Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have been infected with the ZeroAccess rootkit.


  • This topic is locked This topic is locked
41 replies to this topic

#1 bjohnson1982

bjohnson1982

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 26 November 2012 - 08:05 PM

My computer hasn't been able to finish it updates. After it updates, I restart and it says failure to update and converts back to previous configuration. Also, my computer has been performing a lot slower than normal. Any help is greatly appreciated.
Thank you.

I have a previous posting and they recommended I post here. Here is a link.

http://www.bleepingcomputer.com/forums/topic476079.html

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447 BrowserJavaVersion: 10.4.1
Run by Beejous at 18:59:46 on 2012-11-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.1025 [GMT -6:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\SysWOW64\cypherixsrv.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\Beejous\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Users\Beejous\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Users\Beejous\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beejous\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beejous\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beejous\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Beejous\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\system32\calc.exe
C:\windows\system32\calc.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uProxyOverride = <local>;*.local
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Beejous\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [RESTART_STICKY_NOTES] C:\windows\System32\StikyNot.exe
uRun: [Spotify] "C:\Users\Beejous\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Beejous\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tda-meetings.webex.com/client/wbs27-vzbprodcn/webex/ieatgpc1.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3D494F23-2E12-497D-B660-706BED7F4C71} : DHCPNameServer = 207.13.49.5
TCP: Interfaces\{AE2A44F3-A74B-4F22-BBC0-566066D45C69} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AE2A44F3-A74B-4F22-BBC0-566066D45C69}\2456C6B696E6E243339313 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{AE2A44F3-A74B-4F22-BBC0-566066D45C69}\3594C4655425742594C4C434146454 : DHCPNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{AE2A44F3-A74B-4F22-BBC0-566066D45C69}\374716675623 : DHCPNameServer = 192.168.254.254 192.168.254.254
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Beejous\AppData\Roaming\Mozilla\Firefox\Profiles\i4rz5632.default\
FF - prefs.js: browser.startup.homepage - GOOGLE.COM
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Beejous\AppData\Roaming\Mozilla\Firefox\Profiles\i4rz5632.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Beejous\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Users\Beejous\AppData\Roaming\Mozilla\Firefox\Profiles\i4rz5632.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Beejous\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Beejous\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2011-09-24 08:51; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\System32\drivers\AVGIDSEH.sys [2011-7-11 26704]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2011-7-11 37456]
R1 Avgfwfd;AVG network filter service;C:\windows\System32\drivers\avgfwd6a.sys [2011-5-23 48992]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2011-7-11 282704]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2011-8-8 46672]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2011-7-11 375376]
R1 cyphxdrv;cyphxdrv;C:\windows\System32\drivers\cyphxdrv.sys [2012-6-2 103704]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-8-19 2399560]
R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-10-5 181760]
R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-10-5 55296]
R2 cypherixservice;Cypherix service;C:\Windows\SysWOW64\cypherixsrv.exe [2012-6-2 1043224]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-21 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-21 676936]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-7-15 131512]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2010-6-19 126392]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-7-29 994360]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-7-29 399416]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-6-19 2314240]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\AVGIDSDriver.sys [2011-7-11 120400]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\System32\drivers\AVGIDSFilter.sys [2011-7-11 29776]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-6-19 56344]
R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-10 158720]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-2-3 271872]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-7-24 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2010-6-19 35008]
R3 PSI;PSI;C:\windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2010-6-19 346144]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2010-6-19 946688]
R3 sxuptp;SXUPTP Driver;C:\windows\System32\drivers\sxuptp.sys [2010-3-2 291352]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-9-1 5265248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SCardSvr32;Smart Card ;C:\windows\System32\uxtheme32.exe --> C:\windows\System32\uxtheme32.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2010-6-19 232992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-19 51512]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-30 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-7-16 1255736]
.
=============== Created Last 30 ================
.
2012-11-25 19:21:55 -------- d-----w- C:\Users\Beejous\AppData\Local\ElevatedDiagnostics
2012-11-23 04:20:15 -------- d-----w- C:\Program Files (x86)\ESET
2012-11-08 23:55:24 -------- d-----w- C:\Program Files (x86)\MusicConverter
2012-11-08 23:50:19 -------- d-----w- C:\Program Files (x86)\Audacity
.
==================== Find3M ====================
.
2012-10-16 04:43:44 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 04:43:44 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-09-30 01:54:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
.
============= FINISH: 19:01:22.65 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 26 November 2012 - 09:11 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 bjohnson1982

bjohnson1982
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 26 November 2012 - 10:23 PM

Here are my reports:
*Sorry for posting last one 3x it stopped working and saved 3 logs and wanted to make sure it covered all activity.

Results of screen317's Security Check version 0.99.56
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Secunia PSI (2.0.0.4002)
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.4.402.287 Flash Player out of Date!
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
WinPatrol winpatrol.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
BillP Studios WinPatrol WinPatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

# AdwCleaner v2.009 - Logfile created 11/26/2012 at 21:09:19
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Beejous - BRIANS-PC
# Boot Mode : Normal
# Running from : C:\Users\Beejous\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Beejous\AppData\Roaming\Mozilla\Firefox\Profiles\i4rz5632.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Beejous\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [26811 octets] - [23/11/2012 15:02:37]
AdwCleaner[S2].txt - [907 octets] - [26/11/2012 21:09:19]

########## EOF - C:\AdwCleaner[S2].txt - [966 octets] ##########

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Beejous [Admin rights]
Mode : Scan -- Date : 11/26/2012 21:17:56

Bad processes : 0

Registry Entries : 5
[TASK][SUSP PATH] winupd : \\.\globalroot\Device\HarddiskVolume2\Users\Beejous\AppData\Local\Temp\winupd.exe -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> FOUND

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK5055GSXN +++++
--- User ---
[MBR] 46badf27b7101e8f501a49409278bf20
[BSP] f3a7137ee3fc6b6387a84c6524eea23e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465072 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955541504 | Size: 10367 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11262012_02d2117.txt >>
RKreport[1]_S_11262012_02d2117.txt

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Beejous [Admin rights]
Mode : Remove -- Date : 11/26/2012 21:18:32

Bad processes : 0

Registry Entries : 4
[TASK][SUSP PATH] winupd : \\.\globalroot\Device\HarddiskVolume2\Users\Beejous\AppData\Local\Temp\winupd.exe -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

Particular Files / Folders:
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_32\Desktop.ini --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\windows\Assembly\GAC_64\Desktop.ini --> REMOVED

Driver : [NOT LOADED]

Infection : ZeroAccess

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK5055GSXN +++++
--- User ---
[MBR] 46badf27b7101e8f501a49409278bf20
[BSP] f3a7137ee3fc6b6387a84c6524eea23e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465072 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955541504 | Size: 10367 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11262012_02d2118.txt >>
RKreport[1]_S_11262012_02d2117.txt ; RKreport[2]_D_11262012_02d2118.txt

RogueKiller V8.3.1 [Nov 26 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Beejous [Admin rights]
Mode : Scan -- Date : 11/26/2012 21:19:35

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [NOT LOADED]

