Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malwarebytes message - blocked access to potentially malicious website


  • Please log in to reply

#1
nubiwan

nubiwan

    Member

  • Member
  • PipPip
  • 14 posts
As you can see, I get these meassages every few minutes. Looks like a rootkit trying to send out stuff. Help please.

2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63666, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63665, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63667, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63670, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63669, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63671, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63672, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63674, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63673, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63675, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63676, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63677, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63678, Process: iexplore.exe)
2012/05/06 22:03:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63683, Process: iexplore.exe)
2012/05/06 22:04:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63781, Process: iexplore.exe)
2012/05/06 22:04:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63782, Process: iexplore.exe)
2012/05/06 22:04:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63785, Process: iexplore.exe)
2012/05/06 22:04:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63786, Process: iexplore.exe)
2012/05/06 22:04:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63791, Process: iexplore.exe)
2012/05/06 22:04:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63795, Process: iexplore.exe)
2012/05/06 22:04:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63798, Process: iexplore.exe)
2012/05/06 22:04:53 -0230 TONERAMA-PC Tonerama IP-BLOCK 178.32.190.142 (Type: outgoing, Port: 63860, Process: ~!#2910.tmp)
2012/05/06 22:04:53 -0230 TONERAMA-PC Tonerama IP-BLOCK 178.32.190.142 (Type: outgoing, Port: 63861, Process: ~!#2910.tmp)
2012/05/06 22:04:53 -0230 TONERAMA-PC Tonerama IP-BLOCK 178.32.190.142 (Type: outgoing, Port: 63862, Process: ~!#2910.tmp)
2012/05/06 22:04:53 -0230 TONERAMA-PC Tonerama IP-BLOCK 178.32.190.142 (Type: outgoing, Port: 63867, Process: ~!#2910.tmp)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63895, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63897, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63898, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63901, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63900, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63903, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63902, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63906, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63907, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63908, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63909, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63910, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63915, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63917, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63916, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63918, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63919, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63921, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63922, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63923, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63925, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63924, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63926, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63927, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63928, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63929, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63930, Process: iexplore.exe)
2012/05/06 22:05:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 63931, Process: iexplore.exe)
2012/05/06 22:05:10 -0230 TONERAMA-PC Tonerama IP-BLOCK 86.55.210.76 (Type: outgoing, Port: 63968, Process: wuauclt.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64009, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64012, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64017, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64020, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64023, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64024, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64026, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64027, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64028, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64030, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64031, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64032, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64033, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64034, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64035, Process: iexplore.exe)
2012/05/06 22:05:50 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64036, Process: iexplore.exe)
2012/05/06 22:06:39 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64106, Process: iexplore.exe)
2012/05/06 22:06:39 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64125, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64197, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64205, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64207, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64209, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64211, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64210, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64213, Process: iexplore.exe)
2012/05/06 22:07:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64212, Process: iexplore.exe)
2012/05/06 22:07:43 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64261, Process: nullpersistent.exe)
2012/05/06 22:07:52 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64265, Process: nullpersistent.exe)
2012/05/06 22:07:52 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64276, Process: iexplore.exe)
2012/05/06 22:07:52 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64277, Process: iexplore.exe)
2012/05/06 22:07:52 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64278, Process: iexplore.exe)
2012/05/06 22:07:52 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64284, Process: iexplore.exe)
2012/05/06 22:07:52 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64285, Process: iexplore.exe)
2012/05/06 22:07:52 -0230 TONERAMA-PC Tonerama IP-BLOCK 109.163.230.114 (Type: outgoing, Port: 64286, Process: iexplore.exe)
2012/05/06 22:08:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64453, Process: nullpersistent.exe)
2012/05/06 22:08:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64478, Process: nullpersistent.exe)
2012/05/06 22:10:09 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64518, Process: nullpersistent.exe)
2012/05/06 22:10:17 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64527, Process: nullpersistent.exe)
2012/05/06 22:12:42 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64794, Process: nullpersistent.exe)
2012/05/06 22:14:51 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 64890, Process: nullpersistent.exe)
2012/05/06 22:16:28 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 65375, Process: nullpersistent.exe)
2012/05/06 22:17:09 -0230 TONERAMA-PC Tonerama IP-BLOCK 178.32.190.142 (Type: outgoing, Port: 65494, Process: ~!#2910.tmp)
2012/05/06 22:17:17 -0230 TONERAMA-PC Tonerama IP-BLOCK 178.32.190.142 (Type: outgoing, Port: 65500, Process: ~!#2910.tmp)
2012/05/06 22:19:02 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49457, Process: nullpersistent.exe)
2012/05/06 22:21:20 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49802, Process: nullpersistent.exe)
2012/05/06 22:21:20 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49805, Process: nullpersistent.exe)
2012/05/06 22:21:36 -0230 TONERAMA-PC Tonerama IP-BLOCK 178.32.190.142 (Type: outgoing, Port: 49816, Process: ~!#2910.tmp)
2012/05/06 22:21:44 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49823, Process: nullpersistent.exe)
2012/05/06 22:23:04 -0230 TONERAMA-PC Tonerama MESSAGE Starting database refresh
2012/05/06 22:23:04 -0230 TONERAMA-PC Tonerama MESSAGE Stopping IP protection
2012/05/06 22:25:23 -0230 TONERAMA-PC Tonerama MESSAGE IP Protection stopped
2012/05/06 22:25:25 -0230 TONERAMA-PC Tonerama MESSAGE Database refreshed successfully
2012/05/06 22:25:25 -0230 TONERAMA-PC Tonerama MESSAGE Starting IP protection
2012/05/06 22:25:26 -0230 TONERAMA-PC Tonerama MESSAGE IP Protection started successfully
2012/05/06 22:31:02 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 50162, Process: nullpersistent.exe)
2012/05/06 22:35:35 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 50289, Process: nullpersistent.exe)
2012/05/06 22:35:36 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 50291, Process: nullpersistent.exe)
2012/05/06 22:36:24 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 50318, Process: nullpersistent.exe)
2012/05/06 22:39:13 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 50393, Process: nullpersistent.exe)
2012/05/06 22:50:02 -0230 TONERAMA-PC Tonerama MESSAGE Starting protection
2012/05/06 22:50:04 -0230 TONERAMA-PC Tonerama MESSAGE Protection started successfully
2012/05/06 22:50:07 -0230 TONERAMA-PC Tonerama MESSAGE Starting IP protection
2012/05/06 22:50:09 -0230 TONERAMA-PC Tonerama MESSAGE IP Protection started successfully
2012/05/06 22:50:55 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49359, Process: nullpersistent.exe)
2012/05/06 22:50:56 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49381, Process: nullpersistent.exe)
2012/05/06 22:51:20 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49397, Process: nullpersistent.exe)
2012/05/06 22:54:41 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49515, Process: nullpersistent.exe)
2012/05/06 22:54:41 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49517, Process: nullpersistent.exe)
2012/05/06 22:55:38 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49566, Process: nullpersistent.exe)
2012/05/06 22:57:23 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49641, Process: nullpersistent.exe)
2012/05/06 22:59:24 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49756, Process: nullpersistent.exe)
2012/05/06 23:01:34 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49824, Process: nullpersistent.exe)
2012/05/06 23:02:14 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49845, Process: nullpersistent.exe)
2012/05/06 23:02:14 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49847, Process: nullpersistent.exe)
2012/05/06 23:02:14 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 49851, Process: iexplore.exe)
2012/05/06 23:02:30 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 49855, Process: iexplore.exe)
2012/05/06 23:02:30 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 49856, Process: iexplore.exe)
2012/05/06 23:02:30 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49861, Process: nullpersistent.exe)
2012/05/06 23:02:30 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49863, Process: nullpersistent.exe)
2012/05/06 23:02:39 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 49865, Process: iexplore.exe)
2012/05/06 23:03:19 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 49875, Process: iexplore.exe)
2012/05/06 23:04:00 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49923, Process: nullpersistent.exe)
2012/05/06 23:04:40 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 49938, Process: iexplore.exe)
2012/05/06 23:04:48 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 49940, Process: nullpersistent.exe)
2012/05/06 23:04:48 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49947, Process: nullpersistent.exe)
2012/05/06 23:04:48 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.18 (Type: outgoing, Port: 49950, Process: nullpersistent.exe)
2012/05/06 23:07:14 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50008, Process: iexplore.exe)
2012/05/06 23:07:30 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50021, Process: iexplore.exe)
2012/05/06 23:08:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50035, Process: iexplore.exe)
2012/05/06 23:08:27 -0230 TONERAMA-PC Tonerama IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 50037, Process: iexplore.exe)
2012/05/06 23:09:15 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 50097, Process: nullpersistent.exe)
2012/05/06 23:11:01 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 50298, Process: nullpersistent.exe)
2012/05/06 23:11:25 -0230 TONERAMA-PC Tonerama IP-BLOCK 94.242.214.26 (Type: outgoing, Port: 50308, Process: nullpersistent.exe)


Here is my most recent MALWAREBYTE SCAN

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.06.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Tonerama :: TONERAMA-PC [administrator]

Protection: Enabled

06/05/2012 10:24:19 PM
mbam-log-2012-05-06 (22-24-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195693
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\Tonerama\AppData\Local\temp\msimg32.dll (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Tonerama\AppData\Local\temp\~!#2910.tmp (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Users\Tonerama\AppData\Local\temp\msusira.bat (Trojan.Downloader.Gen) -> Delete on reboot.

(end)
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware


SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Copy the text in the code box:

nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
nubiwan

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
thanks Ron - here are those logs

AVAST

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-31 11:27:06
-----------------------------
11:27:06.380 OS Version: Windows 6.1.7601 Service Pack 1
11:27:06.380 Number of processors: 2 586 0x2505
11:27:06.380 ComputerName: TONERAMA-PC UserName: Tonerama
11:27:25.958 Initialize success
11:28:11.703 AVAST engine defs: 12033100
11:28:17.662 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:28:17.662 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
11:28:17.678 Disk 0 MBR read successfully
11:28:17.678 Disk 0 MBR scan
11:28:17.693 Disk 0 Windows VISTA default MBR code
11:28:17.709 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:28:17.724 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597514 MB offset 3074048
11:28:17.756 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11465 MB offset 1226782720
11:28:17.787 Disk 0 scanning sectors +1250263040
11:28:17.896 Disk 0 scanning C:\windows\system32\drivers
11:28:34.385 Service scanning
11:29:26.630 Modules scanning
11:30:01.496 Disk 0 trace - called modules:
11:30:01.511 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys
11:30:01.511 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d42030]
11:30:01.527 3 CLASSPNP.SYS[8b59c59e] -> nt!IofCallDriver -> [0x8627d938]
11:30:01.527 5 ACPI.sys[8aea73d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86224028]
11:30:02.915 AVAST engine scan C:\windows
11:30:07.003 AVAST engine scan C:\windows\system32
11:30:52.477 File: C:\windows\system32\k5BF8M.com **INFECTED** Win32:Crypt-MEQ [Trj]
11:30:52.570 File: C:\windows\system32\k5BF8M.com_ **INFECTED** Win32:Crypt-MEQ [Trj]
11:33:03.002 AVAST engine scan C:\windows\system32\drivers
11:33:15.685 AVAST engine scan C:\Users\Tonerama
11:33:15.857 File: C:\Users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe **INFECTED** Win32:Adware-gen [Adw]
11:36:02.512 AVAST engine scan C:\ProgramData
11:36:53.353 Scan finished successfully
11:37:26.050 Disk 0 MBR has been saved successfully to "C:\Users\Tonerama\Desktop\SecureFiles\MBR.dat"
11:37:26.050 The log file has been saved successfully to "C:\Users\Tonerama\Desktop\SecureFiles\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-07 20:52:40
-----------------------------
20:52:40.977 OS Version: Windows 6.1.7601 Service Pack 1
20:52:40.977 Number of processors: 2 586 0x2505
20:52:40.977 ComputerName: TONERAMA-PC UserName: Tonerama
20:52:44.035 Initialize success
20:53:18.168 AVAST engine defs: 12050701
20:53:57.590 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:53:57.605 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
20:53:57.621 Disk 0 MBR read successfully
20:53:57.621 Disk 0 MBR scan
20:53:57.636 Disk 0 Windows VISTA default MBR code
20:53:57.652 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
20:53:57.668 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597514 MB offset 3074048
20:53:57.714 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11465 MB offset 1226782720
20:53:57.746 Disk 0 scanning sectors +1250263040
20:53:57.855 Disk 0 scanning C:\windows\system32\drivers
20:54:08.322 Service scanning
20:54:48.056 Modules scanning
20:55:06.511 AVAST engine scan C:\windows
20:55:10.036 AVAST engine scan C:\windows\system32
20:57:30.109 AVAST engine scan C:\windows\system32\drivers
20:57:42.854 AVAST engine scan C:\Users\Tonerama
21:02:04.482 AVAST engine scan C:\ProgramData
21:02:44.559 Scan finished successfully
21:04:07.613 Disk 0 MBR has been saved successfully to "C:\Users\Tonerama\Desktop\SecureFiles\MBR.dat"
21:04:07.613 The log file has been saved successfully to "C:\Users\Tonerama\Desktop\SecureFiles\aswMBR.txt"


COMBOFIX

ComboFix 12-05-07.03 - Tonerama 07/05/2012 21:10:50.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2998.1844 [GMT -2.5:30]
Running from: c:\downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tonerama\AppData\Local\temp\difox.dll
c:\users\Tonerama\AppData\Local\Temp\wiato.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-07 to 2012-05-07 )))))))))))))))))))))))))))))))
.
.
2012-05-07 23:44 . 2012-05-07 23:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-07 23:44 . 2012-05-07 23:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-07 00:34 . 2012-05-07 00:35 -------- d-----w- c:\users\Tonerama\AppData\Roaming\fifa
2012-05-07 00:34 . 2012-05-07 00:34 -------- d-----w- c:\users\Tonerama\AppData\Local\Null
2012-04-29 19:36 . 2012-04-29 19:36 -------- d-----w- c:\programdata\F4D55F380029BC71014C6DB1B4EB23C1
2012-04-26 22:06 . 2012-04-26 22:06 -------- d--h--w- c:\programdata\CanonBJ
2012-04-26 22:06 . 2009-07-14 01:15 71168 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL
2012-04-12 09:17 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 18:26 . 2011-11-06 11:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 15:08 . 2012-03-29 15:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 15:08 . 2011-10-20 20:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-14 11:46 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 11:46 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 11:46 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 11:46 1077248 ----a-w- c:\windows\system32\DWrite.dll
2011-12-21 07:24 . 2012-01-30 17:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nullpersistent"="c:\users\Tonerama\AppData\Local\Null\Nullpersistent.exe" [2012-05-07 41440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 167960]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-03-17 1328480]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-09 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Tonerama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 135664]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 152064]
R3 BPLGQPF;BPLGQPF;c:\users\Tonerama\AppData\Local\Temp\BPLGQPF.exe [x]
R3 BQPFU;BQPFU;c:\users\Tonerama\AppData\Local\Temp\BQPFU.exe [x]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 172032]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 189808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-02-23 66600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1011232]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 685424]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Hardlock
LwUsbHid
nwlnkspx
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
sddmi2
zpcollector
procmon10
isdrv120
bwcsrv
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:08]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 11:33]
.
2012-05-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-31 11:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
mStart Page = hxxp://www.toshiba.ca/welcome
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all by FlashGet3 - c:\users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 142.163.63.129
FF - ProfilePath - c:\users\Tonerama\AppData\Roaming\Mozilla\Firefox\Profiles\bwsslsp2.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-ACFinder - c:\users\Tonerama\AppData\Local\AppCore\ACFinder\ACFinder.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9a,86,25,16,b9,39,4e,bc,5b,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9a,86,25,16,b9,39,4e,bc,5b,c4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-07 21:16:39
ComboFix-quarantined-files.txt 2012-05-07 23:46
ComboFix2.txt 2012-03-30 01:12
.
Pre-Run: 504,243,273,728 bytes free
Post-Run: 510,692,737,024 bytes free
.
- - End Of File - - 8871E49C37F04964979EE4A4339AB743


MBAM - please note original MBAM above found rootkist - this one is clean - as I type, I am still getting the malicious messages.....

