Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

24x7 Help


  • This topic is locked This topic is locked
26 replies to this topic

#1 Earlene

Earlene

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 16 November 2012 - 11:20 PM

My grandmother recently got herself a laptop. I set it up for her, being moderately computer savvy and the go-to for the family when it comes to computer information, and set it up with MBAM and Windows Security Essentials, showing her how to scan regularly with MBAM seeing as it's the free version, and how to keep an eye on WSE.

So far no major problems (she reported the laptop finding viruses twice, but seeing as she deleted them and reported no problems afterward I figured it was fine - maybe wrongly) until now, where when I came home from work she reported that the internet must not be working properly, seeing as she couldn't connect to her e-mail or the local news site. However, checking the websites on my computer, hooked up to the same network, it was obvious that was not the case. Looking on her browser (Google Chrome - I told her to never use IE) I noticed a new icon with a man and a phone - 24x7 Help it said, an obvious virus. (After some investigating of her browsing history I'm almost certain I know how she got it, trying to change her desktop wallpaper she searched for screensavers and went to screensaver.com, downloading two of their files. But I digress.)

I did a scan with WSE and turned up nothing (though I figured this to be the case, seeing as it had bypassed it in the first place) but when trying to run MBAM, the program was corrupted. Trying to go to the website and being blocked, I downloaded MBAM setup on my computer and copied it to the laptop via disk and did a reinstall, but in vain: nothing turned up in the scan (and yes, I disabled WSE for the scan). Searching Google for 24x7 Help virus solutions, I found only one solution recommended: system restore. The icon is now gone but the same certain websites are still being blocked, hotmail.com being the most prominent one.

I've seen instructions for removal of certain viruses on these forums before when cleaning my own computer of the occasional bug, so after trying to think of solutions I figured coming here and asking for help was the best idea of any. So, for you brilliant people, the DDS report(s):

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450
Run by Granny at 20:41:51 on 2012-11-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3986.2046 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\windows\system32\RunDll32.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
C:\windows\system32\wbengine.exe
C:\windows\System32\vds.exe
C:\windows\helppane.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Norton Safe Web Lite BHO: {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Safe Web Lite: {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
StartupFolder: C:\Users\Granny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{31A33659-27F1-4A02-966C-BB763D197B7B} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{C3AEA2DD-AAD1-42B9-BFCE-D0EA3E63CAEC} : DHCPNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-1-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\drivers\NATx64\0106000.011\ccSetx64.sys [2012-10-10 168096]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;C:\windows\System32\drivers\NSTx64\0200000.010\ccSetx64.sys [2012-9-20 167048]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-10-29 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-10-29 55296]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2012-7-9 162824]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-7-9 128280]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-9 161560]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe [2012-10-10 143928]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [2012-7-9 135608]
R2 NSL;Norton Safe Web Lite;C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2012-9-20 138760]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2012-7-9 126392]
R2 sxuptp;SXUPTP Driver;C:\windows\System32\drivers\sxuptp.sys [2012-10-29 291352]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-11-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-9 363800]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-1-5 355096]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-1-5 786200]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-7-9 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-7-9 251496]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-7-9 565352]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-7-9 1145448]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-7-9 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-25 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-9-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-17 02:39:19 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E93B3E80-7B7A-4B35-9FA2-05FE0521C558}\mpengine.dll
2012-11-17 01:17:12 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-11-17 01:17:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-14 15:01:24 -------- d-----w- C:\Users\Granny\AppData\Local\antiphishing-scenic2_0dn
2012-11-14 00:51:47 -------- d-----w- C:\ProgramData\Anti-phishing Domain Advisor
2012-11-14 00:20:33 -------- d-----w- C:\Program Files (x86)\AppGraffiti
2012-11-14 00:20:30 -------- d-----w- C:\Users\Granny\AppData\Roaming\PCPowerSpeed
2012-11-14 00:20:30 -------- d-----w- C:\ProgramData\PCPowerSpeed
2012-11-14 00:20:28 -------- d-----w- C:\Program Files (x86)\PCPowerSpeed
2012-11-14 00:20:12 -------- d-----w- C:\Program Files (x86)\RebateInformer
2012-11-14 00:20:10 -------- d-----w- C:\Users\Granny\AppData\Roaming\24x7 Help
2012-11-14 00:20:03 -------- d-----w- C:\Program Files (x86)\24x7Help
2012-11-14 00:19:51 -------- d-----w- C:\Program Files (x86)\Crawler
2012-11-02 07:22:18 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-31 23:35:25 -------- d-----w- C:\Users\Granny\AppData\Local\Adobe
2012-10-30 01:48:15 -------- d-----w- C:\ProgramData\Belkin
2012-10-30 01:48:14 -------- d-----w- C:\Program Files\Belkin
2012-10-30 01:47:32 291352 ----a-w- C:\windows\System32\drivers\sxuptp.sys
2012-10-30 01:47:06 -------- d-----w- C:\ProgramData\Affinegy
2012-10-30 01:47:06 -------- d-----w- C:\Program Files (x86)\Belkin
2012-10-29 18:27:41 -------- d-----w- C:\Users\Granny\AppData\Local\CrashDumps
2012-10-23 22:24:42 -------- d-----w- C:\Users\Granny\AppData\Local\Diagnostics
2012-10-19 21:18:19 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{59D06CF4-6EF6-4B59-9E33-D6A799251F9D}\gapaengine.dll
.
==================== Find3M ====================
.
2012-10-08 20:19:38 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-08 20:19:38 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-14 19:19:29 2048 ----a-w- C:\windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:42:26.60 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 17 November 2012 - 06:56 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Earlene

Earlene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 17 November 2012 - 03:47 PM

Ran Security Check with no problems:
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java™ 6 Update 25
Java version out of Date!
Google Chrome 12.0.742.100
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

Ran AdwCleaner with no problems:
# AdwCleaner v2.007 - Logfile created 11/17/2012 at 14:16:48
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Granny - GRANNY-PC
# Boot Mode : Normal
# Running from : C:\Users\Granny\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\AppGraffiti
Folder Deleted : C:\Program Files (x86)\Crawler
Folder Deleted : C:\Program Files (x86)\RebateInformer
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Folder Deleted : C:\Users\Granny\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Granny\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Granny\AppData\LocalLow\RebateInformer
Folder Deleted : C:\Users\Granny\AppData\Roaming\24x7 Help

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Granny\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [1363 octets] - [17/11/2012 14:16:48]

########## EOF - C:\AdwCleaner[S2].txt - [1423 octets] ##########

Ran RogueKiller with no problems:
RogueKiller V8.3.0 [Nov 17 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Granny [Admin rights]
Mode : Scan -- Date : 11/17/2012 14:22:51

Bad processes : 0

Registry Entries : 2
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts



MBR Check:

+++++ PhysicalDrive0: TOSHIBA MQ01ABD050 +++++
--- User ---
[MBR] bc3908b8011a99b2f70ac64781eca8e5
[BSP] da6ba51169b890fa6397a5453b377452 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461404 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 948029440 | Size: 14035 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11172012_02d1422.txt >>
RKreport[1]_S_11172012_02d1422.txt

Computer status:
Hotmail itself loaded, but when trying to log in the website wasn't found. Internet problem or continuous computer problem I'm not sure. However, sites like the local news station website and more importantly security websites (MBAM) are still being blocked.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 17 November 2012 - 04:21 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Earlene

Earlene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 17 November 2012 - 05:22 PM