HOSTS File:
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: TOSHIBA MK5055GSXN +++++
--- User ---
[MBR] 46badf27b7101e8f501a49409278bf20
[BSP] f3a7137ee3fc6b6387a84c6524eea23e : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 465072 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955541504 | Size: 10367 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_11262012_02d2119.txt >>
RKreport[1]_S_11262012_02d2117.txt ; RKreport[2]_D_11262012_02d2118.txt ; RKreport[3]_S_11262012_02d2119.txt

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 27 November 2012 - 07:06 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 bjohnson1982

bjohnson1982
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 28 November 2012 - 12:39 AM

I'm still unsuccessful at completing my updates:
Log:

ComboFix 12-11-27.01 - Beejous 11/27/2012 22:13:15.9.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3891.2254 [GMT -6:00]
Running from: c:\users\Beejous\Downloads\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\32e6f705
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 04:25 . 2012-11-28 04:25 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-28 04:25 . 2012-11-28 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 03:32 . 2009-07-14 01:41 258048 ---ha-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2012-11-25 19:21 . 2012-11-25 19:21 -------- d-----w- c:\users\Beejous\AppData\Local\ElevatedDiagnostics
2012-11-23 04:20 . 2012-11-23 04:20 -------- d-----w- c:\program files (x86)\ESET
2012-11-08 23:55 . 2012-11-23 04:42 -------- d-----w- c:\program files (x86)\MusicConverter
2012-11-08 23:51 . 2012-11-22 05:09 -------- d-----w- c:\users\Beejous\AppData\Roaming\Audacity
2012-11-08 23:50 . 2012-11-08 23:50 -------- d-----w- c:\program files (x86)\Audacity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-18 19:09 . 2010-09-29 01:32 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 04:43 . 2012-10-16 04:01 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 04:43 . 2011-10-15 16:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-30 01:54 . 2011-07-25 04:30 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"Spotify"="c:\users\Beejous\AppData\Roaming\Spotify\Spotify.exe" [2012-10-26 7880664]
"Spotify Web Helper"="c:\users\Beejous\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-26 1199576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-09-01 5265248]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SCardSvr32;Smart Card ;c:\windows\system32\uxtheme32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-01-07 232992]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-16 1255736]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 26704]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2011-07-11 37456]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2011-07-11 282704]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-08-08 46672]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2011-07-11 375376]
S1 cyphxdrv;cyphxdrv;c:\windows\system32\Drivers\cyphxdrv.sys [2011-04-27 103704]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-08-19 2399560]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-18 181760]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]
S2 cypherixservice;Cypherix service;c:\windows\SysWOW64\cypherixsrv.exe [2011-04-27 1043224]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-07-15 131512]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2009-08-24 126392]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-07-29 994360]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-07-29 399416]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 120400]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 29776]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-03 291352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 04:43]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8d83c39a2682.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-15 01:11]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc8d83c44b299a.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-15 01:11]
.
2012-11-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933893740-360370380-219397616-1000Core.job
- c:\users\Beejous\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 17:42]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1933893740-360370380-219397616-1000UA.job
- c:\users\Beejous\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 17:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-10 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-10 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-10 410648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2012-03-25 329312]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\Beejous\AppData\Roaming\Mozilla\Firefox\Profiles\i4rz5632.default\
FF - prefs.js: browser.startup.homepage - GOOGLE.COM
FF - ExtSQL: !HIDDEN! 2011-09-24 08:51; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
AddRemove-Music Converter - c:\program files (x86)\MusicConverter\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.3.198\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2012-11-27 22:43:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-28 04:43
ComboFix2.txt 2011-11-12 20:46
ComboFix3.txt 2011-11-08 13:00
.
Pre-Run: 309,788,065,792 bytes free
Post-Run: 317,913,387,008 bytes free
.
- - End Of File - - CC42C307D85A989F30747AFA06798A13

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 November 2012 - 07:26 AM

  • Click Start, click Run, type Notepad, and then click OK.
  • Copy the following text, and then paste the text into Notepad.
net stop wuauserv
cd %systemroot%\SoftwareDistribution
ren Download Download.old
net start wuauserv
net stop bits
net start bits
net stop cryptsvc
cd %systemroot%\system32
ren catroot2 catroot2old
net start cryptsvc
  • Click File, click Save As, and then type Repair.bat.
  • In the Save as type box, click All Files.
  • In the Save in box, click Desktop, and then click Save.
  • On the File menu, click Exit.
    Double-click the Repair.bat file

Now I need you to go to windows update and download any update that it wants you to download.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 bjohnson1982

bjohnson1982
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 28 November 2012 - 09:12 PM

Problem persists. I still have 24 updates to install after following your instructions and attempting to update.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 28 November 2012 - 09:56 PM

Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the start repairs tab select advanced mode and click start
Posted Image

Select the items below (remove the ticks from the rest ) and tick restart system when finished
Reset Registry permisions
reset File permisions
repair WMI
repair windows firewall
repair internet explorer
remove policies set by infection
repair winsock & DNS cache
remove temp files
repair proxy settings
repair windows update
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 bjohnson1982

bjohnson1982
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 29 November 2012 - 05:18 AM

Same story, failure configuring and reverted back.

#10 bjohnson1982

bjohnson1982
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 December 2012 - 02:00 AM

I haven't heard back in a few days. Not sure if I should bump since it says don't and do.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 03 December 2012 - 02:02 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 bjohnson1982

bjohnson1982
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 December 2012 - 02:04 PM

Here is the TDSSKiller report and I ran the aswMBR 2x and my computer crashed mid scan both times.