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.07.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Tonerama :: TONERAMA-PC [administrator]

07/05/2012 9:26:43 PM
mbam-log-2012-05-07 (21-26-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 191700
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

OTL

OTL logfile created on: 5/7/2012 9:32:58 PM - Run 10
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tonerama\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 59.14% Memory free
5.85 Gb Paging File | 4.71 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.51 Gb Total Space | 475.69 Gb Free Space | 81.52% Space Free | Partition Type: NTFS

Computer Name: TONERAMA-PC | User Name: Tonerama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/22 08:50:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Tonerama\Desktop\OTL.exe
PRC - [2010/11/20 09:47:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/03/22 15:07:22 | 000,496,184 | ---- | M] (Conexant Systems, Inc.) -- C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
PRC - [2010/03/17 21:03:10 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe
PRC - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe
PRC - [2010/03/14 23:26:38 | 000,372,736 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 18:44:52 | 000,742,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
PRC - [2010/03/03 16:47:48 | 000,030,040 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
PRC - [2010/02/23 22:24:04 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
PRC - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
PRC - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
PRC - [2010/02/05 22:10:44 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
PRC - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/11/06 02:34:12 | 000,480,608 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
PRC - [2009/10/06 13:53:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
PRC - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
PRC - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/28 18:30:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
PRC - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2007/09/25 05:40:50 | 002,007,088 | ---- | M] (FlashGet.com) -- C:\Program Files\FlashGet\flashget.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/12 07:10:38 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
MOD - [2012/04/12 07:10:02 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/12 07:09:54 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/02/16 09:34:09 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/02/16 09:34:02 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/02/16 09:34:01 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/14 10:29:46 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/14 17:17:23 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2010/03/03 18:44:58 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
MOD - [2010/03/03 18:44:56 | 000,016,184 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
MOD - [2010/03/03 18:44:32 | 008,783,160 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
MOD - [2010/02/05 22:10:28 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
MOD - [2009/11/03 17:56:26 | 000,058,680 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
MOD - [2009/07/25 15:37:12 | 000,058,704 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
MOD - [2009/06/22 20:08:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll
MOD - [2009/03/12 23:38:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll
MOD - [2007/06/15 04:05:38 | 000,626,688 | ---- | M] () -- C:\Program Files\FlashGet\FGBTCORE.dll
MOD - [2007/06/14 08:22:06 | 001,327,184 | ---- | M] () -- C:\Program Files\FlashGet\FGEMCORE.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mgmt.dll -- (isdrv120)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (Hardlock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (bwcsrv)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BQPFU.exe -- (BQPFU)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BPLGQPF.exe -- (BPLGQPF)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/03/29 12:38:36 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/09/17 03:00:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/10/12 15:29:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/17 20:26:22 | 000,189,808 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV - [2010/03/14 23:26:08 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/03 19:12:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/03/03 19:11:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/02/23 22:23:32 | 000,685,424 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV - [2010/02/05 22:11:00 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2010/01/28 21:14:24 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/11/06 02:34:20 | 000,468,320 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/10/06 13:51:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/07/28 20:13:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 22:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 22:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/10 23:21:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\ComboFix\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Users\Tonerama\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Tonerama\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 07:54:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 07:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/27 05:52:42 | 001,011,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2010/03/31 19:19:52 | 000,517,688 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2010/03/14 23:35:44 | 005,340,160 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2010/03/14 22:30:44 | 000,152,064 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/02/22 22:33:32 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/02/10 19:31:10 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/02/03 10:06:34 | 000,232,960 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV - [2010/02/01 14:59:46 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/09/17 17:24:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/07/30 22:15:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/14 19:58:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 19:43:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/07 13:23:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2009/06/22 21:34:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)
DRV - [2009/06/20 00:01:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...TSCA_en___CA449
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/30 15:18:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}: C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}\ [2012/03/29 12:26:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2CF9BE2F-923E-11E1-826D-B8AC6F996F26}: C:\Users\Tonerama\AppData\Local\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}\ [2012/03/29 12:26:14 | 000,000,000 | ---D | M]

[2012/01/30 15:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tonerama\AppData\Roaming\Mozilla\Extensions
[2012/01/30 15:18:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/29 12:26:14 | 000,000,000 | ---D | M] (Translate This!) -- C:\USERS\TONERAMA\APPDATA\LOCAL\{2CA987F0-79AC-11E1-826D-B8AC6F996F26}
[2011/12/21 04:54:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/21 02:00:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 02:00:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2012/05/07 21:15:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKCU..\Run: [Nullpersistent] C:\Users\Tonerama\AppData\Local\Null\Nullpersistent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 142.163.63.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81BA2DF6-ECBB-4EBF-AF3A-121A03E043B5}: DhcpNameServer = 192.168.2.1 142.163.63.129
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Hardlock - %systemroot%\system32\tvs.dll File not found
NetSvcs: LwUsbHid - File not found
NetSvcs: nwlnkspx - File not found
NetSvcs: {a7447300-8075-4b0d-83f1-3d75c8ebc623} - File not found
NetSvcs: sddmi2 - File not found
NetSvcs: zpcollector - File not found
NetSvcs: procmon10 - File not found
NetSvcs: isdrv120 - %systemroot%\system32\s716mgmt.dll File not found
NetSvcs: bwcsrv - %systemroot%\system32\ulcdrhlp.dll File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 21:16:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/07 21:16:41 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/05/06 22:04:55 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Roaming\fifa
[2012/05/06 22:04:47 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\Null
[2012/04/29 17:07:02 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012/04/29 17:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F380029BC71014C6DB1B4EB23C1
[2012/04/26 19:36:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/04/11 08:55:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012/04/11 08:55:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012/04/11 08:55:51 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012/04/11 08:55:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012/04/11 08:55:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

========== Files - Modified Within 30 Days ==========

[2012/05/07 21:15:17 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/05/07 21:14:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/07 21:13:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 20:45:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/07 11:13:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/06 22:55:05 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 22:55:05 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/06 22:52:55 | 000,631,364 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/05/06 22:52:55 | 000,111,456 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/05/06 22:47:50 | 2357,612,544 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/29 18:36:11 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 10:01:00 | 000,092,681 | ---- | M] () -- C:\Users\Tonerama\Desktop\UW1.jpg
[2012/04/24 21:30:23 | 000,004,096 | -H-- | M] () -- C:\Users\Tonerama\AppData\Local\keyfile3.drm
[2012/04/23 02:24:58 | 000,002,495 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/04/12 09:42:01 | 000,057,420 | ---- | M] () -- C:\Users\Tonerama\Desktop\pilot.jpg

========== Files Created - No Company Name ==========

[2012/04/26 10:01:00 | 000,092,681 | ---- | C] () -- C:\Users\Tonerama\Desktop\UW1.jpg
[2012/04/24 21:30:23 | 000,004,096 | -H-- | C] () -- C:\Users\Tonerama\AppData\Local\keyfile3.drm
[2012/04/23 02:24:49 | 000,002,495 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/04/14 21:00:07 | 000,057,420 | ---- | C] () -- C:\Users\Tonerama\Desktop\pilot.jpg
[2012/03/29 22:23:46 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/03/29 22:23:46 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/03/29 22:23:46 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/03/29 22:23:46 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/03/29 22:23:46 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/02/07 23:36:01 | 000,005,632 | ---- | C] () -- C:\Users\Tonerama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/14 18:01:28 | 000,000,644 | ---- | C] () -- C:\windows\System32\secustat.dat
[2011/12/10 23:26:23 | 000,000,598 | ---- | C] () -- C:\windows\System32\secushr.dat
[2011/12/10 23:03:55 | 000,000,025 | ---- | C] () -- C:\windows\libem.INI
[2011/09/29 09:16:12 | 000,000,094 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/09/16 09:35:50 | 000,034,817 | ---- | C] () -- C:\windows\System32\icmrreg.dll
[2011/09/14 19:35:42 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/09/14 19:21:04 | 000,451,072 | ---- | C] () -- C:\windows\System32\ISSRemoveSP.exe
[2010/07/06 23:32:45 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/09/14 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Adobe
[2011/09/18 21:34:58 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Apple Computer
[2011/09/29 09:16:12 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\AuctionSentry
[2012/01/17 23:55:34 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BAxBEx
[2012/05/03 12:08:46 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\BITS
[2012/01/17 23:34:45 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\dvdcss
[2012/05/06 22:05:03 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\fifa
[2011/12/10 23:03:28 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGet
[2011/12/10 23:03:25 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\FlashGetBHO
[2011/09/14 15:53:51 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Google
[2011/09/14 15:31:22 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Identities
[2011/11/12 19:34:57 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Intuit Canada
[2011/09/14 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Macromedia
[2011/11/06 08:34:21 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Malwarebytes
[2009/07/14 05:18:18 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Media Center Programs
[2012/03/31 08:05:08 | 000,000,000 | --SD | M] -- C:\Users\Tonerama\AppData\Roaming\Microsoft
[2012/01/30 15:18:47 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Mozilla
[2012/04/11 16:08:54 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Skype
[2011/10/18 15:52:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\Toshiba
[2012/03/08 23:35:15 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\vlc
[2011/10/08 11:13:23 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\WildTangent
[2011/09/14 17:11:42 | 000,000,000 | ---D | M] -- C:\Users\Tonerama\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2009/07/13 22:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009/07/13 22:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 22:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 22:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/13 22:56:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: EXPLORER.EXE >
[2009/07/13 22:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/10/31 03:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\ERDNT\cache\explorer.exe
[2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\explorer.exe
[2010/11/20 09:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2009/08/03 03:19:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 03:05:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 03:30:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 22:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 22:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 22:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 09:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010/11/20 09:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 09:47:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 22:44:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:47:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 03:22:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 09:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010/11/20 09:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 09:47:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/13 22:44:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 04:54:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 04:54:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 04:54:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 04:54:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 04:54:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 04:54:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 09:47:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 09:47:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 09:47:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 09:52:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 09:52:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/12/21 04:54:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/12/21 04:54:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/12/21 04:54:52 | 000,715,216 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/12/21 04:54:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/12/21 04:54:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/12/21 04:54:51 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 09:47:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 09:47:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 09:47:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 09:52:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2010/11/20 09:52:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

EXTRAS LOG

OTL Extras logfile created on: 5/7/2012 9:32:58 PM - Run 10
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Tonerama\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 59.14% Memory free
5.85 Gb Paging File | 4.71 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 583.51 Gb Total Space | 475.69 Gb Free Space | 81.52% Space Free | Partition Type: NTFS

Computer Name: TONERAMA-PC | User Name: Tonerama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\windows\System32\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\windows\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\windows\System32\WScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\System32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MIF5BA~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{607BE7BF-7C28-4ADB-A4A0-385962B901C3}" = TOSHIBA ConfigFree
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00B0-0409-0000-0000000FF1CE}" = Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DF29A0E2-DF76-4932-98A9-34B441F40486}" = Auction Sentry
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CryptoMite" = CryptoMite V.3
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet" = FlashGet 1.9.6.1073
"FlashGet 3.7" = FlashGet 3.7
"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility
"InstallShield_{B2FB7DBA-CEEC-41F1-BC23-3323D96290F6}" = TOSHIBA Bulletin Board
"InstallShield_{B894522E-C079-4DC8-A305-30BA6E2F4459}" = TOSHIBA ReelTime
"InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}" = TOSHIBA Face Recognition
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088702" = Plants vs. Zombies
"WT088703" = Build-a-lot 2
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT088760" = Virtual Villagers 4 - The Tree of Life
"WT088761" = Wheel of Fortune 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/17/2012 5:18:02 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: jccatch.dll, version: 1.8.4.1007, time
stamp: 0x4683881f Exception code: 0xc0000005 Fault offset: 0x00007859 Faulting process
id: 0x3e8 Faulting application start time: 0x01cd1cdcf19a7ba7 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\FlashGet\jccatch.dll Report Id: d07a145e-88d2-11e1-8b95-00266c99880e

Error - 4/19/2012 7:30:11 AM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: mshtml.dll, version: 8.0.7601.17785,
time stamp: 0x4f4c658a Exception code: 0xc0000005 Fault offset: 0x001bd20f Faulting
process id: 0x1478 Faulting application start time: 0x01cd1dda6aa943b4 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: 06254c40-8a13-11e1-8b95-00266c99880e

Error - 4/19/2012 12:50:35 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: jccatch.dll, version: 1.8.4.1007, time
stamp: 0x4683881f Exception code: 0xc0000005 Fault offset: 0x00007859 Faulting process
id: 0x8bc Faulting application start time: 0x01cd1e4c816c2c1b Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Program
Files\FlashGet\jccatch.dll Report Id: c88b7b34-8a3f-11e1-8b95-00266c99880e

Error - 4/19/2012 6:48:20 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: AcroIEHelper.dll_unloaded, version:
0.0.0.0, time stamp: 0x4b302e93 Exception code: 0xc0000005 Fault offset: 0x743c556c
Faulting
process id: 0x14a4 Faulting application start time: 0x01cd1e7e6726e470 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: AcroIEHelper.dll
Report
Id: c22bb759-8a71-11e1-8b95-00266c99880e

Error - 4/19/2012 9:49:47 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: urlmon.dll, version: 8.0.7601.17785,
time stamp: 0x4f4c6660 Exception code: 0xc0000005 Fault offset: 0x00023c05 Faulting
process id: 0x1330 Faulting application start time: 0x01cd1e8dead9084e Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\urlmon.dll
Report
Id: 1b43ee53-8a8b-11e1-8b95-00266c99880e

Error - 4/23/2012 4:59:06 PM | Computer Name = Tonerama-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\flashcards\Hotkey\TCrdKBB.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/24/2012 11:31:30 PM | Computer Name = Tonerama-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\flashcards\Hotkey\TCrdKBB.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/27/2012 5:41:21 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7601.17514,
time stamp: 0x4ce79912 Faulting module name: urlmon.dll, version: 8.0.7601.17785,
time stamp: 0x4f4c6660 Exception code: 0xc0000005 Fault offset: 0x0003c939 Faulting
process id: 0x330 Faulting application start time: 0x01cd24bd0269dd7a Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\windows\system32\urlmon.dll
Report
Id: ba0c256a-90b1-11e1-8b95-00266c99880e

Error - 4/28/2012 8:15:43 AM | Computer Name = Tonerama-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files\TOSHIBA\flashcards\Hotkey\TCrdKBB.exe".
Dependent
Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 4/29/2012 6:16:42 PM | Computer Name = Tonerama-PC | Source = Application Error | ID = 1000
Description = Faulting application name: rundll32.exe_wiato.dll, version: 6.1.7600.16385,
time stamp: 0x4a5bc637 Faulting module name: mozutils.dll, version: 9.0.1.4371,
time stamp: 0x4ef14b42 Exception code: 0xc0000005 Fault offset: 0x00001654 Faulting
process id: 0xee8 Faulting application start time: 0x01cd264e47803dc8 Faulting application
path: C:\Windows\System32\rundll32.exe Faulting module path: C:\Program Files\Mozilla
Firefox\mozutils.dll Report Id: fef8aa32-9248-11e1-b4fa-00266c99880e

[ OSession Events ]
Error - 3/16/2012 6:35:38 PM | Computer Name = Tonerama-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 35
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/20/2012 6:19:49 AM | Computer Name = Tonerama-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 2 time(s).

