1052328 2010-05-21] ( )
2 dlea_device; C:\windows\SysWow64\dleacoms.exe -service [598696 2010-05-21] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
2 vToolbarUpdater12.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [830048 2012-07-17] ()

========================== Drivers (Whitelisted) =============

1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [30568 2012-07-17] (AVG Technologies)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [42096 2010-10-18] (Atheros)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 tosrfec; C:\Windows\System32\Drivers\tosrfec.sys [18872 2010-06-18] (TOSHIBA Corporation)
3 Tosrfcom; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-22 15:03 - 2012-07-22 15:05 - 01437781 ____A (Farbar) C:\Users\Alicia\Downloads\FRST64 (2).exe
2012-07-21 15:26 - 2012-07-22 15:12 - 00003006 ____A C:\Users\Alicia\Documents\fireman4it instructions.txt
2012-07-21 10:26 - 2012-07-21 10:26 - 16409960 ____A (Safer Networking Limited ) C:\Users\Alicia\Downloads\spybotsd162.exe
2012-07-19 17:15 - 2012-07-19 17:17 - 00000000 ____D C:\Users\Alicia\Documents\AVG Scans
2012-07-19 14:35 - 2012-07-22 18:30 - 00000000 ____D C:\FRST
2012-07-19 14:34 - 2012-07-19 14:35 - 01437107 ____A (Farbar) C:\Users\Alicia\Downloads\FRST64 (1).exe
2012-07-17 14:50 - 2012-07-17 14:50 - 01437107 ____A (Farbar) C:\Users\Alicia\Downloads\FRST64.exe
2012-07-17 12:17 - 2012-07-17 14:18 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\AVG
2012-07-17 11:33 - 2012-07-17 11:33 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-17 11:33 - 2012-07-17 11:33 - 00000976 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\AVG2012
2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Users\Alicia\AppData\Local\AVG Secure Search
2012-07-17 11:33 - 2012-07-17 11:33 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-07-17 11:32 - 2012-07-17 11:32 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-17 11:31 - 2012-07-21 14:59 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-17 11:31 - 2012-07-19 14:21 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-17 11:31 - 2012-07-17 11:31 - 00000000 ___HD C:\$AVG
2012-07-17 11:30 - 2012-07-17 12:16 - 00000000 ____D C:\Program Files (x86)\AVG
2012-07-17 11:26 - 2012-07-21 14:59 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-16 18:53 - 2012-07-17 10:17 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
2012-07-16 18:53 - 2012-07-16 18:53 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\SpeedyPC Software
2012-07-16 18:53 - 2012-07-16 18:53 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\DriverCure
2012-07-16 18:10 - 2012-07-16 18:22 - 00000000 ____D C:\Users\Alicia\AppData\Local\NPE
2012-07-16 17:59 - 2012-07-16 17:59 - 00000000 ____D C:\Users\All Users\PCSettings
2012-07-16 17:59 - 2012-07-16 17:59 - 00000000 ____D C:\Users\Alicia\Documents\Symantec
2012-07-16 17:57 - 2012-07-16 17:57 - 00000000 ____D C:\Users\Public\Downloads\Norton
2012-07-16 17:14 - 2012-07-16 17:14 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-07-16 17:14 - 2012-07-16 17:14 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\Malwarebytes
2012-07-16 17:14 - 2012-07-16 17:14 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-16 17:14 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-16 16:59 - 2012-07-16 17:00 - 00000469 ____A C:\rkill.log
2012-07-16 16:55 - 2012-07-16 17:38 - 00094370 ____A C:\Windows\ntbtlog.txt.bak
2012-07-13 11:17 - 2012-07-13 11:17 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-12 10:45 - 2012-07-12 10:46 - 00000000 ____D C:\Users\Alicia\AppData\Roaming\vlc
2012-07-12 10:44 - 2012-07-12 10:44 - 00000000 ____D C:\Users\Alicia\AppData\Local\Ilivid Player
2012-07-12 03:44 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 03:44 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 03:44 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 03:44 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 03:44 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 03:44 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 03:44 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 03:44 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 03:44 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 03:44 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 03:44 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 03:44 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 03:44 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 03:44 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 03:44 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 03:44 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 03:44 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 03:44 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 03:44 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 03:44 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 03:44 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 03:44 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 03:44 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 03:44 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 03:44 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 03:44 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 03:44 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 03:44 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 16:02 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 15:12 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 15:12 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 15:12 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 15:12 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 15:12 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 15:12 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 15:12 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 15:12 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 15:12 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 15:12 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 15:12 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 15:12 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 15:12 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 15:12 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 15:12 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 15:12 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 15:12 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 15:12 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 15:12 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-01 16:43 - 2012-07-01 16:43 - 29437400 ____A (Amazon.com) C:\Users\Alicia\Downloads\KindleForPC-installer.exe
2012-06-30 13:52 - 2012-07-17 11:10 - 00000000 ____D C:\Users\All Users\Symantec
2012-06-30 13:50 - 2012-06-30 13:50 - 00000000 ____D C:\Users\Alicia\AppData\Local\Chromium
2012-06-26 17:21 - 2012-06-26 17:21 - 00000000 ____D C:\Users\Alicia\Documents\New folder
2012-06-26 17:21 - 2012-06-26 17:21 - 00000000 ____D C:\Users\Alicia\Documents\Book1

============ 3 Months Modified Files ========================

2012-07-22 15:13 - 2009-07-13 21:13 - 00727072 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-22 15:12 - 2012-07-21 15:26 - 00003006 ____A C:\Users\Alicia\Documents\fireman4it instructions.txt
2012-07-22 15:05 - 2012-07-22 15:03 - 01437781 ____A (Farbar) C:\Users\Alicia\Downloads\FRST64 (2).exe
2012-07-22 15:05 - 2011-10-14 22:38 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-22 14:57 - 2012-04-13 14:43 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-22 14:57 - 2011-10-14 22:38 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-22 14:57 - 2011-10-14 21:55 - 01221287 ____A C:\Windows\WindowsUpdate.log
2012-07-21 10:26 - 2012-07-21 10:26 - 16409960 ____A (Safer Networking Limited ) C:\Users\Alicia\Downloads\spybotsd162.exe
2012-07-19 17:38 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-19 17:38 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-19 15:14 - 2012-01-05 17:05 - 00004230 ____A C:\Users\All Users\dleascan.log
2012-07-19 14:48 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-19 14:48 - 2009-07-13 20:51 - 00046811 ____A C:\Windows\setupact.log
2012-07-19 14:35 - 2012-07-19 14:34 - 01437107 ____A (Farbar) C:\Users\Alicia\Downloads\FRST64 (1).exe
2012-07-19 14:20 - 2010-11-20 19:47 - 02110718 ____A C:\Windows\PFRO.log
2012-07-17 14:50 - 2012-07-17 14:50 - 01437107 ____A (Farbar) C:\Users\Alicia\Downloads\FRST64.exe
2012-07-17 11:33 - 2012-07-17 11:33 - 00030568 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-07-17 11:33 - 2012-07-17 11:33 - 00000976 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-16 17:38 - 2012-07-16 16:55 - 00094370 ____A C:\Windows\ntbtlog.txt.bak
2012-07-16 17:00 - 2012-07-16 16:59 - 00000469 ____A C:\rkill.log
2012-07-12 03:40 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 18:28 - 2012-01-08 12:04 - 00056828 ____A C:\Users\Alicia\Desktop\Coupons.xlsx
2012-07-11 17:48 - 2012-04-13 14:43 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 17:48 - 2011-08-07 18:07 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 15:59 - 2012-02-05 10:57 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-03 10:46 - 2012-07-16 17:14 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-01 16:43 - 2012-07-01 16:43 - 29437400 ____A (Amazon.com) C:\Users\Alicia\Downloads\KindleForPC-installer.exe
2012-07-01 16:43 - 2012-04-22 15:18 - 00002253 ____A C:\Users\Alicia\Desktop\Kindle.lnk
2012-06-27 16:35 - 2012-03-09 14:52 - 00042300 ____A C:\Users\Alicia\Desktop\Bill List.xlsx
2012-06-11 19:08 - 2012-07-11 16:02 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 15:12 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 15:12 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 15:12 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 15:12 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 15:12 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 15:12 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 15:12 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 15:12 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 10:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 10:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 10:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 10:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 10:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 10:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 10:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 10:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 10:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 03:44 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 03:44 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 03:44 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 03:44 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 03:44 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 03:44 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 03:44 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 03:44 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 03:44 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 03:44 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 03:44 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 03:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 03:44 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 03:44 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 03:44 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 03:44 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 03:44 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 03:44 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 03:44 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 03:44 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 03:44 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 03:44 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 03:44 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 03:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 03:44 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 03:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 03:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 03:44 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 15:12 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 15:12 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 15:12 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 15:12 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 15:12 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 15:12 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 15:12 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 15:12 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 15:12 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-16 00:10 - 2012-04-17 14:11 - 00002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-16 00:09 - 2012-05-16 00:09 - 00001856 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-05-04 03:06 - 2012-06-13 06:36 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 06:36 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 06:36 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 06:36 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 06:36 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 06:36 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 06:36 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 06:36 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe


ZeroAccess:
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\@
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\L
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\L\00000004.@
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\L\1afb2d56
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\L\201d3dde
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U\00000004.@
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U\00000008.@
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U\000000cb.@
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U\80000000.@
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U\80000032.@
C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}\U\80000064.@

ZeroAccess:
C:\Users\Alicia\AppData\Local\{feb10708-6fe6-a64b-8480-d2495a840fff}
C:\Users\Alicia\AppData\Local\{feb10708-6fe6-a64b-8480-d2495a840fff}\@
C:\Users\Alicia\AppData\Local\{feb10708-6fe6-a64b-8480-d2495a840fff}\L
C:\Users\Alicia\AppData\Local\{feb10708-6fe6-a64b-8480-d2495a840fff}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3019.86 MB
Available physical RAM: 2502.8 MB
Total Pagefile: 3018.06 MB
Available Pagefile: 2495.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (TI106238W0C) (Fixed) (Total:284.35 GB) (Free:230.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.94 GB) (Free:0.15 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 961 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 284 GB 1501 MB
Partition 3 Primary 12 GB 285 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI106238W0C NTFS Partition 284 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 960 MB 132 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 960 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-30 13:47

======================= End Of Log ==========================

#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 22 July 2012 - 10:38 PM

1.
Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff}
C:\Users\Alicia\AppData\Local\{feb10708-6fe6-a64b-8480-d2495a840fff}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


2.
We need to find a replacement file on your system

Please do the following:

  • boot into System Recovery Options and run FRST64.
  • Type the following in the edit box after "Search:" so it looks like this:

    Search: services.exe

Click Search button and post the log it makes to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 mrs. greenbean

mrs. greenbean
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 23 July 2012 - 06:01 PM

FIXLOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 17:45:42 Run:1
Running from F:\

==============================================

C:\Windows\Installer\{feb10708-6fe6-a64b-8480-d2495a840fff} moved successfully.
C:\Users\Alicia\AppData\Local\{feb10708-6fe6-a64b-8480-d2495a840fff} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====



SERVICES.EXE

Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 17:46:44
Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 23 July 2012 - 09:09 PM

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe  C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 mrs. greenbean

mrs. greenbean
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 24 July 2012 - 04:30 PM

FIXLOG



Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 16:25:32 Run:2
Running from F:\

==============================================

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 24 July 2012 - 04:33 PM

Hello,

Very good work so far! :thumbup2: We will now run some very powerful tools.

1.
Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.


2.
Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.


Things to include in your next reply::
TdssKiller log
Combofix.txt
How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 mrs. greenbean

mrs. greenbean
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 25 July 2012 - 01:36 PM

:dance:
It seems as though everything is back to normal. When I ran Combofix none of the windows shown on your instructions showed up so I thought I did something wrong. Then none of my programs would open once combofix was complete. So now I was really worried. Deciding at this point that if my laptop does infact crash upon restart I'll just cry and use the desktop. Fortunately though upon restart everything is working and no pop ups from AVG. Hence the dancing emoticon.

Thank YOU



***********************************************************
TDSSKILLER LOG
***********************************************************