13:03:18.0852 5048 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:03:19.0273 5048 ============================================================
13:03:19.0273 5048 Current date / time: 2012/12/03 13:03:19.0273
13:03:19.0273 5048 SystemInfo:
13:03:19.0273 5048
13:03:19.0273 5048 OS Version: 6.1.7601 ServicePack: 1.0
13:03:19.0273 5048 Product type: Workstation
13:03:19.0273 5048 ComputerName: BRIANS-PC
13:03:19.0273 5048 UserName: Beejous
13:03:19.0273 5048 Windows directory: C:\windows
13:03:19.0273 5048 System windows directory: C:\windows
13:03:19.0273 5048 Running under WOW64
13:03:19.0273 5048 Processor architecture: Intel x64
13:03:19.0273 5048 Number of processors: 4
13:03:19.0273 5048 Page size: 0x1000
13:03:19.0273 5048 Boot type: Normal boot
13:03:19.0273 5048 ============================================================
13:03:21.0254 5048 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:03:21.0270 5048 ============================================================
13:03:21.0270 5048 \Device\Harddisk0\DR0:
13:03:21.0270 5048 MBR partitions:
13:03:21.0270 5048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38C58000
13:03:21.0270 5048 ============================================================
13:03:21.0332 5048 C: <-> \Device\Harddisk0\DR0\Partition1
13:03:21.0332 5048 ============================================================
13:03:21.0332 5048 Initialize success
13:03:21.0332 5048 ============================================================
13:03:22.0783 4636 ============================================================
13:03:22.0783 4636 Scan started
13:03:22.0783 4636 Mode: Manual;
13:03:22.0783 4636 ============================================================
13:03:24.0593 4636 ================ Scan system memory ========================
13:03:24.0593 4636 System memory - ok
13:03:24.0593 4636 ================ Scan services =============================
13:03:25.0139 4636 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:03:25.0139 4636 1394ohci - ok
13:03:25.0232 4636 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
13:03:25.0232 4636 ACPI - ok
13:03:25.0310 4636 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:03:25.0310 4636 AcpiPmi - ok
13:03:25.0513 4636 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:03:25.0513 4636 AdobeARMservice - ok
13:03:26.0995 4636 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:03:27.0011 4636 AdobeFlashPlayerUpdateSvc - ok
13:03:27.0292 4636 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
13:03:27.0292 4636 adp94xx - ok
13:03:27.0339 4636 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
13:03:27.0339 4636 adpahci - ok
13:03:27.0385 4636 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
13:03:27.0385 4636 adpu320 - ok
13:03:27.0417 4636 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:03:27.0417 4636 AeLookupSvc - ok
13:03:27.0479 4636 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
13:03:27.0495 4636 AFD - ok
13:03:27.0619 4636 [ 7E077309910CE334C3B2B7B8665A55C4 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
13:03:27.0635 4636 AffinegyService - ok
13:03:27.0729 4636 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
13:03:27.0744 4636 AgereSoftModem - ok
13:03:27.0791 4636 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
13:03:27.0791 4636 agp440 - ok
13:03:27.0838 4636 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
13:03:27.0853 4636 ALG - ok
13:03:27.0900 4636 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
13:03:27.0900 4636 aliide - ok
13:03:27.0916 4636 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
13:03:27.0916 4636 amdide - ok
13:03:27.0947 4636 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
13:03:27.0947 4636 AmdK8 - ok
13:03:27.0994 4636 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
13:03:27.0994 4636 AmdPPM - ok
13:03:28.0072 4636 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
13:03:28.0072 4636 amdsata - ok
13:03:28.0103 4636 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
13:03:28.0103 4636 amdsbs - ok
13:03:28.0134 4636 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:03:28.0134 4636 amdxata - ok
13:03:28.0181 4636 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
13:03:28.0181 4636 AppID - ok
13:03:28.0228 4636 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:03:28.0228 4636 AppIDSvc - ok
13:03:28.0290 4636 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
13:03:28.0290 4636 Appinfo - ok
13:03:28.0446 4636 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:03:28.0446 4636 Apple Mobile Device - ok
13:03:28.0509 4636 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
13:03:28.0524 4636 arc - ok
13:03:28.0540 4636 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
13:03:28.0540 4636 arcsas - ok
13:03:28.0571 4636 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:03:28.0587 4636 AsyncMac - ok
13:03:28.0618 4636 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
13:03:28.0618 4636 atapi - ok
13:03:28.0680 4636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:03:28.0680 4636 AudioEndpointBuilder - ok
13:03:28.0696 4636 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
13:03:28.0696 4636 AudioSrv - ok
13:03:28.0789 4636 [ 96B4456F1DCA4EDA506ED31C7D2D6B05 ] Avgfwfd C:\windows\system32\DRIVERS\avgfwd6a.sys
13:03:28.0789 4636 Avgfwfd - ok
13:03:28.0961 4636 [ BB8214A1EC4F74D67B51DC3C1BA11343 ] avgfws C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
13:03:29.0008 4636 avgfws - ok
13:03:29.0257 4636 [ 6EAD3146A0894F5EB9AD02542B1C7DE5 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
13:03:29.0398 4636 AVGIDSAgent - ok
13:03:29.0445 4636 [ E29EA1A0EC7AB9FA2DC7E75A03F12A4F ] AVGIDSDriver C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
13:03:29.0445 4636 AVGIDSDriver - ok
13:03:29.0476 4636 [ F823D184B8E8FFB8DA3EAD45DBF5BD6A ] AVGIDSEH C:\windows\system32\DRIVERS\AVGIDSEH.Sys
13:03:29.0476 4636 AVGIDSEH - ok
13:03:29.0476 4636 [ ED2B25BD7FE35D1944211968842D30DA ] AVGIDSFilter C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
13:03:29.0476 4636 AVGIDSFilter - ok
13:03:29.0538 4636 [ DADFCCFB036DA99FA83E7E1D29290A6C ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
13:03:29.0554 4636 Avgldx64 - ok
13:03:29.0569 4636 [ 36B1A5843695766EAC714DAFFC5B84D1 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
13:03:29.0585 4636 Avgmfx64 - ok
13:03:29.0601 4636 [ 5A7AA579D4FA072FB9715F8D83EB1F00 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
13:03:29.0601 4636 Avgrkx64 - ok
13:03:29.0632 4636 [ 11F36D3EA82D9DB9AA05A476A210551B ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
13:03:29.0632 4636 Avgtdia - ok
13:03:29.0694 4636 [ 6699ECE24FE4B3F752A66C66A602EE86 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
13:03:29.0694 4636 avgwd - ok
13:03:29.0741 4636 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
13:03:29.0757 4636 AxInstSV - ok
13:03:29.0819 4636 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
13:03:29.0819 4636 b06bdrv - ok
13:03:29.0850 4636 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
13:03:29.0866 4636 b57nd60a - ok
13:03:29.0928 4636 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
13:03:29.0928 4636 BDESVC - ok
13:03:29.0959 4636 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
13:03:29.0959 4636 Beep - ok
13:03:30.0084 4636 [ 299E54DB3638A18E47BD3A2D2EF499F7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
13:03:30.0084 4636 Belkin Local Backup Service - ok
13:03:30.0147 4636 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
13:03:30.0147 4636 Belkin Network USB Helper - ok
13:03:30.0209 4636 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
13:03:30.0225 4636 BFE - ok
13:03:30.0256 4636 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
13:03:30.0271 4636 BITS - ok
13:03:30.0287 4636 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:03:30.0287 4636 blbdrive - ok
13:03:30.0365 4636 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:03:30.0365 4636 Bonjour Service - ok
13:03:30.0427 4636 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:03:30.0427 4636 bowser - ok
13:03:30.0459 4636 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
13:03:30.0459 4636 BrFiltLo - ok
13:03:30.0490 4636 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
13:03:30.0505 4636 BrFiltUp - ok
13:03:30.0537 4636 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
13:03:30.0537 4636 BridgeMP - ok
13:03:30.0599 4636 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\windows\System32\browser.dll
13:03:30.0599 4636 Browser - ok