Error - 4/20/2012 6:20:19 AM | Computer Name = Tonerama-PC | Source = DCOM | ID = 10010
Description =

Error - 4/20/2012 5:46:54 PM | Computer Name = Tonerama-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 3 time(s).

Error - 4/21/2012 7:20:01 AM | Computer Name = Tonerama-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 4 time(s).

Error - 4/21/2012 7:20:31 AM | Computer Name = Tonerama-PC | Source = DCOM | ID = 10010
Description =

Error - 4/22/2012 5:48:56 PM | Computer Name = Tonerama-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 5 time(s).

Error - 4/22/2012 5:49:26 PM | Computer Name = Tonerama-PC | Source = DCOM | ID = 10010
Description =

Error - 4/26/2012 4:17:08 PM | Computer Name = Tonerama-PC | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the interface
with IP address 192.168.2.12. The computer with the IP address 192.168.2.11 did
not allow the name to be claimed by this computer.

Error - 4/28/2012 6:43:52 AM | Computer Name = Tonerama-PC | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 6 time(s).

Error - 4/28/2012 6:44:22 AM | Computer Name = Tonerama-PC | Source = DCOM | ID = 10010
Description =


< End of report >


VEW LOG

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 07/05/2012 10:00:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2012 12:27:43 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: luafv

Log: 'System' Date/Time: 08/05/2012 12:27:43 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The As32svc service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 08/05/2012 12:27:43 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The W200obex service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 08/05/2012 12:27:43 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Wmconnectcds service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 08/05/2012 12:14:32 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: luafv

Log: 'System' Date/Time: 08/05/2012 12:14:29 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The As32svc service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 08/05/2012 12:14:29 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The W200obex service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 08/05/2012 12:14:29 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Wmconnectcds service terminated with the following error: The specified module could not be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/05/2012 12:27:08 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 08/05/2012 12:13:57 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Please see note before MBAM log. My system is running relly sluggish and still getting the malicious warnings
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I don't see the TDSSKiller logs.

You do not have the latest Java.
First go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 17

Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
(There are actually two different versions of this. Which one you get will depend on which browser you use. If you use regular IE or Firefox you will get the 32 bit version. If you use the 64 bit IE you will get the 64 bit version. Just get the one for the browser you use most of the time.)

Uninstall
Adobe Reader 9.3 Obsolete. Get the latest Adobe Reader at adobe.com. Uncheck whatever toolbar or other freebie they offer you before downloading. If they sneak it past you just uninstall it afterward.
Skype Toolbars
FlashGet 1.9.6.1073
FlashGet 3.7

Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\s716mgmt.dll -- (isdrv120)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\tvs.dll -- (Hardlock)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\ulcdrhlp.dll -- (bwcsrv)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BQPFU.exe -- (BQPFU)
SRV - File not found [On_Demand | Stopped] -- C:\Users\Tonerama\AppData\Local\Temp\BPLGQPF.exe -- (BPLGQPF)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe (FlashGet.com)
O4 - HKCU..\Run: [Nullpersistent] C:\Users\Tonerama\AppData\Local\Null\Nullpersistent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\intu-tt2010 {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll File not found
[2012/05/06 22:04:55 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Roaming\fifa
[2012/05/06 22:04:47 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Local\Null
[2012/04/29 17:07:02 | 000,000,000 | ---D | C] -- C:\Users\Tonerama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012
[2012/05/07 21:14:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/07 21:13:00 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 11:13:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/29 17:06:59 | 000,000,000 | ---D | C] -- C:\ProgramData\F4D55F380029BC71014C6DB1B4EB23C1

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
   
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\users\Tonerama\AppData\Local\Temp\BPLGQPF.exe
c:\users\Tonerama\AppData\Local\Temp\BQPFU.exe
c:\windows\system32\s716mgmt.dll
c:\windows\system32\tvs.dll
c:\windows\system32\ulcdrhlp.dll
C:\Users\Tonerama\AppData\Local\Null\Nullpersistent.exe

Driver::
BPLGQPF
BQPFU
isdrv120
Hardlock
bwcsrv
As32svc
W200obex
gupdatem
sddmi2
zpcollector
procmon10
bwcsrv
Wmconnectcds

NetSvcs::
isdrv120
Hardlock
bwcsrv
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
sddmi2
zpcollector
procmon10
bwcsrv
Wmconnectcds

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

If you are still seeing the problem then:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).
  • 0

#5
nubiwan

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Attempted to unistall Java 6 Update 17 and the computer tries to run a program called 10239.msi - tells me sun is the publisher. Anyway, it does not uninstall, gives me no process bar or notification at all. Just nothing, and the Java 6 Update 17 is still there. By the date this JAVA was installed, looks like it has been on the computer since I bought it 06/07/2010.

Will I just install the Java update?

Still getting message to malicious website - what exactly is nullpersistent.exe?

