Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have the Google redirect virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 ken2024

ken2024

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 August 2012 - 12:57 AM

I posted in this thread and they told me to post a new thread here. (http://www.bleepingcomputer.com/forums/topic464613.html)

I could not enable my Windows 7 firewall. I kept getting an error trying to do so.

I ran DDS just fine.

For GMER, I was unable to check the boxes (they were grayed out and it did not let me check them) System, Sections, Devices, Modules, Processes and Threads and Libraries.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by CA at 22:55:29 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2107 [GMT -7:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Egnyte Backup\EgnyteBackupService.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler64.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Users\CA\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
C:\Users\CA\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Users\CA\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Egnyte Backup\egnyte_backup_systray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
"C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\windows\system32\consent.exe
C:\windows\system32\consent.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
uRun: [PCShowServer] "C:\Users\CA\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Backup Notifications] "C:\Program Files (x86)\Egnyte Backup\egnyte_backup_systray.exe" -b
StartupFolder: C:\Users\CA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\CA\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma

Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate

\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office

\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer

\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DE48837-B286-4A79-B5D8-A18790648604} : DhcpNameServer = 62.77.203.10 213.163.34.66
TCP: Interfaces\{D17ACE62-29AF-49A9-BD4D-F5E324803683} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D17ACE62-29AF-49A9-BD4D-F5E324803683}\2375942554635373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{D17ACE62-29AF-49A9-BD4D-F5E324803683}\45F647563702D41676F6475637 : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live

\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in

\TOSHIBAMediaControllerIE.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Backup Notifications] "C:\Program Files (x86)\Egnyte Backup\egnyte_backup_systray.exe" -b
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\CA\AppData\Roaming\Mozilla\Firefox\Profiles\zmd0ekij.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/1/#inbox|https://mail.google.com/mail/u/2/?shva=1#inbox
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\CA\AppData\Local\DIRECTV Player\npPCShowPlugin.dll
FF - plugin: C:\Users\CA\AppData\Local\DIRECTV Player\npPlayerPlugin.dll
FF - plugin: C:\Users\CA\AppData\Roaming\Mozilla\Firefox\Profiles\zmd0ekij.default\extensions\{9EB34849-81D3-4841-939D-666D522B889A}\plugins

\npSlingPlayer.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 egnyteBackup;Egnyte Backup Service;C:\Program Files (x86)\Egnyte Backup\EgnyteBackupService.exe [2012-7-24 23552]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-7 655944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2012-7-11 1019328]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-20 2673064]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows

\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-3-2 13088]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-22 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-14 250056]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-22 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
.
=============== Created Last 30 ================
.
2012-08-10 23:06:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-10 08:28:22 731616 ----a-w- C:\windows\System32\PerfStringBackup.TMP
2012-08-07 23:23:58 110080 ----a-r- C:\Users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-07 23:23:58 110080 ----a-r- C:\Users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-07 23:23:58 110080 ----a-r- C:\Users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-07 23:23:58 -------- d-----w- C:\sh4ldr
2012-08-07 23:23:57 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-07 23:22:16 -------- d--h--w- C:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-07 23:22:13 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-07 20:54:54 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-25 04:10:25 -------- d-----w- C:\Users\CA\AppData\Local\assembly
2012-07-25 03:44:32 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-07-25 03:14:37 -------- d-----w- C:\Users\CA\AppData\Local\Growl
2012-07-25 03:14:37 -------- d-----w- C:\ProgramData\Growl
2012-07-25 03:14:34 -------- d-----w- C:\Program Files (x86)\Growl for Windows
2012-07-25 03:14:13 -------- d-----w- C:\ProgramData\EgnyteBackup
2012-07-25 03:14:07 -------- d-----w- C:\Program Files (x86)\Egnyte Backup
2012-07-20 15:30:28 -------- d-----w- C:\Users\CA\temp
2012-07-12 06:46:02 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-12 06:46:02 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
.
==================== Find3M ====================
.
2012-08-02 17:36:12 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 17:36:12 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ---ha-w- C:\windows\System32\drivers\mbam.sys
2012-02-01 15:06:26 68910272 ----a-w- C:\Program Files\msert.exe
.
============= FINISH: 22:55:55.44 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 11 August 2012 - 02:02 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ken2024

ken2024
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 11 August 2012 - 12:01 PM

Results of screen317's Security Check version 0.99.43
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 17
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.60
Google Chrome 21.0.1180.75
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````


Combofix is not completing. It runs until about 90% and then I hear a beep and it closes.
\

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 11 August 2012 - 12:32 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 14 August 2012 - 12:22 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ken2024

ken2024
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 15 August 2012 - 01:38 AM

Hi Gringo,

I have had trouble booting in safe mode. Will try it again. The redirect virus has not popped up in a few days though. Odd?

#7 ken2024

ken2024
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 15 August 2012 - 01:59 AM

ComboFix 12-08-10.01 - CA 08/14/2012 23:47:12.1.2 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2641 [GMT -7:00]
Running from: C:\Users\CA\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
C:\Users\CA\AppData\Local\.#
C:\Users\CA\AppData\Local\assembly\tmp
C:\Users\CA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
C:\Users\CA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\System Check.lnk
C:\Users\CA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check\Uninstall System Check.lnk
C:\windows\assembly\GAC_32\Desktop.ini
C:\windows\assembly\GAC_64\Desktop.ini
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\@
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\L\00000004.@
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\L\201d3dde
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\U\00000004.@
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\U\00000008.@
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\U\000000cb.@
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\U\80000000.@
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\U\80000032.@
C:\windows\Installer\{cd906ab4-1539-6679-a9ff-5e8c3ffab27f}\U\80000064.@

C:\windows\system32\Services.exe . . . is infected!!


((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))


2012-08-15 06:51:59 . 2012-08-15 06:51:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-13 17:09:22 . 2012-08-13 17:09:23 -------- d-----w- C:\fw4.0.tmp
2012-08-10 23:06:14 . 2012-08-10 23:06:14 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-10 08:28:22 . 2012-08-15 04:48:04 731616 ----a-w- C:\windows\system32\PerfStringBackup.TMP
2012-08-07 23:23:58 . 2012-08-07 23:24:22 -------- d-----w- C:\sh4ldr
2012-08-07 23:23:58 . 2012-08-07 23:23:58 110080 ----a-r- C:\Users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-07 23:23:58 . 2012-08-07 23:23:58 110080 ----a-r- C:\Users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-07 23:23:58 . 2012-08-07 23:23:58 110080 ----a-r- C:\Users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-07 23:23:57 . 2012-08-07 23:23:58 -------- d-----w- C:\Program Files\Enigma Software Group
2012-08-07 23:22:16 . 2012-08-07 23:24:00 -------- d--h--w- C:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-07 23:22:13 . 2012-08-07 23:22:13 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-07 20:54:54 . 2012-08-07 20:54:54 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-25 04:10:25 . 2012-08-15 06:51:36 -------- d-----w- C:\Users\CA\AppData\Local\assembly
2012-07-25 03:47:21 . 2012-07-25 03:47:22 -------- d-----w- C:\Program Files (x86)\Microsoft.NET
2012-07-25 03:44:32 . 2012-07-25 03:44:32 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-07-25 03:43:18 . 2012-07-25 03:43:18 -------- d-----r- C:\MSOCache
2012-07-25 03:14:37 . 2012-07-25 03:14:37 -------- d-----w- C:\Users\CA\AppData\Local\Growl
2012-07-25 03:14:37 . 2012-07-25 03:14:37 -------- d-----w- C:\ProgramData\Growl
2012-07-25 03:14:34 . 2012-07-25 03:14:36 -------- d-----w- C:\Program Files (x86)\Growl for Windows
2012-07-25 03:14:13 . 2012-08-15 06:52:57 -------- d-----w- C:\ProgramData\EgnyteBackup
2012-07-25 03:14:07 . 2012-07-25 03:14:32 -------- d-----w- C:\Program Files (x86)\Egnyte Backup
2012-07-20 15:30:28 . 2012-07-20 15:30:28 -------- d-----w- C:\Users\CA\temp
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-15 05:36:24 . 2012-05-14 08:47:27 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:36:23 . 2011-11-01 05:13:35 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46:44 . 2012-02-01 08:55:05 24904 ---ha-w- C:\windows\system32\drivers\mbam.sys
2012-02-01 15:06:26 . 2012-02-01 15:06:22 68910272 ----a-w- C:\Program Files\msert.exe


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[7] 2009-07-14 01:39:37 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 01:39:37 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\windows\system32\services.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\CA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\CA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 94208 ----a-w- C:\Users\CA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="C:\Users\CA\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 23:50:14 351888]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 07:58:36 718208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 18:42:42 98304]
"SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 03:01:10 352256]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 00:44:58 423936]
"KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 23:21:16 34160]
"TWebCamera"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 09:54:48 2454840]
"Intuit SyncManager"="C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 07:28:32 1497352]
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-01-06 22:21:37 296056]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 20:46:44 462920]
"Backup Notifications"="C:\Program Files (x86)\Egnyte Backup\egnyte_backup_systray.exe" [2011-08-18 22:33:08 47616]