12:32:05.0982 6116 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:32:07.0042 6116 ============================================================
12:32:07.0042 6116 Current date / time: 2012/07/25 12:32:07.0042
12:32:07.0042 6116 SystemInfo:
12:32:07.0042 6116
12:32:07.0042 6116 OS Version: 6.1.7601 ServicePack: 1.0
12:32:07.0042 6116 Product type: Workstation
12:32:07.0042 6116 ComputerName: ALICIA-LAPTOP
12:32:07.0042 6116 UserName: Alicia
12:32:07.0042 6116 Windows directory: C:\windows
12:32:07.0042 6116 System windows directory: C:\windows
12:32:07.0042 6116 Running under WOW64
12:32:07.0042 6116 Processor architecture: Intel x64
12:32:07.0042 6116 Number of processors: 2
12:32:07.0042 6116 Page size: 0x1000
12:32:07.0042 6116 Boot type: Normal boot
12:32:07.0042 6116 ============================================================
12:32:07.0542 6116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:32:07.0557 6116 ============================================================
12:32:07.0557 6116 \Device\Harddisk0\DR0:
12:32:07.0557 6116 MBR partitions:
12:32:07.0557 6116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238B4000
12:32:07.0557 6116 ============================================================
12:32:07.0588 6116 C: <-> \Device\Harddisk0\DR0\Partition0
12:32:07.0588 6116 ============================================================
12:32:07.0588 6116 Initialize success
12:32:07.0588 6116 ============================================================
12:32:34.0966 0892 ============================================================
12:32:34.0966 0892 Scan started
12:32:34.0966 0892 Mode: Manual;
12:32:34.0966 0892 ============================================================
12:32:35.0700 0892 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
12:32:35.0700 0892 1394ohci - ok
12:32:35.0762 0892 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
12:32:35.0778 0892 ACPI - ok
12:32:35.0809 0892 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
12:32:35.0809 0892 AcpiPmi - ok
12:32:35.0887 0892 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:32:35.0887 0892 AdobeARMservice - ok
12:32:36.0058 0892 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:32:36.0074 0892 AdobeFlashPlayerUpdateSvc - ok
12:32:36.0136 0892 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
12:32:36.0152 0892 adp94xx - ok
12:32:36.0214 0892 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
12:32:36.0230 0892 adpahci - ok
12:32:36.0261 0892 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
12:32:36.0277 0892 adpu320 - ok
12:32:36.0324 0892 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
12:32:36.0324 0892 AeLookupSvc - ok
12:32:36.0433 0892 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
12:32:36.0448 0892 AFD - ok
12:32:36.0511 0892 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
12:32:36.0511 0892 agp440 - ok
12:32:36.0558 0892 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
12:32:36.0558 0892 ALG - ok
12:32:36.0589 0892 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
12:32:36.0604 0892 aliide - ok
12:32:36.0604 0892 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
12:32:36.0604 0892 amdide - ok
12:32:36.0636 0892 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
12:32:36.0651 0892 AmdK8 - ok
12:32:36.0651 0892 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
12:32:36.0651 0892 AmdPPM - ok
12:32:36.0682 0892 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
12:32:36.0682 0892 amdsata - ok
12:32:36.0776 0892 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
12:32:36.0776 0892 amdsbs - ok
12:32:36.0807 0892 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
12:32:36.0807 0892 amdxata - ok
12:32:36.0838 0892 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
12:32:36.0838 0892 AppID - ok
12:32:36.0870 0892 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
12:32:36.0870 0892 AppIDSvc - ok
12:32:36.0901 0892 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
12:32:36.0901 0892 Appinfo - ok
12:32:37.0010 0892 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:32:37.0010 0892 Apple Mobile Device - ok
12:32:37.0072 0892 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
12:32:37.0072 0892 arc - ok
12:32:37.0072 0892 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
12:32:37.0088 0892 arcsas - ok
12:32:37.0104 0892 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
12:32:37.0104 0892 AsyncMac - ok
12:32:37.0135 0892 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
12:32:37.0135 0892 atapi - ok
12:32:37.0260 0892 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
12:32:37.0306 0892 athr - ok
12:32:37.0416 0892 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
12:32:37.0416 0892 AudioEndpointBuilder - ok
12:32:37.0431 0892 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
12:32:37.0447 0892 AudioSrv - ok
12:32:37.0494 0892 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys
12:32:37.0509 0892 Avgfwfd - ok
12:32:37.0759 0892 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
12:32:37.0774 0892 avgfws - ok
12:32:38.0227 0892 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
12:32:38.0274 0892 AVGIDSAgent - ok
12:32:38.0367 0892 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
12:32:38.0367 0892 AVGIDSDriver - ok
12:32:38.0398 0892 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
12:32:38.0398 0892 AVGIDSFilter - ok
12:32:38.0430 0892 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
12:32:38.0430 0892 AVGIDSHA - ok
12:32:38.0476 0892 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
12:32:38.0476 0892 Avgldx64 - ok
12:32:38.0508 0892 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
12:32:38.0508 0892 Avgmfx64 - ok
12:32:38.0554 0892 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
12:32:38.0554 0892 Avgrkx64 - ok
12:32:38.0601 0892 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
12:32:38.0601 0892 Avgtdia - ok
12:32:38.0648 0892 avgtp (3c8f504fa1df6a77b173bdbd0a79e334) C:\windows\system32\drivers\avgtpx64.sys
12:32:38.0648 0892 avgtp - ok
12:32:38.0820 0892 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
12:32:38.0820 0892 avgwd - ok
12:32:38.0882 0892 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
12:32:38.0882 0892 AxInstSV - ok
12:32:38.0929 0892 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
12:32:38.0944 0892 b06bdrv - ok
12:32:38.0976 0892 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
12:32:38.0991 0892 b57nd60a - ok
12:32:39.0022 0892 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
12:32:39.0022 0892 BDESVC - ok
12:32:39.0054 0892 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
12:32:39.0054 0892 Beep - ok
12:32:39.0085 0892 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
12:32:39.0085 0892 blbdrive - ok
12:32:39.0178 0892 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
12:32:39.0178 0892 Bonjour Service - ok
12:32:39.0210 0892 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
12:32:39.0225 0892 bowser - ok
12:32:39.0241 0892 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
12:32:39.0241 0892 BrFiltLo - ok
12:32:39.0256 0892 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
12:32:39.0256 0892 BrFiltUp - ok
12:32:39.0288 0892 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
12:32:39.0303 0892 Browser - ok
12:32:39.0319 0892 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
12:32:39.0334 0892 Brserid - ok
12:32:39.0334 0892 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
12:32:39.0334 0892 BrSerWdm - ok
12:32:39.0334 0892 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
12:32:39.0334 0892 BrUsbMdm - ok
12:32:39.0350 0892 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
12:32:39.0350 0892 BrUsbSer - ok
12:32:39.0412 0892 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
12:32:39.0412 0892 BtFilter - ok
12:32:39.0444 0892 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
12:32:39.0444 0892 BTHMODEM - ok
12:32:39.0475 0892 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
12:32:39.0475 0892 bthserv - ok
12:32:39.0506 0892 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
12:32:39.0506 0892 cdfs - ok
12:32:39.0537 0892 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
12:32:39.0537 0892 cdrom - ok
12:32:39.0568 0892 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
12:32:39.0568 0892 CertPropSvc - ok
12:32:39.0600 0892 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
12:32:39.0615 0892 circlass - ok
12:32:39.0646 0892 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
12:32:39.0646 0892 CLFS - ok
12:32:39.0709 0892 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:32:39.0724 0892 clr_optimization_v2.0.50727_32 - ok
12:32:39.0771 0892 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:32:39.0771 0892 clr_optimization_v2.0.50727_64 - ok
12:32:39.0849 0892 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:32:39.0865 0892 clr_optimization_v4.0.30319_32 - ok
12:32:39.0912 0892 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:32:39.0912 0892 clr_optimization_v4.0.30319_64 - ok
12:32:39.0958 0892 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
12:32:39.0958 0892 CmBatt - ok
12:32:39.0974 0892 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
12:32:39.0974 0892 cmdide - ok
12:32:40.0036 0892 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
12:32:40.0036 0892 CNG - ok
12:32:40.0208 0892 CnxtHdAudService (a260be645dd096d90318c8cf98536720) C:\windows\system32\drivers\CHDRT64.sys
12:32:40.0224 0892 CnxtHdAudService - ok
12:32:40.0333 0892 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
12:32:40.0333 0892 Compbatt - ok
12:32:40.0364 0892 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
12:32:40.0380 0892 CompositeBus - ok
12:32:40.0395 0892 COMSysApp - ok
12:32:40.0411 0892 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
12:32:40.0411 0892 crcdisk - ok
12:32:40.0458 0892 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
12:32:40.0458 0892 CryptSvc - ok
12:32:40.0551 0892 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:32:40.0567 0892 cvhsvc - ok
12:32:40.0629 0892 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
12:32:40.0629 0892 DcomLaunch - ok
12:32:40.0676 0892 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
12:32:40.0692 0892 defragsvc - ok
12:32:40.0738 0892 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
12:32:40.0738 0892 DfsC - ok
12:32:40.0785 0892 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
12:32:40.0801 0892 Dhcp - ok
12:32:40.0816 0892 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
12:32:40.0816 0892 discache - ok
12:32:40.0863 0892 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
12:32:40.0863 0892 Disk - ok
12:32:40.0926 0892 dleaCATSCustConnectService (1017d70abe5483f40c10b7774397d120) C:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe
12:32:40.0926 0892 dleaCATSCustConnectService - ok
12:32:40.0957 0892 dlea_device - ok
12:32:41.0004 0892 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
12:32:41.0004 0892 Dnscache - ok
12:32:41.0035 0892 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
12:32:41.0035 0892 dot3svc - ok
12:32:41.0066 0892 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
12:32:41.0066 0892 DPS - ok
12:32:41.0097 0892 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
12:32:41.0097 0892 drmkaud - ok
12:32:41.0160 0892 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
12:32:41.0160 0892 DXGKrnl - ok
12:32:41.0175 0892 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
12:32:41.0191 0892 EapHost - ok
12:32:41.0331 0892 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
12:32:41.0378 0892 ebdrv - ok
12:32:41.0472 0892 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
12:32:41.0487 0892 EFS - ok
12:32:41.0565 0892 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