I did run TDSSKiller yesterday - here is that log

21:22:02.0377 4244 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
21:22:02.0798 4244 ============================================================
21:22:02.0798 4244 Current date / time: 2012/05/07 21:22:02.0798
21:22:02.0798 4244 SystemInfo:
21:22:02.0798 4244
21:22:02.0798 4244 OS Version: 6.1.7601 ServicePack: 1.0
21:22:02.0798 4244 Product type: Workstation
21:22:02.0798 4244 ComputerName: TONERAMA-PC
21:22:02.0798 4244 UserName: Tonerama
21:22:02.0798 4244 Windows directory: C:\windows
21:22:02.0798 4244 System windows directory: C:\windows
21:22:02.0798 4244 Processor architecture: Intel x86
21:22:02.0798 4244 Number of processors: 2
21:22:02.0798 4244 Page size: 0x1000
21:22:02.0798 4244 Boot type: Normal boot
21:22:02.0798 4244 ============================================================
21:22:03.0266 4244 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:22:03.0266 4244 ============================================================
21:22:03.0266 4244 \Device\Harddisk0\DR0:
21:22:03.0266 4244 MBR partitions:
21:22:03.0266 4244 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48F05000
21:22:03.0266 4244 ============================================================
21:22:03.0297 4244 C: <-> \Device\Harddisk0\DR0\Partition0
21:22:03.0297 4244 ============================================================
21:22:03.0297 4244 Initialize success
21:22:03.0297 4244 ============================================================
21:22:37.0632 5448 ============================================================
21:22:37.0632 5448 Scan started
21:22:37.0632 5448 Mode: Manual;
21:22:37.0632 5448 ============================================================
21:22:38.0428 5448 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:22:38.0428 5448 1394ohci - ok
21:22:38.0553 5448 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:22:38.0553 5448 ACPI - ok
21:22:38.0584 5448 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:22:38.0599 5448 AcpiPmi - ok
21:22:38.0662 5448 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:22:38.0662 5448 AdobeFlashPlayerUpdateSvc - ok
21:22:38.0724 5448 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:22:38.0740 5448 adp94xx - ok
21:22:38.0787 5448 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:22:38.0787 5448 adpahci - ok
21:22:38.0818 5448 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:22:38.0818 5448 adpu320 - ok
21:22:38.0849 5448 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:22:38.0849 5448 AeLookupSvc - ok
21:22:38.0911 5448 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:22:38.0911 5448 AFD - ok
21:22:38.0989 5448 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
21:22:39.0005 5448 AgereSoftModem - ok
21:22:39.0036 5448 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:22:39.0036 5448 agp440 - ok
21:22:39.0083 5448 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:22:39.0083 5448 aic78xx - ok
21:22:39.0130 5448 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:22:39.0130 5448 ALG - ok
21:22:39.0177 5448 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:22:39.0177 5448 aliide - ok
21:22:39.0223 5448 AMD External Events Utility (3e158a239992177c895458d9457a8859) C:\windows\system32\atiesrxx.exe
21:22:39.0223 5448 AMD External Events Utility - ok
21:22:39.0239 5448 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:22:39.0239 5448 amdagp - ok
21:22:39.0286 5448 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:22:39.0286 5448 amdide - ok
21:22:39.0317 5448 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:22:39.0317 5448 AmdK8 - ok
21:22:39.0629 5448 amdkmdag (4ac9456b06b5cf56aad4c547dd3df553) C:\windows\system32\DRIVERS\atipmdag.sys
21:22:39.0660 5448 amdkmdag - ok
21:22:39.0785 5448 amdkmdap (a9db7f34f76bef9c97f3574058ffca92) C:\windows\system32\DRIVERS\atikmpag.sys
21:22:39.0785 5448 amdkmdap - ok
21:22:39.0816 5448 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:22:39.0816 5448 AmdPPM - ok
21:22:39.0863 5448 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
21:22:39.0863 5448 amdsata - ok
21:22:39.0894 5448 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:22:39.0894 5448 amdsbs - ok
21:22:39.0910 5448 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
21:22:39.0910 5448 amdxata - ok
21:22:39.0957 5448 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:22:39.0972 5448 AppID - ok
21:22:40.0003 5448 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:22:40.0003 5448 AppIDSvc - ok
21:22:40.0035 5448 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:22:40.0035 5448 Appinfo - ok
21:22:40.0081 5448 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:22:40.0081 5448 arc - ok
21:22:40.0097 5448 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:22:40.0097 5448 arcsas - ok
21:22:40.0113 5448 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:22:40.0113 5448 AsyncMac - ok
21:22:40.0175 5448 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:22:40.0175 5448 atapi - ok
21:22:40.0269 5448 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:22:40.0269 5448 AudioEndpointBuilder - ok
21:22:40.0284 5448 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:22:40.0284 5448 Audiosrv - ok
21:22:40.0331 5448 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:22:40.0331 5448 AxInstSV - ok
21:22:40.0378 5448 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:22:40.0393 5448 b06bdrv - ok
21:22:40.0425 5448 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:22:40.0425 5448 b57nd60x - ok
21:22:40.0487 5448 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:22:40.0487 5448 BDESVC - ok
21:22:40.0518 5448 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:22:40.0518 5448 Beep - ok
21:22:40.0596 5448 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
21:22:40.0596 5448 BFE - ok
21:22:40.0643 5448 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
21:22:40.0659 5448 BITS - ok
21:22:40.0674 5448 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:22:40.0674 5448 blbdrive - ok
21:22:40.0705 5448 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:22:40.0705 5448 bowser - ok
21:22:40.0768 5448 BPLGQPF - ok
21:22:40.0768 5448 BQPFU - ok
21:22:40.0799 5448 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:22:40.0799 5448 BrFiltLo - ok
21:22:40.0799 5448 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:22:40.0799 5448 BrFiltUp - ok
21:22:40.0830 5448 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
21:22:40.0830 5448 BridgeMP - ok
21:22:41.0064 5448 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:22:41.0064 5448 Browser - ok
21:22:41.0111 5448 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:22:41.0111 5448 Brserid - ok
21:22:41.0127 5448 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:22:41.0127 5448 BrSerWdm - ok
21:22:41.0127 5448 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:22:41.0142 5448 BrUsbMdm - ok
21:22:41.0142 5448 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:22:41.0142 5448 BrUsbSer - ok
21:22:41.0158 5448 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:22:41.0158 5448 BTHMODEM - ok
21:22:41.0189 5448 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:22:41.0189 5448 bthserv - ok
21:22:41.0189 5448 bwcsrv - ok
21:22:41.0220 5448 catchme - ok
21:22:41.0236 5448 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:22:41.0236 5448 cdfs - ok
21:22:41.0298 5448 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
21:22:41.0298 5448 cdrom - ok
21:22:41.0345 5448 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:22:41.0345 5448 CertPropSvc - ok
21:22:41.0439 5448 cfWiMAXService (3653fd7871e8b5b92e9c3e2945bd293d) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
21:22:41.0454 5448 cfWiMAXService - ok
21:22:41.0485 5448 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:22:41.0485 5448 circlass - ok
21:22:41.0532 5448 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:22:41.0532 5448 CLFS - ok
21:22:41.0610 5448 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:22:41.0610 5448 clr_optimization_v2.0.50727_32 - ok
21:22:41.0688 5448 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:22:41.0688 5448 clr_optimization_v4.0.30319_32 - ok
21:22:41.0704 5448 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:22:41.0704 5448 CmBatt - ok
21:22:41.0735 5448 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:22:41.0735 5448 cmdide - ok
21:22:41.0797 5448 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:22:41.0813 5448 CNG - ok
21:22:41.0875 5448 CnxtHdAudService (c2fa222ac9db9463f801451ff65ecbe8) C:\windows\system32\drivers\CHDRT32.sys
21:22:41.0875 5448 CnxtHdAudService - ok
21:22:41.0938 5448 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:22:41.0938 5448 Compbatt - ok
21:22:41.0985 5448 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:22:41.0985 5448 CompositeBus - ok
21:22:42.0000 5448 COMSysApp - ok
21:22:42.0094 5448 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:22:42.0094 5448 ConfigFree Service - ok
21:22:42.0125 5448 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:22:42.0125 5448 crcdisk - ok
21:22:42.0172 5448 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
21:22:42.0172 5448 CryptSvc - ok
21:22:42.0203 5448 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:22:42.0203 5448 DcomLaunch - ok
21:22:42.0234 5448 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:22:42.0234 5448 defragsvc - ok
21:22:42.0265 5448 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:22:42.0281 5448 DfsC - ok
21:22:42.0343 5448 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:22:42.0343 5448 Dhcp - ok
21:22:42.0375 5448 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:22:42.0375 5448 discache - ok
21:22:42.0406 5448 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:22:42.0406 5448 Disk - ok
21:22:42.0453 5448 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:22:42.0453 5448 Dnscache - ok
21:22:42.0484 5448 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:22:42.0499 5448 dot3svc - ok
21:22:42.0531 5448 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:22:42.0531 5448 DPS - ok
21:22:42.0562 5448 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:22:42.0562 5448 drmkaud - ok
21:22:42.0624 5448 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:22:42.0640 5448 DXGKrnl - ok
21:22:42.0687 5448 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:22:42.0687 5448 EapHost - ok
21:22:42.0889 5448 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:22:42.0905 5448 ebdrv - ok
21:22:43.0077 5448 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:22:43.0077 5448 EFS - ok
21:22:43.0170 5448 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
21:22:43.0186 5448 ehRecvr - ok
21:22:43.0201 5448 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:22:43.0201 5448 ehSched - ok
21:22:43.0295 5448 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:22:43.0311 5448 elxstor - ok
21:22:43.0326 5448 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:22:43.0326 5448 ErrDev - ok
21:22:43.0373 5448 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:22:43.0373 5448 EventSystem - ok
21:22:43.0420 5448 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:22:43.0420 5448 exfat - ok
21:22:43.0451 5448 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:22:43.0451 5448 fastfat - ok
21:22:43.0529 5448 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:22:43.0529 5448 Fax - ok
21:22:43.0560 5448 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:22:43.0560 5448 fdc - ok
21:22:43.0591 5448 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:22:43.0591 5448 fdPHost - ok
21:22:43.0607 5448 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:22:43.0607 5448 FDResPub - ok
21:22:43.0623 5448 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:22:43.0623 5448 FileInfo - ok
21:22:43.0638 5448 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:22:43.0638 5448 Filetrace - ok
21:22:43.0669 5448 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:22:43.0669 5448 flpydisk - ok
21:22:43.0701 5448 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:22:43.0701 5448 FltMgr - ok
21:22:43.0779 5448 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
21:22:43.0779 5448 FontCache - ok
21:22:43.0841 5448 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:22:43.0841 5448 FontCache3.0.0.0 - ok
21:22:43.0888 5448 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:22:43.0888 5448 FsDepends - ok
21:22:43.0919 5448 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:22:43.0919 5448 Fs_Rec - ok
21:22:43.0966 5448 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:22:43.0966 5448 fvevol - ok
21:22:44.0013 5448 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
21:22:44.0013 5448 FwLnk - ok
21:22:44.0059 5448 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:22:44.0059 5448 gagp30kx - ok
21:22:44.0153 5448 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
21:22:44.0153 5448 GamesAppService - ok
21:22:44.0215 5448 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:22:44.0215 5448 gpsvc - ok
21:22:44.0278 5448 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:44.0278 5448 gupdate - ok
21:22:44.0325 5448 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:44.0325 5448 gupdatem - ok
21:22:44.0356 5448 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:22:44.0371 5448 gusvc - ok
21:22:44.0371 5448 Hardlock - ok
21:22:44.0403 5448 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:22:44.0403 5448 hcw85cir - ok
21:22:44.0465 5448 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:22:44.0465 5448 HdAudAddService - ok
21:22:44.0496 5448 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:22:44.0496 5448 HDAudBus - ok
21:22:44.0543 5448 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
21:22:44.0543 5448 HECI - ok
21:22:44.0559 5448 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:22:44.0559 5448 HidBatt - ok
21:22:44.0574 5448 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:22:44.0574 5448 HidBth - ok
21:22:44.0621 5448 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:22:44.0621 5448 HidIr - ok
21:22:44.0652 5448 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
21:22:44.0652 5448 hidserv - ok
21:22:44.0683 5448 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
21:22:44.0683 5448 HidUsb - ok
21:22:44.0715 5448 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:22:44.0730 5448 hkmsvc - ok
21:22:44.0746 5448 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:22:44.0746 5448 HomeGroupListener - ok
21:22:44.0793 5448 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:22:44.0793 5448 HomeGroupProvider - ok
21:22:44.0839 5448 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:22:44.0839 5448 HpSAMD - ok
21:22:44.0917 5448 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:22:44.0917 5448 HTTP - ok
21:22:44.0933 5448 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:22:44.0933 5448 hwpolicy - ok
21:22:44.0980 5448 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:22:44.0995 5448 i8042prt - ok
21:22:45.0042 5448 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\windows\system32\DRIVERS\iaStor.sys
21:22:45.0058 5448 iaStor - ok
21:22:45.0105 5448 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
21:22:45.0105 5448 iaStorV - ok
21:22:45.0229 5448 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:22:45.0245 5448 idsvc - ok
21:22:45.0729 5448 igfx (b3a313080b0f73f4c8292290606fc15d) C:\windows\system32\DRIVERS\igdkmd32.sys
21:22:45.0775 5448 igfx - ok
21:22:45.0900 5448 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:22:45.0900 5448 iirsp - ok
21:22:45.0978 5448 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:22:45.0994 5448 IKEEXT - ok
21:22:46.0025 5448 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\windows\system32\DRIVERS\Impcd.sys
21:22:46.0025 5448 Impcd - ok
21:22:46.0056 5448 IntcDAud (bf31740828a26ab451803e3b35432651) C:\windows\system32\DRIVERS\IntcDAud.sys
21:22:46.0072 5448 IntcDAud - ok
21:22:46.0087 5448 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:22:46.0103 5448 intelide - ok
21:22:46.0134 5448 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:22:46.0134 5448 intelppm - ok
21:22:46.0150 5448 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:22:46.0150 5448 IPBusEnum - ok
21:22:46.0181 5448 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:22:46.0181 5448 IpFilterDriver - ok
21:22:46.0275 5448 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
21:22:46.0290 5448 iphlpsvc - ok
21:22:46.0321 5448 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:22:46.0321 5448 IPMIDRV - ok
21:22:46.0337 5448 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:22:46.0337 5448 IPNAT - ok
21:22:46.0368 5448 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:22:46.0368 5448 IRENUM - ok
21:22:46.0415 5448 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:22:46.0415 5448 isapnp - ok
21:22:46.0431 5448 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:22:46.0446 5448 iScsiPrt - ok
21:22:46.0446 5448 isdrv120 - ok
21:22:46.0493 5448 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:22:46.0493 5448 kbdclass - ok
21:22:46.0524 5448 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:22:46.0540 5448 kbdhid - ok
21:22:46.0555 5448 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:22:46.0555 5448 KeyIso - ok
21:22:46.0587 5448 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:22:46.0587 5448 KSecDD - ok
21:22:46.0602 5448 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:22:46.0602 5448 KSecPkg - ok
21:22:46.0649 5448 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:22:46.0649 5448 KtmRm - ok
21:22:46.0696 5448 L1C (b05adcd03aaed42607371186f359d8a5) C:\windows\system32\DRIVERS\L1C62x86.sys
21:22:46.0696 5448 L1C - ok
21:22:46.0743 5448 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
21:22:46.0743 5448 LanmanServer - ok
21:22:46.0774 5448 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:22:46.0774 5448 LanmanWorkstation - ok
21:22:46.0836 5448 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:22:46.0836 5448 lltdio - ok
21:22:46.0867 5448 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:22:46.0867 5448 lltdsvc - ok
21:22:46.0883 5448 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:22:46.0899 5448 lmhosts - ok
21:22:47.0008 5448 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:22:47.0008 5448 LMS - ok
21:22:47.0055 5448 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:22:47.0055 5448 LSI_FC - ok
21:22:47.0070 5448 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:22:47.0070 5448 LSI_SAS - ok
21:22:47.0101 5448 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:22:47.0101 5448 LSI_SAS2 - ok
21:22:47.0117 5448 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:22:47.0117 5448 LSI_SCSI - ok
21:22:47.0148 5448 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:22:47.0164 5448 luafv - ok
21:22:47.0226 5448 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
21:22:47.0226 5448 MBAMProtector - ok
21:22:47.0304 5448 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:22:47.0320 5448 MBAMService - ok
21:22:47.0351 5448 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
21:22:47.0351 5448 Mcx2Svc - ok
21:22:47.0367 5448 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:22:47.0367 5448 megasas - ok
21:22:47.0398 5448 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:22:47.0413 5448 MegaSR - ok
21:22:47.0491 5448 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:22:47.0491 5448 Microsoft Office Groove Audit Service - ok
21:22:47.0507 5448 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:22:47.0507 5448 MMCSS - ok
21:22:47.0523 5448 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:22:47.0523 5448 Modem - ok
21:22:47.0554 5448 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:22:47.0554 5448 monitor - ok
21:22:47.0616 5448 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
21:22:47.0616 5448 mouclass - ok
21:22:47.0647 5448 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:22:47.0647 5448 mouhid - ok
21:22:47.0663 5448 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:22:47.0679 5448 mountmgr - ok
21:22:47.0710 5448 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:22:47.0710 5448 mpio - ok
21:22:47.0725 5448 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:22:47.0725 5448 mpsdrv - ok
21:22:47.0819 5448 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
21:22:47.0835 5448 MpsSvc - ok
21:22:47.0866 5448 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:22:47.0866 5448 MRxDAV - ok
21:22:47.0913 5448 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:22:47.0928 5448 mrxsmb - ok
21:22:47.0944 5448 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:22:47.0959 5448 mrxsmb10 - ok
21:22:47.0975 5448 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:22:47.0975 5448 mrxsmb20 - ok
21:22:48.0006 5448 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:22:48.0006 5448 msahci - ok
21:22:48.0037 5448 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:22:48.0037 5448 msdsm - ok
21:22:48.0084 5448 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:22:48.0084 5448 MSDTC - ok
21:22:48.0115 5448 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:22:48.0115 5448 Msfs - ok
21:22:48.0131 5448 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:22:48.0131 5448 mshidkmdf - ok
21:22:48.0162 5448 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:22:48.0162 5448 msisadrv - ok
21:22:48.0209 5448 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:22:48.0225 5448 MSiSCSI - ok
21:22:48.0225 5448 msiserver - ok
21:22:48.0256 5448 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:22:48.0256 5448 MSKSSRV - ok
21:22:48.0271 5448 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:22:48.0271 5448 MSPCLOCK - ok
21:22:48.0287 5448 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:22:48.0287 5448 MSPQM - ok
21:22:48.0303 5448 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:22:48.0303 5448 MsRPC - ok
21:22:48.0334 5448 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:22:48.0334 5448 mssmbios - ok
21:22:48.0365 5448 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:22:48.0365 5448 MSTEE - ok
21:22:48.0381 5448 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:22:48.0381 5448 MTConfig - ok
21:22:48.0396 5448 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:22:48.0396 5448 Mup - ok
21:22:48.0443 5448 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:22:48.0443 5448 napagent - ok
21:22:48.0505 5448 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:22:48.0505 5448 NativeWifiP - ok
21:22:48.0583 5448 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:22:48.0599 5448 NDIS - ok