13:03:30.0630 4636 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:03:30.0630 4636 Brserid - ok
13:03:30.0646 4636 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:03:30.0646 4636 BrSerWdm - ok
13:03:30.0677 4636 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:03:30.0677 4636 BrUsbMdm - ok
13:03:30.0708 4636 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:03:30.0708 4636 BrUsbSer - ok
13:03:30.0724 4636 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
13:03:30.0724 4636 BTHMODEM - ok
13:03:30.0786 4636 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
13:03:30.0786 4636 bthserv - ok
13:03:30.0833 4636 catchme - ok
13:03:30.0880 4636 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:03:30.0880 4636 cdfs - ok
13:03:30.0958 4636 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\drivers\cdrom.sys
13:03:30.0958 4636 cdrom - ok
13:03:31.0020 4636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
13:03:31.0020 4636 CertPropSvc - ok
13:03:31.0083 4636 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
13:03:31.0083 4636 circlass - ok
13:03:31.0129 4636 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
13:03:31.0129 4636 CLFS - ok
13:03:31.0254 4636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:03:31.0270 4636 clr_optimization_v2.0.50727_32 - ok
13:03:31.0332 4636 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:03:31.0332 4636 clr_optimization_v2.0.50727_64 - ok
13:03:31.0410 4636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:03:31.0457 4636 clr_optimization_v4.0.30319_32 - ok
13:03:31.0551 4636 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:03:31.0551 4636 clr_optimization_v4.0.30319_64 - ok
13:03:31.0566 4636 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:03:31.0566 4636 CmBatt - ok
13:03:31.0613 4636 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
13:03:31.0613 4636 cmdide - ok
13:03:31.0675 4636 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
13:03:31.0691 4636 CNG - ok
13:03:31.0722 4636 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
13:03:31.0722 4636 Compbatt - ok
13:03:31.0785 4636 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
13:03:31.0785 4636 CompositeBus - ok
13:03:31.0800 4636 COMSysApp - ok
13:03:31.0863 4636 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
13:03:31.0863 4636 crcdisk - ok
13:03:31.0909 4636 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\windows\system32\cryptsvc.dll
13:03:31.0909 4636 CryptSvc - ok
13:03:32.0409 4636 [ 9E24CB0740B17C6ADCB0170B48820EF4 ] cypherixservice C:\windows\SysWOW64\cypherixsrv.exe
13:03:32.0409 4636 cypherixservice - ok
13:03:32.0549 4636 [ BF1F536BC7916EDE926434B5F436A35A ] cyphxdrv C:\windows\system32\Drivers\cyphxdrv.sys
13:03:32.0549 4636 cyphxdrv - ok
13:03:32.0627 4636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
13:03:32.0627 4636 DcomLaunch - ok
13:03:32.0908 4636 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
13:03:32.0908 4636 defragsvc - ok
13:03:32.0955 4636 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:03:32.0955 4636 DfsC - ok
13:03:33.0048 4636 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
13:03:33.0048 4636 Dhcp - ok
13:03:33.0111 4636 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
13:03:33.0111 4636 discache - ok
13:03:33.0204 4636 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
13:03:33.0204 4636 Disk - ok
13:03:33.0251 4636 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:03:33.0251 4636 Dnscache - ok
13:03:33.0329 4636 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
13:03:33.0345 4636 dot3svc - ok
13:03:33.0454 4636 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
13:03:33.0454 4636 Dot4 - ok
13:03:33.0563 4636 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\drivers\Dot4Prt.sys
13:03:33.0579 4636 Dot4Print - ok
13:03:33.0688 4636 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
13:03:33.0688 4636 dot4usb - ok
13:03:33.0766 4636 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
13:03:33.0766 4636 DPS - ok
13:03:33.0844 4636 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:03:33.0844 4636 drmkaud - ok
13:03:34.0140 4636 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:03:34.0156 4636 DXGKrnl - ok
13:03:34.0218 4636 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
13:03:34.0218 4636 EapHost - ok
13:03:34.0733 4636 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
13:03:34.0858 4636 ebdrv - ok
13:03:34.0920 4636 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
13:03:34.0920 4636 EFS - ok
13:03:35.0076 4636 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:03:35.0076 4636 ehRecvr - ok
13:03:35.0139 4636 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
13:03:35.0139 4636 ehSched - ok
13:03:35.0217 4636 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
13:03:35.0232 4636 elxstor - ok
13:03:35.0279 4636 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
13:03:35.0295 4636 ErrDev - ok
13:03:35.0326 4636 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
13:03:35.0326 4636 EventSystem - ok
13:03:35.0404 4636 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
13:03:35.0404 4636 exfat - ok
13:03:35.0451 4636 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
13:03:35.0451 4636 fastfat - ok
13:03:35.0607 4636 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
13:03:35.0607 4636 Fax - ok
13:03:35.0685 4636 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
13:03:35.0685 4636 fdc - ok
13:03:35.0794 4636 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
13:03:35.0794 4636 fdPHost - ok
13:03:35.0825 4636 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
13:03:35.0825 4636 FDResPub - ok
13:03:35.0919 4636 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:03:35.0919 4636 FileInfo - ok
13:03:35.0950 4636 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:03:35.0965 4636 Filetrace - ok
13:03:36.0231 4636 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:03:36.0246 4636 FLEXnet Licensing Service - ok
13:03:36.0309 4636 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:03:36.0309 4636 flpydisk - ok
13:03:36.0355 4636 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:03:36.0355 4636 FltMgr - ok
13:03:36.0433 4636 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
13:03:36.0449 4636 FontCache - ok
13:03:36.0527 4636 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:03:36.0527 4636 FontCache3.0.0.0 - ok
13:03:36.0574 4636 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:03:36.0574 4636 FsDepends - ok
13:03:36.0621 4636 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:03:36.0621 4636 Fs_Rec - ok
13:03:36.0683 4636 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:03:36.0683 4636 fvevol - ok
13:03:36.0699 4636 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
13:03:36.0714 4636 gagp30kx - ok
13:03:36.0839 4636 [ D154305DE6090E6E84E525F84BB08A06 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
13:03:36.0839 4636 GameConsoleService - ok
13:03:36.0886 4636 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
13:03:36.0886 4636 GEARAspiWDM - ok
13:03:36.0964 4636 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
13:03:36.0979 4636 gpsvc - ok
13:03:37.0073 4636 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:03:37.0073 4636 gupdate - ok
13:03:37.0104 4636 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:03:37.0104 4636 gupdatem - ok
13:03:37.0151 4636 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:03:37.0151 4636 hcw85cir - ok
13:03:37.0307 4636 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:03:37.0307 4636 HdAudAddService - ok
13:03:37.0369 4636 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
13:03:37.0369 4636 HDAudBus - ok
13:03:37.0401 4636 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
13:03:37.0401 4636 HECIx64 - ok
13:03:37.0447 4636 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
13:03:37.0447 4636 HidBatt - ok
13:03:37.0463 4636 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
13:03:37.0463 4636 HidBth - ok
13:03:37.0494 4636 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
13:03:37.0494 4636 HidIr - ok
13:03:37.0525 4636 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
13:03:37.0525 4636 hidserv - ok
13:03:37.0588 4636 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
13:03:37.0588 4636 HidUsb - ok
13:03:37.0697 4636 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
13:03:37.0697 4636 hkmsvc - ok
13:03:37.0759 4636 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:03:37.0759 4636 HomeGroupListener - ok
