Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Persistent Google double Click Redirect


  • This topic is locked This topic is locked
15 replies to this topic

#1 Enhanced

Enhanced

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 05 September 2012 - 08:18 PM

Persistent Google double Click Redirect


I have attached logs to this post and would like to thank you in advance for your help in this matter.

I have been having issues with the Google Redirect virus for some time now. Frequently while searching when I click on a link it redirects me to another site. I tried some recommended attempts for removal but to no avail. I also have seen something else in my task manager that I have not been able to find any information on it is listed as JY6M30t7.exe. I recently ran hitman in SafeMode and it appears I was able to remove it though. There were multiple instances running using a substantial amount of CPU. I had to run Rkill just to post this prior to removing JY6M30t7.exe. I was also getting the Microsoft notice that Rundll32 has stopped working. I did run these logs before finally being able to remove JY6M30t7.exe.

I have performed to the best of my ability the actions requested in the Prep guide for posting but I am not a computer professional so I thank you for not only your time but your patience.



Michelle


Attached File  GMER LOG.log   27.94KB   0 downloads
Attached File  Attach.txt   13.28KB   1 downloads
Attached File  DDS.txt   13.34KB   1 downloads

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 06 September 2012 - 07:57 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Enhanced

Enhanced
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 06 September 2012 - 10:09 PM

Gringo,

Thank you for responding so expeditiously. I am in the process of disabling all my Malware scanners as instructed before I can run ComboFix and when I try to open Windows Defender I get the message Application Failed to initialize 0X80070006 the handle is invalid. I will not proceed further until you advise me on this matter. I ran the program Security Check as instructed in the step before the step for running Combofix and the log is as follows.

Thank you,

Michelle

Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Companion 2.2.7
Java™ 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 07 September 2012 - 07:16 AM

go ahead and run combofix for me


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Enhanced

Enhanced
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 09 September 2012 - 01:27 AM

I ran Combofix here is the log

ComboFix 12-09-09.02 - Linda 09/09/2012 2:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1924 [GMT -7:00]
Running from: c:\users\Linda\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\3675743545
c:\users\Linda\AppData\Roaming\mskel.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\pt
c:\windows\system32\pt\smartfacevcp.dll.mui
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\service
c:\windows\system32\service\19092010_TIS17_SfFniAU.log
c:\windows\system32\service\20112010_TIS17_SfFniAU.log
.
.
((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))
.
.
2012-09-09 09:16 . 2012-09-09 09:17 -------- d-----w- c:\users\Linda\AppData\Local\temp
2012-09-09 09:16 . 2012-09-09 09:16 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-09 09:16 . 2012-09-09 09:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 08:41 . 2012-09-09 08:41 -------- d-----w- c:\program files\iPod
2012-09-09 08:37 . 2012-09-09 08:37 -------- d-----w- c:\program files\Apple Software Update
2012-09-09 08:34 . 2012-09-09 08:34 -------- d-----w- c:\program files\Bonjour
2012-09-06 04:11 . 2012-09-06 04:11 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-05 07:29 . 2012-09-05 07:45 -------- d-----w- c:\programdata\HitmanPro
2012-08-30 05:30 . 2012-08-30 05:30 -------- dc----w- C:\TDSSKiller_Quarantine
2012-08-23 09:07 . 2012-08-23 09:07 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-19 10:50 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-12 08:44 . 2012-08-12 08:44 -------- d-----w- c:\program files\Common Files\xing shared
2012-08-12 08:38 . 2012-08-12 08:38 -------- d-----w- c:\users\Linda\AppData\Roaming\OpenCandy
2012-08-12 08:30 . 2012-09-06 03:58 -------- d-----w- c:\programdata\Freemake
2012-08-12 08:30 . 2012-08-12 08:30 -------- d-----w- c:\program files\Conduit
2012-08-12 08:30 . 2012-08-12 08:30 -------- d-----w- c:\users\Linda\AppData\Local\Conduit
2012-08-12 08:30 . 2012-09-06 03:57 -------- d-----w- c:\program files\FreeMake
2012-08-12 07:26 . 2012-08-31 08:37 -------- d-----w- c:\program files\GreenTree Applications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 08:43 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-12 08:43 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-24 08:31 . 2012-07-24 08:31 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-24 08:31 . 2012-07-24 08:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-24 08:31 . 2012-07-24 08:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-24 08:31 . 2012-07-24 08:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-24 08:31 . 2012-07-24 08:31 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-24 08:31 . 2012-07-24 08:31 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-24 08:31 . 2012-07-24 08:31 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-07-24 08:31 . 2012-07-24 08:31 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-07-24 08:31 . 2012-07-24 08:31 367104 ----a-w- c:\windows\system32\html.iec
2012-07-24 08:31 . 2012-07-24 08:31 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-24 08:31 . 2012-07-24 08:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-24 08:30 . 2012-07-24 08:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-07-24 08:30 . 2012-07-24 08:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-24 08:30 . 2012-07-24 08:30 152064 ----a-w- c:\windows\system32\wextract.exe
2012-07-24 08:30 . 2012-07-24 08:30 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-07-24 08:30 . 2012-07-24 08:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-24 08:30 . 2012-07-24 08:30 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-24 08:30 . 2012-07-24 08:30 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-24 08:30 . 2012-07-24 08:30 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-24 08:30 . 2012-07-24 08:30 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-24 08:30 . 2012-07-24 08:30 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-24 08:26 . 2012-07-24 08:26 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-24 08:26 . 2012-07-24 08:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-24 08:26 . 2012-07-24 08:26 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-24 08:26 . 2012-07-24 08:26 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-24 08:26 . 2012-07-24 08:26 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-24 08:26 . 2012-07-24 08:26 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-24 08:26 . 2012-07-24 08:26 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-24 08:26 . 2012-07-24 08:26 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-24 08:20 . 2012-07-24 08:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-24 08:20 . 2011-11-29 07:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2010-01-30 09:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{adca5064-9e30-43fe-9856-58b07a3149fe}]
2011-05-09 09:49 176936 ----a-w- c:\program files\FreeMake\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ADCA5064-9E30-43FE-9856-58B07A3149FE}"= "c:\program files\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe" [2012-07-24 686280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 21:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2008-12-01 21:23 33280 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 500 Series]
2008-02-21 21:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-09 01:01 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 06:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 20:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-08-05 19:49 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-02 01:47 90448 ----a-w- c:\program files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 05:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2008-03-10 16:09 17672 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-13 12:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-12 08:43 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRUUpdater]
2008-06-13 01:23 525592 ----a-w- c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
2008-08-27 19:38 124184 ----a-w- c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-21 05:45 39424 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:27]
.
2012-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
LSP: bmnet.dll
Trusted Zone: classmates.com\secure
Trusted Zone: games.com\wsop
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-mskel - c:\users\Linda\AppData\Roaming\mskel.dll
HKLM-Run-AirCardEnabler - (no file)
MSConfigStartUp-cfFncEnabler - cfFncEnabler.exe
MSConfigStartUp-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-09 02:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????p?IZ???????????????8 ??`
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{ADCA5064-9E30-43FE-9856-58B07A3149FE}"=hex:51,66,7a,6c,4c,1d,38,12,0a,53,d9,
a9,02,d0,90,06,e7,40,1b,f0,7f,6f,0d,ea
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:df,65,bc,e9,1b,8b,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(676)
c:\windows\system32\bmnet.dll
.
Completion time: 2012-09-09 02:21:13
ComboFix-quarantined-files.txt 2012-09-09 09:21
.
Pre-Run: 15,913,025,536 bytes free
Post-Run: 18,804,207,616 bytes free
.
- - End Of File - - 0273158460C915A06CD5BB424CE029EB




I used google a few times without any redirects so at this time I do not have any obvious issues to report.