C:\Users\CA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\CA\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58:12 136176]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 18:28:36 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 05:36:24 250056]
R3 ALSysIO;ALSysIO;C:\Users\CA\AppData\Local\Temp\ALSysIO64.sys [x]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 01:17:20 13088]
R3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58:12 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 20:33:50 113120]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 04:34:24 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 17:05:46 232992]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2010-03-15 17:56:20 202752]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 09:33:14 821664]
S2 egnyteBackup;Egnyte Backup Service;C:\Program Files (x86)\Egnyte Backup\EgnyteBackupService.exe [2011-08-18 22:33:08 23552]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 20:46:44 655944]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 05:23:32 483688]
S2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 14:31:32 2673064]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-04-06 22:53:14 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 03:15:22 14472]
S3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 18:06:28 6403072]
S3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 17:00:58 188928]
S3 MBAMProtector;MBAMProtector;C:\windows\system32\drivers\mbam.sys [2012-07-03 20:46:44 24904]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 01:06:38 35008]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 22:37:34 325152]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 19:32:20 932384]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 05:23:26 721768]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 05:23:32 269672]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 05:23:34 25960]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 05:23:38 22376]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 05:23:38 209768]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 00:44:48 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 01:57:42 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]


Contents of the 'Scheduled Tasks' folder

2012-08-15 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 08:47:28 . 2012-08-15 05:36:24]

2012-08-15 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58:14 . 2010-07-23 00:58:12]

2012-08-15 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58:14 . 2010-07-23 00:58:12]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20 97792 ----a-w- C:\Users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 19:21:16 10134560]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 19:21:16 896032]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22:31:34 24376]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 00:45:06 709976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
LSP: mswsock.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\CA\AppData\Roaming\Mozilla\Firefox\Profiles\zmd0ekij.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/1/#inbox|https://mail.google.com/mail/u/2/?shva=1#inbox

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 15 August 2012 - 09:13 AM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FCopy::
C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | C:\windows\system32\services.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 ken2024

ken2024
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 August 2012 - 02:33 AM

ComboFix 12-08-10.01 - CA 08/15/2012 21:57:24.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3836.2633 [GMT -7:00]
Running from: c:\users\CA\Desktop\ComboFix.exe
Command switches used :: c:\users\CA\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CA\AppData\Local\assembly\tmp
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 05:22 . 2012-08-16 05:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 17:09 . 2012-08-13 17:09 -------- d-----w- C:\fw4.0.tmp
2012-08-10 23:06 . 2012-08-10 23:06 -------- d-----w- c:\program files (x86)\ESET
2012-08-10 08:28 . 2012-08-15 07:08 731616 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-08-07 23:23 . 2012-08-07 23:24 -------- d-----w- C:\sh4ldr
2012-08-07 23:23 . 2012-08-07 23:23 110080 ----a-r- c:\users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconF7A21AF7.exe
2012-08-07 23:23 . 2012-08-07 23:23 110080 ----a-r- c:\users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\IconD7F16134.exe
2012-08-07 23:23 . 2012-08-07 23:23 110080 ----a-r- c:\users\CA\AppData\Roaming\Microsoft\Installer\{F896D026-9016-4122-B9BD-957FF092FFE9}\Icon1226A4C5.exe
2012-08-07 23:23 . 2012-08-07 23:23 -------- d-----w- c:\program files\Enigma Software Group
2012-08-07 23:22 . 2012-08-07 23:24 -------- d--h--w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP
2012-08-07 23:22 . 2012-08-07 23:22 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-08-07 20:54 . 2012-08-07 20:54 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-25 04:10 . 2012-08-16 05:22 -------- d-----w- c:\users\CA\AppData\Local\assembly
2012-07-25 03:47 . 2012-07-25 03:47 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-25 03:44 . 2012-07-25 03:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-07-25 03:43 . 2012-07-25 03:43 -------- d-----r- C:\MSOCache
2012-07-25 03:14 . 2012-07-25 03:14 -------- d-----w- c:\users\CA\AppData\Local\Growl
2012-07-25 03:14 . 2012-07-25 03:14 -------- d-----w- c:\programdata\Growl
2012-07-25 03:14 . 2012-07-25 03:14 -------- d-----w- c:\program files (x86)\Growl for Windows
2012-07-25 03:14 . 2012-08-16 05:23 -------- d-----w- c:\programdata\EgnyteBackup
2012-07-25 03:14 . 2012-07-25 03:14 -------- d-----w- c:\program files (x86)\Egnyte Backup
2012-07-20 15:30 . 2012-07-20 15:30 -------- d-----w- c:\users\CA\temp
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 05:36 . 2012-05-14 08:47 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-15 05:36 . 2011-11-01 05:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-02-01 08:55 24904 ---ha-w- c:\windows\system32\drivers\mbam.sys
2012-02-01 15:06 . 2012-02-01 15:06 68910272 ----a-w- c:\program files\msert.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_06.53.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 05:22 . 2012-08-16 05:22 13282 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-15 06:40 . 2012-08-15 06:40 13282 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-17 18:25 . 2012-08-16 04:37 53154 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-16 04:54 40456 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-05 22:13 . 2012-08-16 04:54 10536 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3707607516-2852622338-3952478962-1001_UserData.bin
- 2010-12-04 21:04 . 2012-08-15 06:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-04 21:04 . 2012-08-16 05:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-04 21:04 . 2012-08-16 05:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-04 21:04 . 2012-08-15 06:54 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-04 21:04 . 2012-08-16 05:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-04 21:04 . 2012-08-15 06:54 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-04 20:55 . 2012-08-16 05:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-04 20:55 . 2012-08-15 06:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-04 20:55 . 2012-08-16 05:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-04 20:55 . 2012-08-15 06:54 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-16 05:23 . 2012-08-16 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-15 06:52 . 2012-08-15 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-16 05:23 . 2012-08-16 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-15 06:52 . 2012-08-15 06:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-15 06:53 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 05:24 344064 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-16 05:24 917504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-15 06:53 917504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 05:01 . 2012-08-15 06:40 352012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-16 05:22 352012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-15 06:53 3244032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-16 05:24 3244032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-17 06:47 . 2012-08-16 05:22 18599812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3707607516-2852622338-3952478962-1001-8192.dat
- 2011-05-17 06:47 . 2012-08-15 06:40 18599812 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3707607516-2852622338-3952478962-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\CA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\CA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\CA\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCShowServer"="c:\users\CA\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe" [2012-04-02 351888]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-02-22 1497352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-01-06 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"Backup Notifications"="c:\program files (x86)\Egnyte Backup\egnyte_backup_systray.exe" [2011-08-18 47616]
.
c:\users\CA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\CA\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-4-5 1149440]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 ALSysIO;ALSysIO;c:\users\CA\AppData\Local\Temp\ALSysIO64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [2011-03-03 13088]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 egnyteBackup;Egnyte Backup Service;c:\program files (x86)\Egnyte Backup\EgnyteBackupService.exe [2011-08-18 23552]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-04-28 932384]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 05:36]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-23 00:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\CA\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\CA\AppData\Roaming\Mozilla\Firefox\Profiles\zmd0ekij.default\
FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/u/1/#inbox|https://mail.google.com/mail/u/2/?shva=1#inbox
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.21.115\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\users\CA\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
.
**************************************************************************
.
Completion time: 2012-08-16 00:31:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 07:22
ComboFix2.txt 2012-08-15 06:57
.
Pre-Run: 411,213,705,216 bytes free
Post-Run: 410,584,780,800 bytes free
.
- - End Of File - - E75375C9986788BA4E05C4FF26613BD8

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 16 August 2012 - 08:28 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 ken2024

ken2024
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 August 2012 - 10:03 PM