13:03:37.0822 4636 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:03:37.0822 4636 HomeGroupProvider - ok
13:03:37.0931 4636 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
13:03:37.0947 4636 hpqcxs08 - ok
13:03:37.0962 4636 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
13:03:37.0978 4636 hpqddsvc - ok
13:03:38.0025 4636 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:03:38.0025 4636 HpSAMD - ok
13:03:38.0103 4636 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:03:38.0103 4636 HTTP - ok
13:03:38.0165 4636 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:03:38.0165 4636 hwpolicy - ok
13:03:38.0212 4636 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
13:03:38.0212 4636 i8042prt - ok
13:03:38.0274 4636 [ 42E00996DFC13C46366689C0EA8ABC5E ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
13:03:38.0290 4636 iaStor - ok
13:03:38.0337 4636 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:03:38.0337 4636 iaStorV - ok
13:03:38.0415 4636 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:03:38.0430 4636 idsvc - ok
13:03:38.0695 4636 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
13:03:38.0976 4636 igfx - ok
13:03:39.0054 4636 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
13:03:39.0054 4636 iirsp - ok
13:03:39.0148 4636 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
13:03:39.0163 4636 IKEEXT - ok
13:03:39.0226 4636 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
13:03:39.0226 4636 Impcd - ok
13:03:39.0460 4636 [ 490947A9AFF7CA31EF2E08F5776105EB ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
13:03:39.0491 4636 IntcAzAudAddService - ok
13:03:39.0585 4636 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
13:03:39.0585 4636 IntcDAud - ok
13:03:39.0647 4636 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
13:03:39.0647 4636 intelide - ok
13:03:39.0725 4636 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:03:39.0725 4636 intelppm - ok
13:03:39.0803 4636 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:03:39.0819 4636 IPBusEnum - ok
13:03:39.0959 4636 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:03:39.0959 4636 IpFilterDriver - ok
13:03:40.0115 4636 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:03:40.0146 4636 iphlpsvc - ok
13:03:40.0240 4636 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:03:40.0255 4636 IPMIDRV - ok
13:03:40.0380 4636 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:03:40.0380 4636 IPNAT - ok
13:03:40.0552 4636 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:03:40.0567 4636 iPod Service - ok
13:03:40.0630 4636 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
13:03:40.0630 4636 IRENUM - ok
13:03:40.0677 4636 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
13:03:40.0677 4636 isapnp - ok
13:03:40.0723 4636 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:03:40.0739 4636 iScsiPrt - ok
13:03:40.0755 4636 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
13:03:40.0755 4636 kbdclass - ok
13:03:40.0801 4636 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
13:03:40.0817 4636 kbdhid - ok
13:03:40.0848 4636 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
13:03:40.0848 4636 KeyIso - ok
13:03:40.0895 4636 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:03:40.0895 4636 KSecDD - ok
13:03:40.0926 4636 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:03:40.0926 4636 KSecPkg - ok
13:03:40.0973 4636 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
13:03:40.0973 4636 ksthunk - ok
13:03:41.0004 4636 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
13:03:41.0020 4636 KtmRm - ok
13:03:41.0082 4636 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
13:03:41.0082 4636 LanmanServer - ok
13:03:41.0129 4636 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:03:41.0129 4636 LanmanWorkstation - ok
13:03:41.0176 4636 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:03:41.0176 4636 lltdio - ok
13:03:41.0207 4636 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
13:03:41.0207 4636 lltdsvc - ok
13:03:41.0254 4636 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
13:03:41.0254 4636 lmhosts - ok
13:03:41.0363 4636 [ A1C148801B4AF64847AEB9F3AD9594EF ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:03:41.0379 4636 LMS - ok
13:03:41.0503 4636 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\windows\system32\DRIVERS\LPCFilter.sys
13:03:41.0503 4636 LPCFilter - ok
13:03:41.0613 4636 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
13:03:41.0613 4636 LSI_FC - ok
13:03:41.0659 4636 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
13:03:41.0659 4636 LSI_SAS - ok
13:03:41.0737 4636 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
13:03:41.0737 4636 LSI_SAS2 - ok
13:03:41.0815 4636 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
13:03:41.0831 4636 LSI_SCSI - ok
13:03:41.0878 4636 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
13:03:41.0878 4636 luafv - ok
13:03:41.0940 4636 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\windows\system32\drivers\mbam.sys
13:03:41.0940 4636 MBAMProtector - ok
13:03:42.0018 4636 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:03:42.0034 4636 MBAMScheduler - ok
13:03:42.0096 4636 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:03:42.0112 4636 MBAMService - ok
13:03:42.0190 4636 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
13:03:42.0190 4636 McComponentHostService - ok
13:03:42.0237 4636 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:03:42.0237 4636 Mcx2Svc - ok
13:03:42.0283 4636 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
13:03:42.0283 4636 megasas - ok
13:03:42.0330 4636 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
13:03:42.0346 4636 MegaSR - ok
13:03:42.0471 4636 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
13:03:42.0471 4636 MMCSS - ok
13:03:42.0533 4636 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
13:03:42.0533 4636 Modem - ok
13:03:42.0564 4636 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:03:42.0564 4636 monitor - ok
13:03:42.0611 4636 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
13:03:42.0611 4636 mouclass - ok
13:03:42.0658 4636 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:03:42.0658 4636 mouhid - ok
13:03:42.0705 4636 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:03:42.0705 4636 mountmgr - ok
13:03:42.0783 4636 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:03:42.0783 4636 MozillaMaintenance - ok
13:03:42.0845 4636 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
13:03:42.0845 4636 mpio - ok
13:03:42.0892 4636 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:03:42.0892 4636 mpsdrv - ok
13:03:42.0939 4636 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
13:03:42.0954 4636 MpsSvc - ok
13:03:42.0985 4636 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:03:42.0985 4636 MRxDAV - ok
13:03:43.0032 4636 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:03:43.0032 4636 mrxsmb - ok
13:03:43.0079 4636 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:03:43.0079 4636 mrxsmb10 - ok
13:03:43.0126 4636 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:03:43.0126 4636 mrxsmb20 - ok
13:03:43.0157 4636 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
13:03:43.0157 4636 msahci - ok
13:03:43.0204 4636 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:03:43.0204 4636 msdsm - ok
13:03:43.0251 4636 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
13:03:43.0251 4636 MSDTC - ok
13:03:43.0297 4636 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:03:43.0297 4636 Msfs - ok
13:03:43.0313 4636 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:03:43.0329 4636 mshidkmdf - ok
13:03:43.0360 4636 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:03:43.0360 4636 msisadrv - ok
13:03:43.0485 4636 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:03:43.0485 4636 MSiSCSI - ok
13:03:43.0500 4636 msiserver - ok
13:03:43.0563 4636 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:03:43.0563 4636 MSKSSRV - ok
13:03:43.0609 4636 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:03:43.0609 4636 MSPCLOCK - ok
13:03:43.0641 4636 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:03:43.0641 4636 MSPQM - ok
13:03:43.0765 4636 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:03:43.0765 4636 MsRPC - ok
13:03:43.0812 4636 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
13:03:43.0812 4636 mssmbios - ok
13:03:43.0843 4636 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:03:43.0843 4636 MSTEE - ok