Thank you for your help and should there be more for me to do I will gladly wait for further instructions.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 09 September 2012 - 01:35 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 09 September 2012 - 01:37 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Enhanced

Enhanced
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 09 September 2012 - 10:07 PM

Log for TDSkiller



23:09:42.0704 1432 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

23:09:43.0655 1432 ============================================================

23:09:43.0655 1432 Current date / time: 2012/09/09 23:09:43.0655

23:09:43.0655 1432 SystemInfo:

23:09:43.0655 1432

23:09:43.0655 1432 OS Version: 6.0.6002 ServicePack: 2.0

23:09:43.0655 1432 Product type: Workstation

23:09:43.0655 1432 ComputerName: PIPE

23:09:43.0655 1432 UserName: Linda

23:09:43.0655 1432 Windows directory: C:\Windows

23:09:43.0655 1432 System windows directory: C:\Windows

23:09:43.0655 1432 Processor architecture: Intel x86

23:09:43.0655 1432 Number of processors: 2

23:09:43.0655 1432 Page size: 0x1000

23:09:43.0655 1432 Boot type: Normal boot

23:09:43.0655 1432 ============================================================

23:09:44.0685 1432 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

23:09:44.0685 1432 ============================================================

23:09:44.0685 1432 \Device\Harddisk0\DR0:

23:09:44.0685 1432 MBR partitions:

23:09:44.0685 1432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1C30B000

23:09:44.0685 1432 ============================================================

23:09:44.0716 1432 C: <-> \Device\Harddisk0\DR0\Partition1

23:09:44.0716 1432 ============================================================

23:09:44.0716 1432 Initialize success

23:09:44.0716 1432 ============================================================

23:09:45.0917 0356 ============================================================

23:09:45.0917 0356 Scan started

23:09:45.0917 0356 Mode: Manual;

23:09:45.0917 0356 ============================================================

23:09:48.0803 0356 ================ Scan system memory ========================

23:09:48.0803 0356 System memory - ok

23:09:48.0803 0356 ================ Scan services =============================

23:09:49.0053 0356 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

23:09:49.0068 0356 ACPI - ok

23:09:49.0115 0356 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

23:09:49.0131 0356 adp94xx - ok

23:09:49.0146 0356 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys

23:09:49.0162 0356 adpahci - ok

23:09:49.0178 0356 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

23:09:49.0178 0356 adpu160m - ok

23:09:49.0178 0356 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

23:09:49.0178 0356 adpu320 - ok

23:09:49.0224 0356 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:09:49.0224 0356 AeLookupSvc - ok

23:09:49.0287 0356 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

23:09:49.0287 0356 AFD - ok

23:09:49.0302 0356 [ 39E435C90C9C4F780FA0ED05CA3C3A1B ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe

23:09:49.0318 0356 AgereModemAudio - ok

23:09:49.0365 0356 [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys

23:09:49.0396 0356 AgereSoftModem - ok

23:09:49.0692 0356 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:09:49.0692 0356 agp440 - ok

23:09:49.0692 0356 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

23:09:49.0692 0356 aic78xx - ok

23:09:49.0724 0356 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

23:09:49.0724 0356 ALG - ok

23:09:49.0739 0356 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys

23:09:49.0739 0356 aliide - ok

23:09:49.0770 0356 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys

23:09:49.0770 0356 amdagp - ok

23:09:49.0786 0356 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys

23:09:49.0786 0356 amdide - ok

23:09:49.0802 0356 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

23:09:49.0802 0356 AmdK7 - ok

23:09:49.0817 0356 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

23:09:49.0817 0356 AmdK8 - ok

23:09:49.0848 0356 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

23:09:49.0848 0356 Appinfo - ok

23:09:49.0958 0356 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:09:49.0958 0356 Apple Mobile Device - ok

23:09:50.0004 0356 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys

23:09:50.0004 0356 arc - ok

23:09:50.0036 0356 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys

23:09:50.0036 0356 arcsas - ok

23:09:50.0067 0356 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:09:50.0067 0356 AsyncMac - ok

23:09:50.0098 0356 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

23:09:50.0098 0356 atapi - ok

23:09:50.0160 0356 [ 8BE56F8300E1C37B578DA23C71816B7A ] athr C:\Windows\system32\DRIVERS\athr.sys

23:09:50.0160 0356 athr - ok

23:09:50.0270 0356 [ 37C63181D8A1B6C948F0866BCBDE406E ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe

23:09:50.0426 0356 Ati External Event Utility - ok

23:09:50.0535 0356 [ A2B6478963451A99C28DA8133B648142 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

23:09:50.0550 0356 atikmdag - ok

23:09:50.0628 0356 [ 4AA1EB65481C392955939E735D27118B ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

23:09:50.0628 0356 AtiPcie - ok

23:09:50.0706 0356 [ 4EB5ADF22AC7B2B7721BA361B8D6603F ] ATTRcAppSvc C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe

23:09:50.0738 0356 ATTRcAppSvc - ok

23:09:50.0894 0356 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:09:50.0940 0356 AudioEndpointBuilder - ok

23:09:50.0940 0356 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

23:09:50.0940 0356 Audiosrv - ok

23:09:50.0987 0356 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

23:09:50.0987 0356 Beep - ok

23:09:51.0050 0356 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

23:09:51.0050 0356 BFE - ok

23:09:51.0128 0356 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

23:09:51.0143 0356 BITS - ok

23:09:51.0190 0356 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

23:09:51.0221 0356 blbdrive - ok

23:09:51.0455 0356 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:09:51.0455 0356 Bonjour Service - ok

23:09:51.0549 0356 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:09:51.0549 0356 bowser - ok

23:09:51.0611 0356 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

23:09:51.0611 0356 BrFiltLo - ok

23:09:51.0611 0356 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

23:09:51.0611 0356 BrFiltUp - ok

23:09:51.0642 0356 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

23:09:51.0642 0356 Browser - ok

23:09:51.0658 0356 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

23:09:51.0674 0356 Brserid - ok

23:09:51.0674 0356 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

23:09:51.0674 0356 BrSerWdm - ok

23:09:51.0689 0356 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

23:09:51.0689 0356 BrUsbMdm - ok

23:09:51.0705 0356 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

23:09:51.0705 0356 BrUsbSer - ok

23:09:51.0720 0356 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

23:09:51.0720 0356 BTHMODEM - ok

23:09:51.0767 0356 [ AB544970F0BAE8D7FEA708155226936A ] CAATT C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe

23:09:51.0767 0356 CAATT - ok

23:09:51.0939 0356 [ DFC414B02FEEAB8C4DAE1B9F360E7E57 ] CASprint C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe

23:09:51.0939 0356 CASprint - ok

23:09:52.0095 0356 catchme - ok

23:09:52.0126 0356 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:09:52.0126 0356 cdfs - ok

23:09:52.0173 0356 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:09:52.0173 0356 cdrom - ok

23:09:52.0204 0356 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

23:09:52.0204 0356 CertPropSvc - ok

23:09:52.0251 0356 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys

23:09:52.0266 0356 circlass - ok

23:09:52.0298 0356 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

23:09:52.0298 0356 CLFS - ok

23:09:52.0422 0356 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:09:52.0438 0356 clr_optimization_v2.0.50727_32 - ok

23:09:52.0516 0356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:09:52.0532 0356 clr_optimization_v4.0.30319_32 - ok

23:09:52.0563 0356 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

23:09:52.0563 0356 CmBatt - ok

23:09:52.0578 0356 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:09:52.0578 0356 cmdide - ok

23:09:52.0594 0356 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

23:09:52.0610 0356 Compbatt - ok

23:09:52.0610 0356 COMSysApp - ok

23:09:52.0656 0356 [ D10D01B2DFCD8D2F32A32ED29E8DA1C2 ] ConfigFree Service C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

23:09:52.0656 0356 ConfigFree Service - ok

23:09:52.0672 0356 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

23:09:52.0672 0356 crcdisk - ok

23:09:52.0703 0356 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys

23:09:52.0703 0356 Crusoe - ok

23:09:52.0750 0356 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:09:52.0750 0356 CryptSvc - ok

23:09:52.0797 0356 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:09:52.0812 0356 DcomLaunch - ok

23:09:52.0828 0356 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:09:52.0844 0356 DfsC - ok