20:02:07.0855 3148 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
20:02:08.0305 3148 ============================================================
20:02:08.0305 3148 Current date / time: 2012/08/16 20:02:08.0305
20:02:08.0305 3148 SystemInfo:
20:02:08.0305 3148
20:02:08.0305 3148 OS Version: 6.1.7600 ServicePack: 0.0
20:02:08.0305 3148 Product type: Workstation
20:02:08.0305 3148 ComputerName: CA-PC
20:02:08.0305 3148 UserName: CA
20:02:08.0305 3148 Windows directory: C:\windows
20:02:08.0305 3148 System windows directory: C:\windows
20:02:08.0305 3148 Running under WOW64
20:02:08.0305 3148 Processor architecture: Intel x64
20:02:08.0305 3148 Number of processors: 2
20:02:08.0305 3148 Page size: 0x1000
20:02:08.0305 3148 Boot type: Normal boot
20:02:08.0305 3148 ============================================================
20:02:10.0968 3148 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:02:10.0978 3148 ============================================================
20:02:10.0978 3148 \Device\Harddisk0\DR0:
20:02:10.0978 3148 MBR partitions:
20:02:10.0978 3148 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38AD8800
20:02:10.0978 3148 ============================================================
20:02:11.0008 3148 C: <-> \Device\Harddisk0\DR0\Partition1
20:02:11.0008 3148 ============================================================
20:02:11.0008 3148 Initialize success
20:02:11.0008 3148 ============================================================
20:02:14.0665 3992 ============================================================
20:02:14.0665 3992 Scan started
20:02:14.0665 3992 Mode: Manual;
20:02:14.0665 3992 ============================================================
20:02:16.0459 3992 ================ Scan services =============================
20:02:16.0817 3992 [ 969c91060cbb5d17cb8440b5f78b4c51 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
20:02:16.0817 3992 1394ohci - ok
20:02:16.0880 3992 [ 6f11e88748cdefd2f76aa215f97ddfe5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
20:02:16.0880 3992 ACPI - ok
20:02:16.0911 3992 [ 63b05a0420ce4bf0e4af6dcc7cada254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
20:02:16.0911 3992 AcpiPmi - ok
20:02:17.0488 3992 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:02:17.0488 3992 AdobeFlashPlayerUpdateSvc - ok
20:02:17.0597 3992 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
20:02:17.0597 3992 adp94xx - ok
20:02:17.0675 3992 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
20:02:17.0675 3992 adpahci - ok
20:02:17.0738 3992 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
20:02:17.0738 3992 adpu320 - ok
20:02:17.0909 3992 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:02:17.0909 3992 AeLookupSvc - ok
20:02:18.0003 3992 [ b9384e03479d2506bc924c16a3db87bc ] AFD C:\windows\system32\drivers\afd.sys
20:02:18.0019 3992 AFD - ok
20:02:18.0253 3992 [ 98022774d9930ecbb292e70db7601df6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
20:02:18.0253 3992 AgereSoftModem - ok
20:02:18.0346 3992 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
20:02:18.0346 3992 agp440 - ok
20:02:18.0362 3992 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\windows\System32\alg.exe
20:02:18.0362 3992 ALG - ok
20:02:18.0377 3992 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
20:02:18.0377 3992 aliide - ok
20:02:18.0627 3992 ALSysIO - ok
20:02:18.0689 3992 [ 57b773d82e8cc3c6d7e02cc8a6632043 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
20:02:18.0689 3992 AMD External Events Utility - ok
20:02:18.0736 3992 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\windows\system32\DRIVERS\amdide.sys
20:02:18.0752 3992 amdide - ok
20:02:18.0767 3992 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
20:02:18.0767 3992 AmdK8 - ok
20:02:19.0142 3992 [ aefaf27f1b7e52c705df4fb6c96732f6 ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys
20:02:19.0173 3992 amdkmdag - ok
20:02:19.0267 3992 [ 8149db73be27950ec72767a1193153a6 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
20:02:19.0267 3992 amdkmdap - ok
20:02:19.0329 3992 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:02:19.0329 3992 AmdPPM - ok
20:02:19.0423 3992 [ 53d8d46d51d390abdb54eca623165cb7 ] amdsata C:\windows\system32\DRIVERS\amdsata.sys
20:02:19.0423 3992 amdsata - ok
20:02:19.0485 3992 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
20:02:19.0485 3992 amdsbs - ok
20:02:19.0532 3992 [ 75c51148154e34eb3d7bb84749a758d5 ] amdxata C:\windows\system32\DRIVERS\amdxata.sys
20:02:19.0532 3992 amdxata - ok
20:02:19.0547 3992 [ 42fd751b27fa0e9c69bb39f39e409594 ] AppID C:\windows\system32\drivers\appid.sys
20:02:19.0547 3992 AppID - ok
20:02:19.0813 3992 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:02:19.0813 3992 AppIDSvc - ok
20:02:19.0828 3992 [ d065be66822847b7f127d1f90158376e ] Appinfo C:\windows\System32\appinfo.dll
20:02:19.0828 3992 Appinfo - ok
20:02:19.0875 3992 [ c484f8ceb1717c540242531db7845c4e ] arc C:\windows\system32\DRIVERS\arc.sys
20:02:19.0875 3992 arc - ok
20:02:19.0906 3992 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
20:02:19.0906 3992 arcsas - ok
20:02:19.0937 3992 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:02:19.0937 3992 AsyncMac - ok
20:02:19.0953 3992 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\windows\system32\DRIVERS\atapi.sys
20:02:19.0953 3992 atapi - ok
20:02:20.0015 3992 [ 7c5d273e29dcc5505469b299c6f29163 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
20:02:20.0015 3992 AtiPcie - ok
20:02:20.0171 3992 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:02:20.0171 3992 AudioEndpointBuilder - ok
20:02:20.0218 3992 [ 07721a77180edd4d39ccb865bf63c7fd ] AudioSrv C:\windows\System32\Audiosrv.dll
20:02:20.0218 3992 AudioSrv - ok
20:02:20.0265 3992 [ b20b5fa5ca050e9926e4d1db81501b32 ] AxInstSV C:\windows\System32\AxInstSV.dll
20:02:20.0281 3992 AxInstSV - ok
20:02:20.0343 3992 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
20:02:20.0343 3992 b06bdrv - ok
20:02:20.0390 3992 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:02:20.0390 3992 b57nd60a - ok
20:02:20.0421 3992 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\windows\System32\bdesvc.dll
20:02:20.0421 3992 BDESVC - ok
20:02:20.0452 3992 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:02:20.0452 3992 Beep - ok
20:02:20.0483 3992 [ 4992c609a6315671463e30f6512bc022 ] BFE C:\windows\System32\bfe.dll
20:02:20.0483 3992 BFE - ok
20:02:20.0577 3992 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:02:20.0577 3992 blbdrive - ok
20:02:20.0608 3992 [ 91ce0d3dc57dd377e690a2d324022b08 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:02:20.0608 3992 bowser - ok
20:02:20.0624 3992 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
20:02:20.0624 3992 BrFiltLo - ok
20:02:20.0639 3992 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
20:02:20.0639 3992 BrFiltUp - ok
20:02:20.0686 3992 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:02:20.0686 3992 BridgeMP - ok
20:02:20.0749 3992 [ 94fbc06f294d58d02361918418f996e3 ] Browser C:\windows\System32\browser.dll
20:02:20.0749 3992 Browser - ok
20:02:20.0780 3992 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:02:20.0780 3992 Brserid - ok
20:02:20.0827 3992 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:02:20.0827 3992 BrSerWdm - ok
20:02:20.0842 3992 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:02:20.0842 3992 BrUsbMdm - ok
20:02:20.0889 3992 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:02:20.0889 3992 BrUsbSer - ok
20:02:20.0951 3992 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
20:02:20.0951 3992 BTHMODEM - ok
20:02:21.0029 3992 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\windows\system32\bthserv.dll
20:02:21.0029 3992 bthserv - ok
20:02:21.0092 3992 catchme - ok
20:02:21.0139 3992 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:02:21.0139 3992 cdfs - ok
20:02:21.0201 3992 [ 83d2d75e1efb81b3450c18131443f7db ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:02:21.0201 3992 cdrom - ok
20:02:21.0232 3992 [ 312e2f82af11e79906898ac3e3d58a1f ] CertPropSvc C:\windows\System32\certprop.dll
20:02:21.0232 3992 CertPropSvc - ok
20:02:21.0263 3992 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\windows\system32\DRIVERS\circlass.sys
20:02:21.0263 3992 circlass - ok
20:02:21.0419 3992 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\windows\system32\CLFS.sys
20:02:21.0419 3992 CLFS - ok
20:02:21.0841 3992 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:02:21.0841 3992 clr_optimization_v2.0.50727_32 - ok
20:02:21.0934 3992 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:02:21.0934 3992 clr_optimization_v2.0.50727_64 - ok
20:02:21.0981 3992 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:02:21.0981 3992 CmBatt - ok
20:02:21.0997 3992 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
20:02:21.0997 3992 cmdide - ok
20:02:22.0059 3992 [ f95fd4cb7da00ba2a63ce9f6b5c053e1 ] CNG C:\windows\system32\Drivers\cng.sys
20:02:22.0075 3992 CNG - ok
20:02:22.0106 3992 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
20:02:22.0106 3992 Compbatt - ok
20:02:22.0153 3992 [ f26b3a86f6fa87ca360b879581ab4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
20:02:22.0153 3992 CompositeBus - ok
20:02:22.0153 3992 COMSysApp - ok
20:02:22.0215 3992 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
20:02:22.0215 3992 crcdisk - ok
20:02:22.0277 3992 [ 8c57411b66282c01533cb776f98ad384 ] CryptSvc C:\windows\system32\cryptsvc.dll
20:02:22.0293 3992 CryptSvc - ok
20:02:22.0511 3992 [ 61a86809b62769643892bc0812b204aa ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
20:02:22.0527 3992 cvhsvc - ok
20:02:22.0652 3992 [ 7266972e86890e2b30c0c322e906b027 ] DcomLaunch C:\windows\system32\rpcss.dll
20:02:22.0652 3992 DcomLaunch - ok
20:02:22.0683 3992 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\windows\System32\defragsvc.dll
20:02:22.0683 3992 defragsvc - ok
20:02:22.0730 3992 [ 3f1dc527070acb87e40afe46ef6da749 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:02:22.0730 3992 DfsC - ok
20:02:22.0777 3992 [ ce3b9562d997f69b330d181a8875960f ] Dhcp C:\windows\system32\dhcpcore.dll
20:02:22.0777 3992 Dhcp - ok
20:02:22.0839 3992 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\windows\system32\drivers\discache.sys
20:02:22.0839 3992 discache - ok
20:02:22.0870 3992 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\windows\system32\DRIVERS\disk.sys
20:02:22.0870 3992 Disk - ok
20:02:22.0901 3992 [ 676108c4e3aa6f6b34633748bd0bebd9 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:02:22.0901 3992 Dnscache - ok
20:02:22.0917 3992 [ 14452acdb09b70964c8c21bf80a13acb ] dot3svc C:\windows\System32\dot3svc.dll