13:03:43.0890 4636 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
13:03:43.0890 4636 MTConfig - ok
13:03:43.0906 4636 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
13:03:43.0906 4636 Mup - ok
13:03:43.0953 4636 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
13:03:43.0953 4636 napagent - ok
13:03:44.0015 4636 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:03:44.0015 4636 NativeWifiP - ok
13:03:44.0077 4636 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
13:03:44.0093 4636 NDIS - ok
13:03:44.0140 4636 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:03:44.0140 4636 NdisCap - ok
13:03:44.0156 4636 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:03:44.0156 4636 NdisTapi - ok
13:03:44.0203 4636 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:03:44.0203 4636 Ndisuio - ok
13:03:44.0250 4636 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:03:44.0250 4636 NdisWan - ok
13:03:44.0297 4636 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:03:44.0312 4636 NDProxy - ok
13:03:44.0359 4636 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
13:03:44.0359 4636 Net Driver HPZ12 - ok
13:03:44.0390 4636 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:03:44.0390 4636 NetBIOS - ok
13:03:44.0437 4636 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:03:44.0437 4636 NetBT - ok
13:03:44.0484 4636 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
13:03:44.0484 4636 Netlogon - ok
13:03:44.0515 4636 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
13:03:44.0531 4636 Netman - ok
13:03:44.0546 4636 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
13:03:44.0546 4636 netprofm - ok
13:03:44.0593 4636 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:03:44.0593 4636 NetTcpPortSharing - ok
13:03:44.0656 4636 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
13:03:44.0656 4636 nfrd960 - ok
13:03:44.0827 4636 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
13:03:44.0843 4636 NlaSvc - ok
13:03:44.0874 4636 Norton PC Checkup Application Launcher - ok
13:03:44.0952 4636 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:03:45.0061 4636 Npfs - ok
13:03:45.0092 4636 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
13:03:45.0092 4636 nsi - ok
13:03:45.0124 4636 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:03:45.0124 4636 nsiproxy - ok
13:03:45.0295 4636 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:03:45.0358 4636 Ntfs - ok
13:03:45.0389 4636 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
13:03:45.0389 4636 Null - ok
13:03:45.0451 4636 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
13:03:45.0451 4636 nvraid - ok
13:03:45.0482 4636 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
13:03:45.0482 4636 nvstor - ok
13:03:45.0529 4636 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:03:45.0529 4636 nv_agp - ok
13:03:45.0716 4636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:03:45.0716 4636 odserv - ok
13:03:45.0748 4636 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:03:45.0763 4636 ohci1394 - ok
13:03:45.0810 4636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:03:45.0826 4636 ose - ok
13:03:45.0857 4636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:03:45.0857 4636 p2pimsvc - ok
13:03:45.0904 4636 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
13:03:45.0904 4636 p2psvc - ok
13:03:45.0935 4636 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
13:03:45.0950 4636 Parport - ok
13:03:45.0982 4636 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
13:03:45.0982 4636 partmgr - ok
13:03:46.0028 4636 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
13:03:46.0028 4636 PcaSvc - ok
13:03:46.0091 4636 [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
13:03:46.0091 4636 PCCUJobMgr - ok
13:03:46.0169 4636 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
13:03:46.0169 4636 pci - ok
13:03:46.0216 4636 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
13:03:46.0216 4636 pciide - ok
13:03:46.0278 4636 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
13:03:46.0278 4636 pcmcia - ok
13:03:46.0340 4636 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
13:03:46.0340 4636 pcw - ok
13:03:46.0372 4636 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:03:46.0434 4636 PEAUTH - ok
13:03:46.0980 4636 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
13:03:46.0980 4636 PerfHost - ok
13:03:47.0136 4636 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
13:03:47.0152 4636 PGEffect - ok
13:03:47.0214 4636 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
13:03:47.0245 4636 pla - ok
13:03:47.0308 4636 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:03:47.0323 4636 PlugPlay - ok
13:03:47.0386 4636 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
13:03:47.0386 4636 Pml Driver HPZ12 - ok
13:03:47.0432 4636 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:03:47.0432 4636 PNRPAutoReg - ok
13:03:47.0495 4636 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:03:47.0495 4636 PNRPsvc - ok
13:03:47.0573 4636 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:03:47.0588 4636 PolicyAgent - ok
13:03:47.0620 4636 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
13:03:47.0620 4636 Power - ok
13:03:47.0682 4636 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:03:47.0682 4636 PptpMiniport - ok
13:03:47.0729 4636 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
13:03:47.0729 4636 Processor - ok
13:03:47.0932 4636 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
13:03:47.0947 4636 ProfSvc - ok
13:03:47.0994 4636 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
13:03:47.0994 4636 ProtectedStorage - ok
13:03:48.0072 4636 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:03:48.0072 4636 Psched - ok
13:03:48.0150 4636 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\windows\system32\DRIVERS\psi_mf.sys
13:03:48.0150 4636 PSI - ok
13:03:48.0212 4636 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
13:03:48.0228 4636 ql2300 - ok
13:03:48.0244 4636 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
13:03:48.0244 4636 ql40xx - ok
13:03:48.0259 4636 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
13:03:48.0275 4636 QWAVE - ok
13:03:48.0290 4636 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:03:48.0290 4636 QWAVEdrv - ok
13:03:48.0322 4636 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:03:48.0322 4636 RasAcd - ok
13:03:48.0353 4636 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:03:48.0353 4636 RasAgileVpn - ok
13:03:48.0446 4636 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
13:03:48.0446 4636 RasAuto - ok
13:03:48.0524 4636 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:03:48.0524 4636 Rasl2tp - ok
13:03:48.0618 4636 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
13:03:48.0634 4636 RasMan - ok
13:03:48.0680 4636 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:03:48.0680 4636 RasPppoe - ok
13:03:48.0712 4636 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:03:48.0712 4636 RasSstp - ok
13:03:48.0758 4636 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:03:48.0758 4636 rdbss - ok
13:03:48.0774 4636 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
13:03:48.0774 4636 rdpbus - ok
13:03:48.0821 4636 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:03:48.0821 4636 RDPCDD - ok
13:03:48.0821 4636 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:03:48.0836 4636 RDPENCDD - ok
13:03:48.0852 4636 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:03:48.0852 4636 RDPREFMP - ok
13:03:48.0883 4636 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:03:48.0883 4636 RDPWD - ok
13:03:48.0961 4636 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:03:48.0961 4636 rdyboost - ok
13:03:48.0992 4636 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
13:03:48.0992 4636 RemoteAccess - ok
13:03:49.0133 4636 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:03:49.0133 4636 RemoteRegistry - ok
13:03:49.0164 4636 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:03:49.0195 4636 RpcEptMapper - ok
13:03:49.0242 4636 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
13:03:49.0242 4636 RpcLocator - ok
13:03:49.0289 4636 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
13:03:49.0289 4636 RpcSs - ok
13:03:49.0320 4636 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:03:49.0336 4636 rspndr - ok
13:03:49.0398 4636 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
13:03:49.0398 4636 RSUSBSTOR - ok
13:03:49.0445 4636 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
13:03:49.0445 4636 RTL8167 - ok
13:03:49.0507 4636 [ A8ED9726734D403217A4861A6788B144 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
13:03:49.0523 4636 rtl8192se - ok
13:03:49.0554 4636 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
13:03:49.0554 4636 SamSs - ok
13:03:49.0585 4636 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:03:49.0585 4636 sbp2port - ok
13:03:49.0632 4636 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
13:03:49.0632 4636 SCardSvr - ok
13:03:49.0663 4636 SCardSvr32 - ok
13:03:49.0694 4636 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:03:49.0710 4636 scfilter - ok
13:03:49.0772 4636 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
13:03:49.0804 4636 Schedule - ok
13:03:49.0835 4636 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
13:03:49.0835 4636 SCPolicySvc - ok
13:03:49.0882 4636 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:03:49.0882 4636 SDRSVC - ok
13:03:49.0928 4636 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:03:49.0928 4636 secdrv - ok
13:03:49.0975 4636 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
13:03:49.0975 4636 seclogon - ok
13:03:50.0084 4636 [ FC4842CECAF2A938BE13A6C534034088 ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
13:03:50.0100 4636 Secunia PSI Agent - ok
13:03:50.0147 4636 [ 401C960E9C95D35CFFB17CA57C4406FB ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
13:03:50.0147 4636 Secunia Update Agent - ok
13:03:50.0178 4636 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
13:03:50.0178 4636 SENS - ok
13:03:50.0209 4636 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:03:50.0209 4636 SensrSvc - ok
13:03:50.0240 4636 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
13:03:50.0240 4636 Serenum - ok
13:03:50.0287 4636 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
13:03:50.0287 4636 Serial - ok
13:03:50.0318 4636 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
13:03:50.0334 4636 sermouse - ok
13:03:50.0381 4636 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
13:03:50.0381 4636 SessionEnv - ok
13:03:50.0428 4636 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:03:50.0428 4636 sffdisk - ok
13:03:50.0443 4636 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:03:50.0443 4636 sffp_mmc - ok
13:03:50.0459 4636 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:03:50.0459 4636 sffp_sd - ok
13:03:50.0506 4636 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
13:03:50.0506 4636 sfloppy - ok
13:03:50.0552 4636 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
13:03:50.0568 4636 SharedAccess - ok
13:03:50.0615 4636 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:03:50.0630 4636 ShellHWDetection - ok
13:03:50.0662 4636 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
13:03:50.0677 4636 SiSRaid2 - ok
13:03:50.0740 4636 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
13:03:50.0740 4636 SiSRaid4 - ok
13:03:50.0880 4636 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
13:03:50.0880 4636 SkypeUpdate - ok
13:03:50.0942 4636 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
13:03:50.0942 4636 Smb - ok
13:03:50.0974 4636 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:03:50.0974 4636 SNMPTRAP - ok
13:03:50.0989 4636 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
13:03:50.0989 4636 spldr - ok
13:03:51.0052 4636 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\windows\System32\spoolsv.exe
13:03:51.0067 4636 Spooler - ok
13:03:51.0176 4636 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
13:03:51.0239 4636 sppsvc - ok
13:03:51.0270 4636 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:03:51.0270 4636 sppuinotify - ok
13:03:51.0317 4636 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
13:03:51.0332 4636 srv - ok
13:03:51.0364 4636 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:03:51.0364 4636 srv2 - ok
13:03:51.0410 4636 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:03:51.0410 4636 srvnet - ok
13:03:51.0442 4636 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:03:51.0442 4636 SSDPSRV - ok
13:03:51.0457 4636 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
13:03:51.0457 4636 SstpSvc - ok
13:03:51.0504 4636 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
13:03:51.0504 4636 stexstor - ok
13:03:51.0551 4636 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
13:03:51.0566 4636 stisvc - ok
13:03:51.0660 4636 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
13:03:51.0660 4636 swenum - ok
13:03:51.0691 4636 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
13:03:51.0707 4636 swprv - ok
13:03:51.0738 4636 [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp C:\windows\system32\DRIVERS\sxuptp.sys
13:03:51.0738 4636 sxuptp - ok
13:03:51.0769 4636 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:03:51.0769 4636 SynTP - ok
13:03:51.0847 4636 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
13:03:51.0863 4636 SysMain - ok
13:03:51.0910 4636 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
13:03:51.0925 4636 TabletInputService - ok
13:03:51.0941 4636 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
13:03:51.0956 4636 TapiSrv - ok
13:03:51.0988 4636 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
13:03:51.0988 4636 TBS - ok
13:03:52.0081 4636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:03:52.0097 4636 Tcpip - ok
13:03:52.0175 4636 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:03:52.0175 4636 TCPIP6 - ok
13:03:52.0237 4636 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:03:52.0237 4636 tcpipreg - ok
13:03:52.0284 4636 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
13:03:52.0284 4636 tdcmdpst - ok
13:03:52.0315 4636 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:03:52.0315 4636 TDPIPE - ok
13:03:52.0346 4636 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:03:52.0346 4636 TDTCP - ok
13:03:52.0409 4636 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:03:52.0409 4636 tdx - ok
13:03:52.0440 4636 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
13:03:52.0440 4636 TermDD - ok
13:03:52.0565 4636 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
13:03:52.0580 4636 TermService - ok
13:03:52.0627 4636 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
13:03:52.0627 4636 Themes - ok
13:03:52.0690 4636 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
13:03:52.0690 4636 THREADORDER - ok
13:03:52.0877 4636 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:03:52.0877 4636 TMachInfo - ok
13:03:52.0924 4636 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
13:03:52.0924 4636 TODDSrv - ok
13:03:53.0048 4636 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:03:53.0064 4636 TosCoSrv - ok
13:03:53.0126 4636 [ 2AB7A4697462EDB0C9DFAFC529746BA9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
13:03:53.0126 4636 TOSHIBA eco Utility Service - ok
13:03:53.0360 4636 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:03:53.0360 4636 TOSHIBA HDD SSD Alert Service - ok
13:03:53.0579 4636 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:03:53.0594 4636 TPCHSrv - ok
13:03:53.0657 4636 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
13:03:53.0657 4636 TrkWks - ok
13:03:53.0782 4636 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:03:53.0782 4636 TrustedInstaller - ok
13:03:53.0828 4636 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:03:53.0828 4636 tssecsrv - ok
13:03:53.0891 4636 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:03:53.0891 4636 TsUsbFlt - ok
13:03:53.0938 4636 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:03:53.0953 4636 tunnel - ok
13:03:53.0953 4636 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:03:53.0969 4636 TVALZ - ok
13:03:53.0984 4636 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
13:03:53.0984 4636 TVALZFL - ok
13:03:54.0016 4636 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
13:03:54.0016 4636 uagp35 - ok
13:03:54.0062 4636 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:03:54.0062 4636 udfs - ok
13:03:54.0094 4636 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:03:54.0109 4636 UI0Detect - ok
13:03:54.0156 4636 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:03:54.0156 4636 uliagpkx - ok
13:03:54.0203 4636 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
13:03:54.0203 4636 umbus - ok
13:03:54.0250 4636 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
13:03:54.0250 4636 UmPass - ok
13:03:54.0421 4636 [ 41118D920B2B268C0ADC36421248CDCF ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:03:54.0437 4636 UNS - ok