12:32:41.0565 0892 ehRecvr - ok
12:32:41.0596 0892 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
12:32:41.0596 0892 ehSched - ok
12:32:41.0674 0892 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
12:32:41.0690 0892 elxstor - ok
12:32:41.0690 0892 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
12:32:41.0690 0892 ErrDev - ok
12:32:41.0737 0892 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
12:32:41.0752 0892 EventSystem - ok
12:32:41.0768 0892 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
12:32:41.0768 0892 exfat - ok
12:32:41.0799 0892 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
12:32:41.0799 0892 fastfat - ok
12:32:41.0893 0892 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
12:32:41.0893 0892 Fax - ok
12:32:41.0924 0892 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
12:32:41.0924 0892 fdc - ok
12:32:41.0940 0892 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
12:32:41.0940 0892 fdPHost - ok
12:32:41.0955 0892 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
12:32:41.0955 0892 FDResPub - ok
12:32:41.0986 0892 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
12:32:41.0986 0892 FileInfo - ok
12:32:42.0002 0892 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
12:32:42.0002 0892 Filetrace - ok
12:32:42.0018 0892 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
12:32:42.0033 0892 flpydisk - ok
12:32:42.0049 0892 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
12:32:42.0064 0892 FltMgr - ok
12:32:42.0127 0892 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
12:32:42.0142 0892 FontCache - ok
12:32:42.0205 0892 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:32:42.0205 0892 FontCache3.0.0.0 - ok
12:32:42.0252 0892 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
12:32:42.0252 0892 FsDepends - ok
12:32:42.0283 0892 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
12:32:42.0283 0892 Fs_Rec - ok
12:32:42.0330 0892 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
12:32:42.0330 0892 fvevol - ok
12:32:42.0376 0892 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
12:32:42.0376 0892 FwLnk - ok
12:32:42.0423 0892 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
12:32:42.0423 0892 gagp30kx - ok
12:32:42.0532 0892 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
12:32:42.0532 0892 GamesAppService - ok
12:32:42.0564 0892 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
12:32:42.0564 0892 GEARAspiWDM - ok
12:32:42.0626 0892 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
12:32:42.0642 0892 gpsvc - ok
12:32:42.0704 0892 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:32:42.0704 0892 gupdate - ok
12:32:42.0735 0892 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:32:42.0735 0892 gupdatem - ok
12:32:42.0751 0892 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:32:42.0751 0892 gusvc - ok
12:32:42.0782 0892 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
12:32:42.0782 0892 hcw85cir - ok
12:32:42.0813 0892 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
12:32:42.0813 0892 HdAudAddService - ok
12:32:42.0844 0892 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
12:32:42.0844 0892 HDAudBus - ok
12:32:42.0860 0892 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
12:32:42.0860 0892 HidBatt - ok
12:32:42.0860 0892 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
12:32:42.0860 0892 HidBth - ok
12:32:42.0876 0892 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
12:32:42.0876 0892 HidIr - ok
12:32:42.0907 0892 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
12:32:42.0907 0892 hidserv - ok
12:32:42.0938 0892 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
12:32:42.0938 0892 HidUsb - ok
12:32:42.0954 0892 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
12:32:42.0954 0892 hkmsvc - ok
12:32:42.0985 0892 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
12:32:42.0985 0892 HomeGroupListener - ok
12:32:43.0016 0892 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
12:32:43.0016 0892 HomeGroupProvider - ok
12:32:43.0047 0892 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
12:32:43.0047 0892 HpSAMD - ok
12:32:43.0110 0892 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
12:32:43.0125 0892 HTTP - ok
12:32:43.0141 0892 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
12:32:43.0141 0892 hwpolicy - ok
12:32:43.0172 0892 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
12:32:43.0172 0892 i8042prt - ok
12:32:43.0234 0892 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
12:32:43.0234 0892 iaStor - ok
12:32:43.0281 0892 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
12:32:43.0281 0892 iaStorV - ok
12:32:43.0375 0892 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:32:43.0390 0892 idsvc - ok
12:32:43.0890 0892 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
12:32:44.0155 0892 igfx - ok
12:32:44.0264 0892 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
12:32:44.0264 0892 iirsp - ok
12:32:44.0342 0892 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
12:32:44.0358 0892 IKEEXT - ok
12:32:44.0358 0892 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
12:32:44.0358 0892 intelide - ok
12:32:44.0389 0892 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
12:32:44.0389 0892 intelppm - ok
12:32:44.0404 0892 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
12:32:44.0404 0892 IPBusEnum - ok
12:32:44.0420 0892 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
12:32:44.0436 0892 IpFilterDriver - ok
12:32:44.0436 0892 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
12:32:44.0436 0892 IPMIDRV - ok
12:32:44.0467 0892 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
12:32:44.0467 0892 IPNAT - ok
12:32:44.0576 0892 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
12:32:44.0592 0892 iPod Service - ok
12:32:44.0607 0892 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
12:32:44.0623 0892 IRENUM - ok
12:32:44.0638 0892 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
12:32:44.0638 0892 isapnp - ok
12:32:44.0670 0892 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
12:32:44.0670 0892 iScsiPrt - ok
12:32:44.0701 0892 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
12:32:44.0701 0892 kbdclass - ok
12:32:44.0716 0892 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
12:32:44.0716 0892 kbdhid - ok
12:32:44.0763 0892 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
12:32:44.0763 0892 KeyIso - ok
12:32:44.0779 0892 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
12:32:44.0779 0892 KSecDD - ok
12:32:44.0810 0892 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
12:32:44.0810 0892 KSecPkg - ok
12:32:44.0841 0892 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
12:32:44.0841 0892 ksthunk - ok
12:32:44.0888 0892 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
12:32:44.0888 0892 KtmRm - ok
12:32:44.0919 0892 L1C (045fb70bc993b691517ce309045ff02d) C:\windows\system32\DRIVERS\L1C62x64.sys
12:32:44.0919 0892 L1C - ok
12:32:44.0966 0892 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
12:32:44.0966 0892 LanmanServer - ok
12:32:44.0997 0892 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
12:32:45.0013 0892 LanmanWorkstation - ok
12:32:45.0060 0892 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
12:32:45.0060 0892 lltdio - ok
12:32:45.0106 0892 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
12:32:45.0122 0892 lltdsvc - ok
12:32:45.0138 0892 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
12:32:45.0138 0892 lmhosts - ok
12:32:45.0231 0892 LMS (98b16e756243bea9410e32025b19c06f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
12:32:45.0247 0892 LMS - ok
12:32:45.0278 0892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
12:32:45.0278 0892 LSI_FC - ok
12:32:45.0309 0892 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
12:32:45.0309 0892 LSI_SAS - ok
12:32:45.0325 0892 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
12:32:45.0325 0892 LSI_SAS2 - ok
12:32:45.0356 0892 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
12:32:45.0356 0892 LSI_SCSI - ok
12:32:45.0387 0892 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
12:32:45.0387 0892 luafv - ok
12:32:45.0434 0892 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
12:32:45.0434 0892 MBAMProtector - ok
12:32:45.0528 0892 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
12:32:45.0543 0892 MBAMService - ok
12:32:45.0574 0892 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
12:32:45.0574 0892 Mcx2Svc - ok
12:32:45.0606 0892 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
12:32:45.0621 0892 megasas - ok
12:32:45.0637 0892 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
12:32:45.0637 0892 MegaSR - ok
12:32:45.0668 0892 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
12:32:45.0668 0892 MEIx64 - ok
12:32:45.0684 0892 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
12:32:45.0684 0892 MMCSS - ok
12:32:45.0684 0892 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
12:32:45.0699 0892 Modem - ok
12:32:45.0715 0892 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
12:32:45.0715 0892 monitor - ok
12:32:45.0730 0892 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
12:32:45.0730 0892 mouclass - ok
12:32:45.0777 0892 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
12:32:45.0777 0892 mouhid - ok
12:32:45.0793 0892 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
12:32:45.0793 0892 mountmgr - ok
12:32:45.0824 0892 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
12:32:45.0824 0892 mpio - ok
12:32:45.0855 0892 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
12:32:45.0871 0892 mpsdrv - ok
12:32:45.0871 0892 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
12:32:45.0886 0892 MRxDAV - ok
12:32:45.0933 0892 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
12:32:45.0933 0892 mrxsmb - ok
12:32:45.0980 0892 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
12:32:45.0980 0892 mrxsmb10 - ok
12:32:45.0996 0892 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
12:32:45.0996 0892 mrxsmb20 - ok
12:32:46.0027 0892 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
12:32:46.0027 0892 msahci - ok
12:32:46.0042 0892 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
12:32:46.0042 0892 msdsm - ok
12:32:46.0074 0892 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
12:32:46.0074 0892 MSDTC - ok
12:32:46.0105 0892 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
12:32:46.0105 0892 Msfs - ok
12:32:46.0120 0892 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
12:32:46.0120 0892 mshidkmdf - ok
12:32:46.0136 0892 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
12:32:46.0136 0892 msisadrv - ok
12:32:46.0167 0892 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
12:32:46.0167 0892 MSiSCSI - ok
12:32:46.0183 0892 msiserver - ok
12:32:46.0214 0892 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
12:32:46.0214 0892 MSKSSRV - ok
12:32:46.0230 0892 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
12:32:46.0230 0892 MSPCLOCK - ok
12:32:46.0261 0892 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
12:32:46.0261 0892 MSPQM - ok
12:32:46.0276 0892 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
12:32:46.0292 0892 MsRPC - ok
12:32:46.0308 0892 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
12:32:46.0308 0892 mssmbios - ok
12:32:46.0323 0892 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
12:32:46.0323 0892 MSTEE - ok
12:32:46.0323 0892 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
12:32:46.0323 0892 MTConfig - ok
12:32:46.0354 0892 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
12:32:46.0354 0892 Mup - ok
12:32:46.0386 0892 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
12:32:46.0401 0892 napagent - ok
12:32:46.0464 0892 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