21:22:48.0630 5448 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:22:48.0630 5448 NdisCap - ok
21:22:48.0661 5448 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:22:48.0661 5448 NdisTapi - ok
21:22:48.0693 5448 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:22:48.0693 5448 Ndisuio - ok
21:22:48.0739 5448 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:22:48.0739 5448 NdisWan - ok
21:22:48.0755 5448 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:22:48.0755 5448 NDProxy - ok
21:22:48.0771 5448 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:22:48.0771 5448 NetBIOS - ok
21:22:48.0817 5448 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:22:48.0817 5448 NetBT - ok
21:22:48.0833 5448 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:22:48.0833 5448 Netlogon - ok
21:22:48.0895 5448 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:22:48.0911 5448 Netman - ok
21:22:48.0942 5448 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:22:48.0942 5448 netprofm - ok
21:22:49.0036 5448 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:22:49.0036 5448 NetTcpPortSharing - ok
21:22:49.0067 5448 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:22:49.0067 5448 nfrd960 - ok
21:22:49.0098 5448 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:22:49.0114 5448 NlaSvc - ok
21:22:49.0114 5448 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:22:49.0129 5448 Npfs - ok
21:22:49.0145 5448 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:22:49.0145 5448 nsi - ok
21:22:49.0145 5448 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:22:49.0145 5448 nsiproxy - ok
21:22:49.0317 5448 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
21:22:49.0332 5448 Ntfs - ok
21:22:49.0348 5448 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:22:49.0348 5448 Null - ok
21:22:49.0379 5448 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
21:22:49.0379 5448 nvraid - ok
21:22:49.0410 5448 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
21:22:49.0410 5448 nvstor - ok
21:22:49.0426 5448 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:22:49.0426 5448 nv_agp - ok
21:22:49.0519 5448 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:22:49.0519 5448 odserv - ok
21:22:49.0535 5448 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:22:49.0535 5448 ohci1394 - ok
21:22:49.0582 5448 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:22:49.0597 5448 ose - ok
21:22:49.0644 5448 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:22:49.0644 5448 p2pimsvc - ok
21:22:49.0691 5448 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:22:49.0707 5448 p2psvc - ok
21:22:49.0738 5448 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:22:49.0738 5448 Parport - ok
21:22:49.0769 5448 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
21:22:49.0769 5448 partmgr - ok
21:22:49.0800 5448 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:22:49.0800 5448 Parvdm - ok
21:22:49.0831 5448 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:22:49.0831 5448 PcaSvc - ok
21:22:49.0878 5448 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:22:49.0878 5448 pci - ok
21:22:49.0894 5448 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:22:49.0894 5448 pciide - ok
21:22:49.0925 5448 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:22:49.0925 5448 pcmcia - ok
21:22:49.0956 5448 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:22:49.0956 5448 pcw - ok
21:22:50.0112 5448 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:22:50.0128 5448 PEAUTH - ok
21:22:50.0159 5448 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
21:22:50.0159 5448 PGEffect - ok
21:22:50.0268 5448 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:22:50.0284 5448 pla - ok
21:22:50.0424 5448 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:22:50.0440 5448 PlugPlay - ok
21:22:50.0455 5448 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:22:50.0471 5448 PNRPAutoReg - ok
21:22:50.0502 5448 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:22:50.0502 5448 PNRPsvc - ok
21:22:50.0549 5448 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:22:50.0549 5448 PolicyAgent - ok
21:22:50.0596 5448 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:22:50.0596 5448 Power - ok
21:22:50.0658 5448 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:22:50.0658 5448 PptpMiniport - ok
21:22:50.0674 5448 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:22:50.0674 5448 Processor - ok
21:22:50.0721 5448 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
21:22:50.0736 5448 ProfSvc - ok
21:22:50.0767 5448 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:22:50.0767 5448 ProtectedStorage - ok
21:22:50.0799 5448 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:22:50.0799 5448 Psched - ok
21:22:50.0892 5448 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:22:50.0908 5448 ql2300 - ok
21:22:51.0079 5448 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:22:51.0079 5448 ql40xx - ok
21:22:51.0126 5448 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:22:51.0142 5448 QWAVE - ok
21:22:51.0157 5448 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:22:51.0157 5448 QWAVEdrv - ok
21:22:51.0173 5448 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:22:51.0173 5448 RasAcd - ok
21:22:51.0204 5448 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:22:51.0204 5448 RasAgileVpn - ok
21:22:51.0235 5448 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:22:51.0235 5448 RasAuto - ok
21:22:51.0267 5448 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:22:51.0267 5448 Rasl2tp - ok
21:22:51.0313 5448 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:22:51.0329 5448 RasMan - ok
21:22:51.0360 5448 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:22:51.0360 5448 RasPppoe - ok
21:22:51.0391 5448 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:22:51.0391 5448 RasSstp - ok
21:22:51.0438 5448 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:22:51.0438 5448 rdbss - ok
21:22:51.0469 5448 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:22:51.0469 5448 rdpbus - ok
21:22:51.0485 5448 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:22:51.0485 5448 RDPCDD - ok
21:22:51.0516 5448 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:22:51.0516 5448 RDPENCDD - ok
21:22:51.0532 5448 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:22:51.0532 5448 RDPREFMP - ok
21:22:51.0563 5448 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
21:22:51.0563 5448 RDPWD - ok
21:22:51.0610 5448 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:22:51.0610 5448 rdyboost - ok
21:22:51.0641 5448 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:22:51.0641 5448 RemoteAccess - ok
21:22:51.0672 5448 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:22:51.0688 5448 RemoteRegistry - ok
21:22:51.0703 5448 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:22:51.0703 5448 RpcEptMapper - ok
21:22:51.0719 5448 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:22:51.0735 5448 RpcLocator - ok
21:22:51.0781 5448 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\System32\rpcss.dll
21:22:51.0781 5448 RpcSs - ok
21:22:51.0828 5448 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:22:51.0828 5448 rspndr - ok
21:22:51.0859 5448 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\windows\system32\Drivers\RtsUStor.sys
21:22:51.0875 5448 RSUSBSTOR - ok
21:22:51.0953 5448 rtl8192se (8327c64e9a4d052339c16499d08f7d6c) C:\windows\system32\DRIVERS\rtl8192se.sys
21:22:51.0969 5448 rtl8192se - ok
21:22:52.0000 5448 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:22:52.0000 5448 SamSs - ok
21:22:52.0047 5448 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:22:52.0047 5448 sbp2port - ok
21:22:52.0078 5448 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:22:52.0078 5448 SCardSvr - ok
21:22:52.0125 5448 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:22:52.0125 5448 scfilter - ok
21:22:52.0187 5448 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:22:52.0203 5448 Schedule - ok
21:22:52.0234 5448 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:22:52.0234 5448 SCPolicySvc - ok
21:22:52.0265 5448 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:22:52.0265 5448 SDRSVC - ok
21:22:52.0296 5448 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:22:52.0296 5448 secdrv - ok
21:22:52.0327 5448 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:22:52.0327 5448 seclogon - ok
21:22:52.0359 5448 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
21:22:52.0359 5448 SENS - ok
21:22:52.0374 5448 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:22:52.0374 5448 SensrSvc - ok
21:22:52.0390 5448 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:22:52.0390 5448 Serenum - ok
21:22:52.0437 5448 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:22:52.0437 5448 Serial - ok
21:22:52.0468 5448 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:22:52.0483 5448 sermouse - ok
21:22:52.0530 5448 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:22:52.0530 5448 SessionEnv - ok
21:22:52.0561 5448 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:22:52.0561 5448 sffdisk - ok
21:22:52.0561 5448 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:22:52.0561 5448 sffp_mmc - ok
21:22:52.0577 5448 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:22:52.0577 5448 sffp_sd - ok
21:22:52.0608 5448 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:22:52.0608 5448 sfloppy - ok
21:22:52.0655 5448 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:22:52.0655 5448 SharedAccess - ok
21:22:52.0702 5448 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:22:52.0717 5448 ShellHWDetection - ok
21:22:52.0733 5448 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:22:52.0733 5448 sisagp - ok
21:22:52.0780 5448 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:22:52.0780 5448 SiSRaid2 - ok
21:22:52.0795 5448 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:22:52.0795 5448 SiSRaid4 - ok
21:22:52.0858 5448 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:22:52.0858 5448 SkypeUpdate - ok
21:22:52.0889 5448 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:22:52.0889 5448 Smb - ok
21:22:52.0920 5448 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:22:52.0936 5448 SNMPTRAP - ok
21:22:52.0967 5448 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:22:52.0967 5448 spldr - ok
21:22:53.0014 5448 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:22:53.0029 5448 Spooler - ok
21:22:53.0217 5448 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:22:53.0232 5448 sppsvc - ok
21:22:53.0310 5448 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:22:53.0310 5448 sppuinotify - ok
21:22:53.0388 5448 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:22:53.0388 5448 srv - ok
21:22:53.0435 5448 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:22:53.0435 5448 srv2 - ok
21:22:53.0466 5448 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:22:53.0466 5448 srvnet - ok
21:22:53.0497 5448 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:22:53.0497 5448 SSDPSRV - ok
21:22:53.0513 5448 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:22:53.0513 5448 SstpSvc - ok
21:22:53.0544 5448 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:22:53.0544 5448 stexstor - ok
21:22:53.0622 5448 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:22:53.0622 5448 StiSvc - ok
21:22:53.0653 5448 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:22:53.0653 5448 swenum - ok
21:22:53.0700 5448 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:22:53.0700 5448 swprv - ok
21:22:53.0763 5448 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
21:22:53.0763 5448 SynTP - ok
21:22:53.0841 5448 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:22:53.0856 5448 SysMain - ok
21:22:53.0887 5448 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:22:53.0903 5448 TabletInputService - ok
21:22:53.0950 5448 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:22:53.0950 5448 TapiSrv - ok
21:22:53.0981 5448 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:22:53.0981 5448 TBS - ok
21:22:54.0121 5448 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
21:22:54.0137 5448 Tcpip - ok
21:22:54.0137 5448 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
21:22:54.0153 5448 TCPIP6 - ok
21:22:54.0199 5448 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:22:54.0199 5448 tcpipreg - ok
21:22:54.0215 5448 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:22:54.0215 5448 tdcmdpst - ok
21:22:54.0246 5448 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:22:54.0246 5448 TDPIPE - ok
21:22:54.0262 5448 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:22:54.0262 5448 TDTCP - ok
21:22:54.0324 5448 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:22:54.0324 5448 tdx - ok
21:22:54.0355 5448 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:22:54.0355 5448 TermDD - ok
21:22:54.0402 5448 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:22:54.0418 5448 TermService - ok
21:22:54.0433 5448 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:22:54.0449 5448 Themes - ok
21:22:54.0480 5448 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:22:54.0480 5448 THREADORDER - ok
21:22:54.0558 5448 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:22:54.0558 5448 TMachInfo - ok
21:22:54.0589 5448 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\windows\system32\TODDSrv.exe
21:22:54.0589 5448 TODDSrv - ok
21:22:54.0667 5448 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:22:54.0683 5448 TosCoSrv - ok
21:22:54.0730 5448 TOSHIBA eco Utility Service (c2b3b621d6b6ebbedc4fbcac712a3a6c) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:22:54.0730 5448 TOSHIBA eco Utility Service - ok
21:22:54.0777 5448 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:22:54.0777 5448 TOSHIBA HDD SSD Alert Service - ok
21:22:54.0839 5448 TPCHSrv (7a3015457209333d5d08ff10a8f0c120) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:22:54.0839 5448 TPCHSrv - ok
21:22:54.0964 5448 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:22:54.0964 5448 TrkWks - ok
21:22:55.0042 5448 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:22:55.0042 5448 TrustedInstaller - ok
21:22:55.0073 5448 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:22:55.0073 5448 tssecsrv - ok
21:22:55.0104 5448 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:22:55.0104 5448 TsUsbFlt - ok
21:22:55.0167 5448 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:22:55.0167 5448 tunnel - ok
21:22:55.0198 5448 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:22:55.0213 5448 TVALZ - ok
21:22:55.0229 5448 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
21:22:55.0229 5448 TVALZFL - ok
21:22:55.0260 5448 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:22:55.0260 5448 uagp35 - ok
21:22:55.0307 5448 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:22:55.0307 5448 udfs - ok
21:22:55.0338 5448 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:22:55.0338 5448 UI0Detect - ok
21:22:55.0385 5448 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:22:55.0385 5448 uliagpkx - ok
21:22:55.0416 5448 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:22:55.0416 5448 umbus - ok
21:22:55.0463 5448 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:22:55.0479 5448 UmPass - ok
21:22:55.0681 5448 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:22:55.0697 5448 UNS - ok
21:22:55.0806 5448 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:22:55.0806 5448 upnphost - ok
21:22:55.0853 5448 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\DRIVERS\usbccgp.sys
21:22:55.0853 5448 usbccgp - ok
21:22:55.0884 5448 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:22:55.0884 5448 usbcir - ok
21:22:55.0915 5448 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
21:22:55.0915 5448 usbehci - ok
21:22:55.0962 5448 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
21:22:55.0962 5448 usbhub - ok
21:22:55.0978 5448 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
21:22:55.0978 5448 usbohci - ok
21:22:56.0009 5448 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:22:56.0009 5448 usbprint - ok
21:22:56.0040 5448 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:22:56.0040 5448 USBSTOR - ok
21:22:56.0056 5448 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
21:22:56.0056 5448 usbuhci - ok
21:22:56.0103 5448 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
21:22:56.0118 5448 usbvideo - ok
21:22:56.0134 5448 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:22:56.0149 5448 UxSms - ok
21:22:56.0165 5448 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:22:56.0181 5448 VaultSvc - ok
21:22:56.0227 5448 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:22:56.0227 5448 vdrvroot - ok
21:22:56.0274 5448 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:22:56.0274 5448 vds - ok
21:22:56.0321 5448 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:22:56.0321 5448 vga - ok
21:22:56.0337 5448 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:22:56.0337 5448 VgaSave - ok
21:22:56.0352 5448 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:22:56.0368 5448 vhdmp - ok
21:22:56.0399 5448 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:22:56.0399 5448 viaagp - ok
21:22:56.0430 5448 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:22:56.0430 5448 ViaC7 - ok
21:22:56.0446 5448 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:22:56.0446 5448 viaide - ok
21:22:56.0477 5448 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:22:56.0477 5448 volmgr - ok
21:22:56.0524 5448 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:22:56.0539 5448 volmgrx - ok
21:22:56.0571 5448 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:22:56.0586 5448 volsnap - ok
21:22:56.0617 5448 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:22:56.0617 5448 vsmraid - ok
21:22:56.0711 5448 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:22:56.0727 5448 VSS - ok
21:22:56.0727 5448 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:22:56.0742 5448 vwifibus - ok
21:22:56.0742 5448 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:22:56.0742 5448 vwififlt - ok
21:22:56.0789 5448 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:22:56.0789 5448 W32Time - ok
21:22:56.0820 5448 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:22:56.0820 5448 WacomPen - ok
21:22:56.0851 5448 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:22:56.0851 5448 WANARP - ok
21:22:56.0851 5448 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:22:56.0851 5448 Wanarpv6 - ok
21:22:56.0961 5448 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
21:22:56.0976 5448 WatAdminSvc - ok
21:22:57.0070 5448 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:22:57.0070 5448 wbengine - ok
21:22:57.0101 5448 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:22:57.0101 5448 WbioSrvc - ok
21:22:57.0148 5448 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:22:57.0148 5448 wcncsvc - ok
21:22:57.0163 5448 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:22:57.0163 5448 WcsPlugInService - ok
21:22:57.0210 5448 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:22:57.0210 5448 Wd - ok
21:22:57.0257 5448 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:22:57.0257 5448 Wdf01000 - ok
21:22:57.0288 5448 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:22:57.0288 5448 WdiServiceHost - ok
21:22:57.0288 5448 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:22:57.0304 5448 WdiSystemHost - ok
21:22:57.0335 5448 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
21:22:57.0335 5448 WebClient - ok
21:22:57.0366 5448 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:22:57.0366 5448 Wecsvc - ok
21:22:57.0397 5448 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:22:57.0413 5448 wercplsupport - ok
21:22:57.0429 5448 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:22:57.0429 5448 WerSvc - ok
21:22:57.0460 5448 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:22:57.0460 5448 WfpLwf - ok
21:22:57.0475 5448 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:22:57.0475 5448 WIMMount - ok
21:22:57.0600 5448 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:22:57.0616 5448 WinDefend - ok
21:22:57.0616 5448 WinHttpAutoProxySvc - ok
21:22:57.0678 5448 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:22:57.0678 5448 Winmgmt - ok
21:22:57.0787 5448 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:22:57.0803 5448 WinRM - ok
21:22:57.0881 5448 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
21:22:57.0881 5448 WinUsb - ok
21:22:57.0959 5448 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:22:57.0959 5448 Wlansvc - ok
21:22:57.0990 5448 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:22:57.0990 5448 WmiAcpi - ok
21:22:58.0068 5448 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:22:58.0068 5448 wmiApSrv - ok
21:22:58.0193 5448 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:22:58.0209 5448 WMPNetworkSvc - ok
21:22:58.0224 5448 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:22:58.0224 5448 WPCSvc - ok
21:22:58.0271 5448 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:22:58.0271 5448 WPDBusEnum - ok
21:22:58.0333 5448 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:22:58.0333 5448 ws2ifsl - ok
21:22:58.0365 5448 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
21:22:58.0365 5448 wscsvc - ok
21:22:58.0380 5448 WSearch - ok
21:22:58.0521 5448 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
21:22:58.0536 5448 wuauserv - ok
21:22:58.0645 5448 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:22:58.0645 5448 WudfPf - ok
21:22:58.0708 5448 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:22:58.0708 5448 WUDFRd - ok
21:22:58.0755 5448 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:22:58.0755 5448 wudfsvc - ok
21:22:58.0801 5448 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:22:58.0801 5448 WwanSvc - ok
21:22:58.0848 5448 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:22:58.0911 5448 \Device\Harddisk0\DR0 - ok
21:22:58.0926 5448 Boot (0x1200) (f3da8bbc2cb1be5dffe14eb00d8b6dc9) \Device\Harddisk0\DR0\Partition0
21:22:58.0926 5448 \Device\Harddisk0\DR0\Partition0 - ok
21:22:58.0926 5448 ============================================================
21:22:58.0926 5448 Scan finished
21:22:58.0926 5448 ============================================================
21:22:58.0942 0708 Detected object count: 0
21:22:58.0942 0708 Actual detected object count: 0
21:24:25.0959 2856 ============================================================
21:24:25.0959 2856 Scan started
21:24:25.0959 2856 Mode: Manual; SigCheck; TDLFS;
21:24:25.0959 2856 ============================================================