Ran Combofix with no problems:
ComboFix 12-11-16.02 - Granny 11/17/2012 16:01:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3986.2446 [GMT -6:00]
Running from: c:\users\Granny\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Granny\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-17 to 2012-11-17 )))))))))))))))))))))))))))))))
.
.
2012-11-17 22:05 . 2012-11-17 22:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-17 20:55 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-17 20:55 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-17 20:55 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-17 20:55 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-17 04:24 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-17 04:24 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-17 04:24 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-17 04:24 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-17 04:24 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-17 04:24 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-17 04:24 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-17 02:39 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E93B3E80-7B7A-4B35-9FA2-05FE0521C558}\mpengine.dll
2012-11-17 01:17 . 2012-11-17 01:17 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-17 01:17 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-14 15:01 . 2012-11-14 15:01 -------- d-----w- c:\users\Granny\AppData\Local\antiphishing-scenic2_0dn
2012-11-14 00:20 . 2012-11-17 00:37 -------- d-----w- c:\programdata\PCPowerSpeed
2012-11-14 00:20 . 2012-11-14 14:50 -------- d-----w- c:\users\Granny\AppData\Roaming\PCPowerSpeed
2012-11-14 00:20 . 2012-11-17 00:37 -------- d-----w- c:\program files (x86)\PCPowerSpeed
2012-11-14 00:20 . 2012-11-17 00:37 -------- d-----w- c:\program files (x86)\24x7Help
2012-11-02 07:22 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-31 23:35 . 2012-10-31 23:35 -------- d-----w- c:\users\Granny\AppData\Local\Adobe
2012-10-30 01:48 . 2012-10-30 17:10 -------- d-----w- c:\programdata\Belkin
2012-10-30 01:48 . 2012-10-30 01:48 -------- d-----w- c:\program files\Belkin
2012-10-30 01:47 . 2009-06-22 21:50 291352 ----a-w- c:\windows\system32\drivers\sxuptp.sys
2012-10-30 01:47 . 2012-10-30 01:47 -------- d-----w- c:\programdata\Affinegy
2012-10-30 01:47 . 2012-10-30 01:47 -------- d-----w- c:\program files (x86)\Belkin
2012-10-29 18:27 . 2012-11-14 15:03 -------- d-----w- c:\users\Granny\AppData\Local\CrashDumps
2012-10-23 22:24 . 2012-10-23 22:24 -------- d-----w- c:\users\Granny\AppData\Local\Diagnostics
2012-10-19 21:18 . 2012-09-26 20:50 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{59D06CF4-6EF6-4B59-9E33-D6A799251F9D}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-17 10:26 . 2012-10-13 21:24 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-08 20:19 . 2012-07-10 04:49 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-08 20:19 . 2012-04-02 03:00 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-26 20:50 . 2012-09-26 20:50 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-20 12:08 . 2011-03-29 01:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-14 19:19 . 2012-10-10 13:33 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 13:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-10 13:33 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-31 03:03 . 2012-03-21 01:44 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 18:03 . 2012-10-10 13:33 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:33 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 13:33 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-24 18:05 . 2012-10-10 13:33 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 13:33 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-22 18:12 . 2012-09-20 12:28 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-20 12:28 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-20 12:28 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-20 12:28 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-25 22:51 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 13:33 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 13:33 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 13:33 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 13:33 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 13:33 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 13:33 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 13:33 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 13:33 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 13:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 17:40 . 2012-10-10 13:33 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2012-08-20 17:38 . 2012-10-10 13:33 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-20 17:38 . 2012-10-10 13:33 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2012-08-20 17:37 . 2012-10-10 13:33 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-08-20 17:37 . 2012-10-10 13:33 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-08-20 17:32 . 2012-10-10 13:33 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 17:32 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 15:38 . 2012-10-10 13:33 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-08-20 15:38 . 2012-10-10 13:33 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-08-20 15:33 . 2012-10-10 13:33 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 13:33 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 13:33 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33 . 2012-10-10 13:33 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-07-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-12-07 1884064]
.
c:\users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Monitor Ink Alerts - HP Photosmart 6510 series.lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-11-26 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-20 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-01-05 16152]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S1 ccSet_NAT;Norton Anti-Theft Settings Manager;c:\windows\system32\drivers\NATx64\0106000.011\ccSetx64.sys [2012-08-07 168096]
S1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys [2011-08-08 167048]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2011-04-19 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-03 628448]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]
S2 NAT;Norton Anti-Theft;c:\program files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe [2012-08-19 143928]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [2011-12-01 135608]
S2 NSL;Norton Safe Web Lite;c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe [2011-08-10 138760]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2011-12-01 126392]
S2 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-11-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-02-29 363800]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-01-05 355096]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-01-05 786200]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2011-08-17 251496]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-07-18 1145448]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 20:19]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 04:50]
.
2012-11-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-10 04:50]
.
2012-11-17 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2012-11-17 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
2012-10-31 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-16 12459112]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com/?cid=C001B2Y
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.2.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NAT]
"ImagePath"="\"c:\program files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe\" /s \"NAT\" /m \"c:\program files (x86)\Norton Anti-Theft\Engine\1.6.0.17\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NSL]
"ImagePath"="\"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe\" /s \"NSL\" /m \"c:\program files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-11-17 16:13:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-17 22:13
.
Pre-Run: 442,727,063,552 bytes free
Post-Run: 442,622,148,608 bytes free
.
- - End Of File - - 62F3C84515BA7653D64DE097504A18C8

Computer status:
Sites are still being blocked.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 17 November 2012 - 05:40 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Earlene

Earlene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 17 November 2012 - 09:46 PM