12:32:46.0464 0892 NativeWifiP - ok
12:32:46.0542 0892 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
12:32:46.0542 0892 NDIS - ok
12:32:46.0588 0892 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
12:32:46.0588 0892 NdisCap - ok
12:32:46.0620 0892 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
12:32:46.0620 0892 NdisTapi - ok
12:32:46.0635 0892 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
12:32:46.0635 0892 Ndisuio - ok
12:32:46.0666 0892 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
12:32:46.0682 0892 NdisWan - ok
12:32:46.0698 0892 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
12:32:46.0698 0892 NDProxy - ok
12:32:46.0729 0892 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
12:32:46.0729 0892 NetBIOS - ok
12:32:46.0760 0892 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
12:32:46.0760 0892 NetBT - ok
12:32:46.0791 0892 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
12:32:46.0791 0892 Netlogon - ok
12:32:46.0838 0892 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
12:32:46.0854 0892 Netman - ok
12:32:46.0885 0892 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
12:32:46.0900 0892 netprofm - ok
12:32:46.0963 0892 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:32:46.0978 0892 NetTcpPortSharing - ok
12:32:47.0010 0892 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
12:32:47.0010 0892 nfrd960 - ok
12:32:47.0072 0892 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
12:32:47.0072 0892 NlaSvc - ok
12:32:47.0088 0892 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
12:32:47.0088 0892 Npfs - ok
12:32:47.0103 0892 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
12:32:47.0103 0892 nsi - ok
12:32:47.0119 0892 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
12:32:47.0119 0892 nsiproxy - ok
12:32:47.0212 0892 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
12:32:47.0228 0892 Ntfs - ok
12:32:47.0322 0892 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
12:32:47.0322 0892 Null - ok
12:32:47.0337 0892 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
12:32:47.0337 0892 nvraid - ok
12:32:47.0353 0892 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
12:32:47.0353 0892 nvstor - ok
12:32:47.0384 0892 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
12:32:47.0384 0892 nv_agp - ok
12:32:47.0415 0892 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
12:32:47.0415 0892 ohci1394 - ok
12:32:47.0509 0892 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:32:47.0509 0892 ose - ok
12:32:47.0727 0892 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:32:47.0774 0892 osppsvc - ok
12:32:47.0914 0892 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
12:32:47.0930 0892 p2pimsvc - ok
12:32:47.0992 0892 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
12:32:48.0008 0892 p2psvc - ok
12:32:48.0055 0892 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
12:32:48.0055 0892 Parport - ok
12:32:48.0102 0892 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
12:32:48.0102 0892 partmgr - ok
12:32:48.0133 0892 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
12:32:48.0133 0892 PcaSvc - ok
12:32:48.0211 0892 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
12:32:48.0211 0892 PCCUJobMgr - ok
12:32:48.0242 0892 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
12:32:48.0258 0892 pci - ok
12:32:48.0273 0892 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
12:32:48.0273 0892 pciide - ok
12:32:48.0304 0892 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
12:32:48.0304 0892 pcmcia - ok
12:32:48.0320 0892 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
12:32:48.0336 0892 pcw - ok
12:32:48.0367 0892 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
12:32:48.0382 0892 PEAUTH - ok
12:32:48.0445 0892 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
12:32:48.0445 0892 PerfHost - ok
12:32:48.0523 0892 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
12:32:48.0538 0892 pla - ok
12:32:48.0585 0892 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
12:32:48.0585 0892 PlugPlay - ok
12:32:48.0616 0892 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
12:32:48.0616 0892 PNRPAutoReg - ok
12:32:48.0648 0892 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
12:32:48.0663 0892 PNRPsvc - ok
12:32:48.0694 0892 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
12:32:48.0694 0892 PolicyAgent - ok
12:32:48.0726 0892 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
12:32:48.0741 0892 Power - ok
12:32:48.0804 0892 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
12:32:48.0804 0892 PptpMiniport - ok
12:32:48.0835 0892 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
12:32:48.0835 0892 Processor - ok
12:32:48.0866 0892 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
12:32:48.0866 0892 ProfSvc - ok
12:32:48.0897 0892 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
12:32:48.0897 0892 ProtectedStorage - ok
12:32:48.0944 0892 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
12:32:48.0944 0892 Psched - ok
12:32:49.0022 0892 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
12:32:49.0053 0892 ql2300 - ok
12:32:49.0147 0892 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
12:32:49.0147 0892 ql40xx - ok
12:32:49.0194 0892 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
12:32:49.0194 0892 QWAVE - ok
12:32:49.0209 0892 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
12:32:49.0209 0892 QWAVEdrv - ok
12:32:49.0225 0892 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
12:32:49.0225 0892 RasAcd - ok
12:32:49.0256 0892 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
12:32:49.0256 0892 RasAgileVpn - ok
12:32:49.0272 0892 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
12:32:49.0287 0892 RasAuto - ok
12:32:49.0303 0892 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
12:32:49.0318 0892 Rasl2tp - ok
12:32:49.0350 0892 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
12:32:49.0350 0892 RasMan - ok
12:32:49.0365 0892 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
12:32:49.0381 0892 RasPppoe - ok
12:32:49.0396 0892 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
12:32:49.0396 0892 RasSstp - ok
12:32:49.0428 0892 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
12:32:49.0428 0892 rdbss - ok
12:32:49.0459 0892 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
12:32:49.0459 0892 rdpbus - ok
12:32:49.0474 0892 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
12:32:49.0474 0892 RDPCDD - ok
12:32:49.0490 0892 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
12:32:49.0506 0892 RDPENCDD - ok
12:32:49.0506 0892 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
12:32:49.0506 0892 RDPREFMP - ok
12:32:49.0537 0892 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
12:32:49.0552 0892 RDPWD - ok
12:32:49.0584 0892 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
12:32:49.0584 0892 rdyboost - ok
12:32:49.0615 0892 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
12:32:49.0615 0892 RemoteAccess - ok
12:32:49.0646 0892 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
12:32:49.0662 0892 RemoteRegistry - ok
12:32:49.0677 0892 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
12:32:49.0677 0892 RpcEptMapper - ok
12:32:49.0693 0892 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
12:32:49.0708 0892 RpcLocator - ok
12:32:49.0740 0892 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
12:32:49.0740 0892 RpcSs - ok
12:32:49.0786 0892 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
12:32:49.0786 0892 rspndr - ok
12:32:49.0833 0892 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
12:32:49.0849 0892 RSUSBSTOR - ok
12:32:49.0896 0892 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
12:32:49.0896 0892 SamSs - ok
12:32:49.0927 0892 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
12:32:49.0942 0892 sbp2port - ok
12:32:49.0989 0892 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
12:32:49.0989 0892 SCardSvr - ok
12:32:50.0052 0892 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
12:32:50.0052 0892 scfilter - ok
12:32:50.0114 0892 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
12:32:50.0145 0892 Schedule - ok
12:32:50.0176 0892 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
12:32:50.0176 0892 SCPolicySvc - ok
12:32:50.0208 0892 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
12:32:50.0208 0892 SDRSVC - ok
12:32:50.0270 0892 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
12:32:50.0270 0892 secdrv - ok
12:32:50.0301 0892 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
12:32:50.0301 0892 seclogon - ok
12:32:50.0332 0892 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
12:32:50.0332 0892 SENS - ok
12:32:50.0364 0892 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
12:32:50.0364 0892 SensrSvc - ok
12:32:50.0395 0892 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
12:32:50.0395 0892 Serenum - ok
12:32:50.0410 0892 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
12:32:50.0410 0892 Serial - ok
12:32:50.0426 0892 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
12:32:50.0426 0892 sermouse - ok
12:32:50.0457 0892 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
12:32:50.0457 0892 SessionEnv - ok
12:32:50.0473 0892 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
12:32:50.0473 0892 sffdisk - ok
12:32:50.0473 0892 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
12:32:50.0473 0892 sffp_mmc - ok
12:32:50.0473 0892 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
12:32:50.0473 0892 sffp_sd - ok
12:32:50.0488 0892 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
12:32:50.0488 0892 sfloppy - ok
12:32:50.0535 0892 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
12:32:50.0551 0892 Sftfs - ok
12:32:50.0644 0892 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:32:50.0644 0892 sftlist - ok
12:32:50.0707 0892 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
12:32:50.0707 0892 Sftplay - ok
12:32:50.0738 0892 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
12:32:50.0738 0892 Sftredir - ok
12:32:50.0738 0892 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
12:32:50.0754 0892 Sftvol - ok
12:32:50.0785 0892 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:32:50.0800 0892 sftvsa - ok
12:32:50.0847 0892 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
12:32:50.0847 0892 ShellHWDetection - ok
12:32:50.0894 0892 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
12:32:50.0894 0892 SiSRaid2 - ok
12:32:50.0910 0892 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
12:32:50.0910 0892 SiSRaid4 - ok
12:32:50.0925 0892 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
12:32:50.0941 0892 Smb - ok
12:32:50.0972 0892 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
12:32:50.0972 0892 SNMPTRAP - ok
12:32:50.0988 0892 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
12:32:50.0988 0892 spldr - ok
12:32:51.0034 0892 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
12:32:51.0034 0892 Spooler - ok
12:32:51.0175 0892 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
12:32:51.0222 0892 sppsvc - ok
12:32:51.0300 0892 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
12:32:51.0300 0892 sppuinotify - ok
12:32:51.0378 0892 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
12:32:51.0393 0892 srv - ok
12:32:51.0409 0892 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
12:32:51.0409 0892 srv2 - ok
12:32:51.0424 0892 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
12:32:51.0424 0892 srvnet - ok
12:32:51.0471 0892 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
12:32:51.0471 0892 SSDPSRV - ok
12:32:51.0502 0892 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
12:32:51.0502 0892 SstpSvc - ok
12:32:51.0518 0892 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
12:32:51.0534 0892 stexstor - ok
12:32:51.0580 0892 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
12:32:51.0596 0892 stisvc - ok
12:32:51.0627 0892 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
12:32:51.0627 0892 swenum - ok
12:32:51.0705 0892 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
12:32:51.0705 0892 swprv - ok
12:32:51.0768 0892 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
12:32:51.0768 0892 SynTP - ok
12:32:51.0892 0892 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
12:32:51.0924 0892 SysMain - ok
12:32:52.0048 0892 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
12:32:52.0048 0892 TabletInputService - ok
12:32:52.0142 0892 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
12:32:52.0158 0892 TapiSrv - ok
12:32:52.0189 0892 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
12:32:52.0204 0892 TBS - ok
12:32:52.0376 0892 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
12:32:52.0407 0892 Tcpip - ok
12:32:52.0579 0892 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
12:32:52.0610 0892 TCPIP6 - ok
12:32:52.0719 0892 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
12:32:52.0719 0892 tcpipreg - ok
12:32:52.0750 0892 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
12:32:52.0750 0892 tdcmdpst - ok
12:32:52.0782 0892 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
12:32:52.0782 0892 TDPIPE - ok
12:32:52.0813 0892 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
12:32:52.0813 0892 TDTCP - ok
12:32:52.0860 0892 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
12:32:52.0860 0892 tdx - ok
12:32:52.0875 0892 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
12:32:52.0875 0892 TermDD - ok
12:32:52.0922 0892 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
12:32:52.0938 0892 TermService - ok
12:32:52.0953 0892 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
12:32:52.0953 0892 Themes - ok
12:32:52.0984 0892 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
12:32:52.0984 0892 THREADORDER - ok
12:32:53.0094 0892 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
12:32:53.0094 0892 TMachInfo - ok
12:32:53.0140 0892 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
12:32:53.0140 0892 TODDSrv - ok
12:32:53.0234 0892 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
12:32:53.0250 0892 TosCoSrv - ok
12:32:53.0312 0892 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
12:32:53.0312 0892 TOSHIBA Bluetooth Service - ok
12:32:53.0374 0892 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
12:32:53.0374 0892 TOSHIBA HDD SSD Alert Service - ok
12:32:53.0421 0892 Tosrfcom - ok
12:32:53.0452 0892 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
12:32:53.0452 0892 tosrfec - ok
12:32:53.0484 0892 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
12:32:53.0484 0892 Tosrfusb - ok
12:32:53.0546 0892 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
12:32:53.0546 0892 tos_sps64 - ok
12:32:53.0577 0892 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
12:32:53.0577 0892 TrkWks - ok
12:32:53.0640 0892 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
12:32:53.0640 0892 TrustedInstaller - ok
12:32:53.0671 0892 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
12:32:53.0671 0892 tssecsrv - ok
12:32:53.0702 0892 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
12:32:53.0702 0892 TsUsbFlt - ok
12:32:53.0702 0892 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
12:32:53.0718 0892 TsUsbGD - ok
12:32:53.0749 0892 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
12:32:53.0749 0892 tunnel - ok
12:32:53.0796 0892 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
12:32:53.0796 0892 TVALZ - ok
12:32:53.0811 0892 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
12:32:53.0811 0892 uagp35 - ok
12:32:53.0874 0892 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
12:32:53.0874 0892 udfs - ok
12:32:53.0952 0892 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
12:32:53.0952 0892 UI0Detect - ok
12:32:53.0983 0892 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
12:32:53.0983 0892 uliagpkx - ok
12:32:54.0014 0892 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
12:32:54.0014 0892 umbus - ok
12:32:54.0030 0892 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
12:32:54.0030 0892 UmPass - ok
12:32:54.0201 0892 UNS (7a78ed1088890114dfde2c4ab038d6b6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
12:32:54.0248 0892 UNS - ok
12:32:54.0342 0892 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
12:32:54.0357 0892 upnphost - ok
12:32:54.0404 0892 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
12:32:54.0404 0892 USBAAPL64 - ok
12:32:54.0435 0892 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
12:32:54.0435 0892 usbccgp - ok
12:32:54.0466 0892 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
12:32:54.0466 0892 usbcir - ok
12:32:54.0498 0892 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
12:32:54.0498 0892 usbehci - ok
12:32:54.0529 0892 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
12:32:54.0544 0892 usbhub - ok
12:32:54.0560 0892 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
12:32:54.0560 0892 usbohci - ok
12:32:54.0591 0892 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
12:32:54.0591 0892 usbprint - ok
12:32:54.0638 0892 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
12:32:54.0654 0892 usbscan - ok
12:32:54.0669 0892 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
12:32:54.0685 0892 USBSTOR - ok
12:32:54.0685 0892 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
12:32:54.0685 0892 usbuhci - ok
12:32:54.0732 0892 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
12:32:54.0732 0892 usbvideo - ok
12:32:54.0763 0892 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
12:32:54.0763 0892 UxSms - ok
12:32:54.0794 0892 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
12:32:54.0810 0892 VaultSvc - ok
12:32:54.0825 0892 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
12:32:54.0841 0892 vdrvroot - ok
12:32:54.0903 0892 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
12:32:54.0903 0892 vds - ok
12:32:54.0934 0892 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
12:32:54.0934 0892 vga - ok
12:32:54.0950 0892 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
12:32:54.0950 0892 VgaSave - ok
12:32:54.0966 0892 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
12:32:54.0966 0892 vhdmp - ok
12:32:54.0981 0892 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
12:32:54.0981 0892 viaide - ok
12:32:54.0997 0892 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
12:32:54.0997 0892 volmgr - ok
12:32:55.0028 0892 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
12:32:55.0044 0892 volmgrx - ok
12:32:55.0044 0892 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
12:32:55.0059 0892 volsnap - ok
12:32:55.0090 0892 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
12:32:55.0090 0892 vsmraid - ok
12:32:55.0168 0892 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
12:32:55.0184 0892 VSS - ok
12:32:55.0324 0892 vToolbarUpdater12.1.3 (f98a970d02b35870c8013b43736f7904) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe
12:32:55.0340 0892 vToolbarUpdater12.1.3 - ok
12:32:55.0434 0892 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
12:32:55.0434 0892 vwifibus - ok
12:32:55.0465 0892 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
12:32:55.0465 0892 vwififlt - ok
12:32:55.0496 0892 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
12:32:55.0496 0892 vwifimp - ok
12:32:55.0527 0892 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
12:32:55.0543 0892 W32Time - ok
12:32:55.0574 0892 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
12:32:55.0574 0892 WacomPen - ok
12:32:55.0621 0892 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
12:32:55.0621 0892 WANARP - ok
12:32:55.0621 0892 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
12:32:55.0621 0892 Wanarpv6 - ok
12:32:55.0730 0892 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
12:32:55.0746 0892 WatAdminSvc - ok
12:32:55.0855 0892 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
12:32:55.0870 0892 wbengine - ok
12:32:55.0948 0892 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
12:32:55.0964 0892 WbioSrvc - ok
12:32:55.0980 0892 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
12:32:55.0995 0892 wcncsvc - ok
12:32:56.0011 0892 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
12:32:56.0011 0892 WcsPlugInService - ok
12:32:56.0058 0892 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
12:32:56.0058 0892 Wd - ok
12:32:56.0089 0892 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
12:32:56.0104 0892 Wdf01000 - ok
12:32:56.0120 0892 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
12:32:56.0136 0892 WdiServiceHost - ok
12:32:56.0136 0892 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
12:32:56.0136 0892 WdiSystemHost - ok
12:32:56.0167 0892 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
12:32:56.0167 0892 WebClient - ok
12:32:56.0182 0892 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
12:32:56.0182 0892 Wecsvc - ok
12:32:56.0198 0892 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
12:32:56.0214 0892 wercplsupport - ok
12:32:56.0229 0892 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
12:32:56.0229 0892 WerSvc - ok
12:32:56.0292 0892 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
12:32:56.0292 0892 WfpLwf - ok
12:32:56.0307 0892 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
12:32:56.0307 0892 WIMMount - ok
12:32:56.0323 0892 WinHttpAutoProxySvc - ok
12:32:56.0370 0892 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
12:32:56.0385 0892 Winmgmt - ok
12:32:56.0494 0892 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
12:32:56.0526 0892 WinRM - ok
12:32:56.0650 0892 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
12:32:56.0650 0892 WinUsb - ok
12:32:56.0713 0892 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
12:32:56.0744 0892 Wlansvc - ok
12:32:56.0806 0892 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:32:56.0806 0892 wlcrasvc - ok
12:32:56.0962 0892 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:32:56.0978 0892 wlidsvc - ok
12:32:57.0087 0892 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
12:32:57.0087 0892 WmiAcpi - ok
12:32:57.0150 0892 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
12:32:57.0150 0892 wmiApSrv - ok
12:32:57.0228 0892 WMPNetworkSvc - ok
12:32:57.0274 0892 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
12:32:57.0274 0892 WPCSvc - ok
12:32:57.0290 0892 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
12:32:57.0306 0892 WPDBusEnum - ok
12:32:57.0306 0892 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
12:32:57.0321 0892 ws2ifsl - ok
12:32:57.0321 0892 WSearch - ok
12:32:57.0337 0892 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
12:32:57.0337 0892 WudfPf - ok
12:32:57.0384 0892 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
12:32:57.0384 0892 WUDFRd - ok
12:32:57.0415 0892 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
12:32:57.0415 0892 wudfsvc - ok
12:32:57.0430 0892 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
12:32:57.0446 0892 WwanSvc - ok
12:32:57.0493 0892 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
12:32:57.0664 0892 \Device\Harddisk0\DR0 - ok
12:32:57.0680 0892 Boot (0x1200) (9aa880934a4a8332234f8ca96870a3c1) \Device\Harddisk0\DR0\Partition0
12:32:57.0680 0892 \Device\Harddisk0\DR0\Partition0 - ok
12:32:57.0680 0892 ============================================================
12:32:57.0680 0892 Scan finished
12:32:57.0680 0892 ============================================================
12:32:57.0696 0420 Detected object count: 0
12:32:57.0696 0420 Actual detected object count: 0
12:35:17.0347 4528 Deinitialize success



************************************************************
COMBOFIX LOG
************************************************************


ComboFix 12-07-26.03 - Alicia 07/25/2012 12:41:06.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3020.1781 [GMT -5:00]
Running from: c:\users\Alicia\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\CouponAlert_2pEI
c:\programdata\SPL58BF.tmp
c:\programdata\SPLCD76.tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 )))))))))))))))))))))))))))))))
.
.
2012-07-25 17:47 . 2012-07-25 17:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-19 22:35 . 2012-07-23 02:30 -------- d-----w- C:\FRST
2012-07-17 20:17 . 2012-07-17 22:18 -------- d-----w- c:\users\Alicia\AppData\Roaming\AVG
2012-07-17 19:33 . 2012-07-17 19:33 -------- d-----w- c:\users\Alicia\AppData\Local\AVG Secure Search
2012-07-17 19:33 . 2012-07-17 19:33 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-17 19:33 . 2012-07-17 19:33 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-07-17 19:33 . 2012-07-17 19:33 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-17 19:33 . 2012-07-17 19:33 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-17 19:32 . 2012-07-17 19:32 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-17 19:31 . 2012-07-17 19:31 -------- d-----w- C:\$AVG
2012-07-17 19:31 . 2012-07-25 17:20 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-17 19:31 . 2012-07-19 22:21 -------- d-----w- c:\programdata\AVG2012
2012-07-17 19:30 . 2012-07-17 20:16 -------- d-----w- c:\program files (x86)\AVG
2012-07-17 19:26 . 2012-07-25 17:20 -------- d-----w- c:\programdata\MFAData
2012-07-17 19:26 . 2012-07-17 19:26 -------- d--h--w- c:\programdata\Common Files
2012-07-17 02:53 . 2012-07-17 02:53 -------- d-----w- c:\users\Alicia\AppData\Roaming\SpeedyPC Software
2012-07-17 02:53 . 2012-07-17 02:53 -------- d-----w- c:\users\Alicia\AppData\Roaming\DriverCure
2012-07-17 02:53 . 2012-07-17 18:17 -------- d-----w- c:\programdata\SpeedyPC Software
2012-07-17 02:10 . 2012-07-17 02:22 -------- d-----w- c:\users\Alicia\AppData\Local\NPE
2012-07-17 01:59 . 2012-07-17 01:59 -------- d-----w- c:\programdata\PCSettings
2012-07-17 01:14 . 2012-07-17 01:14 -------- d-----w- c:\users\Alicia\AppData\Roaming\Malwarebytes
2012-07-17 01:14 . 2012-07-17 01:14 -------- d-----w- c:\programdata\Malwarebytes
2012-07-17 01:14 . 2012-07-17 01:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-17 01:14 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 19:17 . 2012-07-13 19:17 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-12 22:54 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A288129-9D7B-4016-B3DB-2A2D459EAFA6}\mpengine.dll
2012-07-12 18:45 . 2012-07-12 18:46 -------- d-----w- c:\users\Alicia\AppData\Roaming\vlc
2012-07-12 18:44 . 2012-07-12 18:44 -------- d-----w- c:\users\Alicia\AppData\Local\Ilivid Player
2012-07-12 00:02 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-30 21:52 . 2012-07-17 19:10 -------- d-----w- c:\programdata\Symantec
2012-06-30 21:50 . 2012-06-30 21:50 -------- d-----w- c:\users\Alicia\AppData\Local\Chromium
2012-06-26 23:20 . 2012-06-26 23:20 -------- d-----w- c:\users\Alicia\AppData\Roaming\PCCUStubInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 01:48 . 2012-04-13 22:43 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 01:48 . 2011-08-08 02:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 23:59 . 2012-02-05 18:57 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-21 18:38 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 18:38 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 18:38 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 18:38 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 18:38 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 18:38 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 18:38 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-21 18:38 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-21 18:38 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-04 11:06 . 2012-06-13 14:36 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 14:36 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 14:36 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 14:36 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 14:36 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-17 19:33 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-17 2086496]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-17 1147488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 dleaCATSCustConnectService;dleaCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\dleaserv.exe [2010-05-22 45224]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 136176]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-08 243712]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-17 30568]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 dlea_device;dlea_device;c:\windows\system32\dleacoms.exe [2010-05-22 1052328]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-07-17 830048]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-02-09 77424]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 01:48]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 06:38]
.
2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-15 06:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"dleamon.exe"="c:\program files (x86)\Dell V310-V510 Series\dleamon.exe" [2011-01-24 770728]
"EzPrint"="c:\program files (x86)\Dell V310-V510 Series\ezprint.exe" [2011-01-24 139944]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-04 1580368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://xfinity.comcast.net/?
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll
DPF: {5EA13312-8764-496F-B4AB-F7A872B51E14} - hxxps://oovoowww3-a.akamaihd.net/oovoomelink/oovoome/webvc/ooVooWeb.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-25 12:55:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-25 17:55
.
Pre-Run: 247,363,854,336 bytes free
Post-Run: 246,912,757,760 bytes free
.
- - End Of File - - B3EF61CABB59ECFBEF1BCE05053D981F

#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 25 July 2012 - 01:50 PM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#14 mrs. greenbean

mrs. greenbean
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 25 July 2012 - 04:17 PM

Already had MBAM installed that does not change the results does it?




Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Alicia :: ALICIA-LAPTOP [administrator]

Protection: Enabled

7/25/2012 4:10:45 PM
mbam-log-2012-07-25 (16-10-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190781
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:52 AM

Posted 25 July 2012 - 04:31 PM

Hello, mrs. greenbean.
Congratulations! You now appear clean! :cool:


Uninstall Combofix
  • Make sure that Combofix.exe that you downloaded is on your Desktop but Do not run it!
    o *If it is not on your Desktop, the below will not work.
  • Click on Posted Image then Run....
  • Now copy & paste the green bolded text in the run-box and click OK.

    ComboFix /Uninstall

    Posted Image

    <Notice the space between the "x" and "/".> <--- It needs to be there
    Windows Vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall

  • Please advise if this step is missed for any reason as it performs some important actions:
    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".



Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.



One of the most common questions found when cleaning malware is "how did my machine get infected?"

There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

Do not use P2P programs
Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

Practice Safe Internet
Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

Below are a list of simple precautions to take to keep your computer clean and running securely:
  • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
  • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
  • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your http://en.wikipedia.org/wiki/Taskbar#Screenshots '>Taskbar, right click and chose close.
  • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
  • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
  • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
  • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
    Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.

Keep Windows up-to-date
Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.

  • Windows XP users
    You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
  • Windows Vista users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
  • Windows 7 users
    You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here


Keep your browser secure
Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

The latest versions of the three common browsers can be found below:

Use an AntiVirus Software
It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Use a Firewall
I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

Install an Anti-Malware program
Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users