20:02:22.0917 3992 dot3svc - ok
20:02:22.0995 3992 [ 8c2ba6bea949ee6e68385f5692bafb94 ] DPS C:\windows\system32\dps.dll
20:02:22.0995 3992 DPS - ok
20:02:23.0057 3992 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:02:23.0057 3992 drmkaud - ok
20:02:23.0338 3992 [ ebce0b0924835f635f620d19f0529dce ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:02:23.0338 3992 DXGKrnl - ok
20:02:23.0385 3992 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\windows\System32\eapsvc.dll
20:02:23.0385 3992 EapHost - ok
20:02:23.0650 3992 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
20:02:23.0666 3992 ebdrv - ok
20:02:23.0697 3992 [ 0793f40b9b8a1bdd266296409dbd91ea ] EFS C:\windows\System32\lsass.exe
20:02:23.0713 3992 EFS - ok
20:02:23.0837 3992 [ d7d0cb012a2f80d05010237bdd642cd0 ] egnyteBackup C:\Program Files (x86)\Egnyte Backup\EgnyteBackupService.exe
20:02:23.0837 3992 egnyteBackup - ok
20:02:23.0915 3992 [ 3d69fae60ede442e004611a4ee4db44c ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:02:23.0915 3992 ehRecvr - ok
20:02:24.0009 3992 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\windows\ehome\ehsched.exe
20:02:24.0009 3992 ehSched - ok
20:02:24.0071 3992 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
20:02:24.0071 3992 elxstor - ok
20:02:24.0103 3992 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
20:02:24.0103 3992 ErrDev - ok
20:02:24.0259 3992 [ df96c3cd6ae15f6d0a6bcb70f9c1e88d ] esgiguard C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
20:02:24.0259 3992 esgiguard - ok
20:02:24.0368 3992 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\windows\system32\es.dll
20:02:24.0383 3992 EventSystem - ok
20:02:24.0461 3992 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\windows\system32\drivers\exfat.sys
20:02:24.0477 3992 exfat - ok
20:02:24.0539 3992 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\windows\system32\drivers\fastfat.sys
20:02:24.0539 3992 fastfat - ok
20:02:24.0633 3992 [ d607b2f1bee3992aa6c2c92c0a2f0855 ] Fax C:\windows\system32\fxssvc.exe
20:02:24.0633 3992 Fax - ok
20:02:24.0695 3992 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\windows\system32\DRIVERS\fdc.sys
20:02:24.0695 3992 fdc - ok
20:02:24.0727 3992 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\windows\system32\fdPHost.dll
20:02:24.0727 3992 fdPHost - ok
20:02:24.0789 3992 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:02:24.0805 3992 FDResPub - ok
20:02:24.0929 3992 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:02:24.0929 3992 FileInfo - ok
20:02:24.0945 3992 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:02:24.0945 3992 Filetrace - ok
20:02:25.0054 3992 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
20:02:25.0054 3992 flpydisk - ok
20:02:25.0101 3992 [ f7866af72abbaf84b1fa5aa195378c59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:02:25.0101 3992 FltMgr - ok
20:02:25.0257 3992 [ 8ac4cb4ea61e41009fae9ae7b2b5da3a ] FontCache C:\windows\system32\FntCache.dll
20:02:25.0257 3992 FontCache - ok
20:02:25.0304 3992 [ 8d89e3131c27fdd6932189cb785e1b7a ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:02:25.0304 3992 FontCache3.0.0.0 - ok
20:02:25.0491 3992 [ d43703496149971890703b4b1b723eac ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:02:25.0491 3992 FsDepends - ok
20:02:25.0553 3992 [ e95ef8547de20cf0603557c0cf7a9462 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:02:25.0553 3992 Fs_Rec - ok
20:02:25.0725 3992 [ b8b2a6e1558f8f5de5ce431c5b2c7b09 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:02:25.0725 3992 fvevol - ok
20:02:25.0803 3992 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
20:02:25.0803 3992 gagp30kx - ok
20:02:25.0881 3992 [ fe5ab4525bc2ec68b9119a6e5d40128b ] gpsvc C:\windows\System32\gpsvc.dll
20:02:25.0881 3992 gpsvc - ok
20:02:25.0990 3992 [ f02a533f517eb38333cb12a9e8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:25.0990 3992 gupdate - ok
20:02:26.0099 3992 [ f02a533f517eb38333cb12a9e8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:02:26.0099 3992 gupdatem - ok
20:02:26.0162 3992 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:02:26.0162 3992 hcw85cir - ok
20:02:26.0287 3992 [ 6410f6f415b2a5a9037224c41da8bf12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:02:26.0287 3992 HdAudAddService - ok
20:02:26.0365 3992 [ 0a49913402747a0b67de940fb42cbdbb ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
20:02:26.0365 3992 HDAudBus - ok
20:02:26.0427 3992 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
20:02:26.0427 3992 HidBatt - ok
20:02:26.0474 3992 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
20:02:26.0489 3992 HidBth - ok
20:02:26.0536 3992 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
20:02:26.0536 3992 HidIr - ok
20:02:26.0567 3992 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\windows\System32\hidserv.dll
20:02:26.0567 3992 hidserv - ok
20:02:26.0614 3992 [ b3bf6b5b50006def50b66306d99fcf6f ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
20:02:26.0614 3992 HidUsb - ok
20:02:26.0645 3992 [ efa58ede58dd74388ffd04cb32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
20:02:26.0645 3992 hkmsvc - ok
20:02:26.0692 3992 [ 046b2673767ca626e2cfb7fdf735e9e8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:02:26.0692 3992 HomeGroupListener - ok
20:02:26.0755 3992 [ 06a7422224d9865a5613710a089987df ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:02:26.0770 3992 HomeGroupProvider - ok
20:02:26.0817 3992 [ 0886d440058f203eba0e1825e4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
20:02:26.0833 3992 HpSAMD - ok
20:02:26.0911 3992 [ cee049cac4efa7f4e1e4ad014414a5d4 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:02:26.0926 3992 HTTP - ok
20:02:26.0973 3992 [ f17766a19145f111856378df337a5d79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:02:26.0973 3992 hwpolicy - ok
20:02:27.0067 3992 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
20:02:27.0067 3992 i8042prt - ok
20:02:27.0129 3992 [ d83efb6fd45df9d55e9a1afc63640d50 ] iaStorV C:\windows\system32\DRIVERS\iaStorV.sys
20:02:27.0145 3992 iaStorV - ok
20:02:27.0301 3992 [ 2f2be70d3e02b6fa877921ab9516d43c ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:02:27.0347 3992 idsvc - ok
20:02:27.0379 3992 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
20:02:27.0379 3992 iirsp - ok
20:02:27.0457 3992 [ c5b4683680df085b57bc53e5ef34861f ] IKEEXT C:\windows\System32\ikeext.dll
20:02:27.0488 3992 IKEEXT - ok
20:02:28.0689 3992 [ 490947a9aff7ca31ef2e08f5776105eb ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:02:28.0705 3992 IntcAzAudAddService - ok
20:02:28.0720 3992 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\windows\system32\DRIVERS\intelide.sys
20:02:28.0720 3992 intelide - ok
20:02:28.0751 3992 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:02:28.0751 3992 intelppm - ok
20:02:28.0783 3992 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:02:28.0783 3992 IPBusEnum - ok
20:02:28.0798 3992 [ 722dd294df62483cecaae6e094b4d695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:02:28.0798 3992 IpFilterDriver - ok
20:02:28.0923 3992 [ f8e058d17363ec580e4b7232778b6cb5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:02:28.0923 3992 iphlpsvc - ok
20:02:28.0954 3992 [ e2b4a4494db7cb9b89b55ca268c337c5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
20:02:28.0954 3992 IPMIDRV - ok
20:02:29.0017 3992 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:02:29.0017 3992 IPNAT - ok
20:02:29.0563 3992 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:02:29.0563 3992 IRENUM - ok
20:02:29.0578 3992 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
20:02:29.0578 3992 isapnp - ok
20:02:29.0641 3992 [ fa4d2557de56d45b0a346f93564be6e1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
20:02:29.0641 3992 iScsiPrt - ok
20:02:29.0797 3992 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
20:02:29.0797 3992 kbdclass - ok
20:02:29.0828 3992 [ 6def98f8541e1b5dceb2c822a11f7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
20:02:29.0828 3992 kbdhid - ok
20:02:29.0875 3992 [ 0793f40b9b8a1bdd266296409dbd91ea ] KeyIso C:\windows\system32\lsass.exe
20:02:29.0875 3992 KeyIso - ok
20:02:29.0984 3992 [ e8b6fcc9c83535c67f835d407620bd27 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:02:29.0984 3992 KSecDD - ok
20:02:30.0077 3992 [ a8c63880ef6f4d3fec7b616b9c060215 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:02:30.0077 3992 KSecPkg - ok
20:02:30.0124 3992 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:02:30.0124 3992 ksthunk - ok
20:02:30.0343 3992 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\windows\system32\msdtckrm.dll
20:02:30.0358 3992 KtmRm - ok
20:02:30.0405 3992 [ c926920b8978de6acfe9e15c709e9b57 ] LanmanServer C:\windows\System32\srvsvc.dll
20:02:30.0405 3992 LanmanServer - ok
20:02:30.0436 3992 [ 27026eac8818e8a6c00a1cad2f11d29a ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:02:30.0436 3992 LanmanWorkstation - ok
20:02:30.0499 3992 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:02:30.0499 3992 lltdio - ok
20:02:30.0545 3992 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\windows\System32\lltdsvc.dll
20:02:30.0545 3992 lltdsvc - ok
20:02:30.0577 3992 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:02:30.0577 3992 lmhosts - ok
20:02:30.0632 3992 [ 41e122f6d1448c94cc05196bc41d6bfb ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
20:02:30.0632 3992 LPCFilter - ok
20:02:30.0732 3992 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
20:02:30.0732 3992 LSI_FC - ok
20:02:30.0742 3992 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
20:02:30.0752 3992 LSI_SAS - ok
20:02:30.0782 3992 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
20:02:30.0792 3992 LSI_SAS2 - ok
20:02:30.0882 3992 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
20:02:30.0882 3992 LSI_SCSI - ok
20:02:30.0952 3992 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\windows\system32\drivers\luafv.sys
20:02:30.0952 3992 luafv - ok
20:02:31.0032 3992 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
20:02:31.0032 3992 MBAMProtector - ok
20:02:31.0182 3992 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:02:31.0192 3992 MBAMService - ok
20:02:31.0252 3992 [ f84c8f1000bc11e3b7b23cbd3baff111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:02:31.0252 3992 Mcx2Svc - ok
20:02:31.0342 3992 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
20:02:31.0342 3992 megasas - ok
20:02:31.0382 3992 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
20:02:31.0392 3992 MegaSR - ok
20:02:31.0412 3992 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\windows\system32\mmcss.dll