Ran TDSSKiller with no problems:
17:58:18.0630 4144 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:58:20.0642 4144 ============================================================
17:58:20.0642 4144 Current date / time: 2012/11/17 17:58:20.0642
17:58:20.0642 4144 SystemInfo:
17:58:20.0642 4144
17:58:20.0642 4144 OS Version: 6.1.7601 ServicePack: 1.0
17:58:20.0642 4144 Product type: Workstation
17:58:20.0642 4144 ComputerName: GRANNY-PC
17:58:20.0642 4144 UserName: Granny
17:58:20.0642 4144 Windows directory: C:\windows
17:58:20.0642 4144 System windows directory: C:\windows
17:58:20.0642 4144 Running under WOW64
17:58:20.0642 4144 Processor architecture: Intel x64
17:58:20.0642 4144 Number of processors: 2
17:58:20.0642 4144 Page size: 0x1000
17:58:20.0642 4144 Boot type: Normal boot
17:58:20.0642 4144 ============================================================
17:58:21.0157 4144 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:58:21.0172 4144 ============================================================
17:58:21.0172 4144 \Device\Harddisk0\DR0:
17:58:21.0172 4144 MBR partitions:
17:58:21.0172 4144 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3852E000
17:58:21.0172 4144 ============================================================
17:58:21.0188 4144 C: <-> \Device\Harddisk0\DR0\Partition1
17:58:21.0188 4144 ============================================================
17:58:21.0188 4144 Initialize success
17:58:21.0188 4144 ============================================================
17:59:08.0269 6196 ============================================================
17:59:08.0269 6196 Scan started
17:59:08.0269 6196 Mode: Manual;
17:59:08.0269 6196 ============================================================
17:59:08.0456 6196 ================ Scan system memory ========================
17:59:08.0456 6196 System memory - ok
17:59:08.0456 6196 ================ Scan services =============================
17:59:08.0721 6196 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
17:59:08.0721 6196 1394ohci - ok
17:59:08.0768 6196 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
17:59:08.0768 6196 ACPI - ok
17:59:08.0815 6196 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
17:59:08.0815 6196 AcpiPmi - ok
17:59:08.0924 6196 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:59:08.0924 6196 AdobeFlashPlayerUpdateSvc - ok
17:59:09.0002 6196 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
17:59:09.0002 6196 adp94xx - ok
17:59:09.0065 6196 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys
17:59:09.0080 6196 adpahci - ok
17:59:09.0096 6196 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys
17:59:09.0111 6196 adpu320 - ok
17:59:09.0143 6196 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
17:59:09.0143 6196 AeLookupSvc - ok
17:59:09.0205 6196 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
17:59:09.0205 6196 AFD - ok
17:59:09.0330 6196 [ F8D4D4406374F1F591D041D3E936C768 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
17:59:09.0345 6196 AffinegyService - ok
17:59:09.0377 6196 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
17:59:09.0377 6196 agp440 - ok
17:59:09.0423 6196 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
17:59:09.0423 6196 ALG - ok
17:59:09.0455 6196 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
17:59:09.0455 6196 aliide - ok
17:59:09.0470 6196 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
17:59:09.0470 6196 amdide - ok
17:59:09.0501 6196 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
17:59:09.0501 6196 AmdK8 - ok
17:59:09.0517 6196 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
17:59:09.0517 6196 AmdPPM - ok
17:59:09.0564 6196 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
17:59:09.0564 6196 amdsata - ok
17:59:09.0579 6196 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys
17:59:09.0579 6196 amdsbs - ok
17:59:09.0595 6196 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
17:59:09.0595 6196 amdxata - ok
17:59:09.0642 6196 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
17:59:09.0642 6196 AppID - ok
17:59:09.0657 6196 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
17:59:09.0657 6196 AppIDSvc - ok
17:59:09.0689 6196 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
17:59:09.0689 6196 Appinfo - ok
17:59:09.0735 6196 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys
17:59:09.0735 6196 arc - ok
17:59:09.0767 6196 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys
17:59:09.0767 6196 arcsas - ok
17:59:09.0860 6196 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:59:09.0876 6196 aspnet_state - ok
17:59:09.0907 6196 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
17:59:09.0907 6196 AsyncMac - ok
17:59:09.0969 6196 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
17:59:09.0969 6196 atapi - ok
17:59:10.0032 6196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
17:59:10.0047 6196 AudioEndpointBuilder - ok
17:59:10.0079 6196 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
17:59:10.0079 6196 AudioSrv - ok
17:59:10.0110 6196 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
17:59:10.0110 6196 AxInstSV - ok
17:59:10.0157 6196 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
17:59:10.0157 6196 b06bdrv - ok
17:59:10.0188 6196 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
17:59:10.0203 6196 b57nd60a - ok
17:59:10.0281 6196 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
17:59:10.0297 6196 BBSvc - ok
17:59:10.0328 6196 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
17:59:10.0344 6196 BBUpdate - ok
17:59:10.0375 6196 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
17:59:10.0375 6196 BDESVC - ok
17:59:10.0422 6196 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
17:59:10.0422 6196 Beep - ok
17:59:10.0515 6196 [ 9BB84C554D7429F0A2CDF4EA1836F233 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
17:59:10.0515 6196 Belkin Local Backup Service - ok
17:59:10.0562 6196 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
17:59:10.0562 6196 Belkin Network USB Helper - ok
17:59:10.0625 6196 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
17:59:10.0656 6196 BFE - ok
17:59:10.0718 6196 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
17:59:10.0749 6196 BITS - ok
17:59:10.0796 6196 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
17:59:10.0796 6196 blbdrive - ok
17:59:10.0859 6196 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
17:59:10.0859 6196 bowser - ok
17:59:10.0905 6196 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
17:59:10.0905 6196 BrFiltLo - ok
17:59:10.0921 6196 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
17:59:10.0921 6196 BrFiltUp - ok
17:59:10.0983 6196 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
17:59:10.0983 6196 BridgeMP - ok
17:59:10.0999 6196 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
17:59:10.0999 6196 Browser - ok
17:59:11.0030 6196 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
17:59:11.0030 6196 Brserid - ok
17:59:11.0061 6196 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
17:59:11.0061 6196 BrSerWdm - ok
17:59:11.0093 6196 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
17:59:11.0093 6196 BrUsbMdm - ok
17:59:11.0093 6196 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
17:59:11.0093 6196 BrUsbSer - ok
17:59:11.0108 6196 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
17:59:11.0108 6196 BTHMODEM - ok
17:59:11.0155 6196 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
17:59:11.0171 6196 bthserv - ok
17:59:11.0186 6196 catchme - ok
17:59:11.0249 6196 [ A5C13600F63EB92F8D15123D64BA9895 ] ccSet_NAT C:\windows\system32\drivers\NATx64\0106000.011\ccSetx64.sys
17:59:11.0264 6196 ccSet_NAT - ok
17:59:11.0311 6196 [ A8AD33C9DD88C810CAC00ACC7F4329FB ] ccSet_NST C:\windows\system32\drivers\NSTx64\0200000.010\ccSetx64.sys
17:59:11.0311 6196 ccSet_NST - ok
17:59:11.0358 6196 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
17:59:11.0373 6196 cdfs - ok
17:59:11.0420 6196 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
17:59:11.0420 6196 cdrom - ok
17:59:11.0467 6196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
17:59:11.0467 6196 CertPropSvc - ok
17:59:11.0514 6196 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys
17:59:11.0514 6196 circlass - ok
17:59:11.0545 6196 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
17:59:11.0545 6196 CLFS - ok
17:59:11.0623 6196 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:59:11.0623 6196 clr_optimization_v2.0.50727_32 - ok
17:59:11.0685 6196 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:59:11.0685 6196 clr_optimization_v2.0.50727_64 - ok
17:59:11.0795 6196 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:59:11.0795 6196 clr_optimization_v4.0.30319_32 - ok
17:59:11.0826 6196 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:59:11.0826 6196 clr_optimization_v4.0.30319_64 - ok
17:59:11.0873 6196 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
17:59:11.0873 6196 CmBatt - ok
17:59:11.0904 6196 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
17:59:11.0904 6196 cmdide - ok
17:59:11.0935 6196 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
17:59:11.0951 6196 CNG - ok
17:59:11.0997 6196 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys
17:59:11.0997 6196 Compbatt - ok
17:59:12.0044 6196 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
17:59:12.0044 6196 CompositeBus - ok
17:59:12.0060 6196 COMSysApp - ok
17:59:12.0091 6196 [ 723E3512D6D1FF75E5398981B38FCEF7 ] cphs C:\windows\SysWow64\IntelCpHeciSvc.exe
17:59:12.0107 6196 cphs - ok
17:59:12.0122 6196 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
17:59:12.0122 6196 crcdisk - ok
17:59:12.0169 6196 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
17:59:12.0169 6196 CryptSvc - ok
17:59:12.0247 6196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
17:59:12.0247 6196 DcomLaunch - ok
17:59:12.0278 6196 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
17:59:12.0278 6196 defragsvc - ok
17:59:12.0309 6196 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
17:59:12.0325 6196 DfsC - ok
17:59:12.0372 6196 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
17:59:12.0372 6196 Dhcp - ok
17:59:12.0387 6196 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
17:59:12.0387 6196 discache - ok
17:59:12.0450 6196 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys
17:59:12.0450 6196 Disk - ok
17:59:12.0497 6196 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
17:59:12.0497 6196 Dnscache - ok
17:59:12.0512 6196 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
17:59:12.0512 6196 dot3svc - ok
17:59:12.0528 6196 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
17:59:12.0528 6196 DPS - ok
17:59:12.0559 6196 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
17:59:12.0575 6196 drmkaud - ok
17:59:12.0606 6196 [ 85DBF6EC7BDFA6187F4A1EC8F3145CD0 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
17:59:12.0606 6196 DXGKrnl - ok
17:59:12.0637 6196 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
17:59:12.0637 6196 EapHost - ok
17:59:12.0684 6196 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys
17:59:12.0746 6196 ebdrv - ok
17:59:12.0762 6196 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
17:59:12.0777 6196 EFS - ok
17:59:12.0840 6196 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
17:59:12.0871 6196 ehRecvr - ok
17:59:12.0902 6196 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
17:59:12.0902 6196 ehSched - ok
17:59:12.0965 6196 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys
17:59:12.0980 6196 elxstor - ok
17:59:13.0011 6196 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
17:59:13.0011 6196 ErrDev - ok
17:59:13.0074 6196 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
17:59:13.0089 6196 EventSystem - ok
17:59:13.0105 6196 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
17:59:13.0105 6196 exfat - ok
17:59:13.0121 6196 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
17:59:13.0121 6196 fastfat - ok
17:59:13.0167 6196 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
17:59:13.0183 6196 Fax - ok
17:59:13.0214 6196 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys
17:59:13.0214 6196 fdc - ok
17:59:13.0230 6196 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
17:59:13.0230 6196 fdPHost - ok
17:59:13.0245 6196 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
17:59:13.0245 6196 FDResPub - ok
17:59:13.0261 6196 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
17:59:13.0261 6196 FileInfo - ok
17:59:13.0277 6196 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
17:59:13.0277 6196 Filetrace - ok
17:59:13.0292 6196 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys
17:59:13.0292 6196 flpydisk - ok
17:59:13.0355 6196 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
17:59:13.0355 6196 FltMgr - ok
17:59:13.0401 6196 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
17:59:13.0417 6196 FontCache - ok
17:59:13.0479 6196 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:59:13.0479 6196 FontCache3.0.0.0 - ok
17:59:13.0495 6196 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
17:59:13.0495 6196 FsDepends - ok
17:59:13.0511 6196 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
17:59:13.0511 6196 Fs_Rec - ok
17:59:13.0557 6196 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
17:59:13.0557 6196 fvevol - ok
17:59:13.0604 6196 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
17:59:13.0604 6196 gagp30kx - ok
17:59:13.0651 6196 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
17:59:13.0651 6196 GamesAppService - ok
17:59:13.0698 6196 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe
17:59:13.0698 6196 GFNEXSrv - ok
17:59:13.0729 6196 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
17:59:13.0760 6196 gpsvc - ok
17:59:13.0791 6196 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:59:13.0791 6196 gupdate - ok
17:59:13.0823 6196 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:59:13.0823 6196 gupdatem - ok
17:59:13.0854 6196 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
17:59:13.0854 6196 gusvc - ok
17:59:13.0885 6196 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
17:59:13.0885 6196 hcw85cir - ok
17:59:13.0916 6196 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
17:59:13.0932 6196 HdAudAddService - ok
17:59:13.0963 6196 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
17:59:13.0963 6196 HDAudBus - ok
17:59:13.0979 6196 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys
17:59:13.0979 6196 HidBatt - ok
17:59:14.0010 6196 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys
17:59:14.0010 6196 HidBth - ok
17:59:14.0025 6196 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys
17:59:14.0025 6196 HidIr - ok
17:59:14.0057 6196 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
17:59:14.0057 6196 hidserv - ok
17:59:14.0103 6196 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
17:59:14.0103 6196 HidUsb - ok
17:59:14.0135 6196 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
17:59:14.0135 6196 hkmsvc - ok
17:59:14.0197 6196 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
17:59:14.0197 6196 HomeGroupListener - ok
17:59:14.0213 6196 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
17:59:14.0228 6196 HomeGroupProvider - ok
17:59:14.0275 6196 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
17:59:14.0275 6196 HpSAMD - ok
17:59:14.0322 6196 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
17:59:14.0353 6196 HTTP - ok
17:59:14.0353 6196 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
17:59:14.0353 6196 hwpolicy - ok
17:59:14.0400 6196 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
17:59:14.0400 6196 i8042prt - ok
17:59:14.0447 6196 [ C224331A54571C8C9162F7714400BBBD ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
17:59:14.0447 6196 iaStor - ok
17:59:14.0509 6196 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
17:59:14.0525 6196 iaStorV - ok
17:59:14.0587 6196 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:59:14.0603 6196 idsvc - ok
17:59:14.0899 6196 [ 9AA61DC7AA32C1D1260C4267FF07E0C1 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
17:59:15.0133 6196 igfx - ok
17:59:15.0164 6196 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys
17:59:15.0164 6196 iirsp - ok
17:59:15.0211 6196 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
17:59:15.0227 6196 IKEEXT - ok