21:24:26.0240 2856 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
21:24:26.0302 2856 1394ohci - ok
21:24:26.0333 2856 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
21:24:26.0349 2856 ACPI - ok
21:24:26.0380 2856 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
21:24:26.0442 2856 AcpiPmi - ok
21:24:26.0505 2856 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:24:26.0520 2856 AdobeFlashPlayerUpdateSvc - ok
21:24:26.0567 2856 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
21:24:26.0598 2856 adp94xx - ok
21:24:26.0598 2856 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
21:24:26.0614 2856 adpahci - ok
21:24:26.0645 2856 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
21:24:26.0661 2856 adpu320 - ok
21:24:26.0692 2856 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll
21:24:26.0723 2856 AeLookupSvc - ok
21:24:26.0770 2856 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
21:24:26.0801 2856 AFD - ok
21:24:26.0895 2856 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\windows\system32\DRIVERS\AGRSM.sys
21:24:26.0926 2856 AgereSoftModem - ok
21:24:26.0942 2856 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
21:24:26.0957 2856 agp440 - ok
21:24:26.0988 2856 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
21:24:27.0004 2856 aic78xx - ok
21:24:27.0035 2856 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe
21:24:27.0051 2856 ALG - ok
21:24:27.0066 2856 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
21:24:27.0082 2856 aliide - ok
21:24:27.0113 2856 AMD External Events Utility (3e158a239992177c895458d9457a8859) C:\windows\system32\atiesrxx.exe
21:24:27.0144 2856 AMD External Events Utility - ok
21:24:27.0144 2856 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
21:24:27.0160 2856 amdagp - ok
21:24:27.0207 2856 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
21:24:27.0222 2856 amdide - ok
21:24:27.0254 2856 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
21:24:27.0285 2856 AmdK8 - ok
21:24:27.0566 2856 amdkmdag (4ac9456b06b5cf56aad4c547dd3df553) C:\windows\system32\DRIVERS\atipmdag.sys
21:24:27.0659 2856 amdkmdag - ok
21:24:27.0784 2856 amdkmdap (a9db7f34f76bef9c97f3574058ffca92) C:\windows\system32\DRIVERS\atikmpag.sys
21:24:27.0815 2856 amdkmdap - ok
21:24:27.0831 2856 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
21:24:27.0846 2856 AmdPPM - ok
21:24:27.0878 2856 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\windows\system32\drivers\amdsata.sys
21:24:27.0893 2856 amdsata - ok
21:24:27.0940 2856 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
21:24:27.0956 2856 amdsbs - ok
21:24:27.0956 2856 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\windows\system32\drivers\amdxata.sys
21:24:27.0971 2856 amdxata - ok
21:24:28.0018 2856 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
21:24:28.0096 2856 AppID - ok
21:24:28.0127 2856 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll
21:24:28.0158 2856 AppIDSvc - ok
21:24:28.0190 2856 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll
21:24:28.0221 2856 Appinfo - ok
21:24:28.0252 2856 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
21:24:28.0252 2856 arc - ok
21:24:28.0268 2856 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
21:24:28.0283 2856 arcsas - ok
21:24:28.0299 2856 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
21:24:28.0346 2856 AsyncMac - ok
21:24:28.0377 2856 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
21:24:28.0392 2856 atapi - ok
21:24:28.0439 2856 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:24:28.0486 2856 AudioEndpointBuilder - ok
21:24:28.0486 2856 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll
21:24:28.0517 2856 Audiosrv - ok
21:24:28.0548 2856 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll
21:24:28.0595 2856 AxInstSV - ok
21:24:28.0642 2856 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
21:24:28.0673 2856 b06bdrv - ok
21:24:28.0689 2856 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
21:24:28.0704 2856 b57nd60x - ok
21:24:28.0736 2856 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll
21:24:28.0767 2856 BDESVC - ok
21:24:28.0782 2856 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
21:24:28.0845 2856 Beep - ok
21:24:28.0892 2856 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll
21:24:28.0954 2856 BFE - ok
21:24:28.0985 2856 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\system32\qmgr.dll
21:24:29.0048 2856 BITS - ok
21:24:29.0063 2856 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
21:24:29.0094 2856 blbdrive - ok
21:24:29.0110 2856 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
21:24:29.0126 2856 bowser - ok
21:24:29.0204 2856 BPLGQPF - ok
21:24:29.0204 2856 BQPFU - ok
21:24:29.0235 2856 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
21:24:29.0297 2856 BrFiltLo - ok
21:24:29.0328 2856 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
21:24:29.0360 2856 BrFiltUp - ok
21:24:29.0360 2856 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\windows\system32\DRIVERS\bridge.sys
21:24:29.0406 2856 BridgeMP - ok
21:24:29.0640 2856 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll
21:24:29.0703 2856 Browser - ok
21:24:29.0734 2856 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
21:24:29.0750 2856 Brserid - ok
21:24:29.0781 2856 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
21:24:29.0812 2856 BrSerWdm - ok
21:24:29.0843 2856 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
21:24:29.0874 2856 BrUsbMdm - ok
21:24:29.0874 2856 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
21:24:29.0906 2856 BrUsbSer - ok
21:24:29.0921 2856 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
21:24:29.0952 2856 BTHMODEM - ok
21:24:29.0984 2856 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll
21:24:30.0046 2856 bthserv - ok
21:24:30.0046 2856 bwcsrv - ok
21:24:30.0046 2856 catchme - ok
21:24:30.0077 2856 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
21:24:30.0124 2856 cdfs - ok
21:24:30.0155 2856 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
21:24:30.0171 2856 cdrom - ok
21:24:30.0202 2856 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:24:30.0233 2856 CertPropSvc - ok
21:24:30.0327 2856 cfWiMAXService (3653fd7871e8b5b92e9c3e2945bd293d) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
21:24:30.0342 2856 cfWiMAXService - ok
21:24:30.0374 2856 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
21:24:30.0389 2856 circlass - ok
21:24:30.0436 2856 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
21:24:30.0452 2856 CLFS - ok
21:24:30.0514 2856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:30.0530 2856 clr_optimization_v2.0.50727_32 - ok
21:24:30.0592 2856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:24:30.0623 2856 clr_optimization_v4.0.30319_32 - ok
21:24:30.0639 2856 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
21:24:30.0670 2856 CmBatt - ok
21:24:30.0686 2856 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
21:24:30.0701 2856 cmdide - ok
21:24:30.0748 2856 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
21:24:30.0779 2856 CNG - ok
21:24:30.0826 2856 CnxtHdAudService (c2fa222ac9db9463f801451ff65ecbe8) C:\windows\system32\drivers\CHDRT32.sys
21:24:30.0873 2856 CnxtHdAudService - ok
21:24:30.0888 2856 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
21:24:30.0904 2856 Compbatt - ok
21:24:30.0920 2856 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
21:24:30.0966 2856 CompositeBus - ok
21:24:30.0966 2856 COMSysApp - ok
21:24:31.0076 2856 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
21:24:31.0091 2856 ConfigFree Service - ok
21:24:31.0107 2856 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
21:24:31.0122 2856 crcdisk - ok
21:24:31.0169 2856 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll
21:24:31.0200 2856 CryptSvc - ok
21:24:31.0232 2856 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll
21:24:31.0278 2856 DcomLaunch - ok
21:24:31.0325 2856 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll
21:24:31.0388 2856 defragsvc - ok
21:24:31.0403 2856 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
21:24:31.0466 2856 DfsC - ok
21:24:31.0512 2856 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll
21:24:31.0559 2856 Dhcp - ok
21:24:31.0590 2856 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
21:24:31.0637 2856 discache - ok
21:24:31.0653 2856 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
21:24:31.0668 2856 Disk - ok
21:24:31.0700 2856 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll
21:24:31.0731 2856 Dnscache - ok
21:24:31.0778 2856 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll
21:24:31.0824 2856 dot3svc - ok
21:24:31.0856 2856 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll
21:24:31.0887 2856 DPS - ok
21:24:31.0918 2856 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
21:24:31.0965 2856 drmkaud - ok
21:24:32.0027 2856 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
21:24:32.0058 2856 DXGKrnl - ok
21:24:32.0090 2856 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll
21:24:32.0121 2856 EapHost - ok
21:24:32.0308 2856 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
21:24:32.0402 2856 ebdrv - ok
21:24:32.0495 2856 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe
21:24:32.0526 2856 EFS - ok
21:24:32.0589 2856 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe
21:24:32.0620 2856 ehRecvr - ok
21:24:32.0651 2856 ehSched (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe
21:24:32.0682 2856 ehSched - ok
21:24:32.0760 2856 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
21:24:32.0807 2856 elxstor - ok
21:24:32.0823 2856 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
21:24:32.0854 2856 ErrDev - ok
21:24:32.0885 2856 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll
21:24:32.0932 2856 EventSystem - ok
21:24:32.0948 2856 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
21:24:32.0994 2856 exfat - ok
21:24:33.0010 2856 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
21:24:33.0057 2856 fastfat - ok
21:24:33.0119 2856 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe
21:24:33.0150 2856 Fax - ok
21:24:33.0166 2856 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
21:24:33.0182 2856 fdc - ok
21:24:33.0197 2856 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll
21:24:33.0260 2856 fdPHost - ok
21:24:33.0275 2856 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll
21:24:33.0306 2856 FDResPub - ok
21:24:33.0322 2856 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
21:24:33.0338 2856 FileInfo - ok
21:24:33.0338 2856 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
21:24:33.0369 2856 Filetrace - ok
21:24:33.0400 2856 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
21:24:33.0431 2856 flpydisk - ok
21:24:33.0447 2856 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
21:24:33.0462 2856 FltMgr - ok
21:24:33.0525 2856 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\windows\system32\FntCache.dll
21:24:33.0603 2856 FontCache - ok
21:24:33.0665 2856 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:24:33.0681 2856 FontCache3.0.0.0 - ok
21:24:33.0712 2856 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
21:24:33.0728 2856 FsDepends - ok
21:24:33.0759 2856 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys
21:24:33.0774 2856 Fs_Rec - ok
21:24:33.0806 2856 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
21:24:33.0821 2856 fvevol - ok
21:24:33.0852 2856 FwLnk (0f76e205bdc60364f08a5949082771ca) C:\windows\system32\DRIVERS\FwLnk.sys
21:24:33.0868 2856 FwLnk - ok
21:24:33.0899 2856 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
21:24:33.0915 2856 gagp30kx - ok
21:24:33.0962 2856 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
21:24:33.0977 2856 GamesAppService - ok
21:24:34.0040 2856 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll
21:24:34.0102 2856 gpsvc - ok
21:24:34.0164 2856 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:24:34.0180 2856 gupdate - ok
21:24:34.0180 2856 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
21:24:34.0196 2856 gupdatem - ok
21:24:34.0227 2856 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:24:34.0242 2856 gusvc - ok
21:24:34.0242 2856 Hardlock - ok
21:24:34.0274 2856 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
21:24:34.0289 2856 hcw85cir - ok
21:24:34.0336 2856 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
21:24:34.0352 2856 HdAudAddService - ok
21:24:34.0523 2856 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
21:24:34.0539 2856 HDAudBus - ok
21:24:34.0586 2856 HECI (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\windows\system32\DRIVERS\HECI.sys
21:24:34.0632 2856 HECI - ok
21:24:34.0648 2856 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
21:24:34.0664 2856 HidBatt - ok
21:24:34.0695 2856 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
21:24:34.0710 2856 HidBth - ok
21:24:34.0726 2856 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
21:24:34.0757 2856 HidIr - ok
21:24:34.0788 2856 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\System32\hidserv.dll
21:24:34.0882 2856 hidserv - ok
21:24:34.0898 2856 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
21:24:34.0929 2856 HidUsb - ok
21:24:34.0960 2856 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll
21:24:34.0991 2856 hkmsvc - ok
21:24:35.0007 2856 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll
21:24:35.0022 2856 HomeGroupListener - ok
21:24:35.0054 2856 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll
21:24:35.0085 2856 HomeGroupProvider - ok
21:24:35.0100 2856 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
21:24:35.0116 2856 HpSAMD - ok
21:24:35.0163 2856 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
21:24:35.0210 2856 HTTP - ok
21:24:35.0256 2856 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
21:24:35.0256 2856 hwpolicy - ok
21:24:35.0303 2856 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
21:24:35.0334 2856 i8042prt - ok
21:24:35.0397 2856 iaStor (39f7c9aeee865fe8e98cf3edd2b4bb4a) C:\windows\system32\DRIVERS\iaStor.sys
21:24:35.0412 2856 iaStor - ok
21:24:35.0459 2856 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\windows\system32\drivers\iaStorV.sys
21:24:35.0475 2856 iaStorV - ok
21:24:35.0600 2856 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:24:35.0631 2856 idsvc - ok
21:24:36.0177 2856 igfx (b3a313080b0f73f4c8292290606fc15d) C:\windows\system32\DRIVERS\igdkmd32.sys
21:24:36.0317 2856 igfx - ok
21:24:36.0442 2856 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
21:24:36.0473 2856 iirsp - ok
21:24:36.0536 2856 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll
21:24:36.0582 2856 IKEEXT - ok
21:24:36.0614 2856 Impcd (03c0d99bc2913226f1cea7cb0d984659) C:\windows\system32\DRIVERS\Impcd.sys
21:24:36.0645 2856 Impcd - ok
21:24:36.0676 2856 IntcDAud (bf31740828a26ab451803e3b35432651) C:\windows\system32\DRIVERS\IntcDAud.sys
21:24:36.0723 2856 IntcDAud - ok
21:24:36.0754 2856 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
21:24:36.0770 2856 intelide - ok
21:24:36.0785 2856 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
21:24:36.0801 2856 intelppm - ok
21:24:36.0832 2856 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll
21:24:36.0894 2856 IPBusEnum - ok
21:24:36.0926 2856 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:24:36.0957 2856 IpFilterDriver - ok
21:24:37.0066 2856 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll
21:24:37.0128 2856 iphlpsvc - ok
21:24:37.0160 2856 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
21:24:37.0191 2856 IPMIDRV - ok
21:24:37.0206 2856 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
21:24:37.0253 2856 IPNAT - ok
21:24:37.0284 2856 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
21:24:37.0331 2856 IRENUM - ok
21:24:37.0362 2856 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
21:24:37.0362 2856 isapnp - ok
21:24:37.0409 2856 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
21:24:37.0425 2856 iScsiPrt - ok
21:24:37.0425 2856 isdrv120 - ok
21:24:37.0440 2856 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
21:24:37.0456 2856 kbdclass - ok
21:24:37.0472 2856 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
21:24:37.0487 2856 kbdhid - ok
21:24:37.0518 2856 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:24:37.0534 2856 KeyIso - ok
21:24:37.0550 2856 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
21:24:37.0565 2856 KSecDD - ok
21:24:37.0581 2856 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
21:24:37.0596 2856 KSecPkg - ok
21:24:37.0643 2856 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll
21:24:37.0690 2856 KtmRm - ok
21:24:37.0721 2856 L1C (b05adcd03aaed42607371186f359d8a5) C:\windows\system32\DRIVERS\L1C62x86.sys
21:24:37.0721 2856 L1C - ok
21:24:37.0752 2856 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\System32\srvsvc.dll
21:24:37.0799 2856 LanmanServer - ok
21:24:37.0846 2856 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll
21:24:37.0877 2856 LanmanWorkstation - ok
21:24:37.0908 2856 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
21:24:37.0955 2856 lltdio - ok
21:24:38.0002 2856 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll
21:24:38.0049 2856 lltdsvc - ok
21:24:38.0080 2856 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll
21:24:38.0111 2856 lmhosts - ok
21:24:38.0205 2856 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:24:38.0220 2856 LMS - ok
21:24:38.0252 2856 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
21:24:38.0252 2856 LSI_FC - ok
21:24:38.0283 2856 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
21:24:38.0283 2856 LSI_SAS - ok
21:24:38.0314 2856 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
21:24:38.0314 2856 LSI_SAS2 - ok
21:24:38.0330 2856 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
21:24:38.0345 2856 LSI_SCSI - ok
21:24:38.0376 2856 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
21:24:38.0423 2856 luafv - ok
21:24:38.0439 2856 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\windows\system32\drivers\mbam.sys
21:24:38.0454 2856 MBAMProtector - ok
21:24:38.0532 2856 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:24:38.0579 2856 MBAMService - ok
21:24:38.0610 2856 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll
21:24:38.0626 2856 Mcx2Svc - ok
21:24:38.0642 2856 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
21:24:38.0657 2856 megasas - ok
21:24:38.0688 2856 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
21:24:38.0704 2856 MegaSR - ok
21:24:38.0766 2856 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:24:38.0782 2856 Microsoft Office Groove Audit Service - ok
21:24:38.0813 2856 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:24:38.0860 2856 MMCSS - ok
21:24:38.0876 2856 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
21:24:38.0922 2856 Modem - ok
21:24:38.0954 2856 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
21:24:38.0985 2856 monitor - ok
21:24:39.0016 2856 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
21:24:39.0032 2856 mouclass - ok
21:24:39.0047 2856 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
21:24:39.0063 2856 mouhid - ok
21:24:39.0094 2856 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
21:24:39.0110 2856 mountmgr - ok
21:24:39.0141 2856 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
21:24:39.0156 2856 mpio - ok
21:24:39.0188 2856 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
21:24:39.0250 2856 mpsdrv - ok
21:24:39.0312 2856 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll
21:24:39.0375 2856 MpsSvc - ok
21:24:39.0422 2856 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
21:24:39.0437 2856 MRxDAV - ok
21:24:39.0484 2856 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
21:24:39.0531 2856 mrxsmb - ok
21:24:39.0562 2856 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:24:39.0593 2856 mrxsmb10 - ok
21:24:39.0609 2856 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:24:39.0640 2856 mrxsmb20 - ok
21:24:39.0671 2856 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
21:24:39.0687 2856 msahci - ok
21:24:39.0718 2856 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
21:24:39.0734 2856 msdsm - ok
21:24:39.0780 2856 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe
21:24:39.0812 2856 MSDTC - ok
21:24:39.0827 2856 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
21:24:39.0874 2856 Msfs - ok
21:24:39.0890 2856 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
21:24:39.0921 2856 mshidkmdf - ok
21:24:39.0936 2856 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
21:24:39.0952 2856 msisadrv - ok
21:24:39.0983 2856 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll
21:24:40.0030 2856 MSiSCSI - ok
21:24:40.0030 2856 msiserver - ok
21:24:40.0061 2856 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
21:24:40.0108 2856 MSKSSRV - ok
21:24:40.0124 2856 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
21:24:40.0170 2856 MSPCLOCK - ok
21:24:40.0170 2856 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
21:24:40.0233 2856 MSPQM - ok
21:24:40.0264 2856 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
21:24:40.0280 2856 MsRPC - ok
21:24:40.0311 2856 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
21:24:40.0311 2856 mssmbios - ok
21:24:40.0326 2856 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
21:24:40.0358 2856 MSTEE - ok
21:24:40.0373 2856 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
21:24:40.0389 2856 MTConfig - ok
21:24:40.0420 2856 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
21:24:40.0451 2856 Mup - ok
21:24:40.0482 2856 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll
21:24:40.0545 2856 napagent - ok
21:24:40.0576 2856 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
21:24:40.0623 2856 NativeWifiP - ok
21:24:40.0685 2856 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
21:24:40.0716 2856 NDIS - ok
21:24:40.0748 2856 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
21:24:40.0779 2856 NdisCap - ok
21:24:40.0794 2856 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
21:24:40.0841 2856 NdisTapi - ok
21:24:40.0872 2856 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
21:24:40.0919 2856 Ndisuio - ok
21:24:40.0950 2856 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
21:24:40.0997 2856 NdisWan - ok
21:24:41.0028 2856 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
21:24:41.0060 2856 NDProxy - ok
21:24:41.0091 2856 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
21:24:41.0138 2856 NetBIOS - ok
21:24:41.0169 2856 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
21:24:41.0200 2856 NetBT - ok
21:24:41.0231 2856 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:24:41.0247 2856 Netlogon - ok