20:02:31.0422 3992 MMCSS - ok
20:02:31.0442 3992 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\windows\system32\drivers\modem.sys
20:02:31.0442 3992 Modem - ok
20:02:31.0512 3992 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:02:31.0522 3992 monitor - ok
20:02:31.0542 3992 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
20:02:31.0542 3992 mouclass - ok
20:02:31.0582 3992 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:02:31.0582 3992 mouhid - ok
20:02:31.0602 3992 [ 791af66c4d0e7c90a3646066386fb571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:02:31.0612 3992 mountmgr - ok
20:02:31.0692 3992 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:02:31.0692 3992 MozillaMaintenance - ok
20:02:31.0762 3992 [ 609d1d87649ecc19796f4d76d4c15cea ] mpio C:\windows\system32\DRIVERS\mpio.sys
20:02:31.0762 3992 mpio - ok
20:02:31.0872 3992 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:02:31.0872 3992 mpsdrv - ok
20:02:31.0992 3992 [ aecab449567d1846dad63ece49e893e3 ] MpsSvc C:\windows\system32\mpssvc.dll
20:02:32.0002 3992 MpsSvc - ok
20:02:32.0052 3992 [ 30524261bb51d96d6fcbac20c810183c ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:02:32.0062 3992 MRxDAV - ok
20:02:32.0142 3992 [ 767a4c3bcf9410c286ced15a2db17108 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:02:32.0142 3992 mrxsmb - ok
20:02:32.0192 3992 [ 920ee0ff995fcfdeb08c41605a959e1c ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:02:32.0202 3992 mrxsmb10 - ok
20:02:32.0272 3992 [ 740d7ea9d72c981510a5292cf6adc941 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:02:32.0272 3992 mrxsmb20 - ok
20:02:32.0302 3992 [ 5c37497276e3b3a5488b23a326a754b7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
20:02:32.0302 3992 msahci - ok
20:02:32.0382 3992 [ 8d27b597229aed79430fb9db3bcbfbd0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
20:02:32.0382 3992 msdsm - ok
20:02:32.0402 3992 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\windows\System32\msdtc.exe
20:02:32.0402 3992 MSDTC - ok
20:02:32.0442 3992 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:02:32.0442 3992 Msfs - ok
20:02:32.0472 3992 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:02:32.0472 3992 mshidkmdf - ok
20:02:32.0502 3992 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
20:02:32.0502 3992 msisadrv - ok
20:02:32.0562 3992 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:02:32.0562 3992 MSiSCSI - ok
20:02:32.0582 3992 msiserver - ok
20:02:32.0612 3992 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:02:32.0612 3992 MSKSSRV - ok
20:02:32.0690 3992 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:02:32.0690 3992 MSPCLOCK - ok
20:02:32.0737 3992 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:02:32.0737 3992 MSPQM - ok
20:02:32.0831 3992 [ 89cb141aa8616d8c6a4610fa26c60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:02:32.0846 3992 MsRPC - ok
20:02:32.0862 3992 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
20:02:32.0862 3992 mssmbios - ok
20:02:33.0018 3992 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:02:33.0018 3992 MSTEE - ok
20:02:33.0049 3992 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
20:02:33.0049 3992 MTConfig - ok
20:02:33.0080 3992 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\windows\system32\Drivers\mup.sys
20:02:33.0080 3992 Mup - ok
20:02:33.0174 3992 [ 4987e079a4530fa737a128be54b63b12 ] napagent C:\windows\system32\qagentRT.dll
20:02:33.0189 3992 napagent - ok
20:02:33.0267 3992 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:02:33.0283 3992 NativeWifiP - ok
20:02:33.0392 3992 [ cad515dbd07d082bb317d9928ce8962c ] NDIS C:\windows\system32\drivers\ndis.sys
20:02:33.0408 3992 NDIS - ok
20:02:33.0439 3992 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:02:33.0439 3992 NdisCap - ok
20:02:33.0501 3992 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:02:33.0501 3992 NdisTapi - ok
20:02:33.0533 3992 [ f105ba1e22bf1f2ee8f005d4305e4bec ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:02:33.0533 3992 Ndisuio - ok
20:02:33.0548 3992 [ 557dfab9ca1fcb036ac77564c010dad3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:02:33.0548 3992 NdisWan - ok
20:02:33.0579 3992 [ 659b74fb74b86228d6338d643cd3e3cf ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:02:33.0579 3992 NDProxy - ok
20:02:33.0611 3992 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:02:33.0611 3992 NetBIOS - ok
20:02:33.0626 3992 [ 9162b273a44ab9dce5b44362731d062a ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:02:33.0626 3992 NetBT - ok
20:02:33.0689 3992 [ 0793f40b9b8a1bdd266296409dbd91ea ] Netlogon C:\windows\system32\lsass.exe
20:02:33.0689 3992 Netlogon - ok
20:02:33.0767 3992 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\windows\System32\netman.dll
20:02:33.0782 3992 Netman - ok
20:02:33.0845 3992 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\windows\System32\netprofm.dll
20:02:33.0845 3992 netprofm - ok
20:02:33.0907 3992 [ 3e5a36127e201ddf663176b66828fafe ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:02:33.0907 3992 NetTcpPortSharing - ok
20:02:33.0969 3992 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
20:02:33.0969 3992 nfrd960 - ok
20:02:34.0001 3992 [ d9a0ce66046d6efa0c61baa885cba0a8 ] NlaSvc C:\windows\System32\nlasvc.dll
20:02:34.0001 3992 NlaSvc - ok
20:02:34.0016 3992 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:02:34.0016 3992 Npfs - ok
20:02:34.0032 3992 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\windows\system32\nsisvc.dll
20:02:34.0032 3992 nsi - ok
20:02:34.0079 3992 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:02:34.0079 3992 nsiproxy - ok
20:02:34.0328 3992 [ 356698a13c4630d5b31c37378d469196 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:02:34.0375 3992 Ntfs - ok
20:02:34.0422 3992 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\windows\system32\drivers\Null.sys
20:02:34.0422 3992 Null - ok
20:02:34.0484 3992 [ 3e38712941e9bb4ddbee00affe3fed3d ] nvraid C:\windows\system32\DRIVERS\nvraid.sys
20:02:34.0484 3992 nvraid - ok
20:02:34.0515 3992 [ 477dc4d6deb99be37084c9ac6d013da1 ] nvstor C:\windows\system32\DRIVERS\nvstor.sys
20:02:34.0515 3992 nvstor - ok
20:02:34.0531 3992 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
20:02:34.0531 3992 nv_agp - ok
20:02:34.0547 3992 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
20:02:34.0547 3992 ohci1394 - ok
20:02:34.0609 3992 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:02:34.0609 3992 ose - ok
20:02:35.0077 3992 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:02:35.0108 3992 osppsvc - ok
20:02:35.0171 3992 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:02:35.0186 3992 p2pimsvc - ok
20:02:35.0249 3992 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\windows\system32\p2psvc.dll
20:02:35.0264 3992 p2psvc - ok
20:02:35.0327 3992 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
20:02:35.0327 3992 Parport - ok
20:02:35.0358 3992 [ 7daa117143316c4a1537e074a5a9eaf0 ] partmgr C:\windows\system32\drivers\partmgr.sys
20:02:35.0358 3992 partmgr - ok
20:02:35.0451 3992 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:02:35.0451 3992 PcaSvc - ok
20:02:35.0514 3992 [ 5aab2b170536885de70a6cba8d7ce52b ] pci C:\windows\system32\DRIVERS\pci.sys
20:02:35.0514 3992 pci - ok
20:02:35.0561 3992 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\windows\system32\DRIVERS\pciide.sys
20:02:35.0561 3992 pciide - ok
20:02:35.0576 3992 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
20:02:35.0592 3992 pcmcia - ok
20:02:35.0623 3992 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\windows\system32\drivers\pcw.sys
20:02:35.0623 3992 pcw - ok
20:02:35.0779 3992 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:02:35.0779 3992 PEAUTH - ok
20:02:36.0247 3992 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\windows\SysWow64\perfhost.exe
20:02:36.0247 3992 PerfHost - ok
20:02:36.0325 3992 [ 663962900e7fea522126ba287715bb4a ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
20:02:36.0325 3992 PGEffect - ok
20:02:36.0434 3992 [ 557e9a86f65f0de18c9b6751dfe9d3f1 ] pla C:\windows\system32\pla.dll
20:02:36.0450 3992 pla - ok
20:02:36.0699 3992 [ 23157d583244400e1d7fbaee2e4b31b7 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:02:36.0699 3992 PlugPlay - ok
20:02:36.0715 3992 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:02:36.0715 3992 PNRPAutoReg - ok
20:02:36.0746 3992 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:02:36.0746 3992 PNRPsvc - ok
20:02:36.0809 3992 [ 166eb40d1f5b47e615de3d0fffe5f243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:02:36.0809 3992 PolicyAgent - ok
20:02:36.0855 3992 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\windows\system32\umpo.dll
20:02:36.0855 3992 Power - ok
20:02:36.0887 3992 [ 27cc19e81ba5e3403c48302127bda717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:02:36.0887 3992 PptpMiniport - ok
20:02:36.0902 3992 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\windows\system32\DRIVERS\processr.sys
20:02:36.0902 3992 Processor - ok
20:02:36.0933 3992 [ f381975e1f4346de875cb07339ce8d3a ] ProfSvc C:\windows\system32\profsvc.dll
20:02:36.0933 3992 ProfSvc - ok
20:02:36.0965 3992 [ 0793f40b9b8a1bdd266296409dbd91ea ] ProtectedStorage C:\windows\system32\lsass.exe
20:02:36.0965 3992 ProtectedStorage - ok
20:02:37.0027 3992 [ ee992183bd8eaefd9973f352e587a299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:02:37.0027 3992 Psched - ok
20:02:37.0152 3992 [ d2c73b0f27d0750887a3da3bd28f930c ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
20:02:37.0152 3992 QBCFMonitorService - ok
20:02:37.0245 3992 [ 6bee1814470dc12fa20c53dfc3c97ebb ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
20:02:37.0245 3992 QBFCService - ok
20:02:37.0511 3992 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
20:02:37.0542 3992 ql2300 - ok
20:02:37.0604 3992 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
20:02:37.0604 3992 ql40xx - ok
20:02:37.0667 3992 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\windows\system32\qwave.dll
20:02:37.0667 3992 QWAVE - ok
20:02:37.0729 3992 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:02:37.0729 3992 QWAVEdrv - ok
20:02:37.0745 3992 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:02:37.0745 3992 RasAcd - ok
20:02:37.0791 3992 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:02:37.0791 3992 RasAgileVpn - ok
20:02:37.0823 3992 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\windows\System32\rasauto.dll
20:02:37.0838 3992 RasAuto - ok
20:02:37.0901 3992 [ 87a6e852a22991580d6d39adc4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:02:37.0901 3992 Rasl2tp - ok