13:03:54.0468 4636 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
13:03:54.0484 4636 upnphost - ok
13:03:54.0515 4636 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
13:03:54.0515 4636 USBAAPL64 - ok
13:03:54.0562 4636 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:03:54.0562 4636 usbccgp - ok
13:03:54.0608 4636 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
13:03:54.0608 4636 usbcir - ok
13:03:54.0655 4636 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
13:03:54.0671 4636 usbehci - ok
13:03:54.0702 4636 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:03:54.0702 4636 usbhub - ok
13:03:54.0733 4636 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
13:03:54.0733 4636 usbohci - ok
13:03:54.0796 4636 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:03:54.0796 4636 usbprint - ok
13:03:54.0811 4636 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
13:03:54.0811 4636 usbscan - ok
13:03:54.0827 4636 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:03:54.0827 4636 USBSTOR - ok
13:03:54.0889 4636 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
13:03:54.0889 4636 usbuhci - ok
13:03:54.0952 4636 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
13:03:54.0967 4636 usbvideo - ok
13:03:54.0998 4636 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
13:03:54.0998 4636 UxSms - ok
13:03:55.0092 4636 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
13:03:55.0092 4636 VaultSvc - ok
13:03:55.0139 4636 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:03:55.0139 4636 vdrvroot - ok
13:03:55.0201 4636 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
13:03:55.0217 4636 vds - ok
13:03:55.0264 4636 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:03:55.0264 4636 vga - ok
13:03:55.0310 4636 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
13:03:55.0310 4636 VgaSave - ok
13:03:55.0357 4636 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:03:55.0357 4636 vhdmp - ok
13:03:55.0388 4636 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
13:03:55.0388 4636 viaide - ok
13:03:55.0404 4636 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:03:55.0404 4636 volmgr - ok
13:03:55.0451 4636 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:03:55.0451 4636 volmgrx - ok
13:03:55.0498 4636 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
13:03:55.0513 4636 volsnap - ok
13:03:55.0560 4636 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
13:03:55.0560 4636 vsmraid - ok
13:03:55.0638 4636 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
13:03:55.0669 4636 VSS - ok
13:03:55.0700 4636 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:03:55.0700 4636 vwifibus - ok
13:03:55.0747 4636 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:03:55.0747 4636 vwififlt - ok
13:03:55.0794 4636 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:03:55.0794 4636 vwifimp - ok
13:03:55.0841 4636 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
13:03:55.0841 4636 W32Time - ok
13:03:55.0872 4636 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
13:03:55.0872 4636 WacomPen - ok
13:03:55.0919 4636 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:03:55.0934 4636 WANARP - ok
13:03:55.0934 4636 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:03:55.0934 4636 Wanarpv6 - ok
13:03:55.0997 4636 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
13:03:56.0028 4636 WatAdminSvc - ok
13:03:56.0106 4636 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
13:03:56.0122 4636 wbengine - ok
13:03:56.0153 4636 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:03:56.0168 4636 WbioSrvc - ok
13:03:56.0200 4636 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
13:03:56.0215 4636 wcncsvc - ok
13:03:56.0231 4636 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:03:56.0231 4636 WcsPlugInService - ok
13:03:56.0278 4636 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
13:03:56.0278 4636 Wd - ok
13:03:56.0324 4636 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:03:56.0340 4636 Wdf01000 - ok
13:03:56.0371 4636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
13:03:56.0371 4636 WdiServiceHost - ok
13:03:56.0371 4636 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
13:03:56.0371 4636 WdiSystemHost - ok
13:03:56.0418 4636 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
13:03:56.0418 4636 WebClient - ok
13:03:56.0434 4636 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
13:03:56.0434 4636 Wecsvc - ok
13:03:56.0465 4636 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:03:56.0480 4636 wercplsupport - ok
13:03:56.0496 4636 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
13:03:56.0496 4636 WerSvc - ok
13:03:56.0543 4636 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:03:56.0543 4636 WfpLwf - ok
13:03:56.0636 4636 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:03:56.0636 4636 WIMMount - ok
13:03:56.0652 4636 WinDefend - ok
13:03:56.0652 4636 WinHttpAutoProxySvc - ok
13:03:56.0730 4636 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:03:56.0730 4636 Winmgmt - ok
13:03:56.0824 4636 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
13:03:56.0855 4636 WinRM - ok
13:03:56.0902 4636 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
13:03:56.0917 4636 Wlansvc - ok
13:03:56.0964 4636 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
13:03:56.0964 4636 WmiAcpi - ok
13:03:56.0995 4636 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:03:56.0995 4636 wmiApSrv - ok
13:03:57.0026 4636 WMPNetworkSvc - ok
13:03:57.0073 4636 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
13:03:57.0073 4636 WPCSvc - ok
13:03:57.0120 4636 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:03:57.0120 4636 WPDBusEnum - ok
13:03:57.0198 4636 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:03:57.0198 4636 ws2ifsl - ok
13:03:57.0276 4636 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
13:03:57.0276 4636 wscsvc - ok
13:03:57.0276 4636 WSearch - ok
13:03:57.0416 4636 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
13:03:57.0494 4636 wuauserv - ok
13:03:57.0541 4636 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:03:57.0541 4636 WudfPf - ok
13:03:57.0588 4636 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:03:57.0588 4636 WUDFRd - ok
13:03:57.0635 4636 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:03:57.0635 4636 wudfsvc - ok
13:03:57.0713 4636 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
13:03:57.0713 4636 WwanSvc - ok
13:03:57.0838 4636 ================ Scan global ===============================
13:03:57.0853 4636 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
13:03:57.0900 4636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
13:03:57.0900 4636 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll
13:03:57.0931 4636 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
13:03:57.0962 4636 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
13:03:57.0962 4636 [Global] - ok
13:03:57.0962 4636 ================ Scan MBR ==================================
13:03:57.0994 4636 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
13:03:58.0228 4636 \Device\Harddisk0\DR0 - ok
13:03:58.0228 4636 ================ Scan VBR ==================================
13:03:58.0243 4636 [ 76E9B72374F429C7BF393FE2F6C1EA4C ] \Device\Harddisk0\DR0\Partition1
13:03:58.0243 4636 \Device\Harddisk0\DR0\Partition1 - ok
13:03:58.0243 4636 ============================================================
13:03:58.0243 4636 Scan finished
13:03:58.0243 4636 ============================================================
13:03:58.0274 3348 Detected object count: 0
13:03:58.0274 3348 Actual detected object count: 0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 03 December 2012 - 06:50 PM

Download Malwarebytes Anti-Rootkit from the link to the right. http://www.bleepingcomputer.com/forums/topic464000.html
Unzip the contents to a folder in a convenient location.
Open the folder where the contents were unzipped and run mbar.exe
Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
Click on the Cleanup button to remove any threats and reboot if prompted to do so.
Wait while the system shuts down and the cleanup process is performed.
Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 bjohnson1982

bjohnson1982
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 04 December 2012 - 09:43 AM

The link you posted doesn't work.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:43 AM

Posted 04 December 2012 - 04:02 PM

http://www.malwarebytes.org/products/mbar/
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users