21:24:41.0309 2856 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll
21:24:41.0356 2856 Netman - ok
21:24:41.0387 2856 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll
21:24:41.0418 2856 netprofm - ok
21:24:41.0496 2856 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:24:41.0528 2856 NetTcpPortSharing - ok
21:24:41.0543 2856 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
21:24:41.0559 2856 nfrd960 - ok
21:24:41.0606 2856 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll
21:24:41.0668 2856 NlaSvc - ok
21:24:41.0684 2856 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
21:24:41.0715 2856 Npfs - ok
21:24:41.0730 2856 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll
21:24:41.0777 2856 nsi - ok
21:24:41.0777 2856 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
21:24:41.0808 2856 nsiproxy - ok
21:24:41.0996 2856 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\windows\system32\drivers\Ntfs.sys
21:24:42.0042 2856 Ntfs - ok
21:24:42.0058 2856 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
21:24:42.0105 2856 Null - ok
21:24:42.0136 2856 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\windows\system32\drivers\nvraid.sys
21:24:42.0152 2856 nvraid - ok
21:24:42.0167 2856 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\windows\system32\drivers\nvstor.sys
21:24:42.0183 2856 nvstor - ok
21:24:42.0198 2856 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
21:24:42.0214 2856 nv_agp - ok
21:24:42.0292 2856 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:24:42.0323 2856 odserv - ok
21:24:42.0339 2856 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
21:24:42.0370 2856 ohci1394 - ok
21:24:42.0401 2856 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:24:42.0417 2856 ose - ok
21:24:42.0464 2856 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:24:42.0495 2856 p2pimsvc - ok
21:24:42.0542 2856 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll
21:24:42.0573 2856 p2psvc - ok
21:24:42.0604 2856 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
21:24:42.0620 2856 Parport - ok
21:24:42.0651 2856 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
21:24:42.0666 2856 partmgr - ok
21:24:42.0682 2856 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
21:24:42.0682 2856 Parvdm - ok
21:24:42.0729 2856 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll
21:24:42.0760 2856 PcaSvc - ok
21:24:42.0791 2856 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
21:24:42.0807 2856 pci - ok
21:24:42.0822 2856 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
21:24:42.0838 2856 pciide - ok
21:24:42.0854 2856 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
21:24:42.0869 2856 pcmcia - ok
21:24:42.0885 2856 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
21:24:42.0900 2856 pcw - ok
21:24:43.0056 2856 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
21:24:43.0134 2856 PEAUTH - ok
21:24:43.0166 2856 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys
21:24:43.0212 2856 PGEffect - ok
21:24:43.0322 2856 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll
21:24:43.0384 2856 pla - ok
21:24:43.0524 2856 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll
21:24:43.0556 2856 PlugPlay - ok
21:24:43.0571 2856 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll
21:24:43.0587 2856 PNRPAutoReg - ok
21:24:43.0602 2856 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll
21:24:43.0618 2856 PNRPsvc - ok
21:24:43.0665 2856 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll
21:24:43.0696 2856 PolicyAgent - ok
21:24:43.0727 2856 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll
21:24:43.0758 2856 Power - ok
21:24:43.0821 2856 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
21:24:43.0868 2856 PptpMiniport - ok
21:24:43.0883 2856 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
21:24:43.0914 2856 Processor - ok
21:24:43.0961 2856 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll
21:24:44.0008 2856 ProfSvc - ok
21:24:44.0039 2856 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:24:44.0055 2856 ProtectedStorage - ok
21:24:44.0086 2856 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
21:24:44.0133 2856 Psched - ok
21:24:44.0211 2856 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
21:24:44.0258 2856 ql2300 - ok
21:24:44.0367 2856 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
21:24:44.0382 2856 ql40xx - ok
21:24:44.0429 2856 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll
21:24:44.0460 2856 QWAVE - ok
21:24:44.0492 2856 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
21:24:44.0507 2856 QWAVEdrv - ok
21:24:44.0523 2856 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
21:24:44.0554 2856 RasAcd - ok
21:24:44.0570 2856 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
21:24:44.0601 2856 RasAgileVpn - ok
21:24:44.0632 2856 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll
21:24:44.0663 2856 RasAuto - ok
21:24:44.0679 2856 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
21:24:44.0726 2856 Rasl2tp - ok
21:24:44.0757 2856 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll
21:24:44.0788 2856 RasMan - ok
21:24:44.0819 2856 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
21:24:44.0850 2856 RasPppoe - ok
21:24:44.0866 2856 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
21:24:44.0897 2856 RasSstp - ok
21:24:44.0944 2856 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
21:24:44.0991 2856 rdbss - ok
21:24:45.0006 2856 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
21:24:45.0022 2856 rdpbus - ok
21:24:45.0053 2856 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
21:24:45.0100 2856 RDPCDD - ok
21:24:45.0116 2856 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
21:24:45.0162 2856 RDPENCDD - ok
21:24:45.0162 2856 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
21:24:45.0209 2856 RDPREFMP - ok
21:24:45.0256 2856 RDPWD (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys
21:24:45.0287 2856 RDPWD - ok
21:24:45.0318 2856 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
21:24:45.0350 2856 rdyboost - ok
21:24:45.0365 2856 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll
21:24:45.0412 2856 RemoteAccess - ok
21:24:45.0443 2856 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll
21:24:45.0474 2856 RemoteRegistry - ok
21:24:45.0474 2856 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll
21:24:45.0537 2856 RpcEptMapper - ok
21:24:45.0568 2856 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe
21:24:45.0584 2856 RpcLocator - ok
21:24:45.0630 2856 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\System32\rpcss.dll
21:24:45.0662 2856 RpcSs - ok
21:24:45.0693 2856 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
21:24:45.0740 2856 rspndr - ok
21:24:45.0786 2856 RSUSBSTOR (b87f999e05dd9c0312c83a8752e8e66b) C:\windows\system32\Drivers\RtsUStor.sys
21:24:45.0786 2856 RSUSBSTOR - ok
21:24:45.0864 2856 rtl8192se (8327c64e9a4d052339c16499d08f7d6c) C:\windows\system32\DRIVERS\rtl8192se.sys
21:24:45.0896 2856 rtl8192se - ok
21:24:45.0927 2856 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:24:45.0942 2856 SamSs - ok
21:24:45.0974 2856 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
21:24:45.0989 2856 sbp2port - ok
21:24:46.0036 2856 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll
21:24:46.0098 2856 SCardSvr - ok
21:24:46.0130 2856 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
21:24:46.0192 2856 scfilter - ok
21:24:46.0254 2856 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll
21:24:46.0286 2856 Schedule - ok
21:24:46.0317 2856 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll
21:24:46.0348 2856 SCPolicySvc - ok
21:24:46.0395 2856 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll
21:24:46.0426 2856 SDRSVC - ok
21:24:46.0457 2856 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
21:24:46.0520 2856 secdrv - ok
21:24:46.0535 2856 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll
21:24:46.0582 2856 seclogon - ok
21:24:46.0598 2856 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\system32\sens.dll
21:24:46.0644 2856 SENS - ok
21:24:46.0676 2856 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll
21:24:46.0707 2856 SensrSvc - ok
21:24:46.0722 2856 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
21:24:46.0754 2856 Serenum - ok
21:24:46.0785 2856 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
21:24:46.0800 2856 Serial - ok
21:24:46.0832 2856 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
21:24:46.0863 2856 sermouse - ok
21:24:46.0910 2856 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll
21:24:46.0972 2856 SessionEnv - ok
21:24:46.0988 2856 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
21:24:47.0019 2856 sffdisk - ok
21:24:47.0050 2856 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
21:24:47.0066 2856 sffp_mmc - ok
21:24:47.0066 2856 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
21:24:47.0097 2856 sffp_sd - ok
21:24:47.0128 2856 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
21:24:47.0144 2856 sfloppy - ok
21:24:47.0175 2856 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll
21:24:47.0253 2856 SharedAccess - ok
21:24:47.0300 2856 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll
21:24:47.0331 2856 ShellHWDetection - ok
21:24:47.0362 2856 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
21:24:47.0378 2856 sisagp - ok
21:24:47.0393 2856 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
21:24:47.0409 2856 SiSRaid2 - ok
21:24:47.0424 2856 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
21:24:47.0440 2856 SiSRaid4 - ok
21:24:47.0487 2856 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:24:47.0502 2856 SkypeUpdate - ok
21:24:47.0518 2856 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
21:24:47.0565 2856 Smb - ok
21:24:47.0580 2856 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe
21:24:47.0596 2856 SNMPTRAP - ok
21:24:47.0627 2856 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
21:24:47.0643 2856 spldr - ok
21:24:47.0674 2856 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe
21:24:47.0721 2856 Spooler - ok
21:24:47.0908 2856 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe
21:24:47.0986 2856 sppsvc - ok
21:24:48.0064 2856 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll
21:24:48.0111 2856 sppuinotify - ok
21:24:48.0189 2856 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
21:24:48.0220 2856 srv - ok
21:24:48.0251 2856 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
21:24:48.0282 2856 srv2 - ok
21:24:48.0314 2856 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
21:24:48.0345 2856 srvnet - ok
21:24:48.0376 2856 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll
21:24:48.0407 2856 SSDPSRV - ok
21:24:48.0423 2856 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll
21:24:48.0470 2856 SstpSvc - ok
21:24:48.0485 2856 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
21:24:48.0501 2856 stexstor - ok
21:24:48.0548 2856 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll
21:24:48.0579 2856 StiSvc - ok
21:24:48.0594 2856 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
21:24:48.0610 2856 swenum - ok
21:24:48.0641 2856 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll
21:24:48.0688 2856 swprv - ok
21:24:48.0735 2856 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\windows\system32\DRIVERS\SynTP.sys
21:24:48.0750 2856 SynTP - ok
21:24:48.0844 2856 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll
21:24:48.0875 2856 SysMain - ok
21:24:48.0906 2856 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll
21:24:48.0922 2856 TabletInputService - ok
21:24:48.0969 2856 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll
21:24:49.0000 2856 TapiSrv - ok
21:24:49.0062 2856 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll
21:24:49.0109 2856 TBS - ok
21:24:49.0250 2856 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
21:24:49.0296 2856 Tcpip - ok
21:24:49.0296 2856 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
21:24:49.0343 2856 TCPIP6 - ok
21:24:49.0374 2856 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
21:24:49.0406 2856 tcpipreg - ok
21:24:49.0437 2856 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys
21:24:49.0452 2856 tdcmdpst - ok
21:24:49.0468 2856 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
21:24:49.0484 2856 TDPIPE - ok
21:24:49.0515 2856 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys
21:24:49.0530 2856 TDTCP - ok
21:24:49.0562 2856 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
21:24:49.0593 2856 tdx - ok
21:24:49.0624 2856 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
21:24:49.0640 2856 TermDD - ok
21:24:49.0686 2856 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll
21:24:49.0718 2856 TermService - ok
21:24:49.0749 2856 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll
21:24:49.0780 2856 Themes - ok
21:24:49.0811 2856 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll
21:24:49.0842 2856 THREADORDER - ok
21:24:49.0905 2856 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:24:49.0920 2856 TMachInfo - ok
21:24:49.0952 2856 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\windows\system32\TODDSrv.exe
21:24:49.0967 2856 TODDSrv - ok
21:24:50.0030 2856 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:24:50.0061 2856 TosCoSrv - ok
21:24:50.0092 2856 TOSHIBA eco Utility Service (c2b3b621d6b6ebbedc4fbcac712a3a6c) C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:24:50.0123 2856 TOSHIBA eco Utility Service - ok
21:24:50.0154 2856 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:24:50.0154 2856 TOSHIBA HDD SSD Alert Service - ok
21:24:50.0217 2856 TPCHSrv (7a3015457209333d5d08ff10a8f0c120) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:24:50.0248 2856 TPCHSrv - ok
21:24:50.0342 2856 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll
21:24:50.0404 2856 TrkWks - ok
21:24:50.0451 2856 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe
21:24:50.0544 2856 TrustedInstaller - ok
21:24:50.0607 2856 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
21:24:50.0669 2856 tssecsrv - ok
21:24:50.0700 2856 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
21:24:50.0716 2856 TsUsbFlt - ok
21:24:50.0747 2856 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
21:24:50.0778 2856 tunnel - ok
21:24:50.0810 2856 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS
21:24:50.0825 2856 TVALZ - ok
21:24:50.0841 2856 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys
21:24:50.0856 2856 TVALZFL - ok
21:24:50.0888 2856 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
21:24:50.0888 2856 uagp35 - ok
21:24:50.0934 2856 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
21:24:50.0997 2856 udfs - ok
21:24:51.0028 2856 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe
21:24:51.0044 2856 UI0Detect - ok
21:24:51.0075 2856 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
21:24:51.0090 2856 uliagpkx - ok
21:24:51.0106 2856 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
21:24:51.0122 2856 umbus - ok
21:24:51.0153 2856 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
21:24:51.0184 2856 UmPass - ok
21:24:51.0402 2856 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:24:51.0465 2856 UNS - ok
21:24:51.0574 2856 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll
21:24:51.0621 2856 upnphost - ok
21:24:51.0683 2856 usbccgp (7e72e7d7e0757d59481d530fd2b0bfae) C:\windows\system32\DRIVERS\usbccgp.sys
21:24:51.0730 2856 usbccgp - ok
21:24:51.0746 2856 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
21:24:51.0761 2856 usbcir - ok
21:24:51.0792 2856 usbehci (cfbce999c057d78979a181c9c60f208e) C:\windows\system32\drivers\usbehci.sys
21:24:51.0792 2856 usbehci - ok
21:24:51.0824 2856 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\windows\system32\drivers\usbhub.sys
21:24:51.0839 2856 usbhub - ok
21:24:51.0855 2856 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys
21:24:51.0870 2856 usbohci - ok
21:24:51.0902 2856 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
21:24:51.0933 2856 usbprint - ok
21:24:51.0948 2856 USBSTOR (bf63ebfc6979fefb2bc03df7989a0c1a) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:24:51.0980 2856 USBSTOR - ok
21:24:52.0011 2856 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\windows\system32\drivers\usbuhci.sys
21:24:52.0026 2856 usbuhci - ok
21:24:52.0089 2856 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
21:24:52.0136 2856 usbvideo - ok
21:24:52.0151 2856 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll
21:24:52.0198 2856 UxSms - ok
21:24:52.0214 2856 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe
21:24:52.0229 2856 VaultSvc - ok
21:24:52.0260 2856 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
21:24:52.0276 2856 vdrvroot - ok
21:24:52.0323 2856 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe
21:24:52.0370 2856 vds - ok
21:24:52.0401 2856 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
21:24:52.0432 2856 vga - ok
21:24:52.0448 2856 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
21:24:52.0479 2856 VgaSave - ok
21:24:52.0494 2856 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
21:24:52.0510 2856 vhdmp - ok
21:24:52.0541 2856 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
21:24:52.0557 2856 viaagp - ok
21:24:52.0588 2856 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
21:24:52.0619 2856 ViaC7 - ok
21:24:52.0635 2856 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
21:24:52.0650 2856 viaide - ok
21:24:52.0682 2856 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
21:24:52.0682 2856 volmgr - ok
21:24:52.0728 2856 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
21:24:52.0760 2856 volmgrx - ok
21:24:52.0806 2856 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
21:24:52.0806 2856 volsnap - ok
21:24:52.0838 2856 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
21:24:52.0853 2856 vsmraid - ok
21:24:52.0931 2856 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe
21:24:53.0009 2856 VSS - ok
21:24:53.0040 2856 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
21:24:53.0072 2856 vwifibus - ok
21:24:53.0087 2856 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
21:24:53.0103 2856 vwififlt - ok
21:24:53.0134 2856 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll
21:24:53.0181 2856 W32Time - ok
21:24:53.0212 2856 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
21:24:53.0228 2856 WacomPen - ok
21:24:53.0259 2856 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:24:53.0306 2856 WANARP - ok
21:24:53.0306 2856 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
21:24:53.0337 2856 Wanarpv6 - ok
21:24:53.0462 2856 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\windows\system32\Wat\WatAdminSvc.exe
21:24:53.0493 2856 WatAdminSvc - ok
21:24:53.0571 2856 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe
21:24:53.0633 2856 wbengine - ok
21:24:53.0680 2856 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll
21:24:53.0711 2856 WbioSrvc - ok
21:24:53.0743 2856 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll
21:24:53.0774 2856 wcncsvc - ok
21:24:53.0789 2856 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll
21:24:53.0821 2856 WcsPlugInService - ok
21:24:53.0883 2856 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
21:24:53.0899 2856 Wd - ok
21:24:53.0930 2856 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
21:24:53.0961 2856 Wdf01000 - ok
21:24:53.0977 2856 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:24:54.0008 2856 WdiServiceHost - ok
21:24:54.0008 2856 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll
21:24:54.0023 2856 WdiSystemHost - ok
21:24:54.0070 2856 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll
21:24:54.0101 2856 WebClient - ok
21:24:54.0133 2856 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll
21:24:54.0164 2856 Wecsvc - ok
21:24:54.0179 2856 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll
21:24:54.0211 2856 wercplsupport - ok
21:24:54.0226 2856 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll
21:24:54.0257 2856 WerSvc - ok
21:24:54.0257 2856 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
21:24:54.0289 2856 WfpLwf - ok
21:24:54.0320 2856 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
21:24:54.0320 2856 WIMMount - ok
21:24:54.0429 2856 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:24:54.0476 2856 WinDefend - ok
21:24:54.0476 2856 WinHttpAutoProxySvc - ok
21:24:54.0538 2856 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll
21:24:54.0585 2856 Winmgmt - ok
21:24:54.0663 2856 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll
21:24:54.0725 2856 WinRM - ok
21:24:54.0788 2856 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
21:24:54.0819 2856 WinUsb - ok
21:24:54.0881 2856 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll
21:24:54.0944 2856 Wlansvc - ok
21:24:54.0975 2856 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
21:24:54.0991 2856 WmiAcpi - ok
21:24:55.0053 2856 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe
21:24:55.0100 2856 wmiApSrv - ok
21:24:55.0225 2856 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:24:55.0287 2856 WMPNetworkSvc - ok
21:24:55.0303 2856 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll
21:24:55.0318 2856 WPCSvc - ok
21:24:55.0365 2856 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll
21:24:55.0381 2856 WPDBusEnum - ok
21:24:55.0427 2856 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
21:24:55.0474 2856 ws2ifsl - ok
21:24:55.0490 2856 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\system32\wscsvc.dll
21:24:55.0505 2856 wscsvc - ok
21:24:55.0505 2856 WSearch - ok
21:24:55.0646 2856 wuauserv (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll
21:24:55.0693 2856 wuauserv - ok
21:24:55.0802 2856 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
21:24:55.0880 2856 WudfPf - ok
21:24:55.0895 2856 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
21:24:55.0958 2856 WUDFRd - ok
21:24:55.0989 2856 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll
21:24:56.0020 2856 wudfsvc - ok
21:24:56.0051 2856 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll
21:24:56.0067 2856 WwanSvc - ok
21:24:56.0098 2856 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
21:24:57.0081 2856 \Device\Harddisk0\DR0 - ok
21:24:57.0128 2856 Boot (0x1200) (f3da8bbc2cb1be5dffe14eb00d8b6dc9) \Device\Harddisk0\DR0\Partition0
21:24:57.0128 2856 \Device\Harddisk0\DR0\Partition0 - ok
21:24:57.0128 2856 ============================================================
21:24:57.0128 2856 Scan finished
21:24:57.0128 2856 ============================================================
21:24:57.0143 5576 Detected object count: 0
21:24:57.0143 5576 Actual detected object count: 0
21:25:10.0388 4040 Deinitialize success
  • 0