23:09:52.0953 0356 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

23:09:53.0015 0356 DFSR - ok

23:09:53.0078 0356 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

23:09:53.0078 0356 Dhcp - ok

23:09:53.0140 0356 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

23:09:53.0140 0356 disk - ok

23:09:53.0187 0356 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:09:53.0187 0356 Dnscache - ok

23:09:53.0218 0356 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:09:53.0218 0356 dot3svc - ok

23:09:53.0265 0356 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

23:09:53.0265 0356 Dot4 - ok

23:09:53.0296 0356 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

23:09:53.0296 0356 Dot4Print - ok

23:09:53.0312 0356 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

23:09:53.0312 0356 dot4usb - ok

23:09:53.0358 0356 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

23:09:53.0358 0356 DPS - ok

23:09:53.0390 0356 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:09:53.0390 0356 drmkaud - ok

23:09:53.0452 0356 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:09:53.0468 0356 DXGKrnl - ok

23:09:53.0499 0356 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

23:09:53.0499 0356 E1G60 - ok

23:09:53.0530 0356 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

23:09:53.0530 0356 EapHost - ok

23:09:53.0577 0356 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

23:09:53.0577 0356 Ecache - ok

23:09:53.0639 0356 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:09:53.0639 0356 ehRecvr - ok

23:09:53.0670 0356 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

23:09:53.0670 0356 ehSched - ok

23:09:53.0702 0356 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

23:09:53.0702 0356 ehstart - ok

23:09:53.0733 0356 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys

23:09:53.0733 0356 elxstor - ok

23:09:53.0873 0356 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

23:09:53.0873 0356 EMDMgmt - ok

23:09:53.0936 0356 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:09:53.0936 0356 ErrDev - ok

23:09:53.0982 0356 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

23:09:53.0998 0356 EventSystem - ok

23:09:54.0060 0356 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

23:09:54.0076 0356 exfat - ok

23:09:54.0138 0356 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:09:54.0279 0356 fastfat - ok

23:09:54.0341 0356 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

23:09:54.0341 0356 fdc - ok

23:09:54.0372 0356 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

23:09:54.0372 0356 fdPHost - ok

23:09:54.0450 0356 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

23:09:54.0450 0356 FDResPub - ok

23:09:54.0482 0356 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:09:54.0482 0356 FileInfo - ok

23:09:54.0497 0356 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:09:54.0497 0356 Filetrace - ok

23:09:54.0513 0356 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

23:09:54.0513 0356 flpydisk - ok

23:09:54.0544 0356 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:09:54.0560 0356 FltMgr - ok

23:09:54.0731 0356 [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache C:\Windows\system32\FntCache.dll

23:09:54.0778 0356 FontCache - ok

23:09:55.0074 0356 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

23:09:55.0090 0356 FontCache3.0.0.0 - ok

23:09:55.0137 0356 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:09:55.0137 0356 Fs_Rec - ok

23:09:55.0168 0356 [ CBC22823628544735625B280665E434E ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys

23:09:55.0168 0356 FwLnk - ok

23:09:55.0199 0356 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

23:09:55.0199 0356 gagp30kx - ok

23:09:55.0293 0356 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe

23:09:55.0371 0356 GamesAppService - ok

23:09:55.0418 0356 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys

23:09:55.0418 0356 GEARAspiWDM - ok

23:09:55.0511 0356 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

23:09:55.0527 0356 GoogleDesktopManager-051210-111108 - ok

23:09:55.0574 0356 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

23:09:55.0589 0356 gpsvc - ok

23:09:55.0620 0356 [ 20A940D96E69BE65F9B6E4695BAAC6DC ] GT72NDISIPXP C:\Windows\system32\DRIVERS\Gt51Ip.sys

23:09:55.0620 0356 GT72NDISIPXP - ok

23:09:55.0636 0356 [ 1678D49EA3E76CCABDE89D7B26D5061C ] GT72UBUS C:\Windows\system32\DRIVERS\gt72ubus.sys

23:09:55.0652 0356 GT72UBUS - ok

23:09:55.0667 0356 [ B7D480186F433A08AD31F19A4AFEA888 ] GTPTSER C:\Windows\system32\DRIVERS\gtptser.sys

23:09:55.0667 0356 GTPTSER - ok

23:09:55.0683 0356 [ AD4C38FE124CBD62BA9CCB1E4DFE7B3C ] GTUQBUS C:\Windows\system32\DRIVERS\gtuqbus.sys

23:09:55.0683 0356 GTUQBUS - ok

23:09:55.0761 0356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe

23:09:55.0776 0356 gupdate - ok

23:09:55.0808 0356 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

23:09:55.0823 0356 gupdatem - ok

23:09:55.0870 0356 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

23:09:55.0870 0356 gusvc - ok

23:09:55.0932 0356 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:09:55.0932 0356 HdAudAddService - ok

23:09:55.0979 0356 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:09:55.0979 0356 HDAudBus - ok

23:09:56.0010 0356 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

23:09:56.0010 0356 HidBth - ok

23:09:56.0042 0356 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

23:09:56.0057 0356 HidIr - ok

23:09:56.0135 0356 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

23:09:56.0135 0356 hidserv - ok

23:09:56.0447 0356 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:09:56.0447 0356 HidUsb - ok

23:09:56.0494 0356 [ 47EECE68857817F39C8C6F33A7E5E76C ] hitmanpro36 C:\Windows\system32\drivers\hitmanpro36.sys

23:09:56.0494 0356 hitmanpro36 - ok

23:09:56.0525 0356 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:09:56.0525 0356 hkmsvc - ok

23:09:56.0556 0356 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

23:09:56.0556 0356 HpCISSs - ok

23:09:56.0697 0356 [ CE0FCEC4D4D860F36D972759B11EAF0F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

23:09:56.0697 0356 hpqcxs08 - ok

23:09:56.0744 0356 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

23:09:56.0759 0356 hpqddsvc - ok

23:09:56.0806 0356 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL

23:09:56.0822 0356 HPSLPSVC - ok

23:09:56.0868 0356 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:09:56.0868 0356 HTTP - ok

23:09:56.0900 0356 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys

23:09:56.0900 0356 i2omp - ok

23:09:56.0931 0356 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

23:09:56.0931 0356 i8042prt - ok

23:09:56.0962 0356 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

23:09:56.0978 0356 iaStorV - ok

23:09:57.0087 0356 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

23:09:57.0102 0356 IDriverT - ok

23:09:57.0243 0356 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

23:09:57.0258 0356 idsvc - ok

23:09:57.0290 0356 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

23:09:57.0290 0356 iirsp - ok

23:09:57.0321 0356 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

23:09:57.0352 0356 IKEEXT - ok

23:09:57.0492 0356 [ B9CBD3DEA7CA02868621173BF7A2AF9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

23:09:57.0555 0356 IntcAzAudAddService - ok

23:09:57.0586 0356 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

23:09:57.0586 0356 intelide - ok

23:09:57.0617 0356 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:09:57.0617 0356 intelppm - ok

23:09:57.0664 0356 IO_Memory - ok

23:09:57.0680 0356 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:09:57.0680 0356 IPBusEnum - ok

23:09:57.0711 0356 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:09:57.0711 0356 IpFilterDriver - ok

23:09:57.0773 0356 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:09:57.0789 0356 iphlpsvc - ok

23:09:57.0789 0356 IpInIp - ok

23:09:57.0804 0356 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

23:09:57.0804 0356 IPMIDRV - ok

23:09:57.0836 0356 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

23:09:57.0836 0356 IPNAT - ok

23:09:57.0960 0356 [ E6BE7A41A28D8F2DB174957454D32448 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:09:57.0960 0356 iPod Service - ok

23:09:57.0992 0356 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:09:57.0992 0356 IRENUM - ok

23:09:58.0023 0356 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:09:58.0023 0356 isapnp - ok

23:09:58.0070 0356 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

23:09:58.0070 0356 iScsiPrt - ok

23:09:58.0101 0356 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

23:09:58.0116 0356 iteatapi - ok

23:09:58.0148 0356 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

23:09:58.0148 0356 iteraid - ok

23:09:58.0226 0356 [ 957135960E7533EA5C7EA0BFB34F8EFD ] jswpsapi C:\Program Files\Jumpstart\jswpsapi.exe