17:59:15.0351 6196 [ 7C49C45A86CC0CD59C36701FB2A91E77 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
17:59:15.0383 6196 IntcAzAudAddService - ok
17:59:15.0445 6196 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
17:59:15.0445 6196 IntcDAud - ok
17:59:15.0523 6196 [ 832CE330DD987227B7DEA8C03F22AEFA ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
17:59:15.0523 6196 Intel® Capability Licensing Service Interface - ok
17:59:15.0570 6196 [ 896AA2F1D79662B17D5DBBE588E24E30 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
17:59:15.0570 6196 Intel® ME Service - ok
17:59:15.0601 6196 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
17:59:15.0601 6196 intelide - ok
17:59:15.0648 6196 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
17:59:15.0648 6196 intelppm - ok
17:59:15.0679 6196 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
17:59:15.0679 6196 IPBusEnum - ok
17:59:15.0710 6196 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
17:59:15.0710 6196 IpFilterDriver - ok
17:59:15.0773 6196 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
17:59:15.0788 6196 iphlpsvc - ok
17:59:15.0819 6196 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
17:59:15.0819 6196 IPMIDRV - ok
17:59:15.0835 6196 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
17:59:15.0851 6196 IPNAT - ok
17:59:15.0882 6196 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
17:59:15.0882 6196 IRENUM - ok
17:59:15.0897 6196 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
17:59:15.0913 6196 isapnp - ok
17:59:15.0929 6196 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
17:59:15.0929 6196 iScsiPrt - ok
17:59:15.0975 6196 [ 8E4577C6E0D3114170509159DE658907 ] iusb3hcs C:\windows\system32\DRIVERS\iusb3hcs.sys
17:59:15.0975 6196 iusb3hcs - ok
17:59:15.0991 6196 [ FE76346E9B57DA575BD1B3BD0CCAD7FF ] iusb3hub C:\windows\system32\DRIVERS\iusb3hub.sys
17:59:15.0991 6196 iusb3hub - ok
17:59:16.0022 6196 [ 1008CD90DA2198FFD250298DEB9DF160 ] iusb3xhc C:\windows\system32\DRIVERS\iusb3xhc.sys
17:59:16.0022 6196 iusb3xhc - ok
17:59:16.0069 6196 [ 3C6630473DD42FFC57D9F5564F533127 ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
17:59:16.0069 6196 jhi_service - ok
17:59:16.0100 6196 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
17:59:16.0116 6196 kbdclass - ok
17:59:16.0131 6196 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
17:59:16.0147 6196 kbdhid - ok
17:59:16.0163 6196 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
17:59:16.0163 6196 KeyIso - ok
17:59:16.0178 6196 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
17:59:16.0194 6196 KSecDD - ok
17:59:16.0209 6196 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
17:59:16.0209 6196 KSecPkg - ok
17:59:16.0256 6196 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
17:59:16.0256 6196 ksthunk - ok
17:59:16.0287 6196 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
17:59:16.0303 6196 KtmRm - ok
17:59:16.0350 6196 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
17:59:16.0365 6196 LanmanServer - ok
17:59:16.0397 6196 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
17:59:16.0397 6196 LanmanWorkstation - ok
17:59:16.0428 6196 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
17:59:16.0428 6196 lltdio - ok
17:59:16.0490 6196 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
17:59:16.0490 6196 lltdsvc - ok
17:59:16.0506 6196 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
17:59:16.0506 6196 lmhosts - ok
17:59:16.0568 6196 [ 2B23FAA39D8F949ED5EEE03ECA50BCD5 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:59:16.0568 6196 LMS - ok
17:59:16.0631 6196 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
17:59:16.0631 6196 LSI_FC - ok
17:59:16.0646 6196 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
17:59:16.0646 6196 LSI_SAS - ok
17:59:16.0662 6196 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
17:59:16.0662 6196 LSI_SAS2 - ok
17:59:16.0693 6196 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
17:59:16.0693 6196 LSI_SCSI - ok
17:59:16.0709 6196 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
17:59:16.0709 6196 luafv - ok
17:59:16.0740 6196 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
17:59:16.0740 6196 Mcx2Svc - ok
17:59:16.0755 6196 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys
17:59:16.0755 6196 megasas - ok
17:59:16.0771 6196 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
17:59:16.0787 6196 MegaSR - ok
17:59:16.0818 6196 [ 6B01B7414A105B9E51652089A03027CF ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
17:59:16.0818 6196 MEIx64 - ok
17:59:16.0849 6196 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
17:59:16.0865 6196 MMCSS - ok
17:59:16.0896 6196 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
17:59:16.0896 6196 Modem - ok
17:59:16.0927 6196 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
17:59:16.0927 6196 monitor - ok
17:59:16.0974 6196 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
17:59:16.0974 6196 mouclass - ok
17:59:17.0005 6196 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
17:59:17.0005 6196 mouhid - ok
17:59:17.0052 6196 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
17:59:17.0052 6196 mountmgr - ok
17:59:17.0114 6196 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
17:59:17.0114 6196 MpFilter - ok
17:59:17.0130 6196 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
17:59:17.0130 6196 mpio - ok
17:59:17.0161 6196 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
17:59:17.0161 6196 mpsdrv - ok
17:59:17.0208 6196 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
17:59:17.0223 6196 MpsSvc - ok
17:59:17.0255 6196 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
17:59:17.0255 6196 MRxDAV - ok
17:59:17.0286 6196 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
17:59:17.0286 6196 mrxsmb - ok
17:59:17.0301 6196 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
17:59:17.0301 6196 mrxsmb10 - ok
17:59:17.0333 6196 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
17:59:17.0333 6196 mrxsmb20 - ok
17:59:17.0348 6196 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
17:59:17.0348 6196 msahci - ok
17:59:17.0364 6196 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
17:59:17.0364 6196 msdsm - ok
17:59:17.0379 6196 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
17:59:17.0379 6196 MSDTC - ok
17:59:17.0411 6196 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
17:59:17.0411 6196 Msfs - ok
17:59:17.0442 6196 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
17:59:17.0442 6196 mshidkmdf - ok
17:59:17.0457 6196 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
17:59:17.0457 6196 msisadrv - ok
17:59:17.0489 6196 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
17:59:17.0489 6196 MSiSCSI - ok
17:59:17.0504 6196 msiserver - ok
17:59:17.0535 6196 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
17:59:17.0535 6196 MSKSSRV - ok
17:59:17.0613 6196 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:59:17.0613 6196 MsMpSvc - ok
17:59:17.0645 6196 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
17:59:17.0645 6196 MSPCLOCK - ok
17:59:17.0660 6196 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
17:59:17.0660 6196 MSPQM - ok
17:59:17.0691 6196 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
17:59:17.0707 6196 MsRPC - ok
17:59:17.0723 6196 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
17:59:17.0723 6196 mssmbios - ok
17:59:17.0754 6196 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
17:59:17.0754 6196 MSTEE - ok
17:59:17.0769 6196 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys
17:59:17.0769 6196 MTConfig - ok
17:59:17.0801 6196 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
17:59:17.0801 6196 Mup - ok
17:59:17.0832 6196 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
17:59:17.0832 6196 napagent - ok
17:59:17.0925 6196 [ 8D11DA92F83D8C8281689739BEF05FD5 ] NAT C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe
17:59:17.0925 6196 NAT - ok
17:59:17.0988 6196 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
17:59:17.0988 6196 NativeWifiP - ok
17:59:18.0050 6196 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
17:59:18.0081 6196 NDIS - ok
17:59:18.0113 6196 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
17:59:18.0113 6196 NdisCap - ok
17:59:18.0144 6196 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
17:59:18.0159 6196 NdisTapi - ok
17:59:18.0191 6196 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
17:59:18.0191 6196 Ndisuio - ok
17:59:18.0206 6196 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
17:59:18.0206 6196 NdisWan - ok
17:59:18.0253 6196 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
17:59:18.0253 6196 NDProxy - ok
17:59:18.0284 6196 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
17:59:18.0284 6196 NetBIOS - ok
17:59:18.0300 6196 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
17:59:18.0315 6196 NetBT - ok
17:59:18.0331 6196 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
17:59:18.0331 6196 Netlogon - ok
17:59:18.0378 6196 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
17:59:18.0393 6196 Netman - ok
17:59:18.0409 6196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:18.0409 6196 NetMsmqActivator - ok
17:59:18.0425 6196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:18.0425 6196 NetPipeActivator - ok
17:59:18.0440 6196 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
17:59:18.0440 6196 netprofm - ok
17:59:18.0471 6196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:18.0471 6196 NetTcpActivator - ok
17:59:18.0471 6196 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:59:18.0471 6196 NetTcpPortSharing - ok
17:59:18.0518 6196 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
17:59:18.0518 6196 nfrd960 - ok
17:59:18.0549 6196 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
17:59:18.0549 6196 NisDrv - ok
17:59:18.0581 6196 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
17:59:18.0581 6196 NisSrv - ok
17:59:18.0627 6196 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
17:59:18.0627 6196 NlaSvc - ok
17:59:18.0674 6196 Norton PC Checkup Application Launcher - ok
17:59:18.0705 6196 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
17:59:18.0705 6196 Npfs - ok
17:59:18.0721 6196 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
17:59:18.0737 6196 nsi - ok
17:59:18.0752 6196 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
17:59:18.0752 6196 nsiproxy - ok
17:59:18.0799 6196 [ E127420B7FEB65C7F279EAAC183BBC0E ] NSL C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
17:59:18.0799 6196 NSL - ok
17:59:18.0861 6196 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
17:59:18.0893 6196 Ntfs - ok
17:59:18.0924 6196 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
17:59:18.0924 6196 Null - ok
17:59:18.0955 6196 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
17:59:18.0955 6196 nvraid - ok
17:59:18.0971 6196 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
17:59:18.0986 6196 nvstor - ok
17:59:19.0017 6196 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
17:59:19.0017 6196 nv_agp - ok
17:59:19.0033 6196 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
17:59:19.0033 6196 ohci1394 - ok
17:59:19.0064 6196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
17:59:19.0080 6196 p2pimsvc - ok
17:59:19.0080 6196 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
17:59:19.0095 6196 p2psvc - ok
17:59:19.0111 6196 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys
17:59:19.0111 6196 Parport - ok
17:59:19.0142 6196 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
17:59:19.0142 6196 partmgr - ok
17:59:19.0173 6196 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
17:59:19.0173 6196 PcaSvc - ok
17:59:19.0189 6196 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
17:59:19.0189 6196 PCCUJobMgr - ok
17:59:19.0220 6196 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
17:59:19.0220 6196 pci - ok
17:59:19.0236 6196 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
17:59:19.0236 6196 pciide - ok
17:59:19.0251 6196 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys
17:59:19.0267 6196 pcmcia - ok
17:59:19.0283 6196 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
17:59:19.0283 6196 pcw - ok
17:59:19.0314 6196 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
17:59:19.0329 6196 PEAUTH - ok
17:59:19.0407 6196 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
17:59:19.0407 6196 PerfHost - ok
17:59:19.0454 6196 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
17:59:19.0470 6196 PGEffect - ok
17:59:19.0501 6196 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
17:59:19.0532 6196 pla - ok
17:59:19.0595 6196 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
17:59:19.0595 6196 PlugPlay - ok
17:59:19.0610 6196 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
17:59:19.0626 6196 PNRPAutoReg - ok
17:59:19.0641 6196 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
17:59:19.0641 6196 PNRPsvc - ok
17:59:19.0673 6196 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
17:59:19.0688 6196 PolicyAgent - ok
17:59:19.0719 6196 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\windows\system32\umpo.dll
17:59:19.0719 6196 Power - ok
17:59:19.0782 6196 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
17:59:19.0782 6196 PptpMiniport - ok
17:59:19.0797 6196 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys
17:59:19.0797 6196 Processor - ok
17:59:19.0844 6196 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
17:59:19.0860 6196 ProfSvc - ok
17:59:19.0875 6196 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
17:59:19.0891 6196 ProtectedStorage - ok
17:59:19.0922 6196 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
17:59:19.0922 6196 Psched - ok
17:59:19.0985 6196 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys
17:59:20.0031 6196 ql2300 - ok
17:59:20.0078 6196 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys
17:59:20.0078 6196 ql40xx - ok
17:59:20.0094 6196 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
17:59:20.0109 6196 QWAVE - ok
17:59:20.0125 6196 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
17:59:20.0125 6196 QWAVEdrv - ok
17:59:20.0141 6196 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
17:59:20.0141 6196 RasAcd - ok
17:59:20.0187 6196 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
17:59:20.0187 6196 RasAgileVpn - ok
17:59:20.0203 6196 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
17:59:20.0203 6196 RasAuto - ok
17:59:20.0219 6196 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
17:59:20.0219 6196 Rasl2tp - ok
17:59:20.0250 6196 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
17:59:20.0250 6196 RasMan - ok
17:59:20.0281 6196 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
17:59:20.0281 6196 RasPppoe - ok
17:59:20.0297 6196 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
17:59:20.0312 6196 RasSstp - ok
17:59:20.0343 6196 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
17:59:20.0343 6196 rdbss - ok
17:59:20.0359 6196 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys
17:59:20.0359 6196 rdpbus - ok
17:59:20.0375 6196 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
17:59:20.0375 6196 RDPCDD - ok
17:59:20.0406 6196 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
17:59:20.0406 6196 RDPENCDD - ok
17:59:20.0421 6196 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
17:59:20.0421 6196 RDPREFMP - ok
17:59:20.0453 6196 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
17:59:20.0453 6196 RDPWD - ok
17:59:20.0499 6196 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
17:59:20.0515 6196 rdyboost - ok
17:59:20.0562 6196 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
17:59:20.0562 6196 RemoteAccess - ok
17:59:20.0609 6196 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
17:59:20.0624 6196 RemoteRegistry - ok
17:59:20.0640 6196 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
17:59:20.0640 6196 RpcEptMapper - ok
17:59:20.0687 6196 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
17:59:20.0687 6196 RpcLocator - ok
17:59:20.0702 6196 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
17:59:20.0718 6196 RpcSs - ok
17:59:20.0765 6196 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
17:59:20.0765 6196 rspndr - ok
17:59:20.0811 6196 [ BB1C3DF1D6CC0972E9C7268A19E62D2E ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
17:59:20.0811 6196 RSUSBSTOR - ok
