Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Engine redirect [Solved]

Started by OSUbrian , Oct 16 2012 07:04 PM

  • This topic is locked This topic is locked

#16
gringo_pr
Posted 25 October 2012 - 08:38 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

Advertisements

#17
OSUbrian
Posted 26 October 2012 - 07:44 PM

OSUbrian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
***********************************************ADW log**************************************************************
# AdwCleaner v2.005 - Logfile created 10/26/2012 at 21:28:46
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Steve - STEVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Steve\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1730 octets] - [18/10/2012 16:53:52]
AdwCleaner[R2].txt - [1790 octets] - [18/10/2012 16:54:15]
AdwCleaner[S1].txt - [1715 octets] - [18/10/2012 16:56:11]
AdwCleaner[S2].txt - [695 octets] - [26/10/2012 21:28:46]

########## EOF - C:\AdwCleaner[S2].txt - [754 octets] ##########



****************************************Rogue Killer log***********************************************************8

RogueKiller V8.2.0 [10/22/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Website: http://tigzy.geeksto...roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Steve [Admin rights]
Mode : Remove -- Date : 10/26/2012 21:35:24

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 37ec9c06aca0a1f0c0e6f65833109e43
[BSP] d2727c29e46497b18b2ca8a5f884de71 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294454 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606115840 | Size: 9290 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] cac02c389104a477f86d1d18284c8c0e
[BSP] 8858d9196258d0d47bf2188b36bc50fa : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294454 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606115840 | Size: 9290 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] cac02c389104a477f86d1d18284c8c0e
[BSP] 8858d9196258d0d47bf2188b36bc50fa : MaxSS MBR Code!
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 294454 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606115840 | Size: 9290 Mo

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  • 0

#18
gringo_pr
Posted 26 October 2012 - 07:58 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#19
OSUbrian
Posted 27 October 2012 - 10:44 AM

OSUbrian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I installed Google Chrome and it works with no redirects. Initially it was redirecting as well, after combofix it is working. IE is redirecting, but I wanted to switch to Chrome anyhow.

**************************************************COMBOFIX LOG********************************************
ComboFix 12-10-26.05 - Steve 10/27/2012 11:34:23.7.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1213 [GMT -4:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-27 to 2012-10-27 )))))))))))))))))))))))))))))))
.
.
2012-10-27 16:04 . 2012-10-27 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-27 16:04 . 2012-10-27 16:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-24 02:23 . 2012-10-24 02:24 -------- d-----w- C:\FRST
2012-10-16 01:52 . 2012-10-16 01:52 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-10-16 01:52 . 2012-10-16 01:52 -------- d-----w- c:\programdata\Malwarebytes
2012-10-16 01:52 . 2012-10-16 01:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-13 15:25 . 2012-10-13 15:25 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-13 14:26 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-13 14:26 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-13 14:26 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-13 14:26 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-13 14:23 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-13 14:23 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-13 14:23 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-13 14:23 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-13 14:23 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-13 14:23 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-13 14:23 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-13 14:23 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-13 14:12 . 2012-10-13 14:12 -------- d-----w- C:\_OTM
2012-10-13 14:09 . 2012-10-13 14:09 -------- d-----w- c:\program files (x86)\ERUNT
2012-10-07 21:30 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-10-07 21:26 . 2012-08-24 18:03 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-10-07 21:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-07 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-10-07 21:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-10-07 21:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-10-07 21:24 . 2012-06-16 05:16 609792 ----a-w- c:\windows\system32\vbscript.dll
2012-10-07 21:24 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll
2012-10-07 21:24 . 2012-06-16 04:26 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-10-07 21:23 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-10-07 21:23 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-10-07 21:23 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-10-07 21:23 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-10-07 21:23 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 21:23 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-07 21:23 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-10-07 21:23 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-07 21:23 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-10-07 21:23 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-10-07 21:23 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-10-07 20:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-07 20:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-07 20:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-07 20:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-07 20:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-07 20:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-07 20:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-07 20:45 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-07 20:45 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-09-28 18:51 . 2012-09-28 18:52 -------- d-----w- C:\Kindle Books
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 16:32 . 2010-12-28 22:16 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-20 17:38 . 2012-10-13 14:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AROReminder"="c:\program files (x86)\Advanced Registry Optimizer\ARO.exe" [2010-07-27 2216968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-07-13 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"VMM Mode Selection"="c:\program files\HTC\ModeSelection\VMMModeSelection.exe" [2011-02-14 43520]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-04-15 1127032]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [2010-03-08 121800]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [2010-03-08 121800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110511.001\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-09-09 943616]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 21:51]
.
2012-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 21:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ebay.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}\4556E676F694E6475627E65647E233734323: DhcpNameServer = 10.37.42.1
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}\77963616C6: DhcpNameServer = 206.51.128.55 206.51.143.55
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}\C416B65602C4F62716D6965602350502055726C696360275966496: DhcpNameServer = 10.128.128.128
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-27 12:22:10
ComboFix-quarantined-files.txt 2012-10-27 16:22
ComboFix2.txt 2012-10-27 14:57
ComboFix3.txt 2012-10-27 13:05
ComboFix4.txt 2012-10-19 17:46
ComboFix5.txt 2012-10-27 15:29
.
Pre-Run: 258,716,864,512 bytes free
Post-Run: 258,680,782,848 bytes free
.
- - End Of File - - ED1329DA2091672350D80B99B5D86AEC
  • 0