20:02:37.0932 3992 [ 47394ed3d16d053f5906efe5ab51cc83 ] RasMan C:\windows\System32\rasmans.dll
20:02:37.0947 3992 RasMan - ok
20:02:37.0979 3992 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:02:37.0979 3992 RasPppoe - ok
20:02:37.0994 3992 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:02:37.0994 3992 RasSstp - ok
20:02:38.0197 3992 [ 3bac8142102c15d59a87757c1d41dce5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:02:38.0197 3992 rdbss - ok
20:02:38.0228 3992 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
20:02:38.0228 3992 rdpbus - ok
20:02:38.0275 3992 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:02:38.0275 3992 RDPCDD - ok
20:02:38.0337 3992 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:02:38.0337 3992 RDPENCDD - ok
20:02:38.0369 3992 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:02:38.0369 3992 RDPREFMP - ok
20:02:38.0415 3992 [ 8a3e6bea1c53ea6177fe2b6eba2c80d7 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:02:38.0415 3992 RDPWD - ok
20:02:38.0462 3992 [ e5dc9ba9e439d6dbdd79f8caacb5bf01 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:02:38.0462 3992 rdyboost - ok
20:02:38.0493 3992 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:02:38.0509 3992 RemoteAccess - ok
20:02:38.0571 3992 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:02:38.0587 3992 RemoteRegistry - ok
20:02:38.0681 3992 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:02:38.0681 3992 RpcEptMapper - ok
20:02:38.0774 3992 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\windows\system32\locator.exe
20:02:38.0774 3992 RpcLocator - ok
20:02:38.0821 3992 [ 7266972e86890e2b30c0c322e906b027 ] RpcSs C:\windows\system32\rpcss.dll
20:02:38.0821 3992 RpcSs - ok
20:02:38.0915 3992 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:02:38.0915 3992 rspndr - ok
20:02:38.0977 3992 [ 907c4464381b5ebdfdc60f6c7d0dedfc ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
20:02:38.0993 3992 RSUSBSTOR - ok
20:02:39.0055 3992 [ 4e821c740a675f6d040be41d59a62b1d ] RTHDMIAzAudService C:\windows\system32\drivers\RtHDMIVX.sys
20:02:39.0071 3992 RTHDMIAzAudService - ok
20:02:39.0117 3992 [ fd978b2bf8a9b2390dcbef435e9c1f9f ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:02:39.0133 3992 RTL8167 - ok
20:02:39.0242 3992 [ ffc748d848740d1bc8f330a8879c2674 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
20:02:39.0258 3992 RTL8192Ce - ok
20:02:39.0289 3992 [ 0793f40b9b8a1bdd266296409dbd91ea ] SamSs C:\windows\system32\lsass.exe
20:02:39.0289 3992 SamSs - ok
20:02:39.0336 3992 [ e3bbb89983daf5622c1d50cf49f28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
20:02:39.0336 3992 sbp2port - ok
20:02:39.0367 3992 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\windows\System32\SCardSvr.dll
20:02:39.0383 3992 SCardSvr - ok
20:02:39.0429 3992 [ c94da20c7e3ba1dca269bc8460d98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:02:39.0429 3992 scfilter - ok
20:02:39.0523 3992 [ ec56b171f85c7e855e7b0588ac503eea ] Schedule C:\windows\system32\schedsvc.dll
20:02:39.0539 3992 Schedule - ok
20:02:39.0601 3992 [ 312e2f82af11e79906898ac3e3d58a1f ] SCPolicySvc C:\windows\System32\certprop.dll
20:02:39.0601 3992 SCPolicySvc - ok
20:02:39.0617 3992 [ 765a27c3279ce11d14cb9e4f5869fca5 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:02:39.0617 3992 SDRSVC - ok
20:02:39.0663 3992 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:02:39.0663 3992 secdrv - ok
20:02:39.0710 3992 [ 463b386ebc70f98da5dff85f7e654346 ] seclogon C:\windows\system32\seclogon.dll
20:02:39.0710 3992 seclogon - ok
20:02:39.0757 3992 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\windows\system32\sens.dll
20:02:39.0757 3992 SENS - ok
20:02:39.0835 3992 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:02:39.0835 3992 SensrSvc - ok
20:02:39.0851 3992 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\windows\system32\DRIVERS\serenum.sys
20:02:39.0851 3992 Serenum - ok
20:02:39.0897 3992 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\windows\system32\DRIVERS\serial.sys
20:02:39.0913 3992 Serial - ok
20:02:39.0929 3992 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
20:02:39.0929 3992 sermouse - ok
20:02:39.0991 3992 [ c3bc61ce47ff6f4e88ab8a3b429a36af ] SessionEnv C:\windows\system32\sessenv.dll
20:02:39.0991 3992 SessionEnv - ok
20:02:40.0027 3992 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
20:02:40.0027 3992 sffdisk - ok
20:02:40.0037 3992 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
20:02:40.0037 3992 sffp_mmc - ok
20:02:40.0067 3992 [ 178298f767fe638c9fedcbdef58bb5e4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
20:02:40.0067 3992 sffp_sd - ok
20:02:40.0097 3992 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
20:02:40.0097 3992 sfloppy - ok
20:02:40.0237 3992 [ d5183ed285d2795491dc15bddcbee5ad ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
20:02:40.0247 3992 Sftfs - ok
20:02:40.0377 3992 [ bfdb58616ff5ea540a5f58301d50641e ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
20:02:40.0387 3992 sftlist - ok
20:02:40.0507 3992 [ 00f118b68c50d2206dd51634f9142b83 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
20:02:40.0517 3992 Sftplay - ok
20:02:40.0557 3992 [ 76a827df5640bfe16a0cdbb4108adeca ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
20:02:40.0557 3992 Sftredir - ok
20:02:40.0587 3992 [ 1b4c9701645086bab8cafffce30ed284 ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
20:02:40.0587 3992 Sftvol - ok
20:02:40.0627 3992 [ b94c3c4dca2093243c76ca218ede2a97 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
20:02:40.0627 3992 sftvsa - ok
20:02:40.0717 3992 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\windows\System32\ipnathlp.dll
20:02:40.0727 3992 SharedAccess - ok
20:02:40.0957 3992 [ 0298ac45d0efffb2db4baa7dd186e7bf ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:02:40.0967 3992 ShellHWDetection - ok
20:02:41.0027 3992 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
20:02:41.0027 3992 SiSRaid2 - ok
20:02:41.0067 3992 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
20:02:41.0067 3992 SiSRaid4 - ok
20:02:41.0187 3992 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:02:41.0187 3992 SkypeUpdate - ok
20:02:41.0227 3992 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:02:41.0227 3992 Smb - ok
20:02:41.0677 3992 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:02:41.0677 3992 SNMPTRAP - ok
20:02:41.0907 3992 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\windows\system32\drivers\spldr.sys
20:02:41.0907 3992 spldr - ok
20:02:41.0977 3992 [ 89e8550c5862999fcf482ea562b0e98e ] Spooler C:\windows\System32\spoolsv.exe
20:02:41.0987 3992 Spooler - ok
20:02:42.0150 3992 [ 913d843498553a1bc8f8dbad6358e49f ] sppsvc C:\windows\system32\sppsvc.exe
20:02:42.0166 3992 sppsvc - ok
20:02:42.0213 3992 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:02:42.0213 3992 sppuinotify - ok
20:02:42.0337 3992 [ cef26d36cf0c8a2ae6aac27767070308 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
20:02:42.0353 3992 SpyHunter 4 Service - ok
20:02:42.0462 3992 [ 37c3abc2338010e110d2a6a3930f3149 ] srv C:\windows\system32\DRIVERS\srv.sys
20:02:42.0462 3992 srv - ok
20:02:42.0540 3992 [ f773d2ed090b7baa1c1a034f3ca476c8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:02:42.0540 3992 srv2 - ok
20:02:42.0618 3992 [ cce32bb223e9ff55d241099a858fa889 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:02:42.0618 3992 srvnet - ok
20:02:42.0946 3992 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:02:42.0946 3992 SSDPSRV - ok
20:02:42.0977 3992 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\windows\system32\sstpsvc.dll
20:02:42.0977 3992 SstpSvc - ok
20:02:43.0008 3992 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
20:02:43.0008 3992 stexstor - ok
20:02:43.0071 3992 [ 52d0e33b681bd0f33fdc08812fee4f7d ] stisvc C:\windows\System32\wiaservc.dll
20:02:43.0086 3992 stisvc - ok
20:02:43.0133 3992 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
20:02:43.0133 3992 swenum - ok
20:02:43.0164 3992 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\windows\System32\swprv.dll
20:02:43.0164 3992 swprv - ok
20:02:43.0242 3992 [ 470c47daba9ca3966f0ab3f835d7d135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:02:43.0258 3992 SynTP - ok
20:02:43.0476 3992 [ 3c1284516a62078fb68f768de4f1a7be ] SysMain C:\windows\system32\sysmain.dll
20:02:43.0492 3992 SysMain - ok
20:02:43.0554 3992 [ 238935c3cf2854886dc7cbb2a0e2cc66 ] TabletInputService C:\windows\System32\TabSvc.dll
20:02:43.0554 3992 TabletInputService - ok
20:02:43.0601 3992 [ 884264ac597b690c5707c89723bb8e7b ] TapiSrv C:\windows\System32\tapisrv.dll
20:02:43.0617 3992 TapiSrv - ok
20:02:43.0632 3992 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\windows\System32\tbssvc.dll
20:02:43.0648 3992 TBS - ok
20:02:43.0804 3992 [ 912107716bab424c7870e8e6af5e07e1 ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:02:43.0819 3992 Tcpip - ok
20:02:43.0975 3992 [ 912107716bab424c7870e8e6af5e07e1 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:02:43.0991 3992 TCPIP6 - ok
20:02:44.0069 3992 [ 76d078af6f587b162d50210f761eb9ed ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:02:44.0069 3992 tcpipreg - ok
20:02:44.0131 3992 [ fd542b661bd22fa69ca789ad0ac58c29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
20:02:44.0131 3992 tdcmdpst - ok
20:02:44.0163 3992 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:02:44.0163 3992 TDPIPE - ok
20:02:44.0178 3992 [ e4245bda3190a582d55ed09e137401a9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:02:44.0194 3992 TDTCP - ok
20:02:44.0209 3992 [ 079125c4b17b01fcaeebce0bcb290c0f ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:02:44.0209 3992 tdx - ok
20:02:44.0412 3992 [ 2bbb318ea9f34fdc508cea4aab98d770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:02:44.0443 3992 TeamViewer7 - ok
20:02:44.0490 3992 [ c448651339196c0e869a355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
20:02:44.0490 3992 TermDD - ok
20:02:44.0755 3992 [ 0f05ec2887bfe197ad82a13287d2f404 ] TermService C:\windows\System32\termsrv.dll
20:02:44.0755 3992 TermService - ok
20:02:44.0787 3992 [ f0344071948d1a1fa732231785a0664c ] Themes C:\windows\system32\themeservice.dll
20:02:44.0802 3992 Themes - ok
20:02:44.0818 3992 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\windows\system32\mmcss.dll
20:02:44.0818 3992 THREADORDER - ok
20:02:44.0865 3992 [ ed32035bdfeced1ad66d459fd9cc1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
20:02:44.0865 3992 TODDSrv - ok
20:02:44.0989 3992 [ 98c864481d62f86ec8af65be3419a95b ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:02:44.0989 3992 TosCoSrv - ok
20:02:45.0192 3992 [ 2ab7a4697462edb0c9dfafc529746ba9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
20:02:45.0192 3992 TOSHIBA eco Utility Service - ok
20:02:45.0286 3992 [ 74c2fa8c3765ee71a9c22182ec108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:02:45.0286 3992 TOSHIBA HDD SSD Alert Service - ok
20:02:45.0426 3992 [ 97687d094aa597da366e1194b218cc6c ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
20:02:45.0426 3992 TPCHSrv - ok
20:02:45.0457 3992 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\windows\System32\trkwks.dll
20:02:45.0457 3992 TrkWks - ok
20:02:45.0535 3992 [ 840f7fb849f5887a49ba18c13b2da920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:02:45.0535 3992 TrustedInstaller - ok
20:02:45.0613 3992 [ 61b96c26131e37b24e93327a0bd1fb95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:02:45.0613 3992 tssecsrv - ok
20:02:45.0769 3992 [ 3836171a2cdf3af8ef10856db9835a70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:02:45.0785 3992 tunnel - ok
20:02:45.0847 3992 [ 550b567f9364d8f7684c3fb3ea665a72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:02:45.0847 3992 TVALZ - ok
20:02:45.0910 3992 [ 9c7191f4b2e49bff47a6c1144b5923fa ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
20:02:45.0910 3992 TVALZFL - ok
20:02:45.0957 3992 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
20:02:45.0957 3992 uagp35 - ok
20:02:46.0128 3992 [ d47baead86c65d4f4069d7ce0a4edceb ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:02:46.0128 3992 udfs - ok
20:02:46.0237 3992 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:02:46.0237 3992 UI0Detect - ok
20:02:46.0284 3992 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
20:02:46.0284 3992 uliagpkx - ok
20:02:46.0300 3992 [ eab6c35e62b1b0db0d1b48b671d3a117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
20:02:46.0300 3992 umbus - ok
20:02:46.0331 3992 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\windows\system32\DRIVERS\umpass.sys
20:02:46.0331 3992 UmPass - ok
20:02:46.0440 3992 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\windows\System32\upnphost.dll
20:02:46.0440 3992 upnphost - ok
20:02:46.0534 3992 [ b26afb54a534d634523c4fb66765b026 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:02:46.0534 3992 usbccgp - ok
20:02:46.0581 3992 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
20:02:46.0581 3992 usbcir - ok
20:02:46.0627 3992 [ cb490987a7f6928a04bb838e3bd8a936 ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:02:46.0627 3992 usbehci - ok
20:02:46.0690 3992 [ 18124ef0a881a00ee222d02a3ee30270 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:02:46.0705 3992 usbhub - ok
20:02:46.0799 3992 [ 58e546bbaf87664fc57e0f6081e4f609 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
20:02:46.0799 3992 usbohci - ok
20:02:46.0815 3992 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:02:46.0815 3992 usbprint - ok
20:02:46.0908 3992 [ 080d3820da6c046be82fc8b45a893e83 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:02:46.0908 3992 USBSTOR - ok
20:02:46.0971 3992 [ 81fb2216d3a60d1284455d511797db3d ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
20:02:46.0971 3992 usbuhci - ok
20:02:47.0002 3992 [ d501e12614b00a3252073101d6a1a74b ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
20:02:47.0002 3992 usbvideo - ok
20:02:47.0017 3992 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\windows\System32\uxsms.dll
20:02:47.0017 3992 UxSms - ok
20:02:47.0033 3992 [ 0793f40b9b8a1bdd266296409dbd91ea ] VaultSvc C:\windows\system32\lsass.exe
20:02:47.0033 3992 VaultSvc - ok
20:02:47.0064 3992 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
20:02:47.0064 3992 vdrvroot - ok
20:02:47.0173 3992 [ 44d73e0bbc1d3c8981304ba15135c2f2 ] vds C:\windows\System32\vds.exe
20:02:47.0189 3992 vds - ok
20:02:47.0236 3992 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:02:47.0236 3992 vga - ok
20:02:47.0314 3992 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\windows\System32\drivers\vga.sys
20:02:47.0314 3992 VgaSave - ok
20:02:47.0407 3992 [ c82e748660f62a242b2dfac1442f22a4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
20:02:47.0407 3992 vhdmp - ok
20:02:47.0439 3992 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
20:02:47.0439 3992 viaide - ok
20:02:47.0470 3992 [ 2b1a3dae2b4e70dbba822b7a03fbd4a3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
20:02:47.0470 3992 volmgr - ok
20:02:47.0517 3992 [ 99b0cbb569ca79acaed8c91461d765fb ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:02:47.0517 3992 volmgrx - ok
20:02:47.0548 3992 [ 58f82eed8ca24b461441f9c3e4f0bf5c ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
20:02:47.0548 3992 volsnap - ok
20:02:47.0595 3992 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
20:02:47.0595 3992 vsmraid - ok
20:02:47.0797 3992 [ 787898bf9fb6d7bd87a36e2d95c899ba ] VSS C:\windows\system32\vssvc.exe
20:02:47.0829 3992 VSS - ok
20:02:47.0922 3992 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:02:47.0938 3992 vwifibus - ok
20:02:47.0985 3992 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:02:47.0985 3992 vwififlt - ok
20:02:48.0031 3992 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:02:48.0031 3992 vwifimp - ok
20:02:48.0156 3992 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\windows\system32\w32time.dll
20:02:48.0156 3992 W32Time - ok
20:02:48.0187 3992 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
20:02:48.0187 3992 WacomPen - ok
20:02:48.0203 3992 [ 47ca49400643effd3f1c9a27e1d69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:02:48.0203 3992 WANARP - ok
20:02:48.0234 3992 [ 47ca49400643effd3f1c9a27e1d69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:02:48.0234 3992 Wanarpv6 - ok
20:02:48.0577 3992 [ 5ab1bb85bd8b5089cc5d64200dedae68 ] wbengine C:\windows\system32\wbengine.exe
20:02:48.0593 3992 wbengine - ok
20:02:48.0624 3992 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:02:48.0624 3992 WbioSrvc - ok
20:02:48.0655 3992 [ 8321c2ca3b62b61b293cda3451984468 ] wcncsvc C:\windows\System32\wcncsvc.dll
20:02:48.0655 3992 wcncsvc - ok
20:02:48.0687 3992 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:02:48.0687 3992 WcsPlugInService - ok
20:02:48.0718 3992 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\windows\system32\DRIVERS\wd.sys
20:02:48.0718 3992 Wd - ok
20:02:48.0765 3992 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:02:48.0765 3992 Wdf01000 - ok
20:02:48.0843 3992 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:02:48.0843 3992 WdiServiceHost - ok
20:02:48.0874 3992 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:02:48.0874 3992 WdiSystemHost - ok
20:02:48.0905 3992 [ 8a438cbb8c032a0c798b0c642ffbe572 ] WebClient C:\windows\System32\webclnt.dll
20:02:48.0905 3992 WebClient - ok
20:02:48.0983 3992 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:02:48.0983 3992 Wecsvc - ok
20:02:49.0030 3992 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:02:49.0030 3992 wercplsupport - ok
20:02:49.0045 3992 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\windows\System32\WerSvc.dll
20:02:49.0045 3992 WerSvc - ok
20:02:49.0077 3992 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:02:49.0077 3992 WfpLwf - ok
20:02:49.0123 3992 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:02:49.0123 3992 WIMMount - ok
20:02:49.0170 3992 WinDefend - ok
20:02:49.0186 3992 WinHttpAutoProxySvc - ok
20:02:49.0404 3992 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:02:49.0404 3992 Winmgmt - ok
20:02:49.0560 3992 [ 41fbb751936b387f9179e7f03a74fe29 ] WinRM C:\windows\system32\WsmSvc.dll
20:02:49.0591 3992 WinRM - ok
20:02:49.0669 3992 [ 817eaff5d38674edd7713b9dfb8e9791 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:02:49.0669 3992 WinUsb - ok
20:02:49.0779 3992 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\windows\System32\wlansvc.dll
20:02:49.0779 3992 Wlansvc - ok
20:02:49.0841 3992 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
20:02:49.0841 3992 WmiAcpi - ok
20:02:49.0903 3992 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:02:49.0919 3992 wmiApSrv - ok
20:02:50.0013 3992 WMPNetworkSvc - ok
20:02:50.0044 3992 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\windows\System32\wpcsvc.dll
20:02:50.0044 3992 WPCSvc - ok
20:02:50.0075 3992 [ 2e57ddf2880a7e52e76f41c7e96d327b ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:02:50.0075 3992 WPDBusEnum - ok
20:02:50.0106 3992 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:02:50.0106 3992 ws2ifsl - ok
20:02:50.0184 3992 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\windows\system32\wscsvc.dll
20:02:50.0184 3992 wscsvc - ok
20:02:50.0200 3992 WSearch - ok
20:02:50.0403 3992 [ 38340204a2d0228f1e87740fc5e554a7 ] wuauserv C:\windows\system32\wuaueng.dll
20:02:50.0434 3992 wuauserv - ok
20:02:50.0527 3992 [ 7cadc74271dd6461c452c271b30bd378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:02:50.0527 3992 WudfPf - ok
20:02:50.0574 3992 [ 3b197af0fff08aa66b6b2241ca538d64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:02:50.0574 3992 WUDFRd - ok
20:02:50.0621 3992 [ b551d6637aa0e132c18ac6e504f7b79b ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:02:50.0621 3992 wudfsvc - ok
20:02:51.0042 3992 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\windows\System32\wwansvc.dll
20:02:51.0058 3992 WwanSvc - ok
20:02:51.0261 3992 ================ Scan global ===============================
20:02:51.0323 3992 (ba0cd8c393e8c9f83354106093832c7b) C:\windows\system32\basesrv.dll
20:02:51.0354 3992 (457b44ab6d502e55f64a867d4f35c76c) C:\windows\system32\winsrv.dll
20:02:51.0370 3992 (457b44ab6d502e55f64a867d4f35c76c) C:\windows\system32\winsrv.dll
20:02:51.0401 3992 (d6160f9d869ba3af0b787f971db56368) C:\windows\system32\sxssrv.dll
20:02:51.0479 3992 (24acb7e5be595468e3b9aa488b9b4fcb) C:\windows\system32\services.exe
20:02:51.0479 3992 [Global] - ok
20:02:51.0479 3992 ================ Scan MBR ==================================
20:02:51.0495 3992 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
20:02:51.0869 3992 \Device\Harddisk0\DR0 - ok
20:02:51.0869 3992 ================ Scan VBR ==================================
20:02:51.0900 3992 Boot (0x1200) (197be55ef42893be1a665a2f0ffd1a48) \Device\Harddisk0\DR0\Partition1
20:02:51.0900 3992 \Device\Harddisk0\DR0\Partition1 - ok
20:02:51.0900 3992 ============================================================
20:02:51.0900 3992 Scan finished
20:02:51.0900 3992 ============================================================
20:02:51.0916 5424 Detected object count: 0
20:02:51.0916 5424 Actual detected object count: 0

#12 ken2024

ken2024
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 16 August 2012 - 10:39 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 15:53:17
-----------------------------
15:53:17.691 OS Version: Windows x64 6.1.7600
15:53:17.691 Number of processors: 2 586 0x603
15:53:17.707 ComputerName: CA-PC UserName: CA
15:53:23.588 Initialize success
15:55:51.436 AVAST engine defs: 12081001
15:56:20.848 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
15:56:20.848 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 476940MB BusType: 11
15:56:20.863 Disk 0 MBR read successfully
15:56:20.863 Disk 0 MBR scan
15:56:20.863 Disk 0 Windows VISTA default MBR code
15:56:20.879 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:56:20.894 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464305 MB offset 3074048
15:56:20.926 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11134 MB offset 953970688
15:56:20.957 Disk 0 scanning C:\windows\system32\drivers
15:56:46.261 Service scanning
15:57:57.555 Modules scanning
15:57:57.571 Disk 0 trace - called modules:
15:57:57.602 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
15:57:58.117 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c40060]
15:57:58.132 3 CLASSPNP.SYS[fffff880018e543f] -> nt!IofCallDriver -> [0xfffffa8004bc8b80]
15:57:58.132 5 amdxata.sys[fffff880011417a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa8004bc6060]
15:58:07.153 AVAST engine scan C:\windows
15:58:26.409 AVAST engine scan C:\windows\system32
16:00:46.615 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:00:48.134 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
16:01:55.795 AVAST engine scan C:\windows\system32\drivers
16:02:15.175 AVAST engine scan C:\Users\CA
16:05:21.629 Disk 0 MBR has been saved successfully to "C:\Users\CA\Documents\MBR.dat"
16:05:21.630 The log file has been saved successfully to "C:\Users\CA\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-16 20:04:30
-----------------------------
20:04:30.627 OS Version: Windows x64 6.1.7600
20:04:30.627 Number of processors: 2 586 0x603
20:04:30.627 ComputerName: CA-PC UserName: CA
20:04:37.148 Initialize success
20:07:07.249 AVAST engine defs: 12081601
20:38:35.774 The log file has been saved successfully to "C:\Users\CA\Documents\aswMBR.txt"

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 17 August 2012 - 01:15 PM

how is the computer doing at this time?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ken2024

ken2024
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 19 August 2012 - 01:39 AM

Hi Gringo,

It hasn't redirected in a few days. According to the logs is everything fixed?

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:04:02 PM

Posted 19 August 2012 - 02:20 AM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users