23:09:58.0241 0356 jswpsapi - ok

23:09:58.0288 0356 [ 11AD410F41AF42BA12E63187E3EC141A ] jswpslwf C:\Windows\system32\DRIVERS\jswpslwf.sys

23:09:58.0288 0356 jswpslwf - ok

23:09:58.0335 0356 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:09:58.0335 0356 kbdclass - ok

23:09:58.0350 0356 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

23:09:58.0350 0356 kbdhid - ok

23:09:58.0382 0356 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

23:09:58.0382 0356 KeyIso - ok

23:09:58.0428 0356 [ E8CA038F51F7761BD6E3A3B0B8014263 ] KR10I C:\Windows\system32\drivers\kr10i.sys

23:09:58.0428 0356 KR10I - ok

23:09:58.0444 0356 [ 6A4ADB9186DD0E114E623DAF57E42B31 ] KR10N C:\Windows\system32\drivers\kr10n.sys

23:09:58.0460 0356 KR10N - ok

23:09:58.0475 0356 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:09:58.0491 0356 KSecDD - ok

23:09:58.0522 0356 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

23:09:58.0522 0356 KtmRm - ok

23:09:58.0553 0356 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

23:09:58.0553 0356 LanmanServer - ok

23:09:58.0600 0356 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:09:58.0600 0356 LanmanWorkstation - ok

23:09:58.0834 0356 [ FFB4AC75E9352E663242678A023142EF ] LeapFrog Connect Device Service C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

23:09:58.0974 0356 LeapFrog Connect Device Service - ok

23:09:59.0006 0356 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:09:59.0006 0356 lltdio - ok

23:09:59.0037 0356 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:09:59.0037 0356 lltdsvc - ok

23:09:59.0052 0356 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:09:59.0052 0356 lmhosts - ok

23:09:59.0084 0356 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

23:09:59.0084 0356 LSI_FC - ok

23:09:59.0115 0356 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

23:09:59.0115 0356 LSI_SAS - ok

23:09:59.0162 0356 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

23:09:59.0162 0356 LSI_SCSI - ok

23:09:59.0177 0356 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

23:09:59.0177 0356 luafv - ok

23:09:59.0208 0356 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:09:59.0208 0356 Mcx2Svc - ok

23:09:59.0240 0356 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys

23:09:59.0240 0356 megasas - ok

23:09:59.0271 0356 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys

23:09:59.0271 0356 MegaSR - ok

23:09:59.0302 0356 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

23:09:59.0302 0356 MMCSS - ok

23:09:59.0318 0356 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

23:09:59.0318 0356 Modem - ok

23:09:59.0333 0356 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:09:59.0349 0356 monitor - ok

23:09:59.0349 0356 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:09:59.0349 0356 mouclass - ok

23:09:59.0380 0356 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:09:59.0380 0356 mouhid - ok

23:09:59.0396 0356 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

23:09:59.0396 0356 MountMgr - ok

23:09:59.0427 0356 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys

23:09:59.0427 0356 mpio - ok

23:09:59.0442 0356 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:09:59.0442 0356 mpsdrv - ok

23:09:59.0505 0356 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

23:09:59.0505 0356 MpsSvc - ok

23:09:59.0536 0356 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

23:09:59.0536 0356 Mraid35x - ok

23:09:59.0567 0356 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:09:59.0567 0356 MRxDAV - ok

23:09:59.0614 0356 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:09:59.0614 0356 mrxsmb - ok

23:09:59.0661 0356 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:09:59.0661 0356 mrxsmb10 - ok

23:09:59.0676 0356 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:09:59.0692 0356 mrxsmb20 - ok

23:09:59.0723 0356 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys

23:09:59.0723 0356 msahci - ok

23:09:59.0739 0356 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:09:59.0754 0356 msdsm - ok

23:09:59.0754 0356 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

23:09:59.0770 0356 MSDTC - ok

23:09:59.0770 0356 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:09:59.0786 0356 Msfs - ok

23:09:59.0801 0356 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:09:59.0801 0356 msisadrv - ok

23:09:59.0832 0356 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:09:59.0832 0356 MSiSCSI - ok

23:09:59.0848 0356 msiserver - ok

23:09:59.0864 0356 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:09:59.0864 0356 MSKSSRV - ok

23:09:59.0879 0356 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:09:59.0879 0356 MSPCLOCK - ok

23:09:59.0926 0356 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:09:59.0942 0356 MSPQM - ok

23:09:59.0973 0356 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:09:59.0973 0356 MsRPC - ok

23:10:00.0004 0356 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:10:00.0004 0356 mssmbios - ok

23:10:00.0020 0356 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:10:00.0020 0356 MSTEE - ok

23:10:00.0035 0356 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

23:10:00.0051 0356 Mup - ok

23:10:00.0082 0356 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

23:10:00.0098 0356 napagent - ok

23:10:00.0144 0356 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:10:00.0144 0356 NativeWifiP - ok

23:10:00.0191 0356 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

23:10:00.0207 0356 NDIS - ok

23:10:00.0222 0356 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:10:00.0222 0356 NdisTapi - ok

23:10:00.0238 0356 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:10:00.0238 0356 Ndisuio - ok

23:10:00.0285 0356 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:10:00.0285 0356 NdisWan - ok

23:10:00.0316 0356 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:10:00.0316 0356 NDProxy - ok

23:10:00.0347 0356 [ 2969D26EEE289BE7422AA46FC55F4E38 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

23:10:00.0363 0356 Net Driver HPZ12 - ok

23:10:00.0363 0356 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:10:00.0363 0356 NetBIOS - ok

23:10:00.0410 0356 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

23:10:00.0410 0356 netbt - ok

23:10:00.0456 0356 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

23:10:00.0456 0356 Netlogon - ok

23:10:00.0488 0356 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

23:10:00.0503 0356 Netman - ok

23:10:00.0519 0356 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

23:10:00.0534 0356 netprofm - ok

23:10:00.0566 0356 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:10:00.0566 0356 NetTcpPortSharing - ok

23:10:00.0581 0356 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

23:10:00.0597 0356 nfrd960 - ok

23:10:00.0628 0356 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:10:00.0628 0356 NlaSvc - ok

23:10:00.0675 0356 [ B0D5188E282DC4EDAE7020F333427BC8 ] Nmea C:\Windows\system32\DRIVERS\pctnullport.sys

23:10:00.0675 0356 Nmea - ok

23:10:00.0722 0356 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:10:00.0722 0356 Npfs - ok

23:10:00.0753 0356 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

23:10:00.0753 0356 nsi - ok

23:10:00.0753 0356 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:10:00.0753 0356 nsiproxy - ok

23:10:00.0815 0356 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:10:00.0831 0356 Ntfs - ok

23:10:00.0846 0356 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

23:10:00.0846 0356 ntrigdigi - ok

23:10:00.0862 0356 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

23:10:00.0862 0356 Null - ok

23:10:00.0893 0356 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:10:00.0893 0356 nvraid - ok

23:10:00.0909 0356 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:10:00.0909 0356 nvstor - ok

23:10:00.0940 0356 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:10:00.0940 0356 nv_agp - ok

23:10:00.0987 0356 [ 67FB86EEB94059177642050718D57460 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys

23:10:01.0002 0356 NWADI - ok

23:10:01.0002 0356 NwlnkFlt - ok

23:10:01.0002 0356 NwlnkFwd - ok

23:10:01.0112 0356 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

23:10:01.0112 0356 odserv - ok

23:10:01.0158 0356 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:10:01.0158 0356 ohci1394 - ok

23:10:01.0190 0356 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:10:01.0190 0356 ose - ok

23:10:01.0236 0356 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

23:10:01.0268 0356 p2pimsvc - ok

23:10:01.0283 0356 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

23:10:01.0283 0356 p2psvc - ok

23:10:01.0314 0356 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

23:10:01.0314 0356 Parport - ok

23:10:01.0346 0356 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:10:01.0346 0356 partmgr - ok