#6
nubiwan

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Installed Java update - I still see Java 6 Update 14 in my programs.

Installed other updates and deleted files your requested.

Here is the OTL log.

========== OTL ==========
Service isdrv120 stopped successfully!
Service isdrv120 deleted successfully!
File %systemroot%\system32\s716mgmt.dll not found.
Service Hardlock stopped successfully!
Service Hardlock deleted successfully!
File %systemroot%\system32\tvs.dll not found.
Service bwcsrv stopped successfully!
Service bwcsrv deleted successfully!
File %systemroot%\system32\ulcdrhlp.dll not found.
Service BQPFU stopped successfully!
Service BQPFU deleted successfully!
File C:\Users\Tonerama\AppData\Local\Temp\BQPFU.exe not found.
Service BPLGQPF stopped successfully!
Service BPLGQPF deleted successfully!
File C:\Users\Tonerama\AppData\Local\Temp\BPLGQPF.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}\ not found.
File C:\Program Files\FlashGet\jccatch.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ not found.
File C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
File C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0}\ not found.
C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F156768E-81EF-470C-9057-481BA8380DBA}\ not found.
File C:\Program Files\FlashGet\getflash.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Flashget not found.
File C:\Program Files\FlashGet\FlashGet.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nullpersistent deleted successfully.
C:\Users\Tonerama\AppData\Local\Null\Nullpersistent.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download All with FlashGet\ not found.
File C:\Program Files\FlashGet\JC_ALL.HTM not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download with FlashGet\ not found.
File C:\Program Files\FlashGet\JC_LINK.HTM not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download all by FlashGet3\ not found.
C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetAllUrl.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Download by FlashGet3\ not found.
C:\Users\Tonerama\AppData\Roaming\FlashGetBHO\GetUrl.htm moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-tt2010\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97A0575E-2309-4e75-8509-B1F9390C4DE7}\ deleted successfully.
File {97A0575E-2309-4e75-8509-B1F9390C4DE7} - C:\Program Files\TurboTax 2010\ic2010pp.dll File not found not found.
C:\Users\Tonerama\AppData\Roaming\fifa folder moved successfully.
C:\Users\Tonerama\AppData\Local\Null folder moved successfully.
C:\Users\Tonerama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Fortress 2012 folder moved successfully.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
Folder C:\ProgramData\F4D55F380029BC71014C6DB1B4EB23C1\ not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Tonerama\Desktop\cmd.bat deleted successfully.
C:\Users\Tonerama\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Tonerama\Desktop\cmd.bat deleted successfully.
C:\Users\Tonerama\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Tonerama\Desktop\cmd.bat deleted successfully.
C:\Users\Tonerama\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Tonerama\Desktop\cmd.bat deleted successfully.
C:\Users\Tonerama\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Tonerama
->Flash cache emptied: 20439 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Tonerama
->Java cache emptied: 64220 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 05082012_092312
Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 05082012_092312


Here is the Combo Fix Log

ComboFix 12-05-08.01 - Tonerama 08/05/2012 9:36.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.2998.1979 [GMT -2.5:30]
Running from: c:\users\Tonerama\Desktop\ComboFix.exe
Command switches used :: c:\users\Tonerama\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Tonerama\AppData\Local\Null\Nullpersistent.exe"
"c:\users\Tonerama\AppData\Local\Temp\BPLGQPF.exe"
"c:\users\Tonerama\AppData\Local\Temp\BQPFU.exe"
"c:\windows\system32\s716mgmt.dll"
"c:\windows\system32\tvs.dll"
"c:\windows\system32\ulcdrhlp.dll"
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 12:10 . 2012-05-08 12:10 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-08 12:10 . 2012-05-08 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 11:44 . 2012-05-08 11:44 -------- d-----w- c:\program files\Common Files\Java
2012-05-08 11:43 . 2012-05-08 11:43 -------- d-----w- c:\program files\Oracle
2012-05-08 11:43 . 2012-04-04 21:17 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-08 11:43 . 2012-04-04 21:17 687504 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-29 19:36 . 2012-04-29 19:36 -------- d-----w- c:\programdata\F4D55F380029BC71014C6DB1B4EB23C1
2012-04-26 22:06 . 2012-04-26 22:06 -------- d--h--w- c:\programdata\CanonBJ
2012-04-26 22:06 . 2009-07-14 01:15 71168 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNBPP4.DLL
2012-04-12 09:17 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 09:17 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 09:17 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 09:17 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 18:26 . 2011-11-06 11:04 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-29 15:08 . 2012-03-29 15:08 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 15:08 . 2011-10-20 20:48 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-17 05:34 . 2012-03-14 11:46 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-14 11:46 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-14 11:46 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 05:38 . 2012-03-14 11:46 1077248 ----a-w- c:\windows\system32\DWrite.dll
2011-12-21 07:24 . 2012-01-30 17:48 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-02-26 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-02-26 167960]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe" [2010-03-22 496184]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-06 480608]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-03 742712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-11 1697064]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"SmartFaceVWatcher"="c:\program files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [2009-10-20 163840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-03-17 1328480]
"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2010-02-24 611672]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-09 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Tonerama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 5340160]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 152064]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 182304]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 172032]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 189808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 12920]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 7680]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-02-23 66600]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 24064]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-27 1011232]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 111960]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 685424]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
LwUsbHid
nwlnkspx
{a7447300-8075-4b0d-83f1-3d75c8ebc623}
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ebay.com/
mStart Page = hxxp://www.toshiba.ca/welcome
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 142.163.63.129
FF - ProfilePath - c:\users\Tonerama\AppData\Roaming\Mozilla\Firefox\Profiles\bwsslsp2.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9a,86,25,16,b9,39,4e,bc,5b,c4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d9,9a,86,25,16,b9,39,4e,bc,5b,c4,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-08 09:42:10
ComboFix-quarantined-files.txt 2012-05-08 12:12
ComboFix2.txt 2012-05-07 23:46
ComboFix3.txt 2012-03-30 01:12
.
Pre-Run: 509,938,405,376 bytes free
Post-Run: 509,541,990,400 bytes free
.
- - End Of File - - 8B87D10D08823720227942180C301EC8



Not seeing the messages at this point so did not run the IE scan suggested or the Bitdefender (?). Should I still run those?

Thanks Tony
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Don't install the new Java until we get rid of the old. I need to run Combofix again and will try to remove it then.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
C:\Windows\System32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll
c:\program files\Common Files\Java
c:\windows\system32\npDeployJava1.dll
c:\windows\system32\deployJava1.dll

Driver::
{a7447300-8075-4b0d-83f1-3d75c8ebc623}

NetSvcs::
{a7447300-8075-4b0d-83f1-3d75c8ebc623}

Folder::
C:\Program Files\Java

RootKit::
C:\Windows\System32\{a7447300-8075-4b0d-83f1-3d75c8ebc623}.dll


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.


I don't know what nullpersistent.exe does but since you are the only person in the world to have it on their system I thought it best to remove it. Probably part of your malware problem.

It won't hurt to run them tho ESET takes a long time but is very good at finding stuff. Bitdefender is pretty quick.

Can you run OTL, Quickscan and post the log?
  • 0

#8
nubiwan

nubiwan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I already installed the new Java, and I now have two versions of Java in my programs in control panel. Should I uninstall the newer Jave and then run your CFScript?

The problem seems to have been resolved regardless. Will wait to hear back.

Any way I can subscibe or get an email message when this post has been edited?

Edited by nubiwan, 10 May 2012 - 10:31 AM.

  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I would uninstall the Java programs, run the CF script then reinstall the new Java.

If I reply you should get an email. If you don't get an email then check you profile to make sure you have the correct email and then check your spam filter to make sure the replies didn't go to the spam folder. (There is no notice if a post is just edited.)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP