Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus/Trojan Removal Help Needed


  • This topic is locked This topic is locked
24 replies to this topic

#1 Forehead

Forehead

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 October 2012 - 10:46 PM

Hey all,

My wife's laptop appears to have picked up something called Virus.Win64.zaccess.a. She is running Windows 7. I have Avast installed on her machine and she is getting continuous popups about trojan's, rootkits, etc. that are being blocked, which is nice except for the fact that the popups keep happening. I would like to get this cleaned. Luckily, we don't store passwords on her computer, rarely visit our financial websites, or anything; we use my computer for that. Her's is mostly used for work, though I was using it to stream sports tonight and picked this thing up.

Anyway, I did some reading and I see there have been past threads on this website with great step-by-step instructions on how to clean this up, but I didn't want to follow those in case some of the instructions were specific to that one computer. I have an idea of what to expect, and hope someone can help me.

I tried running TDSSKiller, which did not fix the issue, and also the Kaspersky 2011 Virus removal two, which said it located and removed two Trojans, but we're still getting the popups. Currently running Avast and Malwarebytes scans which show numerous infected files. All help would be appreciated.

Thanks

Edited by Forehead, 20 October 2012 - 11:21 PM.


BC AdBot (Login to Remove)

 


#2 Forehead

Forehead
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 20 October 2012 - 11:29 PM

Okay, MalWareBytes finished and found 11 issues, 10 instances of adware and 1 other, it was a virus or a trojan, can't remember which. Anyway, I told it to remove them and then rebooted. Laptop rebooted fine, but the Avast popups saying the computer is infected are still occurring. Here is the Malwarebytes log.

Internet Explorer 8.0.7600.16385

10/21/2012 12:20:43 AM
mbam-log-2012-10-21 (00-20-43).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 276328
Time elapsed: 1 hour(s), 9 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b922d405-6d13-4a2b-ae89-08a030da4402} (Adware.WidgiToolbar) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Config.Msi\250f555b.rbf (Adware.WidgiToolbar) -> No action taken.
C:\Program Files (x86)\Coupons.com CouponBar\coupons.com.dll (Adware.EcoBar) -> No action taken.
C:\Program Files (x86)\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken.
C:\Program Files (x86)\pdfforge Toolbar\IE\6.5\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.
C:\ProgramData\lsass.exe (Trojan.Delf) -> No action taken.

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 20 October 2012 - 11:49 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Forehead

Forehead
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 21 October 2012 - 12:22 AM

Sure thing. By the way, it's not a problem that the Avast warning keep popping up in the middle of this, is it?

Here is the checkup.txt log:

Results of screen317's Security Check version 0.99.53
Windows 7 x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 17
Java 7 Update 6
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Here is the contents of the attach.txt log:

.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 403.038 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP353: 9/18/2012 7:36:17 PM - Windows Update
RP354: 9/22/2012 8:20:53 AM - Windows Update
RP355: 9/24/2012 7:46:22 PM - Windows Backup
RP356: 9/25/2012 7:30:46 PM - Windows Update
RP357: 9/30/2012 7:10:20 PM - Windows Backup
RP358: 10/2/2012 2:04:06 PM - Windows Update
RP359: 10/6/2012 2:51:01 PM - Windows Update
RP360: 10/8/2012 9:32:49 PM - Windows Update
RP361: 10/11/2012 6:09:50 PM - Windows Update
RP362: 10/14/2012 7:00:09 PM - Windows Backup
RP363: 10/16/2012 6:27:46 PM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.3)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
Best Buy Software Installer
Bonjour
CNET TechTracker
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
CouponBar
Crystal Reports Viewer 2008
Epson Event Manager
EPSON NX510 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HP LaserJet P1000 series
hppMSRedist
hppusgP1000
HPSSupply
iCloud
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® Wireless Display
iTunes
Java 7 Update 6
Java Auto Updater
Java™ 6 Update 17
JMicron Flash Media Controller Driver
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Terminal Services Client
Junk Mail filter update
Label@Once 1.0
Lexmark 7600 Series
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office File Validation Add-In
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Standard Edition 2003
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MrvlUsgTracking
MSVCRT
PDFCreator
pdfforge Toolbar v6.5
PlayReady PC Runtime amd64
Post-it® Digital Notes
QuickTime
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Shutterfly Express Uploader
Skype Toolbars
Skype™ 5.10
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Uniblue RegistryBooster 2010
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver
Visual C++ 8.0 Runtime Setup Package (x64)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Mobile Device Updater Component
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
10/21/2012 12:25:37 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
10/21/2012 12:23:53 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
10/21/2012 12:23:53 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
10/21/2012 12:23:51 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
10/21/2012 1:06:30 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
10/21/2012 1:06:30 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
10/19/2012 5:40:47 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.139.124.0).
10/14/2012 10:18:22 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
10/14/2012 10:18:22 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


And here is the contents of the dds.txt file:


DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.6.2
Run by Molly at 1:14:41 on 2012-10-21
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2178 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFIA.EXE
C:\windows\system32\wbem\unsecapp.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFIA.EXE
C:\Windows\System32\spool\drivers\x64\3\E_IATIFIA.EXE
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Users\Molly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86) (x86)\Lexmark 7600 Series\lxdwmon.exe
C:\Program Files (x86) (x86)\Lexmark 7600 Series\ezprint.exe
C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.coupons.com/
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Post-it® Digital Notes: {735abc4c-9266-4008-9ef6-bc60be8de31f} -
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} - C:\Program Files (x86)\Coupons.com CouponBar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [EPSON NX510 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_S33F2.tmp" /EF "HKCU"
uRun: [EPSON8DC903] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_S9562.tmp" /EF "HKCU"
uRun: [Epson Stylus NX510(Network)] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_S3DA2.tmp" /EF "HKCU"
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [lxdwmon.exe] "C:\Program Files (x86) (x86)\Lexmark 7600 Series\lxdwmon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 7600 Series\ezprint.exe"
mRun: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe "C:\Program Files (x86)\HP\HP UT\"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
StartupFolder: C:\Users\Molly\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\CNETTE~1.LNK - C:\Users\Molly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\POST-I~1.LNK - C:\Program Files (x86)\3M\PDNotes\PDNotes.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Create a Post-it® Note - C:\Program Files (x86)\3M\PDNotes\\PSNBookMark.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://my.markelcorp.com/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8988BE92-DCAA-4B5F-A7D9-9254ABD8A665} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8988BE92-DCAA-4B5F-A7D9-9254ABD8A665}\44F6C6078696E637 : DHCPNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{8988BE92-DCAA-4B5F-A7D9-9254ABD8A665}\7516C6B65627 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8988BE92-DCAA-4B5F-A7D9-9254ABD8A665}\948435D444 : DHCPNameServer = 75.75.75.75 75.75.76.76 4.2.2.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: PDN64BitBookMarkActivator.BookMark64BitActivator: {887cdc33-0de3-4fd5-a5d3-eccd4b4b396c} -
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg64.dll
x64-TB: Post-it® Digital Notes: {735abc4c-9266-4008-9ef6-bc60be8de31f} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2010-5-14 482384]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2011-6-25 591192]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2010-8-3 304472]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-10-9 799112]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2010-8-3 24408]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2010-8-3 66904]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-12-28 44768]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-14 2320920]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-5-14 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-4-7 158976]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-4-7 271872]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-5-14 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-5-14 325152]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-5-14 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2009-12-17 36760]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-28 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2009-7-14 9728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-16 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-28 135664]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2009-9-23 144496]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-29 1255736]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\System32\drivers\WSDPrint.sys [2009-7-13 23040]
S3 WSDScan;WSD Scan Support via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2012-10-21 01:58:07 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-10-21 01:07:36 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-20 20:25:52 -------- d-----w- C:\Program Files (x86)\pdfforge Toolbar
2012-10-20 20:25:52 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-10-20 20:25:52 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-10-19 21:40:30 9291768 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01855702-523E-4B45-9AF2-97E693C74D4B}\mpengine.dll
2012-10-10 23:07:14 1656688 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-10-10 23:07:06 5505904 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-10-10 23:07:03 3958128 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 23:07:03 3902832 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-10-10 23:05:56 1462784 ----a-w- C:\windows\System32\crypt32.dll
2012-10-10 23:05:55 182272 ----a-w- C:\windows\System32\cryptsvc.dll
2012-10-10 23:05:55 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-10-10 23:05:55 139264 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-10-10 23:05:55 1157632 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-10-10 23:05:54 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2012-10-09 01:35:36 469256 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\606048071cda5be2d\InstallManager_WLE_WLE.exe
2012-10-09 01:35:11 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\52b9f8ac1cda5be22\MeshBetaRemover.exe
2012-10-09 01:34:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\DSETUP.dll
2012-10-09 01:34:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\DXSETUP.exe
2012-10-09 01:34:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\dsetup32.dll
2012-10-09 01:34:47 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\DSETUP.dll
2012-10-09 01:34:47 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\DXSETUP.exe
2012-10-09 01:34:47 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\dsetup32.dll
2012-10-09 01:33:44 -------- d-----w- C:\Users\Molly\AppData\Local\Windows Live
.
==================== Find3M ====================
.
2012-10-08 23:31:28 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 23:31:28 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:23:40 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:30:38 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-26 22:01:20 95208 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-26 22:01:16 821736 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-08-26 22:01:16 746984 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-08-24 18:05:28 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 18:05:27 1197568 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 18:02:20 57856 ----a-w- C:\windows\System32\licmgr10.dll
2012-08-24 17:10:47 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 17:10:47 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 17:08:47 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2012-08-24 16:45:23 482816 ----a-w- C:\windows\System32\html.iec
2012-08-24 16:02:45 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 16:01:45 386048 ----a-w- C:\windows\SysWow64\html.iec
2012-08-24 15:27:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-21 17:01:20 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:20 125872 ----a-w- C:\windows\System32\GEARAspi64.dll
2012-08-21 17:01:20 106928 ----a-w- C:\windows\SysWow64\GEARAspi.dll
2012-08-18 15:43:05 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\windows\SysWow64\kerberos.dll
2012-08-02 17:55:04 574464 ----a-w- C:\windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll
.
============= FINISH: 1:15:14.18 ===============



Thank you again for the help.

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 21 October 2012 - 12:30 AM

Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Forehead

Forehead
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 21 October 2012 - 12:56 AM

Thanks again for your help, I had been wondering if I should just move on to the next steps as I've seen others being helped with this, but I'm hesitant. I appreciate you taking the time.

Here is the log from AdwCleaner:

# AdwCleaner v2.005 - Logfile created 10/21/2012 at 01:39:55
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Molly - MOLLY-PC
# Boot Mode : Normal
# Running from : C:\Users\Molly\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Molly\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Molly\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\Molly\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Molly\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Molly\AppData\LocalLow\Toolbar4

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Molly\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [9548 octets] - [21/10/2012 01:39:55]

########## EOF - C:\AdwCleaner[S1].txt - [9608 octets] ##########



And here is the file from RogueKiller. I should note, Roguekiller didn't complete all the steps you listed, it said it needed to reboot the computer to complete some processes and the report was waiting after the reboot, but I never saw a "deleting finished" status and I never clicked report.

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Molly [Admin rights]
Mode : Scan -- Date : 10/21/2012 01:47:34

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] TechTracker.exe -- C:\Users\Molly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] CNET TechTracker.lnk @Molly : C:\Users\Molly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\windows\Installer\{c236b97c-3fcc-86bc-309d-418570865fa5}\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\windows\Installer\{c236b97c-3fcc-86bc-309d-418570865fa5}\U --> FOUND
[ZeroAccess][FOLDER] L : C:\windows\Installer\{c236b97c-3fcc-86bc-309d-418570865fa5}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> FOUND
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 35cdcf2d6902b3140cbbf1e1c437dd83
[BSP] ad3169145d5a5582624fdef33b7b7fca : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464726 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954832896 | Size: 10713 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


If it matters, RogueKiller produced two reports, although they look identical to me. This is the second one, just in case:

RogueKiller V8.1.1 [10/01/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Molly [Admin rights]
Mode : Remove -- Date : 10/21/2012 01:48:48

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] TechTracker.exe -- C:\Users\Molly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] CNET TechTracker.lnk @Molly : C:\Users\Molly\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\windows\Installer\{c236b97c-3fcc-86bc-309d-418570865fa5}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000008.@ : C:\windows\Installer\{c236b97c-3fcc-86bc-309d-418570865fa5}\U\00000008.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{c236b97c-3fcc-86bc-309d-418570865fa5}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\windows\Installer\{c236b97c-3fcc-86bc-309d-418570865fa5}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> REMOVED AT REBOOT
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> REMOVED AT REBOOT
[Susp.ASLR][FILE] services.exe : C:\windows\system32\services.exe --> REPLACED AT REBOOT (C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe)

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] 35cdcf2d6902b3140cbbf1e1c437dd83
[BSP] ad3169145d5a5582624fdef33b7b7fca : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464726 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954832896 | Size: 10713 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



Thanks again.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 21 October 2012 - 01:07 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Forehead

Forehead
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 21 October 2012 - 01:44 AM

Took me awhile to figure out how to turn off the Avast shields; have to admit I'm a little nervous with them off. Anyway, I ran combofix, but didn't get the registry error until it was generating a log. I clicked yes and I don't think the log finished, because there's no combofix.txt on the computer. I'm running it again.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 21 October 2012 - 01:46 AM

if you keep having trouble try and run it in safe mode


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Forehead

Forehead
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 21 October 2012 - 01:50 AM

Got it the second time; here's the ComboFix log:

ComboFix 12-10-21.01 - Molly 10/21/2012 2:41.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.2119 [GMT -4:00]
Running from: c:\users\Molly\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 06:47 . 2012-10-21 06:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-21 06:46 . 2012-10-21 06:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01855702-523E-4B45-9AF2-97E693C74D4B}\offreg.dll
2012-10-21 01:58 . 2012-10-21 01:58 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-21 01:07 . 2012-10-21 02:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-19 21:40 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01855702-523E-4B45-9AF2-97E693C74D4B}\mpengine.dll
2012-10-10 23:07 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 23:07 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 23:07 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 23:07 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 23:05 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 23:05 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 23:05 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 23:05 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 23:05 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 23:05 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 01:35 . 2012-10-09 01:35 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\606048071cda5be2d\InstallManager_WLE_WLE.exe
2012-10-09 01:35 . 2012-10-09 01:35 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\52b9f8ac1cda5be22\MeshBetaRemover.exe
2012-10-09 01:34 . 2012-10-09 01:34 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\DSETUP.dll
2012-10-09 01:34 . 2012-10-09 01:34 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\DXSETUP.exe
2012-10-09 01:34 . 2012-10-09 01:34 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\dsetup32.dll
2012-10-09 01:34 . 2012-10-09 01:34 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\DSETUP.dll
2012-10-09 01:34 . 2012-10-09 01:34 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\DXSETUP.exe
2012-10-09 01:34 . 2012-10-09 01:34 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\dsetup32.dll
2012-10-09 01:33 . 2012-10-09 01:33 -------- d-----w- c:\users\Molly\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 22:14 . 2010-09-14 03:03 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 23:31 . 2012-05-16 23:08 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 23:31 . 2011-06-18 01:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-26 22:01 . 2012-08-26 22:01 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-26 22:01 . 2012-08-26 22:01 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-26 22:01 . 2012-08-26 22:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 17:01 . 2012-09-18 23:39 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-04-25 02:53 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-04-25 02:53 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-18 11:19 . 2012-10-10 23:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:55 . 2012-09-12 23:25 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-12 23:25 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-05-26 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-09 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"lxdwmon.exe"="c:\program files (x86) (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 7600 Series\ezprint.exe" [2010-02-10 131752]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Post-it® Digital Notes.lnk - c:\program files (x86)\3M\PDNotes\PDNotes.exe [2011-5-26 6255328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-20 315664]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-03-06 482384]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-04-07 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-04-07 271872]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-09-23 144496]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2009-12-18 36760]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 23:31]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 01:00]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 01:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{887cdc33-0de3-4fd5-a5d3-eccd4b4b396c}]
2009-11-25 19:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://search.coupons.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Create a Post-it® Note - c:\program files (x86)\3M\PDNotes\\PSNBookMark.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
AddRemove-Lexmark 7600 Series - c:\program files (x86)\Lexmark 7600 Series\Install\x64\Uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-21 02:49:24
ComboFix-quarantined-files.txt 2012-10-21 06:49
ComboFix2.txt 2012-10-21 06:35
.
Pre-Run: 433,281,458,176 bytes free
Post-Run: 433,216,434,176 bytes free
.
- - End Of File - - E4668A95AE48E48E695B4845B8BBFE3C


Thank you

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 21 October 2012 - 01:57 AM

Greetings

That looks good!!

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Forehead

Forehead
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 21 October 2012 - 02:12 AM

Thanks, here's the TDSSkiller log, which showed no errors:

03:00:58.0185 4980 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
03:00:58.0481 4980 ============================================================
03:00:58.0481 4980 Current date / time: 2012/10/21 03:00:58.0481
03:00:58.0481 4980 SystemInfo:
03:00:58.0481 4980
03:00:58.0481 4980 OS Version: 6.1.7600 ServicePack: 0.0
03:00:58.0481 4980 Product type: Workstation
03:00:58.0481 4980 ComputerName: MOLLY-PC
03:00:58.0481 4980 UserName: Molly
03:00:58.0481 4980 Windows directory: C:\windows
03:00:58.0481 4980 System windows directory: C:\windows
03:00:58.0481 4980 Running under WOW64
03:00:58.0481 4980 Processor architecture: Intel x64
03:00:58.0481 4980 Number of processors: 4
03:00:58.0481 4980 Page size: 0x1000
03:00:58.0481 4980 Boot type: Normal boot
03:00:58.0481 4980 ============================================================
03:00:58.0871 4980 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:00:58.0887 4980 ============================================================
03:00:58.0887 4980 \Device\Harddisk0\DR0:
03:00:58.0887 4980 MBR partitions:
03:00:58.0887 4980 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BAB000
03:00:58.0887 4980 ============================================================
03:00:58.0902 4980 C: <-> \Device\Harddisk0\DR0\Partition1
03:00:58.0902 4980 ============================================================
03:00:58.0902 4980 Initialize success
03:00:58.0902 4980 ============================================================
03:01:02.0022 4436 ============================================================
03:01:02.0022 4436 Scan started
03:01:02.0022 4436 Mode: Manual;
03:01:02.0022 4436 ============================================================
03:01:02.0319 4436 ================ Scan system memory ========================
03:01:02.0319 4436 System memory - ok
03:01:02.0319 4436 ================ Scan services =============================
03:01:02.0490 4436 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
03:01:02.0506 4436 1394ohci - ok
03:01:02.0521 4436 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
03:01:02.0537 4436 ACPI - ok
03:01:02.0553 4436 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\windows\system32\DRIVERS\acpials.sys
03:01:02.0553 4436 acpials - ok
03:01:02.0584 4436 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
03:01:02.0584 4436 AcpiPmi - ok
03:01:02.0662 4436 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
03:01:02.0662 4436 AdobeARMservice - ok
03:01:02.0787 4436 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:01:02.0787 4436 AdobeFlashPlayerUpdateSvc - ok
03:01:02.0818 4436 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
03:01:02.0833 4436 adp94xx - ok
03:01:02.0865 4436 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
03:01:02.0865 4436 adpahci - ok
03:01:02.0880 4436 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
03:01:02.0880 4436 adpu320 - ok
03:01:02.0911 4436 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
03:01:02.0911 4436 AeLookupSvc - ok
03:01:02.0958 4436 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\windows\system32\drivers\afd.sys
03:01:02.0958 4436 AFD - ok
03:01:02.0974 4436 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
03:01:02.0974 4436 agp440 - ok
03:01:02.0989 4436 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
03:01:02.0989 4436 ALG - ok
03:01:03.0021 4436 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
03:01:03.0021 4436 aliide - ok
03:01:03.0036 4436 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
03:01:03.0036 4436 amdide - ok
03:01:03.0052 4436 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
03:01:03.0067 4436 AmdK8 - ok
03:01:03.0083 4436 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
03:01:03.0083 4436 AmdPPM - ok
03:01:03.0130 4436 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\windows\system32\drivers\amdsata.sys
03:01:03.0130 4436 amdsata - ok
03:01:03.0145 4436 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
03:01:03.0161 4436 amdsbs - ok
03:01:03.0177 4436 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\windows\system32\drivers\amdxata.sys
03:01:03.0177 4436 amdxata - ok
03:01:03.0208 4436 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\windows\system32\drivers\appid.sys
03:01:03.0208 4436 AppID - ok
03:01:03.0223 4436 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
03:01:03.0223 4436 AppIDSvc - ok
03:01:03.0239 4436 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\windows\System32\appinfo.dll
03:01:03.0239 4436 Appinfo - ok
03:01:03.0333 4436 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:01:03.0333 4436 Apple Mobile Device - ok
03:01:03.0364 4436 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
03:01:03.0364 4436 arc - ok
03:01:03.0379 4436 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
03:01:03.0379 4436 arcsas - ok
03:01:03.0411 4436 aspnet_state - ok
03:01:03.0442 4436 [ CE6D8BCC4787704EA4FEEB92B0D0CAF8 ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
03:01:03.0442 4436 aswFsBlk - ok
03:01:03.0473 4436 [ 0DEBEB2E3FBD0BF5343125CCE617F105 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
03:01:03.0473 4436 aswMonFlt - ok
03:01:03.0489 4436 [ 952EDC2E81F85D1781958D4128BF59F8 ] aswRdr C:\windows\system32\drivers\aswRdr.sys
03:01:03.0489 4436 aswRdr - ok
03:01:03.0551 4436 [ DD383E2AC941C545A85AB72503DA6C12 ] aswSnx C:\windows\system32\drivers\aswSnx.sys
03:01:03.0567 4436 aswSnx - ok
03:01:03.0582 4436 [ EF5403FB8B2DCB791EC365FDF6040A4A ] aswSP C:\windows\system32\drivers\aswSP.sys
03:01:03.0582 4436 aswSP - ok
03:01:03.0598 4436 [ 34165DA5C6B30C0F9D61246BF8A28040 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
03:01:03.0613 4436 aswTdi - ok
03:01:03.0629 4436 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
03:01:03.0629 4436 AsyncMac - ok
03:01:03.0660 4436 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
03:01:03.0660 4436 atapi - ok
03:01:03.0707 4436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
03:01:03.0707 4436 AudioEndpointBuilder - ok
03:01:03.0738 4436 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\windows\System32\Audiosrv.dll
03:01:03.0738 4436 AudioSrv - ok
03:01:03.0785 4436 [ 996E6D052438E8D8DFD501F31560B2E0 ] avast! Antivirus C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
03:01:03.0801 4436 avast! Antivirus - ok
03:01:03.0816 4436 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\windows\System32\AxInstSV.dll
03:01:03.0832 4436 AxInstSV - ok
03:01:03.0863 4436 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
03:01:03.0863 4436 b06bdrv - ok
03:01:03.0879 4436 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
03:01:03.0879 4436 b57nd60a - ok
03:01:03.0910 4436 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
03:01:03.0910 4436 BDESVC - ok
03:01:03.0925 4436 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
03:01:03.0925 4436 Beep - ok
03:01:03.0957 4436 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\windows\System32\bfe.dll
03:01:03.0972 4436 BFE - ok
03:01:04.0003 4436 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\windows\system32\qmgr.dll
03:01:04.0019 4436 BITS - ok
03:01:04.0035 4436 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
03:01:04.0035 4436 blbdrive - ok
03:01:04.0097 4436 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:01:04.0097 4436 Bonjour Service - ok
03:01:04.0113 4436 [ 19D20159708E152267E53B66677A4995 ] bowser C:\windows\system32\DRIVERS\bowser.sys
03:01:04.0128 4436 bowser - ok
03:01:04.0128 4436 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
03:01:04.0128 4436 BrFiltLo - ok
03:01:04.0144 4436 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
03:01:04.0144 4436 BrFiltUp - ok
03:01:04.0159 4436 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
03:01:04.0159 4436 BridgeMP - ok
03:01:04.0191 4436 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\windows\System32\browser.dll
03:01:04.0191 4436 Browser - ok
03:01:04.0206 4436 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
03:01:04.0206 4436 Brserid - ok
03:01:04.0222 4436 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
03:01:04.0237 4436 BrSerWdm - ok
03:01:04.0237 4436 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
03:01:04.0237 4436 BrUsbMdm - ok
03:01:04.0253 4436 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
03:01:04.0253 4436 BrUsbSer - ok
03:01:04.0269 4436 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
03:01:04.0269 4436 BTHMODEM - ok
03:01:04.0300 4436 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
03:01:04.0300 4436 bthserv - ok
03:01:04.0315 4436 catchme - ok
03:01:04.0331 4436 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
03:01:04.0331 4436 cdfs - ok
03:01:04.0362 4436 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
03:01:04.0362 4436 cdrom - ok
03:01:04.0378 4436 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\windows\System32\certprop.dll
03:01:04.0393 4436 CertPropSvc - ok
03:01:04.0409 4436 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
03:01:04.0409 4436 circlass - ok
03:01:04.0456 4436 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
03:01:04.0456 4436 CLFS - ok
03:01:04.0487 4436 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:01:04.0487 4436 clr_optimization_v2.0.50727_32 - ok
03:01:04.0534 4436 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:01:04.0534 4436 clr_optimization_v2.0.50727_64 - ok
03:01:04.0596 4436 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:01:04.0612 4436 clr_optimization_v4.0.30319_32 - ok
03:01:04.0659 4436 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:01:04.0659 4436 clr_optimization_v4.0.30319_64 - ok
03:01:04.0690 4436 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
03:01:04.0690 4436 CmBatt - ok
03:01:04.0705 4436 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
03:01:04.0705 4436 cmdide - ok
03:01:04.0752 4436 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\windows\system32\Drivers\cng.sys
03:01:04.0752 4436 CNG - ok
03:01:04.0783 4436 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
03:01:04.0783 4436 Compbatt - ok
03:01:04.0799 4436 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
03:01:04.0799 4436 CompositeBus - ok
03:01:04.0815 4436 COMSysApp - ok
03:01:04.0830 4436 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
03:01:04.0830 4436 crcdisk - ok
03:01:04.0877 4436 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\windows\system32\cryptsvc.dll
03:01:04.0877 4436 CryptSvc - ok
03:01:04.0908 4436 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\windows\system32\rpcss.dll
03:01:04.0908 4436 DcomLaunch - ok
03:01:04.0939 4436 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
03:01:04.0939 4436 defragsvc - ok
03:01:04.0955 4436 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\windows\system32\Drivers\dfsc.sys
03:01:04.0971 4436 DfsC - ok
03:01:04.0986 4436 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\windows\system32\dhcpcore.dll
03:01:04.0986 4436 Dhcp - ok
03:01:04.0986 4436 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
03:01:04.0986 4436 discache - ok
03:01:05.0017 4436 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
03:01:05.0017 4436 Disk - ok
03:01:05.0033 4436 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\windows\System32\dnsrslvr.dll
03:01:05.0033 4436 Dnscache - ok
03:01:05.0064 4436 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\windows\System32\dot3svc.dll
03:01:05.0064 4436 dot3svc - ok
03:01:05.0080 4436 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\windows\system32\dps.dll
03:01:05.0080 4436 DPS - ok
03:01:05.0095 4436 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
03:01:05.0095 4436 drmkaud - ok
03:01:05.0142 4436 [ 24CE1ECF9D0AE0301775B07F5FEA175B ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
03:01:05.0158 4436 DXGKrnl - ok
03:01:05.0189 4436 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
03:01:05.0189 4436 EapHost - ok
03:01:05.0267 4436 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
03:01:05.0283 4436 ebdrv - ok
03:01:05.0314 4436 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\windows\System32\lsass.exe
03:01:05.0314 4436 EFS - ok
03:01:05.0376 4436 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\windows\ehome\ehRecvr.exe
03:01:05.0376 4436 ehRecvr - ok
03:01:05.0407 4436 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
03:01:05.0407 4436 ehSched - ok
03:01:05.0439 4436 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
03:01:05.0439 4436 elxstor - ok
03:01:05.0501 4436 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
03:01:05.0501 4436 EpsonBidirectionalService - ok
03:01:05.0517 4436 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
03:01:05.0517 4436 ErrDev - ok
03:01:05.0563 4436 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
03:01:05.0563 4436 EventSystem - ok
03:01:05.0626 4436 [ 7C1042CDA4E7151E91F1E66A4D9118B0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
03:01:05.0657 4436 EvtEng - ok
03:01:05.0673 4436 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
03:01:05.0673 4436 exfat - ok
03:01:05.0704 4436 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
03:01:05.0704 4436 fastfat - ok
03:01:05.0735 4436 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\windows\system32\fxssvc.exe
03:01:05.0735 4436 Fax - ok
03:01:05.0751 4436 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
03:01:05.0751 4436 fdc - ok
03:01:05.0782 4436 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
03:01:05.0782 4436 fdPHost - ok
03:01:05.0797 4436 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
03:01:05.0797 4436 FDResPub - ok
03:01:05.0813 4436 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
03:01:05.0813 4436 FileInfo - ok
03:01:05.0813 4436 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
03:01:05.0813 4436 Filetrace - ok
03:01:05.0829 4436 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
03:01:05.0829 4436 flpydisk - ok
03:01:05.0860 4436 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
03:01:05.0860 4436 FltMgr - ok
03:01:05.0907 4436 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\windows\system32\FntCache.dll
03:01:05.0907 4436 FontCache - ok
03:01:05.0953 4436 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:01:05.0953 4436 FontCache3.0.0.0 - ok
03:01:05.0969 4436 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
03:01:05.0969 4436 FsDepends - ok
03:01:06.0000 4436 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
03:01:06.0000 4436 Fs_Rec - ok
03:01:06.0031 4436 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
03:01:06.0047 4436 fvevol - ok
03:01:06.0063 4436 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
03:01:06.0063 4436 gagp30kx - ok
03:01:06.0094 4436 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
03:01:06.0094 4436 GEARAspiWDM - ok
03:01:06.0141 4436 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\windows\System32\gpsvc.dll
03:01:06.0141 4436 gpsvc - ok
03:01:06.0203 4436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:01:06.0203 4436 gupdate - ok
03:01:06.0234 4436 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
03:01:06.0234 4436 gupdatem - ok
03:01:06.0297 4436 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
03:01:06.0312 4436 gusvc - ok
03:01:06.0328 4436 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
03:01:06.0328 4436 hcw85cir - ok
03:01:06.0359 4436 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
03:01:06.0359 4436 HdAudAddService - ok
03:01:06.0390 4436 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
03:01:06.0390 4436 HDAudBus - ok
03:01:06.0406 4436 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
03:01:06.0406 4436 HECIx64 - ok
03:01:06.0421 4436 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
03:01:06.0421 4436 HidBatt - ok
03:01:06.0437 4436 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
03:01:06.0437 4436 HidBth - ok
03:01:06.0453 4436 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
03:01:06.0453 4436 HidIr - ok
03:01:06.0468 4436 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
03:01:06.0468 4436 hidserv - ok
03:01:06.0499 4436 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
03:01:06.0499 4436 HidUsb - ok
03:01:06.0531 4436 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\windows\system32\kmsvc.dll
03:01:06.0531 4436 hkmsvc - ok
03:01:06.0546 4436 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\windows\system32\ListSvc.dll
03:01:06.0546 4436 HomeGroupListener - ok
03:01:06.0577 4436 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\windows\system32\provsvc.dll
03:01:06.0577 4436 HomeGroupProvider - ok
03:01:06.0609 4436 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
03:01:06.0609 4436 HpSAMD - ok
03:01:06.0640 4436 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\windows\system32\drivers\HTTP.sys
03:01:06.0640 4436 HTTP - ok
03:01:06.0655 4436 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
03:01:06.0655 4436 hwpolicy - ok
03:01:06.0671 4436 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
03:01:06.0671 4436 i8042prt - ok
03:01:06.0718 4436 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
03:01:06.0718 4436 iaStor - ok
03:01:06.0749 4436 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\windows\system32\drivers\iaStorV.sys
03:01:06.0749 4436 iaStorV - ok
03:01:06.0796 4436 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:01:06.0811 4436 idsvc - ok
03:01:07.0014 4436 [ 09CE164AFA8483E41808784D7FCA154E ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
03:01:07.0077 4436 igfx - ok
03:01:07.0092 4436 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
03:01:07.0108 4436 iirsp - ok
03:01:07.0139 4436 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\windows\System32\ikeext.dll
03:01:07.0155 4436 IKEEXT - ok
03:01:07.0186 4436 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
03:01:07.0186 4436 Impcd - ok
03:01:07.0264 4436 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
03:01:07.0295 4436 IntcAzAudAddService - ok
03:01:07.0326 4436 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
03:01:07.0326 4436 IntcDAud - ok
03:01:07.0342 4436 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
03:01:07.0342 4436 intelide - ok
03:01:07.0357 4436 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
03:01:07.0357 4436 intelppm - ok
03:01:07.0389 4436 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
03:01:07.0389 4436 IPBusEnum - ok
03:01:07.0404 4436 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
03:01:07.0404 4436 IpFilterDriver - ok
03:01:07.0451 4436 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
03:01:07.0451 4436 iphlpsvc - ok
03:01:07.0482 4436 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
03:01:07.0482 4436 IPMIDRV - ok
03:01:07.0498 4436 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
03:01:07.0498 4436 IPNAT - ok
03:01:07.0560 4436 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:01:07.0560 4436 iPod Service - ok
03:01:07.0591 4436 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
03:01:07.0591 4436 IRENUM - ok
03:01:07.0607 4436 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
03:01:07.0607 4436 isapnp - ok
03:01:07.0623 4436 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
03:01:07.0623 4436 iScsiPrt - ok
03:01:07.0654 4436 [ 5BD76F820656AEAA2DCE66EED8DA84B9 ] JMCR C:\windows\system32\DRIVERS\jmcr.sys
03:01:07.0654 4436 JMCR - ok
03:01:07.0669 4436 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
03:01:07.0685 4436 kbdclass - ok
03:01:07.0701 4436 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
03:01:07.0701 4436 kbdhid - ok
03:01:07.0716 4436 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\windows\system32\lsass.exe
03:01:07.0716 4436 KeyIso - ok
03:01:07.0747 4436 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
03:01:07.0747 4436 KSecDD - ok
03:01:07.0763 4436 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
03:01:07.0779 4436 KSecPkg - ok
03:01:07.0794 4436 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
03:01:07.0794 4436 ksthunk - ok
03:01:07.0825 4436 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
03:01:07.0841 4436 KtmRm - ok
03:01:07.0872 4436 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\windows\System32\srvsvc.dll
03:01:07.0888 4436 LanmanServer - ok
03:01:07.0903 4436 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
03:01:07.0919 4436 LanmanWorkstation - ok
03:01:07.0935 4436 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
03:01:07.0950 4436 lltdio - ok
03:01:07.0966 4436 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
03:01:07.0966 4436 lltdsvc - ok
03:01:07.0981 4436 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
03:01:07.0981 4436 lmhosts - ok
03:01:08.0059 4436 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
03:01:08.0059 4436 LMS - ok
03:01:08.0106 4436 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
03:01:08.0106 4436 LPCFilter - ok
03:01:08.0137 4436 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
03:01:08.0137 4436 LSI_FC - ok
03:01:08.0153 4436 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
03:01:08.0153 4436 LSI_SAS - ok
03:01:08.0169 4436 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
03:01:08.0169 4436 LSI_SAS2 - ok
03:01:08.0169 4436 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
03:01:08.0169 4436 LSI_SCSI - ok
03:01:08.0200 4436 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
03:01:08.0200 4436 luafv - ok
03:01:08.0262 4436 [ 22A7776C5D8EB5930EDF9C8DD0884259 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
03:01:08.0262 4436 McComponentHostService - ok
03:01:08.0293 4436 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
03:01:08.0293 4436 Mcx2Svc - ok
03:01:08.0309 4436 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
03:01:08.0309 4436 megasas - ok
03:01:08.0340 4436 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
03:01:08.0340 4436 MegaSR - ok
03:01:08.0356 4436 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
03:01:08.0356 4436 MMCSS - ok
03:01:08.0371 4436 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
03:01:08.0371 4436 Modem - ok
03:01:08.0403 4436 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
03:01:08.0403 4436 monitor - ok
03:01:08.0403 4436 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
03:01:08.0403 4436 mouclass - ok
03:01:08.0418 4436 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
03:01:08.0434 4436 mouhid - ok
03:01:08.0449 4436 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
03:01:08.0449 4436 mountmgr - ok
03:01:08.0465 4436 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\windows\system32\DRIVERS\mpio.sys
03:01:08.0465 4436 mpio - ok
03:01:08.0481 4436 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
03:01:08.0481 4436 mpsdrv - ok
03:01:08.0527 4436 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\windows\system32\mpssvc.dll
03:01:08.0527 4436 MpsSvc - ok
03:01:08.0559 4436 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
03:01:08.0559 4436 MRxDAV - ok
03:01:08.0590 4436 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
03:01:08.0590 4436 mrxsmb - ok
03:01:08.0621 4436 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
03:01:08.0621 4436 mrxsmb10 - ok
03:01:08.0637 4436 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
03:01:08.0637 4436 mrxsmb20 - ok
03:01:08.0652 4436 [ 5C37497276E3B3A5488B23A326A754B7 ] msahci C:\windows\system32\DRIVERS\msahci.sys
03:01:08.0652 4436 msahci - ok
03:01:08.0668 4436 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
03:01:08.0668 4436 msdsm - ok
03:01:08.0683 4436 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
03:01:08.0699 4436 MSDTC - ok
03:01:08.0730 4436 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
03:01:08.0730 4436 Msfs - ok
03:01:08.0746 4436 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
03:01:08.0746 4436 mshidkmdf - ok
03:01:08.0777 4436 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
03:01:08.0777 4436 msisadrv - ok
03:01:08.0808 4436 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
03:01:08.0824 4436 MSiSCSI - ok
03:01:08.0824 4436 msiserver - ok
03:01:08.0839 4436 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
03:01:08.0839 4436 MSKSSRV - ok
03:01:08.0855 4436 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
03:01:08.0871 4436 MSPCLOCK - ok
03:01:08.0871 4436 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
03:01:08.0871 4436 MSPQM - ok
03:01:08.0886 4436 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
03:01:08.0886 4436 MsRPC - ok
03:01:08.0902 4436 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
03:01:08.0902 4436 mssmbios - ok
03:01:08.0902 4436 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
03:01:08.0902 4436 MSTEE - ok
03:01:08.0917 4436 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
03:01:08.0917 4436 MTConfig - ok
03:01:08.0933 4436 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
03:01:08.0933 4436 Mup - ok
03:01:08.0964 4436 [ A94EEBD860AD00A0BFE91C0FD3F5FEB1 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
03:01:08.0964 4436 MyWiFiDHCPDNS - ok
03:01:09.0011 4436 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\windows\system32\qagentRT.dll
03:01:09.0011 4436 napagent - ok
03:01:09.0042 4436 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
03:01:09.0042 4436 NativeWifiP - ok
03:01:09.0073 4436 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\windows\system32\drivers\ndis.sys
03:01:09.0073 4436 NDIS - ok
03:01:09.0105 4436 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
03:01:09.0105 4436 NdisCap - ok
03:01:09.0120 4436 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
03:01:09.0120 4436 NdisTapi - ok
03:01:09.0151 4436 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
03:01:09.0151 4436 Ndisuio - ok
03:01:09.0167 4436 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
03:01:09.0167 4436 NdisWan - ok
03:01:09.0183 4436 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\windows\system32\drivers\NDProxy.sys
03:01:09.0183 4436 NDProxy - ok
03:01:09.0183 4436 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
03:01:09.0183 4436 NetBIOS - ok
03:01:09.0198 4436 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\windows\system32\DRIVERS\netbt.sys
03:01:09.0214 4436 NetBT - ok
03:01:09.0214 4436 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\windows\system32\lsass.exe
03:01:09.0214 4436 Netlogon - ok
03:01:09.0245 4436 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
03:01:09.0245 4436 Netman - ok
03:01:09.0276 4436 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
03:01:09.0276 4436 netprofm - ok
03:01:09.0292 4436 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
03:01:09.0292 4436 NetTcpPortSharing - ok
03:01:09.0448 4436 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\windows\system32\DRIVERS\NETw5s64.sys
03:01:09.0495 4436 NETw5s64 - ok
03:01:09.0541 4436 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
03:01:09.0541 4436 nfrd960 - ok
03:01:09.0557 4436 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\windows\System32\nlasvc.dll
03:01:09.0573 4436 NlaSvc - ok
03:01:09.0573 4436 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
03:01:09.0588 4436 Npfs - ok
03:01:09.0588 4436 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
03:01:09.0588 4436 nsi - ok
03:01:09.0619 4436 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
03:01:09.0619 4436 nsiproxy - ok
03:01:09.0682 4436 [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs C:\windows\system32\drivers\Ntfs.sys
03:01:09.0697 4436 Ntfs - ok
03:01:09.0713 4436 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
03:01:09.0713 4436 Null - ok
03:01:09.0744 4436 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\windows\system32\drivers\nvraid.sys
03:01:09.0744 4436 nvraid - ok
03:01:09.0775 4436 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\windows\system32\drivers\nvstor.sys
03:01:09.0775 4436 nvstor - ok
03:01:09.0792 4436 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
03:01:09.0792 4436 nv_agp - ok
03:01:09.0808 4436 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
03:01:09.0808 4436 ohci1394 - ok
03:01:09.0854 4436 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:01:09.0854 4436 ose - ok
03:01:09.0886 4436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
03:01:09.0901 4436 p2pimsvc - ok
03:01:09.0932 4436 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
03:01:09.0932 4436 p2psvc - ok
03:01:09.0948 4436 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
03:01:09.0948 4436 Parport - ok
03:01:09.0979 4436 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\windows\system32\drivers\partmgr.sys
03:01:09.0979 4436 partmgr - ok
03:01:09.0995 4436 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
03:01:09.0995 4436 PcaSvc - ok
03:01:10.0010 4436 [ 5AAB2B170536885DE70A6CBA8D7CE52B ] pci C:\windows\system32\DRIVERS\pci.sys
03:01:10.0010 4436 pci - ok
03:01:10.0026 4436 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
03:01:10.0042 4436 pciide - ok
03:01:10.0057 4436 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
03:01:10.0057 4436 pcmcia - ok
03:01:10.0073 4436 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
03:01:10.0073 4436 pcw - ok
03:01:10.0104 4436 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
03:01:10.0104 4436 PEAUTH - ok
03:01:10.0182 4436 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
03:01:10.0182 4436 PerfHost - ok
03:01:10.0229 4436 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
03:01:10.0229 4436 PGEffect - ok
03:01:10.0260 4436 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\windows\system32\pla.dll
03:01:10.0276 4436 pla - ok
03:01:10.0322 4436 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\windows\system32\umpnpmgr.dll
03:01:10.0322 4436 PlugPlay - ok
03:01:10.0338 4436 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
03:01:10.0338 4436 PNRPAutoReg - ok
03:01:10.0369 4436 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
03:01:10.0369 4436 PNRPsvc - ok
03:01:10.0400 4436 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
03:01:10.0400 4436 PolicyAgent - ok
03:01:10.0432 4436 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
03:01:10.0432 4436 Power - ok
03:01:10.0463 4436 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
03:01:10.0463 4436 PptpMiniport - ok
03:01:10.0478 4436 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
03:01:10.0478 4436 Processor - ok
03:01:10.0494 4436 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\windows\system32\profsvc.dll
03:01:10.0494 4436 ProfSvc - ok
03:01:10.0510 4436 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\windows\system32\lsass.exe
03:01:10.0510 4436 ProtectedStorage - ok
03:01:10.0541 4436 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\windows\system32\DRIVERS\pacer.sys
03:01:10.0541 4436 Psched - ok
03:01:10.0588 4436 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
03:01:10.0588 4436 ql2300 - ok
03:01:10.0619 4436 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
03:01:10.0619 4436 ql40xx - ok
03:01:10.0650 4436 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
03:01:10.0650 4436 QWAVE - ok
03:01:10.0666 4436 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
03:01:10.0666 4436 QWAVEdrv - ok
03:01:10.0681 4436 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
03:01:10.0681 4436 RasAcd - ok
03:01:10.0697 4436 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
03:01:10.0697 4436 RasAgileVpn - ok
03:01:10.0697 4436 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
03:01:10.0712 4436 RasAuto - ok
03:01:10.0728 4436 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
03:01:10.0728 4436 Rasl2tp - ok
03:01:10.0759 4436 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\windows\System32\rasmans.dll
03:01:10.0759 4436 RasMan - ok
03:01:10.0775 4436 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
03:01:10.0775 4436 RasPppoe - ok
03:01:10.0775 4436 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
03:01:10.0775 4436 RasSstp - ok
03:01:10.0806 4436 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
03:01:10.0806 4436 rdbss - ok
03:01:10.0822 4436 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
03:01:10.0822 4436 rdpbus - ok
03:01:10.0837 4436 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
03:01:10.0837 4436 RDPCDD - ok
03:01:10.0853 4436 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
03:01:10.0853 4436 RDPENCDD - ok
03:01:10.0868 4436 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
03:01:10.0868 4436 RDPREFMP - ok
03:01:10.0900 4436 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
03:01:10.0900 4436 RDPWD - ok
03:01:10.0915 4436 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\windows\system32\drivers\rdyboost.sys
03:01:10.0915 4436 rdyboost - ok
03:01:10.0993 4436 [ 6108654C5EBEA28A606D6890B4DE6DE3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
03:01:10.0993 4436 RegSrvc - ok
03:01:11.0056 4436 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
03:01:11.0056 4436 RemoteAccess - ok
03:01:11.0071 4436 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
03:01:11.0087 4436 RemoteRegistry - ok
03:01:11.0102 4436 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
03:01:11.0102 4436 RpcEptMapper - ok
03:01:11.0118 4436 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
03:01:11.0118 4436 RpcLocator - ok
03:01:11.0134 4436 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\windows\system32\rpcss.dll
03:01:11.0149 4436 RpcSs - ok
03:01:11.0165 4436 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
03:01:11.0165 4436 rspndr - ok
03:01:11.0196 4436 [ FD978B2BF8A9B2390DCBEF435E9C1F9F ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
03:01:11.0212 4436 RTL8167 - ok
03:01:11.0212 4436 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\windows\system32\lsass.exe
03:01:11.0212 4436 SamSs - ok
03:01:11.0227 4436 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
03:01:11.0227 4436 sbp2port - ok
03:01:11.0243 4436 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
03:01:11.0258 4436 SCardSvr - ok
03:01:11.0274 4436 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
03:01:11.0274 4436 scfilter - ok
03:01:11.0321 4436 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\windows\system32\schedsvc.dll
03:01:11.0336 4436 Schedule - ok
03:01:11.0368 4436 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\windows\System32\certprop.dll
03:01:11.0368 4436 SCPolicySvc - ok
03:01:11.0399 4436 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
03:01:11.0399 4436 sdbus - ok
03:01:11.0399 4436 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\windows\System32\SDRSVC.dll
03:01:11.0414 4436 SDRSVC - ok
03:01:11.0430 4436 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
03:01:11.0430 4436 secdrv - ok
03:01:11.0446 4436 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\windows\system32\seclogon.dll
03:01:11.0446 4436 seclogon - ok
03:01:11.0461 4436 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
03:01:11.0461 4436 SENS - ok
03:01:11.0477 4436 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
03:01:11.0477 4436 SensrSvc - ok
03:01:11.0492 4436 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
03:01:11.0492 4436 Serenum - ok
03:01:11.0508 4436 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
03:01:11.0508 4436 Serial - ok
03:01:11.0524 4436 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
03:01:11.0539 4436 sermouse - ok
03:01:11.0555 4436 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\windows\system32\sessenv.dll
03:01:11.0555 4436 SessionEnv - ok
03:01:11.0570 4436 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
03:01:11.0570 4436 sffdisk - ok
03:01:11.0586 4436 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
03:01:11.0586 4436 sffp_mmc - ok
03:01:11.0602 4436 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
03:01:11.0602 4436 sffp_sd - ok
03:01:11.0617 4436 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
03:01:11.0617 4436 sfloppy - ok
03:01:11.0648 4436 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
03:01:11.0664 4436 SharedAccess - ok
03:01:11.0695 4436 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\windows\System32\shsvcs.dll
03:01:11.0695 4436 ShellHWDetection - ok
03:01:11.0711 4436 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
03:01:11.0711 4436 SiSRaid2 - ok
03:01:11.0726 4436 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
03:01:11.0726 4436 SiSRaid4 - ok
03:01:11.0804 4436 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:01:11.0804 4436 SkypeUpdate - ok
03:01:11.0820 4436 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
03:01:11.0820 4436 Smb - ok
03:01:11.0867 4436 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
03:01:11.0867 4436 SNMPTRAP - ok
03:01:11.0882 4436 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
03:01:11.0882 4436 spldr - ok
03:01:11.0914 4436 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\windows\System32\spoolsv.exe
03:01:11.0929 4436 Spooler - ok
03:01:12.0038 4436 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\windows\system32\sppsvc.exe
03:01:12.0054 4436 sppsvc - ok
03:01:12.0116 4436 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
03:01:12.0116 4436 sppuinotify - ok
03:01:12.0148 4436 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\windows\system32\DRIVERS\srv.sys
03:01:12.0148 4436 srv - ok
03:01:12.0179 4436 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
03:01:12.0179 4436 srv2 - ok
03:01:12.0210 4436 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
03:01:12.0210 4436 srvnet - ok
03:01:12.0241 4436 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
03:01:12.0241 4436 SSDPSRV - ok
03:01:12.0257 4436 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
03:01:12.0257 4436 SstpSvc - ok
03:01:12.0288 4436 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
03:01:12.0288 4436 stexstor - ok
03:01:12.0319 4436 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\windows\System32\wiaservc.dll
03:01:12.0335 4436 stisvc - ok
03:01:12.0350 4436 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
03:01:12.0350 4436 swenum - ok
03:01:12.0382 4436 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
03:01:12.0382 4436 swprv - ok
03:01:12.0428 4436 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
03:01:12.0428 4436 SynTP - ok
03:01:12.0475 4436 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\windows\system32\sysmain.dll
03:01:12.0491 4436 SysMain - ok
03:01:12.0522 4436 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\windows\System32\TabSvc.dll
03:01:12.0522 4436 TabletInputService - ok
03:01:12.0538 4436 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\windows\System32\tapisrv.dll
03:01:12.0553 4436 TapiSrv - ok
03:01:12.0553 4436 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
03:01:12.0569 4436 TBS - ok
03:01:12.0631 4436 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
03:01:12.0647 4436 Tcpip - ok
03:01:12.0694 4436 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
03:01:12.0709 4436 TCPIP6 - ok
03:01:12.0725 4436 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
03:01:12.0725 4436 tcpipreg - ok
03:01:12.0756 4436 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
03:01:12.0756 4436 tdcmdpst - ok
03:01:12.0772 4436 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
03:01:12.0772 4436 TDPIPE - ok
03:01:12.0803 4436 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
03:01:12.0803 4436 TDTCP - ok
03:01:12.0818 4436 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\windows\system32\DRIVERS\tdx.sys
03:01:12.0818 4436 tdx - ok
03:01:12.0834 4436 [ C448651339196C0E869A355171875522 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
03:01:12.0834 4436 TermDD - ok
03:01:12.0881 4436 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\windows\System32\termsrv.dll
03:01:12.0896 4436 TermService - ok
03:01:12.0912 4436 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
03:01:12.0912 4436 Themes - ok
03:01:12.0959 4436 [ C013F6ACAA9761F571BD28DADA7C157D ] Thpdrv C:\windows\system32\DRIVERS\thpdrv.sys
03:01:12.0959 4436 Thpdrv - ok
03:01:12.0959 4436 [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm C:\windows\system32\DRIVERS\Thpevm.SYS
03:01:12.0959 4436 Thpevm - ok
03:01:12.0990 4436 [ F6927BBA3B09AFF26A53A9191F7378F9 ] Thpsrv C:\windows\system32\ThpSrv.exe
03:01:12.0990 4436 Thpsrv - ok
03:01:13.0006 4436 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
03:01:13.0006 4436 THREADORDER - ok
03:01:13.0052 4436 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
03:01:13.0052 4436 TMachInfo - ok
03:01:13.0084 4436 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
03:01:13.0084 4436 TODDSrv - ok
03:01:13.0130 4436 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
03:01:13.0146 4436 TosCoSrv - ok
03:01:13.0193 4436 [ 2AB7A4697462EDB0C9DFAFC529746BA9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
03:01:13.0193 4436 TOSHIBA eco Utility Service - ok
03:01:13.0208 4436 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
03:01:13.0224 4436 TOSHIBA HDD SSD Alert Service - ok
03:01:13.0255 4436 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
03:01:13.0255 4436 tos_sps64 - ok
03:01:13.0302 4436 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
03:01:13.0302 4436 TPCHSrv - ok
03:01:13.0333 4436 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
03:01:13.0333 4436 TrkWks - ok
03:01:13.0380 4436 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
03:01:13.0380 4436 TrustedInstaller - ok
03:01:13.0396 4436 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
03:01:13.0396 4436 tssecsrv - ok
03:01:13.0442 4436 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
03:01:13.0442 4436 tunnel - ok
03:01:13.0458 4436 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
03:01:13.0458 4436 TVALZ - ok
03:01:13.0474 4436 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
03:01:13.0474 4436 TVALZFL - ok
03:01:13.0474 4436 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
03:01:13.0474 4436 uagp35 - ok
03:01:13.0505 4436 [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs C:\windows\system32\DRIVERS\udfs.sys
03:01:13.0505 4436 udfs - ok
03:01:13.0520 4436 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
03:01:13.0520 4436 UI0Detect - ok
03:01:13.0552 4436 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
03:01:13.0552 4436 uliagpkx - ok
03:01:13.0567 4436 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\windows\system32\DRIVERS\umbus.sys
03:01:13.0567 4436 umbus - ok
03:01:13.0583 4436 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
03:01:13.0583 4436 UmPass - ok
03:01:13.0676 4436 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
03:01:13.0692 4436 UNS - ok
03:01:13.0708 4436 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
03:01:13.0723 4436 upnphost - ok
03:01:13.0754 4436 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
03:01:13.0754 4436 USBAAPL64 - ok
03:01:13.0770 4436 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
03:01:13.0770 4436 usbccgp - ok
03:01:13.0801 4436 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
03:01:13.0801 4436 usbcir - ok
03:01:13.0817 4436 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\windows\system32\drivers\usbehci.sys
03:01:13.0817 4436 usbehci - ok
03:01:13.0848 4436 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
03:01:13.0848 4436 usbhub - ok
03:01:13.0864 4436 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\windows\system32\drivers\usbohci.sys
03:01:13.0864 4436 usbohci - ok
03:01:13.0895 4436 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
03:01:13.0895 4436 usbprint - ok
03:01:13.0926 4436 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
03:01:13.0926 4436 usbscan - ok
03:01:13.0957 4436 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
03:01:13.0957 4436 USBSTOR - ok
03:01:13.0973 4436 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
03:01:13.0973 4436 usbuhci - ok
03:01:14.0020 4436 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
03:01:14.0020 4436 usbvideo - ok
03:01:14.0051 4436 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
03:01:14.0051 4436 UxSms - ok
03:01:14.0066 4436 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\windows\system32\lsass.exe
03:01:14.0066 4436 VaultSvc - ok
03:01:14.0098 4436 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
03:01:14.0098 4436 vdrvroot - ok
03:01:14.0113 4436 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\windows\System32\vds.exe
03:01:14.0129 4436 vds - ok
03:01:14.0144 4436 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
03:01:14.0144 4436 vga - ok
03:01:14.0160 4436 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
03:01:14.0160 4436 VgaSave - ok
03:01:14.0176 4436 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
03:01:14.0191 4436 vhdmp - ok
03:01:14.0191 4436 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
03:01:14.0207 4436 viaide - ok
03:01:14.0207 4436 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
03:01:14.0207 4436 volmgr - ok
03:01:14.0222 4436 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\windows\system32\drivers\volmgrx.sys
03:01:14.0238 4436 volmgrx - ok
03:01:14.0254 4436 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
03:01:14.0254 4436 volsnap - ok
03:01:14.0269 4436 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
03:01:14.0285 4436 vsmraid - ok
03:01:14.0316 4436 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\windows\system32\vssvc.exe
03:01:14.0332 4436 VSS - ok
03:01:14.0347 4436 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
03:01:14.0347 4436 vwifibus - ok
03:01:14.0363 4436 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
03:01:14.0363 4436 vwififlt - ok
03:01:14.0378 4436 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
03:01:14.0378 4436 vwifimp - ok
03:01:14.0394 4436 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
03:01:14.0410 4436 W32Time - ok
03:01:14.0425 4436 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
03:01:14.0425 4436 WacomPen - ok
03:01:14.0441 4436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
03:01:14.0441 4436 WANARP - ok
03:01:14.0456 4436 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
03:01:14.0456 4436 Wanarpv6 - ok
03:01:14.0519 4436 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
03:01:14.0519 4436 WatAdminSvc - ok
03:01:14.0550 4436 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\windows\system32\wbengine.exe
03:01:14.0566 4436 wbengine - ok
03:01:14.0581 4436 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
03:01:14.0581 4436 WbioSrvc - ok
03:01:14.0612 4436 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\windows\System32\wcncsvc.dll
03:01:14.0612 4436 wcncsvc - ok
03:01:14.0628 4436 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
03:01:14.0628 4436 WcsPlugInService - ok
03:01:14.0659 4436 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
03:01:14.0659 4436 Wd - ok
03:01:14.0675 4436 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
03:01:14.0675 4436 Wdf01000 - ok
03:01:14.0690 4436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
03:01:14.0706 4436 WdiServiceHost - ok
03:01:14.0706 4436 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
03:01:14.0706 4436 WdiSystemHost - ok
03:01:14.0753 4436 [ 7C2EF67B0A43C4DEB7EF932CEDA337D6 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
03:01:14.0753 4436 wdkmd - ok
03:01:14.0784 4436 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\windows\System32\webclnt.dll
03:01:14.0784 4436 WebClient - ok
03:01:14.0800 4436 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
03:01:14.0800 4436 Wecsvc - ok
03:01:14.0815 4436 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
03:01:14.0815 4436 wercplsupport - ok
03:01:14.0831 4436 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
03:01:14.0846 4436 WerSvc - ok
03:01:14.0846 4436 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
03:01:14.0846 4436 WfpLwf - ok
03:01:14.0878 4436 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
03:01:14.0878 4436 WIMMount - ok
03:01:14.0909 4436 WinDefend - ok
03:01:14.0909 4436 WinHttpAutoProxySvc - ok
03:01:14.0956 4436 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
03:01:14.0956 4436 Winmgmt - ok
03:01:15.0018 4436 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\windows\system32\WsmSvc.dll
03:01:15.0034 4436 WinRM - ok
03:01:15.0080 4436 [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
03:01:15.0080 4436 WinUSB - ok
03:01:15.0112 4436 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
03:01:15.0127 4436 Wlansvc - ok
03:01:15.0143 4436 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
03:01:15.0143 4436 WmiAcpi - ok
03:01:15.0158 4436 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
03:01:15.0158 4436 wmiApSrv - ok
03:01:15.0158 4436 WMPNetworkSvc - ok
03:01:15.0221 4436 [ 83B6CA03C846FCD47F9883D77D1EB27B ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
03:01:15.0221 4436 WMZuneComm - ok
03:01:15.0252 4436 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
03:01:15.0252 4436 WPCSvc - ok
03:01:15.0283 4436 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
03:01:15.0283 4436 WPDBusEnum - ok
03:01:15.0314 4436 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
03:01:15.0314 4436 ws2ifsl - ok
03:01:15.0361 4436 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\windows\system32\wscsvc.dll
03:01:15.0361 4436 wscsvc - ok
03:01:15.0408 4436 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
03:01:15.0408 4436 WSDPrintDevice - ok
03:01:15.0424 4436 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
03:01:15.0424 4436 WSDScan - ok
03:01:15.0439 4436 WSearch - ok
03:01:15.0517 4436 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
03:01:15.0548 4436 wuauserv - ok
03:01:15.0564 4436 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
03:01:15.0564 4436 WudfPf - ok
03:01:15.0580 4436 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
03:01:15.0580 4436 WUDFRd - ok
03:01:15.0595 4436 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\windows\System32\WUDFSvc.dll
03:01:15.0595 4436 wudfsvc - ok
03:01:15.0611 4436 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
03:01:15.0626 4436 WwanSvc - ok
03:01:15.0782 4436 [ 67B787C34FB2888D01B130AE007042D8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
03:01:15.0829 4436 ZuneNetworkSvc - ok
03:01:15.0876 4436 [ 4D89FC1C20CF655739EFAC5DA81A67BC ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
03:01:15.0876 4436 ZuneWlanCfgSvc - ok
03:01:15.0892 4436 ================ Scan global ===============================
03:01:15.0907 4436 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
03:01:15.0938 4436 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\windows\system32\winsrv.dll
03:01:15.0954 4436 [ 79CDA06F75AD5373DD447F57575C4400 ] C:\windows\system32\winsrv.dll
03:01:15.0970 4436 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
03:01:15.0985 4436 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
03:01:16.0001 4436 [Global] - ok
03:01:16.0001 4436 ================ Scan MBR ==================================
03:01:16.0001 4436 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
03:01:16.0297 4436 \Device\Harddisk0\DR0 - ok
03:01:16.0297 4436 ================ Scan VBR ==================================
03:01:16.0313 4436 [ 62AC31F8AF0BE422145EA19809346334 ] \Device\Harddisk0\DR0\Partition1
03:01:16.0313 4436 \Device\Harddisk0\DR0\Partition1 - ok
03:01:16.0313 4436 ============================================================
03:01:16.0313 4436 Scan finished
03:01:16.0313 4436 ============================================================
03:01:16.0328 5500 Detected object count: 0
03:01:16.0328 5500 Actual detected object count: 0


And here's the aswMBR log file:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-21 03:02:56
-----------------------------
03:02:56.236 OS Version: Windows x64 6.1.7600
03:02:56.236 Number of processors: 4 586 0x2502
03:02:56.236 ComputerName: MOLLY-PC UserName: Molly
03:02:57.047 Initialize success
03:03:00.494 AVAST engine defs: 12102001
03:03:26.390 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
03:03:26.390 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3
03:03:26.406 Disk 0 MBR read successfully
03:03:26.406 Disk 0 MBR scan
03:03:26.734 Disk 0 Windows VISTA default MBR code
03:03:26.749 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
03:03:26.936 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464726 MB offset 3074048
03:03:26.968 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10713 MB offset 954832896
03:03:27.014 Disk 0 scanning C:\windows\system32\drivers
03:03:35.438 Service scanning
03:03:48.870 Modules scanning
03:03:48.886 Disk 0 trace - called modules:
03:03:48.917 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
03:03:48.932 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052a1060]
03:03:48.932 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80052a0060]
03:03:48.948 5 thpdrv.sys[fffff88001bbbcc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004fd7050]
03:03:50.009 AVAST engine scan C:\windows
03:03:52.567 AVAST engine scan C:\windows\system32
03:05:57.508 AVAST engine scan C:\windows\system32\drivers
03:06:08.568 AVAST engine scan C:\Users\Molly
03:09:16.439 File: C:\Users\Molly\Downloads\mplayer_Setup.exe **INFECTED** Win32:Adware-gen [Adw]
03:09:31.868 AVAST engine scan C:\ProgramData
03:10:15.548 Scan finished successfully
03:11:44.889 Disk 0 MBR has been saved successfully to "C:\Users\Molly\Desktop\Virus Removal\MBR.dat"
03:11:44.889 The log file has been saved successfully to "C:\Users\Molly\Desktop\Virus Removal\aswMBR.txt"

Thanks

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 21 October 2012 - 02:16 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache:: 

File::
C:\Users\Molly\Downloads\mplayer_Setup.exe

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 Forehead

Forehead
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:04:52 PM

Posted 21 October 2012 - 02:32 AM

Alright, the second ComboFix has run:

ComboFix 12-10-21.01 - Molly 10/21/2012 3:23.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1933 [GMT -4:00]
Running from: c:\users\Molly\Desktop\ComboFix.exe
Command switches used :: c:\users\Molly\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Molly\Downloads\mplayer_Setup.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Molly\Downloads\mplayer_Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-21 to 2012-10-21 )))))))))))))))))))))))))))))))
.
.
2012-10-21 07:28 . 2012-10-21 07:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-21 06:46 . 2012-10-21 06:46 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01855702-523E-4B45-9AF2-97E693C74D4B}\offreg.dll
2012-10-21 01:58 . 2012-10-21 01:58 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-21 01:07 . 2012-10-21 02:21 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-19 21:40 . 2012-10-12 07:19 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01855702-523E-4B45-9AF2-97E693C74D4B}\mpengine.dll
2012-10-10 23:07 . 2012-08-31 18:02 1656688 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 23:07 . 2012-08-30 18:11 5505904 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 23:07 . 2012-08-30 17:18 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 23:07 . 2012-08-30 17:18 3902832 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 23:05 . 2012-06-02 05:25 1462784 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 23:05 . 2012-06-02 05:25 182272 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 23:05 . 2012-06-02 05:25 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 23:05 . 2012-06-02 04:45 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 23:05 . 2012-06-02 04:45 1157632 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 23:05 . 2012-06-02 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-09 01:35 . 2012-10-09 01:35 469256 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\606048071cda5be2d\InstallManager_WLE_WLE.exe
2012-10-09 01:35 . 2012-10-09 01:35 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\52b9f8ac1cda5be22\MeshBetaRemover.exe
2012-10-09 01:34 . 2012-10-09 01:34 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\DSETUP.dll
2012-10-09 01:34 . 2012-10-09 01:34 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\DXSETUP.exe
2012-10-09 01:34 . 2012-10-09 01:34 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\4543e1c71cda5be1a\dsetup32.dll
2012-10-09 01:34 . 2012-10-09 01:34 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\DSETUP.dll
2012-10-09 01:34 . 2012-10-09 01:34 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\DXSETUP.exe
2012-10-09 01:34 . 2012-10-09 01:34 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\438d039a1cda5be19\dsetup32.dll
2012-10-09 01:33 . 2012-10-09 01:33 -------- d-----w- c:\users\Molly\AppData\Local\Windows Live
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 22:14 . 2010-09-14 03:03 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 23:31 . 2012-05-16 23:08 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 23:31 . 2011-06-18 01:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-26 22:01 . 2012-08-26 22:01 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-08-26 22:01 . 2012-08-26 22:01 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-26 22:01 . 2012-08-26 22:01 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 17:01 . 2012-09-18 23:39 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01 . 2012-04-25 02:53 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 17:01 . 2012-04-25 02:53 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-18 11:19 . 2012-10-10 23:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:55 . 2012-09-12 23:25 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 17:05 . 2012-09-12 23:25 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{8660E5B3-6C41-44DE-8503-98D99BBECD41}"= "c:\program files (x86)\Coupons.com CouponBar\tbcore3.dll" [2012-05-26 2695168]
.
[HKEY_CLASSES_ROOT\clsid\{8660e5b3-6c41-44de-8503-98d99bbecd41}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB07898.TBSB07898]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-09 39408]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"TSleepSrv"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe" [BU]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"lxdwmon.exe"="c:\program files (x86) (x86)\Lexmark 7600 Series\lxdwmon.exe" [2010-02-10 676520]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 7600 Series\ezprint.exe" [2010-02-10 131752]
"HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
Post-it® Digital Notes.lnk - c:\program files (x86)\3M\PDNotes\PDNotes.exe [2011-5-26 6255328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-08 250808]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 135664]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-09-23 144496]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-20 315664]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-29 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-03-06 482384]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-11-28 66904]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-04-07 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-04-07 271872]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2009-12-18 36760]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 33399526
*NewlyCreated* - ASWMBR
*Deregistered* - 33399526
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-16 23:31]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 01:00]
.
2012-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-29 01:00]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{887cdc33-0de3-4fd5-a5d3-eccd4b4b396c}]
2009-11-25 19:47 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.coupons.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://search.coupons.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Create a Post-it® Note - c:\program files (x86)\3M\PDNotes\\PSNBookMark.html
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{8660E5B3-6C41-44DE-8503-98D99BBECD41} - (no file)
AddRemove-Lexmark 7600 Series - c:\program files (x86)\Lexmark 7600 Series\Install\x64\Uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-21 03:30:10
ComboFix-quarantined-files.txt 2012-10-21 07:30
ComboFix2.txt 2012-10-21 06:49
ComboFix3.txt 2012-10-21 06:35
.
Pre-Run: 433,272,123,392 bytes free
Post-Run: 432,983,261,184 bytes free
.
- - End Of File - - F0428E4D53327E7CCC906E80B8464414


Thank you

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:52 PM

Posted 21 October 2012 - 02:39 AM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Coupon Printer for Windows
CouponBar
Java 7 Update 6
Java™ 6 Update 17
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users