23:10:01.0392 0356 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

23:10:01.0392 0356 Parvdm - ok

23:10:01.0408 0356 [ 1961590AA191B6B7DCF18A6A693AF7B8 ] PCASp50 C:\Windows\system32\Drivers\PCASp50.sys

23:10:01.0408 0356 PCASp50 - ok

23:10:01.0439 0356 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

23:10:01.0439 0356 PcaSvc - ok

23:10:01.0486 0356 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

23:10:01.0486 0356 pci - ok

23:10:01.0533 0356 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys

23:10:01.0533 0356 pciide - ok

23:10:01.0564 0356 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

23:10:01.0564 0356 pcmcia - ok

23:10:01.0611 0356 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\Windows\system32\PCTINDIS5.SYS

23:10:01.0611 0356 PCTINDIS5 - ok

23:10:01.0658 0356 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:10:01.0673 0356 PEAUTH - ok

23:10:01.0751 0356 [ 6DBF2AC2BDAFF355995AB25ECCC4CFE1 ] pinger C:\TOSHIBA\IVP\ISM\pinger.exe

23:10:01.0751 0356 pinger - ok

23:10:01.0814 0356 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

23:10:01.0860 0356 pla - ok

23:10:01.0907 0356 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:10:01.0907 0356 PlugPlay - ok

23:10:01.0970 0356 [ BAFC9706BDF425A02B66468AB2605C59 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

23:10:01.0970 0356 Pml Driver HPZ12 - ok

23:10:02.0001 0356 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

23:10:02.0001 0356 PNRPAutoReg - ok

23:10:02.0032 0356 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

23:10:02.0032 0356 PNRPsvc - ok

23:10:02.0079 0356 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:10:02.0094 0356 PolicyAgent - ok

23:10:02.0110 0356 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:10:02.0110 0356 PptpMiniport - ok

23:10:02.0126 0356 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\DRIVERS\processr.sys

23:10:02.0126 0356 Processor - ok

23:10:02.0141 0356 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

23:10:02.0157 0356 ProfSvc - ok

23:10:02.0188 0356 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

23:10:02.0188 0356 ProtectedStorage - ok

23:10:02.0219 0356 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

23:10:02.0219 0356 PSched - ok

23:10:02.0266 0356 [ BC37A428BD4B3B8F0AD2FD2DF0822851 ] PTDUBus C:\Windows\system32\DRIVERS\PTDUBus.sys

23:10:02.0266 0356 PTDUBus - ok

23:10:02.0282 0356 [ 0BC211B0320F17851E8C24ACE775EA44 ] PTDUMdm C:\Windows\system32\DRIVERS\PTDUMdm.sys

23:10:02.0282 0356 PTDUMdm - ok

23:10:02.0297 0356 [ 3EA007FFC7A6B9C9F56324FB16584904 ] PTDUVsp C:\Windows\system32\DRIVERS\PTDUVsp.sys

23:10:02.0297 0356 PTDUVsp - ok

23:10:02.0328 0356 [ A49E0D84D6744746F3053980F73F897A ] PTDUWWAN C:\Windows\system32\DRIVERS\PTDUWWAN.sys

23:10:02.0328 0356 PTDUWWAN - ok

23:10:02.0360 0356 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

23:10:02.0360 0356 PxHelp20 - ok

23:10:02.0422 0356 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

23:10:02.0438 0356 ql2300 - ok

23:10:02.0453 0356 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

23:10:02.0453 0356 ql40xx - ok

23:10:02.0500 0356 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

23:10:02.0516 0356 QWAVE - ok

23:10:02.0531 0356 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:10:02.0531 0356 QWAVEdrv - ok

23:10:02.0547 0356 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:10:02.0547 0356 RasAcd - ok

23:10:02.0562 0356 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

23:10:02.0562 0356 RasAuto - ok

23:10:02.0594 0356 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:10:02.0609 0356 Rasl2tp - ok

23:10:02.0640 0356 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

23:10:02.0656 0356 RasMan - ok

23:10:02.0703 0356 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:10:02.0703 0356 RasPppoe - ok

23:10:02.0718 0356 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:10:02.0718 0356 RasSstp - ok

23:10:02.0750 0356 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:10:02.0750 0356 rdbss - ok

23:10:02.0781 0356 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:10:02.0781 0356 RDPCDD - ok

23:10:02.0812 0356 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

23:10:02.0828 0356 rdpdr - ok

23:10:02.0828 0356 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:10:02.0828 0356 RDPENCDD - ok

23:10:02.0874 0356 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:10:02.0874 0356 RDPWD - ok

23:10:02.0937 0356 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:10:02.0937 0356 RemoteAccess - ok

23:10:02.0984 0356 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:10:02.0984 0356 RemoteRegistry - ok

23:10:03.0030 0356 [ 4F4A4C09CC5BE58A76CAC1C337E004E6 ] RimUsb C:\Windows\system32\Drivers\RimUsb.sys

23:10:03.0046 0356 RimUsb - ok

23:10:03.0093 0356 [ 3A5633AD615E2B15291BD0B1B97CCD8A ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys

23:10:03.0093 0356 RimVSerPort - ok

23:10:03.0140 0356 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys

23:10:03.0140 0356 ROOTMODEM - ok

23:10:03.0171 0356 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

23:10:03.0171 0356 RpcLocator - ok

23:10:03.0202 0356 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

23:10:03.0218 0356 RpcSs - ok

23:10:03.0249 0356 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:10:03.0249 0356 rspndr - ok

23:10:03.0296 0356 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys

23:10:03.0311 0356 RTL8169 - ok

23:10:03.0327 0356 [ 9FF7D9CF3A5F296613588B0E8DB83AFE ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS

23:10:03.0342 0356 RTSTOR - ok

23:10:03.0358 0356 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

23:10:03.0358 0356 SamSs - ok

23:10:03.0389 0356 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:10:03.0389 0356 sbp2port - ok

23:10:03.0420 0356 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:10:03.0420 0356 SCardSvr - ok

23:10:03.0483 0356 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

23:10:03.0483 0356 Schedule - ok

23:10:03.0514 0356 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

23:10:03.0514 0356 SCPolicySvc - ok

23:10:03.0545 0356 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:10:03.0561 0356 SDRSVC - ok

23:10:03.0592 0356 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:10:03.0592 0356 secdrv - ok

23:10:03.0608 0356 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

23:10:03.0608 0356 seclogon - ok

23:10:03.0623 0356 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

23:10:03.0623 0356 SENS - ok

23:10:03.0639 0356 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

23:10:03.0639 0356 Serenum - ok

23:10:03.0670 0356 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

23:10:03.0670 0356 Serial - ok

23:10:03.0686 0356 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

23:10:03.0686 0356 sermouse - ok

23:10:03.0732 0356 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

23:10:03.0732 0356 SessionEnv - ok

23:10:03.0748 0356 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:10:03.0748 0356 sffdisk - ok

23:10:03.0779 0356 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:10:03.0779 0356 sffp_mmc - ok

23:10:03.0795 0356 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:10:03.0795 0356 sffp_sd - ok

23:10:03.0810 0356 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

23:10:03.0810 0356 sfloppy - ok

23:10:03.0857 0356 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:10:03.0857 0356 SharedAccess - ok

23:10:03.0888 0356 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:10:03.0904 0356 ShellHWDetection - ok

23:10:03.0935 0356 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys

23:10:03.0935 0356 sisagp - ok

23:10:03.0951 0356 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

23:10:03.0966 0356 SiSRaid2 - ok

23:10:03.0966 0356 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

23:10:03.0982 0356 SiSRaid4 - ok

23:10:04.0107 0356 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

23:10:04.0185 0356 slsvc - ok

23:10:04.0200 0356 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

23:10:04.0216 0356 SLUINotify - ok

23:10:04.0263 0356 [ 3566310DF25EA5C3B2E9F50F5B50EAC1 ] SmartFaceVWatchSrv C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe

23:10:04.0263 0356 SmartFaceVWatchSrv - ok

23:10:04.0310 0356 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:10:04.0325 0356 Smb - ok

23:10:04.0356 0356 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:10:04.0372 0356 SNMPTRAP - ok

23:10:04.0388 0356 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

23:10:04.0403 0356 spldr - ok

23:10:04.0450 0356 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

23:10:04.0450 0356 Spooler - ok

23:10:04.0528 0356 [ CE1E6032B2D8541D460C3EBD324055EE ] SprintRcAppSvc C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe

23:10:04.0528 0356 SprintRcAppSvc - ok

23:10:04.0559 0356 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

23:10:04.0559 0356 srv - ok

23:10:04.0622 0356 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:10:04.0637 0356 srv2 - ok

23:10:04.0653 0356 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:10:04.0653 0356 srvnet - ok

23:10:04.0684 0356 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:10:04.0700 0356 SSDPSRV - ok

23:10:04.0731 0356 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:10:04.0731 0356 SstpSvc - ok

23:10:04.0778 0356 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

23:10:04.0778 0356 StillCam - ok

23:10:04.0840 0356 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

23:10:04.0840 0356 stisvc - ok

23:10:04.0902 0356 [ 3E4239B92139F7174A0DA7D53FE5E1AB ] SVRPEDRV C:\Windows\System32\sysprep\PEDrv.sys

23:10:04.0918 0356 SVRPEDRV - ok

23:10:04.0934 0356 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:10:04.0949 0356 swenum - ok

23:10:04.0980 0356 [ 5230AAB3A00B0A1B89580D8ED85B5BFA ] swivsp C:\Windows\system32\DRIVERS\swivspnt.sys

23:10:04.0980 0356 swivsp - ok

23:10:05.0012 0356 [ E6C797B33A454840245C0C96E7F08B0A ] swmsflt C:\Windows\System32\drivers\swmsflt.sys

23:10:05.0012 0356 swmsflt - ok

23:10:05.0058 0356 [ A56848914C78093A1EC84A6CE424C7BF ] swmx00 C:\Windows\system32\DRIVERS\swmx00.sys

23:10:05.0058 0356 swmx00 - ok

23:10:05.0074 0356 [ F797787D579E1A9396D2E416240A2259 ] SWNC5E00 C:\Windows\system32\DRIVERS\SWNC5E00.sys

23:10:05.0074 0356 SWNC5E00 - ok

23:10:05.0121 0356 [ 7AE593FE3D78195987505DA0A7E91542 ] SWNC8U80 C:\Windows\system32\DRIVERS\swnc8u80.sys

23:10:05.0121 0356 SWNC8U80 - ok

23:10:05.0183 0356 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

23:10:05.0183 0356 swprv - ok

23:10:05.0214 0356 SWUMX20 - ok

23:10:05.0261 0356 [ 3076A3BB7C340BBF851075DD2EBAD03F ] SWUMX80 C:\Windows\system32\DRIVERS\swumx80.sys

23:10:05.0261 0356 SWUMX80 - ok

23:10:05.0324 0356 [ E1292C1ED4DEB17B8A9B586D22CB2061 ] Swupdtmr c:\TOSHIBA\IVP\swupdate\swupdtmr.exe

23:10:05.0324 0356 Swupdtmr - ok

23:10:05.0355 0356 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

23:10:05.0355 0356 Symc8xx - ok

23:10:05.0386 0356 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

23:10:05.0386 0356 Sym_hi - ok

23:10:05.0417 0356 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

23:10:05.0417 0356 Sym_u3 - ok

23:10:05.0464 0356 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

23:10:05.0480 0356 SysMain - ok

23:10:05.0511 0356 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:10:05.0511 0356 TabletInputService - ok

23:10:05.0558 0356 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:10:05.0558 0356 TapiSrv - ok

23:10:05.0573 0356 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

23:10:05.0589 0356 TBS - ok

23:10:05.0636 0356 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:10:05.0651 0356 Tcpip - ok

23:10:05.0682 0356 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

23:10:05.0682 0356 Tcpip6 - ok

23:10:05.0698 0356 [ 9B05AA8089F4EA1BC31208EDE33969F3 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys

23:10:05.0714 0356 tcpipBM - ok

23:10:05.0729 0356 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:10:05.0729 0356 tcpipreg - ok

23:10:05.0745 0356 [ 6FDFBA25002CE4BAC463AC866AE71405 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys

23:10:05.0745 0356 tdcmdpst - ok

23:10:05.0792 0356 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:10:05.0792 0356 TDPIPE - ok

23:10:05.0807 0356 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:10:05.0807 0356 TDTCP - ok

23:10:05.0838 0356 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:10:05.0838 0356 tdx - ok

23:10:05.0854 0356 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:10:05.0854 0356 TermDD - ok

23:10:05.0901 0356 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

23:10:05.0901 0356 TermService - ok

23:10:05.0916 0356 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

23:10:05.0932 0356 Themes - ok

23:10:05.0948 0356 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

23:10:05.0948 0356 THREADORDER - ok

23:10:05.0994 0356 [ B146492A882A25A2DF1DB4668FCED6C8 ] TNaviSrv C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

23:10:05.0994 0356 TNaviSrv - ok

23:10:06.0041 0356 [ C5AC715B65B01788ABC22D10749DDDD8 ] TODDSrv C:\Windows\system32\TODDSrv.exe

23:10:06.0041 0356 TODDSrv - ok

23:10:06.0104 0356 [ 44DBAC611B11646683B5B066A049B8E4 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

23:10:06.0104 0356 TosCoSrv - ok

23:10:06.0150 0356 [ 22690DFFC7F2A18279A7A0489AA02BAC ] TOSHIBA SMART Log Service C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe

23:10:06.0150 0356 TOSHIBA SMART Log Service - ok

23:10:06.0182 0356 [ 1EA5F27C29405BF49799FECA77186DA9 ] tos_sps32 C:\Windows\system32\DRIVERS\tos_sps32.sys

23:10:06.0197 0356 tos_sps32 - ok

23:10:06.0228 0356 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

23:10:06.0228 0356 TrkWks - ok

23:10:06.0275 0356 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:10:06.0275 0356 TrustedInstaller - ok

23:10:06.0306 0356 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:10:06.0306 0356 tssecsrv - ok

23:10:06.0338 0356 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

23:10:06.0338 0356 tunmp - ok

23:10:06.0369 0356 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:10:06.0369 0356 tunnel - ok

23:10:06.0400 0356 [ 792A8B80F8188ABA4B2BE271583F3E46 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

23:10:06.0400 0356 TVALZ - ok

23:10:06.0416 0356 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys

23:10:06.0431 0356 uagp35 - ok

23:10:06.0447 0356 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:10:06.0462 0356 udfs - ok

23:10:06.0494 0356 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:10:06.0494 0356 UI0Detect - ok

23:10:06.0525 0356 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:10:06.0525 0356 uliagpkx - ok

23:10:06.0540 0356 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys

23:10:06.0556 0356 uliahci - ok

23:10:06.0572 0356 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

23:10:06.0572 0356 UlSata - ok

23:10:06.0587 0356 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

23:10:06.0587 0356 ulsata2 - ok

23:10:06.0603 0356 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:10:06.0603 0356 umbus - ok

23:10:06.0634 0356 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

23:10:06.0650 0356 upnphost - ok

23:10:06.0696 0356 [ EAFE1E00739AFE6C51487A050E772E17 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys

23:10:06.0696 0356 USBAAPL - ok

23:10:06.0728 0356 [ B1503509D5E202C17DD78B3E1BF70049 ] usbbus C:\Windows\system32\DRIVERS\lgusbbus.sys

23:10:06.0728 0356 usbbus - ok

23:10:06.0759 0356 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:10:06.0774 0356 usbccgp - ok

23:10:06.0790 0356 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:10:06.0790 0356 usbcir - ok

23:10:06.0821 0356 [ 456C04B39AA4066648C980E7042CD5F7 ] UsbDiag C:\Windows\system32\DRIVERS\lgusbdiag.sys

23:10:06.0821 0356 UsbDiag - ok

23:10:06.0868 0356 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

23:10:06.0868 0356 usbehci - ok

23:10:06.0884 0356 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:10:06.0899 0356 usbhub - ok

23:10:06.0930 0356 [ 5318918FFBCDE39B1AB25FFAB2561F99 ] USBModem C:\Windows\system32\DRIVERS\lgusbmodem.sys

23:10:06.0930 0356 USBModem - ok

23:10:06.0962 0356 [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

23:10:06.0962 0356 usbohci - ok

23:10:06.0993 0356 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:10:06.0993 0356 usbprint - ok

23:10:07.0024 0356 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:10:07.0040 0356 usbscan - ok

23:10:07.0071 0356 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:10:07.0071 0356 USBSTOR - ok

23:10:07.0086 0356 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

23:10:07.0086 0356 usbuhci - ok

23:10:07.0133 0356 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

23:10:07.0133 0356 usbvideo - ok

23:10:07.0164 0356 [ 8C5094A8AB24DE7496C7C19942F2DF04 ] UVCFTR C:\Windows\system32\Drivers\UVCFTR_S.SYS

23:10:07.0164 0356 UVCFTR - ok

23:10:07.0196 0356 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

23:10:07.0196 0356 UxSms - ok

23:10:07.0242 0356 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

23:10:07.0242 0356 vds - ok

23:10:07.0289 0356 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:10:07.0289 0356 vga - ok

23:10:07.0305 0356 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

23:10:07.0305 0356 VgaSave - ok

23:10:07.0320 0356 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys

23:10:07.0320 0356 viaagp - ok

23:10:07.0352 0356 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys

23:10:07.0352 0356 ViaC7 - ok

23:10:07.0664 0356 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys

23:10:07.0664 0356 viaide - ok

23:10:07.0679 0356 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:10:07.0679 0356 volmgr - ok

23:10:07.0726 0356 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:10:07.0726 0356 volmgrx - ok

23:10:07.0742 0356 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:10:07.0757 0356 volsnap - ok

23:10:07.0788 0356 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

23:10:07.0788 0356 vsmraid - ok

23:10:07.0820 0356 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

23:10:07.0851 0356 VSS - ok

23:10:07.0882 0356 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

23:10:07.0898 0356 W32Time - ok

23:10:07.0913 0356 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

23:10:07.0913 0356 WacomPen - ok

23:10:07.0944 0356 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

23:10:07.0944 0356 Wanarp - ok

23:10:07.0960 0356 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:10:07.0960 0356 Wanarpv6 - ok

23:10:07.0976 0356 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:10:07.0991 0356 wcncsvc - ok

23:10:08.0007 0356 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:10:08.0007 0356 WcsPlugInService - ok

23:10:08.0022 0356 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys

23:10:08.0038 0356 Wd - ok

23:10:08.0069 0356 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:10:08.0085 0356 Wdf01000 - ok

23:10:08.0100 0356 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:10:08.0100 0356 WdiServiceHost - ok

23:10:08.0116 0356 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:10:08.0116 0356 WdiSystemHost - ok

23:10:08.0147 0356 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

23:10:08.0147 0356 WebClient - ok

23:10:08.0178 0356 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:10:08.0194 0356 Wecsvc - ok

23:10:08.0210 0356 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:10:08.0210 0356 wercplsupport - ok

23:10:08.0256 0356 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

23:10:08.0256 0356 WerSvc - ok

23:10:08.0319 0356 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

23:10:08.0319 0356 WinDefend - ok

23:10:08.0334 0356 WinHttpAutoProxySvc - ok

23:10:08.0397 0356 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:10:08.0412 0356 Winmgmt - ok

23:10:08.0459 0356 [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM C:\Windows\system32\WsmSvc.dll

23:10:08.0475 0356 WinRM - ok

23:10:08.0522 0356 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

23:10:08.0537 0356 Wlansvc - ok

23:10:08.0568 0356 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

23:10:08.0568 0356 WmiAcpi - ok

23:10:08.0600 0356 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:10:08.0600 0356 wmiApSrv - ok

23:10:08.0678 0356 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

23:10:08.0693 0356 WMPNetworkSvc - ok

23:10:08.0740 0356 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:10:08.0740 0356 WPCSvc - ok

23:10:08.0771 0356 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:10:08.0787 0356 WPDBusEnum - ok

23:10:08.0818 0356 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys

23:10:08.0818 0356 WpdUsb - ok

23:10:08.0927 0356 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

23:10:08.0943 0356 WPFFontCache_v0400 - ok

23:10:08.0958 0356 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:10:08.0958 0356 ws2ifsl - ok

23:10:09.0005 0356 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

23:10:09.0005 0356 wscsvc - ok

23:10:09.0005 0356 WSearch - ok

23:10:09.0099 0356 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

23:10:09.0146 0356 wuauserv - ok

23:10:09.0208 0356 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:10:09.0208 0356 WUDFRd - ok

23:10:09.0239 0356 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:10:09.0239 0356 wudfsvc - ok

23:10:09.0302 0356 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

23:10:09.0317 0356 YahooAUService - ok

23:10:09.0426 0356 ================ Scan global ===============================

23:10:09.0442 0356 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

23:10:09.0489 0356 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

23:10:09.0504 0356 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

23:10:09.0551 0356 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

23:10:09.0551 0356 [Global] - ok

23:10:09.0551 0356 ================ Scan MBR ==================================

23:10:09.0582 0356 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0

23:10:10.0004 0356 \Device\Harddisk0\DR0 - ok

23:10:10.0004 0356 ================ Scan VBR ==================================

23:10:10.0019 0356 [ FF3EF40340589DCC10B9DB07941E7FB3 ] \Device\Harddisk0\DR0\Partition1

23:10:10.0019 0356 \Device\Harddisk0\DR0\Partition1 - ok

23:10:10.0019 0356 ============================================================

23:10:10.0019 0356 Scan finished

23:10:10.0019 0356 ============================================================

23:10:10.0035 0352 Detected object count: 0

23:10:10.0035 0352 Actual detected object count: 0








aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-09 23:12:46
-----------------------------
23:12:46.445 OS Version: Windows 6.0.6002 Service Pack 2
23:12:46.445 Number of processors: 2 586 0x301
23:12:46.445 ComputerName: PIPE UserName:
23:12:48.723 Initialize success
23:14:31.671 AVAST engine defs: 12090901
23:15:00.171 The log file has been saved successfully to "C:\Users\Linda\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 10 September 2012 - 12:49 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Enhanced

Enhanced
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 11 September 2012 - 04:53 PM

ComboFix 12-09-09.02 - Linda 09/11/2012 16:50:56.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2813.1661 [GMT -7:00]
Running from: c:\users\Linda\Downloads\ComboFix.exe
Command switches used :: c:\users\Linda\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-12 to 2012-09-12 )))))))))))))))))))))))))))))))
.
.
2012-09-11 23:59 . 2012-09-11 23:59 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-11 23:59 . 2012-09-11 23:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-09 09:21 . 2012-09-12 00:00 -------- d-----w- c:\users\Linda\AppData\Local\temp
2012-09-09 08:41 . 2012-09-09 08:41 -------- d-----w- c:\program files\iPod
2012-09-09 08:37 . 2012-09-09 08:37 -------- d-----w- c:\program files\Apple Software Update
2012-09-09 08:34 . 2012-09-09 08:34 -------- d-----w- c:\program files\Bonjour
2012-09-06 04:11 . 2012-09-06 04:11 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-05 07:29 . 2012-09-05 07:45 -------- d-----w- c:\programdata\HitmanPro
2012-08-30 05:30 . 2012-08-30 05:30 -------- dc----w- C:\TDSSKiller_Quarantine
2012-08-23 09:07 . 2012-08-23 09:07 -------- d-----w- c:\program files\Microsoft Silverlight
2012-08-19 10:50 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-12 08:43 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-12 08:43 . 2003-02-21 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-24 08:31 . 2012-07-24 08:31 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-07-24 08:31 . 2012-07-24 08:31 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-07-24 08:31 . 2012-07-24 08:31 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-07-24 08:31 . 2012-07-24 08:31 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-07-24 08:31 . 2012-07-24 08:31 161792 ----a-w- c:\windows\system32\msls31.dll
2012-07-24 08:31 . 2012-07-24 08:31 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-07-24 08:31 . 2012-07-24 08:31 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-07-24 08:31 . 2012-07-24 08:31 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-07-24 08:31 . 2012-07-24 08:31 367104 ----a-w- c:\windows\system32\html.iec
2012-07-24 08:31 . 2012-07-24 08:31 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-24 08:31 . 2012-07-24 08:31 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-24 08:30 . 2012-07-24 08:30 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-07-24 08:30 . 2012-07-24 08:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-07-24 08:30 . 2012-07-24 08:30 152064 ----a-w- c:\windows\system32\wextract.exe
2012-07-24 08:30 . 2012-07-24 08:30 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-07-24 08:30 . 2012-07-24 08:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-07-24 08:30 . 2012-07-24 08:30 11776 ----a-w- c:\windows\system32\mshta.exe
2012-07-24 08:30 . 2012-07-24 08:30 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-07-24 08:30 . 2012-07-24 08:30 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-07-24 08:30 . 2012-07-24 08:30 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-07-24 08:30 . 2012-07-24 08:30 101888 ----a-w- c:\windows\system32\admparse.dll
2012-07-24 08:26 . 2012-07-24 08:26 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2012-07-24 08:26 . 2012-07-24 08:26 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2012-07-24 08:26 . 2012-07-24 08:26 252928 ----a-w- c:\windows\system32\dxdiag.exe
2012-07-24 08:26 . 2012-07-24 08:26 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2012-07-24 08:26 . 2012-07-24 08:26 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2012-07-24 08:26 . 2012-07-24 08:26 519680 ----a-w- c:\windows\system32\d3d11.dll
2012-07-24 08:26 . 2012-07-24 08:26 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2012-07-24 08:26 . 2012-07-24 08:26 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2012-07-24 08:20 . 2012-07-24 08:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-24 08:20 . 2011-11-29 07:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2010-01-30 09:00 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{adca5064-9e30-43fe-9856-58b07a3149fe}]
2011-05-09 09:49 176936 ----a-w- c:\program files\FreeMake\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{adca5064-9e30-43fe-9856-58b07a3149fe}"= "c:\program files\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ADCA5064-9E30-43FE-9856-58B07A3149FE}"= "c:\program files\FreeMake\prxtbFree.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{adca5064-9e30-43fe-9856-58b07a3149fe}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-04-24 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe" [2012-07-24 686280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Linda^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\Linda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
2008-03-19 21:35 716800 ----a-w- c:\program files\TOSHIBA\FlashCards\TCrdMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AT&T Communication Manager]
2008-12-01 21:23 33280 ----a-w- c:\program files\AT&T\Communication Manager\ATTCM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2008-04-29 18:33 417792 ----a-w- c:\program files\Camera Assistant Software for Toshiba\traybar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 500 Series]
2008-02-21 21:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-09 01:01 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
2007-11-01 06:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-08 02:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2012-07-03 20:46 973488 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
2011-08-05 19:49 211296 ----a-w- c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
2011-09-02 01:47 90448 ----a-w- c:\program files\Common Files\Research in Motion\USB Drivers\RIMBBLaunchAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-04-08 23:14 6037504 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-21 02:15 1826816 ----a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
2007-06-16 05:01 448080 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sprint SmartView]
2008-03-10 16:09 17672 ----a-w- c:\program files\Sprint\Sprint SmartView\SprintSV.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 20:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 21:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-13 12:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-08-12 08:43 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain]
2008-02-06 21:52 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TRUUpdater]
2008-06-13 01:23 525592 ----a-w- c:\program files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatcherHelper]
2008-08-27 19:38 124184 ----a-w- c:\program files\Sierra Wireless Inc\3G Watcher\WaHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-12-21 05:45 39424 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:27]
.
2012-09-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 23:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
Trusted Zone: classmates.com\secure
Trusted Zone: games.com\wsop
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-11 17:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????p?IZ???????????????8 ??`
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=hex:51,66,7a,6c,4c,1d,38,12,5c,be,8a,
eb,c9,8f,bc,54,f6,39,43,d0,22,43,0b,9c
"{ADCA5064-9E30-43FE-9856-58B07A3149FE}"=hex:51,66,7a,6c,4c,1d,38,12,0a,53,d9,
a9,02,d0,90,06,e7,40,1b,f0,7f,6f,0d,ea
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,
34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:df,65,bc,e9,1b,8b,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-11 17:02:48
ComboFix-quarantined-files.txt 2012-09-12 00:02
ComboFix2.txt 2012-09-09 09:21
.
Pre-Run: 12,932,272,128 bytes free
Post-Run: 14,997,688,320 bytes free
.
- - End Of File - - 80A7C73C8E70577B9EC6E70861BBEC9B



Gringo,

as far as i can tell the computer is running as it should. Thank you again for your help. Please let me know if I need to further.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 11 September 2012 - 09:24 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 8.1.2
Java™ 6 Update 30
LimeWire 5.4.6
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Enhanced

Enhanced
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 11 September 2012 - 11:58 PM

At this moment my computer appears to be fine with the exception of what Malewarebytes found. Here are my logs.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:55:12 AM, on 9/12/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Linda\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: FreeMake Toolbar - {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files\FreeMake\prxtbFree.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: FreeMake - {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files\FreeMake\prxtbFree.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FreeMake Toolbar - {adca5064-9e30-43fe-9856-58b07a3149fe} - C:\Program Files\FreeMake\prxtbFree.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -update activex (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -update activex (User 'Default user')
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://wsop.games.com
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5538 bytes

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Linda :: PIPE [administrator]

9/12/2012 12:34:30 AM
mbam-log-2012-09-12 (00-34-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228175
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Users\Linda\2b9fdccd_16f2.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Linda\AppData\Local\temp\C680.tmp (Trojan.FakeAlert.FSA28) -> Quarantined and deleted successfully.
C:\Users\Linda\2b9fdccd_16f2.exe (Backdoor.IRCBot) -> Delete on reboot.

(end)









Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.12.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Linda :: PIPE [administrator]

9/12/2012 12:34:30 AM
mbam-log-2012-09-12 (00-34-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228175
Time elapsed: 9 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Update Server (Backdoor.IRCBot) -> Data: C:\Users\Linda\2b9fdccd_16f2.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Linda\AppData\Local\temp\C680.tmp (Trojan.FakeAlert.FSA28) -> Quarantined and deleted successfully.
C:\Users\Linda\2b9fdccd_16f2.exe (Backdoor.IRCBot) -> Delete on reboot.

(end)

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 12 September 2012 - 12:08 AM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -update activex (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe -update activex (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Enhanced

Enhanced
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:53 PM

Posted 12 September 2012 - 02:15 AM

C:\Qoobox\Quarantine\C\Users\Linda\AppData\Roaming\mskel.dll.vir a variant of Win32/Medfos.DC trojan
C:\TDSSKiller_Quarantine\29.08.2012_22.24.02\tdlfs0000\tsk0003.dta Win32/Olmarik.AVQ trojan
C:\TDSSKiller_Quarantine\29.08.2012_22.24.02\tdlfs0000\tsk0005.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\29.08.2012_22.24.02\tdlfs0000\tsk0006.dta Win64/Olmarik.R trojan
C:\TDSSKiller_Quarantine\29.08.2012_22.24.02\tdlfs0000\tsk0007.dta Win64/Olmarik.W trojan
C:\Users\Linda\Downloads\FreemakeVideoConverterSetup.exe Win32/OpenCandy application
C:\Users\Public\Downloads\RollerCoasterTycoon2-dm[1].exe a variant of Win32/Adware.Trymedia.A application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J62P17YT\a_zapmeta_net[1].htm JS/Kryptik.CB trojan



The scan took a considerable amount of time. I will await further instruction.

I really do appreciate your help.


Michelle

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:53 PM

Posted 12 September 2012 - 02:28 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    rd /s /q "C:\TDSSKiller_Quarantine\"
    del /f /s /q "C:\Users\Linda\Downloads\FreemakeVideoConverterSetup.exe"
    del /f /s /q "C:\Users\Public\Downloads\RollerCoasterTycoon2-dm[1].exe"
    rd /s /q "C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\J62P17YT\"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users