17:59:20.0874 6196 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
17:59:20.0874 6196 RTL8167 - ok
17:59:20.0921 6196 [ F33E70E48A54A7A1BFBEEB4F3B273E4A ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
17:59:20.0921 6196 RTL8192Ce - ok
17:59:20.0936 6196 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
17:59:20.0936 6196 SamSs - ok
17:59:20.0967 6196 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
17:59:20.0967 6196 sbp2port - ok
17:59:20.0999 6196 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
17:59:20.0999 6196 SCardSvr - ok
17:59:21.0014 6196 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
17:59:21.0014 6196 scfilter - ok
17:59:21.0030 6196 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
17:59:21.0061 6196 Schedule - ok
17:59:21.0077 6196 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
17:59:21.0077 6196 SCPolicySvc - ok
17:59:21.0108 6196 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
17:59:21.0123 6196 SDRSVC - ok
17:59:21.0170 6196 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
17:59:21.0170 6196 secdrv - ok
17:59:21.0186 6196 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
17:59:21.0186 6196 seclogon - ok
17:59:21.0217 6196 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
17:59:21.0217 6196 SENS - ok
17:59:21.0248 6196 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
17:59:21.0248 6196 SensrSvc - ok
17:59:21.0279 6196 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys
17:59:21.0279 6196 Serenum - ok
17:59:21.0311 6196 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys
17:59:21.0311 6196 Serial - ok
17:59:21.0342 6196 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys
17:59:21.0342 6196 sermouse - ok
17:59:21.0373 6196 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
17:59:21.0373 6196 SessionEnv - ok
17:59:21.0389 6196 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
17:59:21.0389 6196 sffdisk - ok
17:59:21.0404 6196 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
17:59:21.0404 6196 sffp_mmc - ok
17:59:21.0404 6196 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
17:59:21.0404 6196 sffp_sd - ok
17:59:21.0404 6196 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
17:59:21.0420 6196 sfloppy - ok
17:59:21.0467 6196 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
17:59:21.0482 6196 SharedAccess - ok
17:59:21.0513 6196 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
17:59:21.0513 6196 ShellHWDetection - ok
17:59:21.0545 6196 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
17:59:21.0545 6196 SiSRaid2 - ok
17:59:21.0560 6196 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
17:59:21.0560 6196 SiSRaid4 - ok
17:59:21.0607 6196 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
17:59:21.0607 6196 Smb - ok
17:59:21.0685 6196 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
17:59:21.0685 6196 SNMPTRAP - ok
17:59:21.0716 6196 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
17:59:21.0716 6196 spldr - ok
17:59:21.0747 6196 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
17:59:21.0763 6196 Spooler - ok
17:59:21.0841 6196 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
17:59:21.0888 6196 sppsvc - ok
17:59:21.0903 6196 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
17:59:21.0903 6196 sppuinotify - ok
17:59:21.0935 6196 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
17:59:21.0950 6196 srv - ok
17:59:21.0950 6196 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
17:59:21.0950 6196 srv2 - ok
17:59:21.0966 6196 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
17:59:21.0966 6196 srvnet - ok
17:59:22.0013 6196 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
17:59:22.0013 6196 SSDPSRV - ok
17:59:22.0028 6196 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
17:59:22.0028 6196 SstpSvc - ok
17:59:22.0059 6196 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys
17:59:22.0059 6196 stexstor - ok
17:59:22.0106 6196 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
17:59:22.0137 6196 stisvc - ok
17:59:22.0153 6196 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
17:59:22.0153 6196 swenum - ok
17:59:22.0184 6196 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
17:59:22.0200 6196 swprv - ok
17:59:22.0247 6196 [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp C:\windows\system32\DRIVERS\sxuptp.sys
17:59:22.0262 6196 sxuptp - ok
17:59:22.0325 6196 [ B868E292FBA5B62B9FC71572A5FAEF5C ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
17:59:22.0340 6196 SynTP - ok
17:59:22.0403 6196 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
17:59:22.0449 6196 SysMain - ok
17:59:22.0465 6196 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
17:59:22.0465 6196 TabletInputService - ok
17:59:22.0481 6196 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
17:59:22.0496 6196 TapiSrv - ok
17:59:22.0496 6196 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
17:59:22.0512 6196 TBS - ok
17:59:22.0559 6196 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
17:59:22.0605 6196 Tcpip - ok
17:59:22.0668 6196 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
17:59:22.0683 6196 TCPIP6 - ok
17:59:22.0699 6196 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
17:59:22.0699 6196 tcpipreg - ok
17:59:22.0746 6196 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
17:59:22.0746 6196 tdcmdpst - ok
17:59:22.0793 6196 TDEIO - ok
17:59:22.0824 6196 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
17:59:22.0824 6196 TDPIPE - ok
17:59:22.0824 6196 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
17:59:22.0839 6196 TDTCP - ok
17:59:22.0855 6196 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
17:59:22.0871 6196 tdx - ok
17:59:22.0871 6196 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
17:59:22.0871 6196 TermDD - ok
17:59:22.0902 6196 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
17:59:22.0933 6196 TermService - ok
17:59:22.0964 6196 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
17:59:22.0964 6196 Themes - ok
17:59:22.0980 6196 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
17:59:22.0980 6196 THREADORDER - ok
17:59:23.0042 6196 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:59:23.0042 6196 TMachInfo - ok
17:59:23.0105 6196 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe
17:59:23.0105 6196 TODDSrv - ok
17:59:23.0167 6196 [ 4AE80C5F7772C4FB2A762F70AD4A111E ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
17:59:23.0183 6196 TosCoSrv - ok
17:59:23.0229 6196 [ 6E2330FB032ED3EBEFC1349AD7081A98 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
17:59:23.0229 6196 TOSHIBA eco Utility Service - ok
17:59:23.0292 6196 [ 9338C2DEB14CA2804BCB3276CB7EB4FD ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:59:23.0292 6196 TOSHIBA HDD SSD Alert Service - ok
17:59:23.0339 6196 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
17:59:23.0354 6196 tos_sps64 - ok
17:59:23.0401 6196 [ 36CDD894395BEC46EFB14F49D77D3D82 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
17:59:23.0417 6196 TPCHSrv - ok
17:59:23.0463 6196 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
17:59:23.0463 6196 TrkWks - ok
17:59:23.0510 6196 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
17:59:23.0510 6196 TrustedInstaller - ok
17:59:23.0541 6196 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
17:59:23.0541 6196 tssecsrv - ok
17:59:23.0573 6196 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
17:59:23.0573 6196 TsUsbFlt - ok
17:59:23.0604 6196 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
17:59:23.0604 6196 TsUsbGD - ok
17:59:23.0651 6196 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
17:59:23.0651 6196 tunnel - ok
17:59:23.0697 6196 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:59:23.0697 6196 TVALZ - ok
17:59:23.0744 6196 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
17:59:23.0744 6196 TVALZFL - ok
17:59:23.0760 6196 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys
17:59:23.0760 6196 uagp35 - ok
17:59:23.0791 6196 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
17:59:23.0791 6196 udfs - ok
17:59:23.0838 6196 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
17:59:23.0838 6196 UI0Detect - ok
17:59:23.0885 6196 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
17:59:23.0885 6196 uliagpkx - ok
17:59:23.0931 6196 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
17:59:23.0931 6196 umbus - ok
17:59:23.0947 6196 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys
17:59:23.0947 6196 UmPass - ok
17:59:24.0025 6196 [ 3C5405EF78576E8E4D791EB18F6856A8 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:59:24.0041 6196 UNS - ok
17:59:24.0072 6196 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
17:59:24.0087 6196 upnphost - ok
17:59:24.0119 6196 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
17:59:24.0119 6196 usbccgp - ok
17:59:24.0165 6196 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
17:59:24.0181 6196 usbcir - ok
17:59:24.0197 6196 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
17:59:24.0197 6196 usbehci - ok
17:59:24.0243 6196 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
17:59:24.0243 6196 usbhub - ok
17:59:24.0259 6196 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
17:59:24.0259 6196 usbohci - ok
17:59:24.0290 6196 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
17:59:24.0290 6196 usbprint - ok
17:59:24.0321 6196 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
17:59:24.0321 6196 usbscan - ok
17:59:24.0337 6196 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
17:59:24.0337 6196 USBSTOR - ok
17:59:24.0399 6196 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
17:59:24.0399 6196 usbuhci - ok
17:59:24.0446 6196 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys
17:59:24.0446 6196 usbvideo - ok
17:59:24.0462 6196 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
17:59:24.0462 6196 UxSms - ok
17:59:24.0477 6196 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
17:59:24.0477 6196 VaultSvc - ok
17:59:24.0524 6196 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
17:59:24.0524 6196 vdrvroot - ok
17:59:24.0540 6196 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
17:59:24.0555 6196 vds - ok
17:59:24.0571 6196 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
17:59:24.0571 6196 vga - ok
17:59:24.0587 6196 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
17:59:24.0587 6196 VgaSave - ok
17:59:24.0602 6196 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
17:59:24.0602 6196 vhdmp - ok
17:59:24.0618 6196 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
17:59:24.0618 6196 viaide - ok
17:59:24.0633 6196 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
17:59:24.0633 6196 volmgr - ok
17:59:24.0649 6196 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
17:59:24.0649 6196 volmgrx - ok
17:59:24.0665 6196 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
17:59:24.0680 6196 volsnap - ok
17:59:24.0711 6196 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys
17:59:24.0711 6196 vsmraid - ok
17:59:24.0758 6196 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
17:59:24.0805 6196 VSS - ok
17:59:24.0821 6196 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
17:59:24.0821 6196 vwifibus - ok
17:59:24.0852 6196 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
17:59:24.0852 6196 vwififlt - ok
17:59:24.0867 6196 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
17:59:24.0867 6196 W32Time - ok
17:59:24.0899 6196 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys
17:59:24.0899 6196 WacomPen - ok
17:59:24.0930 6196 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
17:59:24.0945 6196 WANARP - ok
17:59:24.0961 6196 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
17:59:24.0961 6196 Wanarpv6 - ok
17:59:25.0039 6196 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
17:59:25.0070 6196 WatAdminSvc - ok
17:59:25.0117 6196 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
17:59:25.0148 6196 wbengine - ok
17:59:25.0148 6196 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
17:59:25.0164 6196 WbioSrvc - ok
17:59:25.0179 6196 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
17:59:25.0179 6196 wcncsvc - ok
17:59:25.0195 6196 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
17:59:25.0195 6196 WcsPlugInService - ok
17:59:25.0226 6196 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys
17:59:25.0226 6196 Wd - ok
17:59:25.0289 6196 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
17:59:25.0304 6196 Wdf01000 - ok
17:59:25.0320 6196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
17:59:25.0320 6196 WdiServiceHost - ok
17:59:25.0335 6196 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
17:59:25.0335 6196 WdiSystemHost - ok
17:59:25.0351 6196 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
17:59:25.0367 6196 WebClient - ok
17:59:25.0382 6196 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
17:59:25.0398 6196 Wecsvc - ok
17:59:25.0413 6196 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
17:59:25.0413 6196 wercplsupport - ok
17:59:25.0445 6196 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
17:59:25.0460 6196 WerSvc - ok
17:59:25.0491 6196 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
17:59:25.0491 6196 WfpLwf - ok
17:59:25.0507 6196 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
17:59:25.0507 6196 WIMMount - ok
17:59:25.0523 6196 WinDefend - ok
17:59:25.0538 6196 WinHttpAutoProxySvc - ok
17:59:25.0569 6196 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
17:59:25.0569 6196 Winmgmt - ok
17:59:25.0647 6196 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
17:59:25.0679 6196 WinRM - ok
17:59:25.0741 6196 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
17:59:25.0772 6196 Wlansvc - ok
17:59:25.0819 6196 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:59:25.0819 6196 wlcrasvc - ok
17:59:25.0928 6196 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:59:25.0975 6196 wlidsvc - ok
17:59:26.0006 6196 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
17:59:26.0006 6196 WmiAcpi - ok
17:59:26.0037 6196 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
17:59:26.0037 6196 wmiApSrv - ok
17:59:26.0100 6196 WMPNetworkSvc - ok
17:59:26.0115 6196 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
17:59:26.0115 6196 WPCSvc - ok
17:59:26.0131 6196 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
17:59:26.0131 6196 WPDBusEnum - ok
17:59:26.0162 6196 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
17:59:26.0162 6196 ws2ifsl - ok
17:59:26.0193 6196 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
17:59:26.0193 6196 wscsvc - ok
17:59:26.0193 6196 WSearch - ok
17:59:26.0271 6196 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
17:59:26.0318 6196 wuauserv - ok
17:59:26.0349 6196 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
17:59:26.0349 6196 WudfPf - ok
17:59:26.0396 6196 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
17:59:26.0396 6196 WUDFRd - ok
17:59:26.0412 6196 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
17:59:26.0412 6196 wudfsvc - ok
17:59:26.0459 6196 [ F0B1D8725FAB9F4A559CCC91A960FCE0 ] WwanSvc C:\windows\System32\wwansvc.dll
17:59:26.0459 6196 WwanSvc - ok
17:59:26.0490 6196 ================ Scan global ===============================
17:59:26.0521 6196 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
17:59:26.0552 6196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
17:59:26.0568 6196 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
17:59:26.0599 6196 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
17:59:26.0615 6196 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
17:59:26.0630 6196 [Global] - ok
17:59:26.0630 6196 ================ Scan MBR ==================================
17:59:26.0646 6196 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
17:59:26.0849 6196 \Device\Harddisk0\DR0 - ok
17:59:26.0849 6196 ================ Scan VBR ==================================
17:59:26.0864 6196 [ C629B5594E209B4D6AE88B6076E3D54C ] \Device\Harddisk0\DR0\Partition1
17:59:26.0864 6196 \Device\Harddisk0\DR0\Partition1 - ok
17:59:26.0864 6196 ============================================================
17:59:26.0864 6196 Scan finished
17:59:26.0864 6196 ============================================================
17:59:26.0895 5232 Detected object count: 0
17:59:26.0895 5232 Actual detected object count: 0

Ran aswMBR with minor complications. During the first attempted scan got a blue screen that read "Windows detected a problem and had to shut down" along with some numbers and other things, but the computer rebooted itself before I could get a chance to write it all down. Second run was successful:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-17 19:14:20
-----------------------------
19:14:20.289 OS Version: Windows x64 6.1.7601 Service Pack 1
19:14:20.289 Number of processors: 2 586 0x2A07
19:14:20.289 ComputerName: GRANNY-PC UserName: Granny
19:14:22.629 Initialize success
19:14:32.910 AVAST engine defs: 12111701
19:14:43.939 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:14:43.939 Disk 0 Vendor: TOSHIBA_ AX00 Size: 476940MB BusType: 3
19:14:43.954 Disk 0 MBR read successfully
19:14:43.954 Disk 0 MBR scan
19:14:43.954 Disk 0 Windows VISTA default MBR code
19:14:43.970 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
19:14:43.986 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 461404 MB offset 3074048
19:14:44.017 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 14035 MB offset 948029440
19:14:44.064 Disk 0 scanning C:\windows\system32\drivers
19:14:52.550 Service scanning
19:15:35.996 Modules scanning
19:15:36.012 Disk 0 trace - called modules:
19:15:36.058 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
19:15:36.074 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007207060]
19:15:36.074 3 CLASSPNP.SYS[fffff88001d7543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006188050]
19:15:37.057 AVAST engine scan C:\windows
19:15:41.472 AVAST engine scan C:\windows\system32
19:18:03.557 AVAST engine scan C:\windows\system32\drivers
19:18:13.931 AVAST engine scan C:\Users\Granny
19:20:32.225 AVAST engine scan C:\ProgramData
19:21:35.062 Scan finished successfully
19:22:15.060 Disk 0 MBR has been saved successfully to "C:\Users\Granny\Desktop\MBR.dat"
19:22:15.060 The log file has been saved successfully to "C:\Users\Granny\Desktop\aswMBR.txt"

Computer status:
No apparent change, certain sites still blocked.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 17 November 2012 - 10:16 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Earlene

Earlene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 17 November 2012 - 11:04 PM

Ran OTL with no problems:
OTL logfile created on: 11/17/2012 9:51:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Granny\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 52.22% Memory free
7.78 Gb Paging File | 5.87 Gb Available in Paging File | 75.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.59 Gb Total Space | 410.93 Gb Free Space | 91.20% Space Free | Partition Type: NTFS

Computer Name: GRANNY-PC | User Name: Granny | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Granny\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe (Affinegy, Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (Belkin Local Backup Service) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe ()
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (Belkin Network USB Helper) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NAT) -- C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\ccSvcHst.exe (Symantec Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (AffinegyService) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe (Affinegy, Inc.)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (NSL) -- C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (ccSet_NAT) -- C:\Windows\SysNative\drivers\NATx64\0106000.011\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\drivers\NSTx64\0200000.010\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (sxuptp) -- C:\Windows\SysNative\drivers\sxuptp.sys (silex technology, Inc.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\..\SearchScopes,DefaultScope = {7A7E6B4C-EB68-49EC-82C1-C487B6BB87D3}
IE - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\..\SearchScopes\{7A7E6B4C-EB68-49EC-82C1-C487B6BB87D3}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS502
IE - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{203FB6B2-2E1E-4474-863B-4C483ECCE78E}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2.0.0.16\coFFNST\ [2012/11/17 19:23:53 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.hotmail.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.hotmail.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Granny\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: AdBlock = C:\Users\Granny\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\

O1 HOSTS File: ([2012/11/17 16:09:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Norton Safe Web Lite BHO) - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Safe Web Lite) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - C:\Program Files (x86)\Norton Safe Web Lite\Engine\2.0.0.16\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [InstaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-992475191-3532094452-1836231887-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{31A33659-27F1-4A02-966C-BB763D197B7B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C3AEA2DD-AAD1-42B9-BFCE-D0EA3E63CAEC}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/17 21:47:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Granny\Desktop\OTL.exe
[2012/11/17 19:13:29 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/11/17 17:54:36 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Granny\Desktop\aswMBR.exe
[2012/11/17 17:54:20 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Granny\Desktop\tdsskiller.exe
[2012/11/17 16:13:02 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/11/17 16:09:28 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/17 15:59:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/11/17 15:59:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/11/17 15:59:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/11/17 15:59:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/17 15:59:25 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/11/17 15:57:02 | 005,002,404 | R--- | C] (Swearware) -- C:\Users\Granny\Desktop\ComboFix.exe
[2012/11/17 14:55:56 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys
[2012/11/17 14:55:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll
[2012/11/17 14:48:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/11/17 14:48:20 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/11/17 14:48:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/11/17 14:48:18 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/11/17 14:48:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/11/17 14:48:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/11/17 14:48:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2012/11/17 14:48:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2012/11/17 14:48:16 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/11/17 14:48:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/11/17 14:48:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/11/17 14:48:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/11/17 14:48:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/11/17 14:48:14 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/11/17 14:48:14 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2012/11/17 14:21:16 | 000,000,000 | ---D | C] -- C:\Users\Granny\Desktop\RK_Quarantine
[2012/11/16 22:24:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll
[2012/11/16 22:24:43 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll
[2012/11/16 22:24:42 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll
[2012/11/16 22:24:42 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe
[2012/11/16 20:40:28 | 000,688,901 | R--- | C] (Swearware) -- C:\Users\Granny\Desktop\dds.com
[2012/11/16 19:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/16 19:17:12 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/11/16 19:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/16 19:16:11 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Granny\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/14 09:01:24 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\antiphishing-scenic2_0dn
[2012/11/13 18:20:30 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Roaming\PCPowerSpeed
[2012/11/13 18:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PCPowerSpeed
[2012/11/13 18:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Power Speed
[2012/11/13 18:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCPowerSpeed
[2012/11/13 18:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\24x7Help
[2012/10/31 17:35:25 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\Adobe
[2012/10/29 19:48:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Belkin
[2012/10/29 19:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2012/10/29 19:47:32 | 000,291,352 | ---- | C] (silex technology, Inc.) -- C:\windows\SysNative\drivers\sxuptp.sys
[2012/10/29 19:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
[2012/10/29 19:47:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
[2012/10/29 19:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2012/10/29 12:27:41 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\CrashDumps
[2012/10/23 16:24:42 | 000,000,000 | ---D | C] -- C:\Users\Granny\AppData\Local\Diagnostics
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/11/17 21:48:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Granny\Desktop\OTL.exe
[2012/11/17 21:46:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/17 21:25:04 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/17 21:19:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/17 21:01:00 | 000,000,258 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
[2012/11/17 20:35:25 | 000,000,512 | ---- | M] () -- C:\Users\Granny\Desktop\MBR.dat
[2012/11/17 19:31:03 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 19:31:03 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/17 19:30:52 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/17 19:30:52 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/17 19:30:52 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/17 19:23:45 | 000,001,944 | ---- | M] () -- C:\Users\Granny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6510 series.lnk
[2012/11/17 19:23:41 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/17 19:23:40 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/11/17 19:23:22 | 3134,562,304 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/17 19:13:16 | 908,460,913 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/11/17 17:55:05 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Granny\Desktop\aswMBR.exe
[2012/11/17 17:54:32 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Granny\Desktop\tdsskiller.exe
[2012/11/17 17:53:46 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012/11/17 16:09:27 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/11/17 15:58:02 | 005,002,404 | R--- | M] (Swearware) -- C:\Users\Granny\Desktop\ComboFix.exe
[2012/11/17 14:04:34 | 000,725,504 | ---- | M] () -- C:\Users\Granny\Desktop\RogueKiller.exe
[2012/11/17 14:04:21 | 000,541,569 | ---- | M] () -- C:\Users\Granny\Desktop\adwcleaner.exe
[2012/11/17 14:04:11 | 000,881,833 | ---- | M] () -- C:\Users\Granny\Desktop\SecurityCheck.exe
[2012/11/16 20:40:36 | 000,688,901 | R--- | M] (Swearware) -- C:\Users\Granny\Desktop\dds.com
[2012/11/16 19:17:13 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/16 19:02:44 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Granny\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/16 18:46:15 | 000,123,163 | ---- | M] () -- C:\Users\Granny\Desktop\American_Eagle_and_Flag_by_superchickenn123.jpg
[2012/10/29 19:49:06 | 000,000,051 | ---- | M] () -- C:\windows\SysNative\drivers\etc\lmhosts
[2012/10/29 17:43:28 | 000,502,303 | ---- | M] () -- C:\Users\Granny\Documents\resume.rtf
[2012/10/29 08:06:30 | 000,546,258 | ---- | M] () -- C:\Users\Granny\Documents\resume - Copy.rtf
[2012/10/24 15:38:49 | 000,001,423 | ---- | M] () -- C:\Users\Granny\Documents\GSALE.rtf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/17 19:22:15 | 000,000,512 | ---- | C] () -- C:\Users\Granny\Desktop\MBR.dat
[2012/11/17 19:13:16 | 908,460,913 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/11/17 15:59:42 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/11/17 15:59:42 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/11/17 15:59:42 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/11/17 15:59:42 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/11/17 15:59:42 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/11/17 14:55:59 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 14:11:11 | 000,725,504 | ---- | C] () -- C:\Users\Granny\Desktop\RogueKiller.exe
[2012/11/17 14:10:55 | 000,541,569 | ---- | C] () -- C:\Users\Granny\Desktop\adwcleaner.exe
[2012/11/17 14:10:48 | 000,881,833 | ---- | C] () -- C:\Users\Granny\Desktop\SecurityCheck.exe
[2012/11/16 22:24:42 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/16 19:17:13 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/16 18:46:14 | 000,123,163 | ---- | C] () -- C:\Users\Granny\Desktop\American_Eagle_and_Flag_by_superchickenn123.jpg
[2012/10/29 11:11:27 | 000,546,258 | ---- | C] () -- C:\Users\Granny\Documents\resume - Copy.rtf
[2012/10/24 15:39:15 | 000,502,303 | ---- | C] () -- C:\Users\Granny\Documents\resume.rtf
[2012/09/15 14:30:13 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/09 22:58:36 | 000,776,422 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/09 22:33:41 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2012/07/09 22:30:15 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/05/10 14:07:18 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/05/10 13:24:08 | 013,214,720 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2012/02/02 23:08:26 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
[2012/02/01 13:51:06 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2012/02/01 13:51:04 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2012/02/01 13:51:04 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Computer status:
Same.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 17 November 2012 - 11:31 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/11/17 16:09:27 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts  
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [resethosts]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Earlene

Earlene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 18 November 2012 - 12:51 AM

Ran OTL Custom Code with no problems:
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\SysNative\drivers\etc\hosts moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Granny\Desktop\cmd.bat deleted successfully.
C:\Users\Granny\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Granny

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Granny
->Flash cache emptied: 57670 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 11172012_234024

Computer status:
Still not able to visit certain sites, so the same...except now another computer on this network seems to be having the same problem, and also got the "Windows detected a problem and had to shut down" blue screen during an attempted MBAM scan. Note that my own computer, on the same network, is having no problems of any kind (accessing all these sites or otherwise) so not sure if this is relevant.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 18 November 2012 - 09:39 AM

in which browser does this happen in?


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Earlene

Earlene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 18 November 2012 - 06:49 PM

All three computers use Google Chrome as their main browser, however the non-infected one (mine) and the newly infected one have both Opera and Mozilla Firefox installed as well. All browsers are working on the non-infected one and none are able to access the blocked sites on the newly infected one.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:16 PM

Posted 18 November 2012 - 08:49 PM

Hello

lets try something


I want you to uninstall chrome and if asked about user data or settings then remove that also


restart the computer and reinstall chrome



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Earlene

Earlene
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 18 November 2012 - 09:23 PM

Uninstalled Google Chrome with no problems:
Used Revo Uninstaller (copied from the non-infected computer) to make sure everything was deleted. Restarted and reinstalled, the rebooted again.

Computer status:
No change, certain websites still blocked.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users