#20
gringo_pr
Posted 27 October 2012 - 11:20 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings OSUbrian

IE should not redirect so we need to keep checking what is going on

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
  • 0

#21
OSUbrian
Posted 29 October 2012 - 05:54 PM

OSUbrian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Gringo,

Still no luck getting TDSSkiller or aswMBR to run.
  • 0

#22
gringo_pr
Posted 29 October 2012 - 08:58 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt 

TDL4: custom:26000022 <===== ATTENTION!
CMD: bootrec /FixMbr


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
  • 0

#23
OSUbrian
Posted 30 October 2012 - 03:46 PM

OSUbrian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
LOGFILE:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2012
Ran by SYSTEM at 2012-10-30 17:41:17 Run:3
Running from F:\

==============================================


An error occurred while attempting to delete the specified data element.
Element not found.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ţT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====
  • 0

#24
gringo_pr
Posted 30 October 2012 - 04:36 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
try running tdsskiller now


gringo
  • 0

#25
OSUbrian
Posted 30 October 2012 - 06:44 PM

OSUbrian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
TDSSKiller ran successfully this time. No threats found during scan. Here is the report:

20:40:57.0548 4848 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:40:59.0561 4848 ============================================================
20:40:59.0561 4848 Current date / time: 2012/10/30 20:40:59.0561
20:40:59.0561 4848 SystemInfo:
20:40:59.0561 4848
20:40:59.0561 4848 OS Version: 6.1.7601 ServicePack: 1.0
20:40:59.0561 4848 Product type: Workstation
20:40:59.0561 4848 ComputerName: STEVE-PC
20:40:59.0561 4848 UserName: Steve
20:40:59.0561 4848 Windows directory: C:\windows
20:40:59.0561 4848 System windows directory: C:\windows
20:40:59.0561 4848 Running under WOW64
20:40:59.0561 4848 Processor architecture: Intel x64
20:40:59.0561 4848 Number of processors: 2
20:40:59.0561 4848 Page size: 0x1000
20:40:59.0561 4848 Boot type: Normal boot
20:40:59.0561 4848 ============================================================
20:41:00.0247 4848 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:41:00.0263 4848 ============================================================
20:41:00.0263 4848 \Device\Harddisk0\DR0:
20:41:00.0263 4848 MBR partitions:
20:41:00.0263 4848 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F1B000
20:41:00.0263 4848 ============================================================
20:41:00.0310 4848 C: <-> \Device\Harddisk0\DR0\Partition1
20:41:00.0310 4848 ============================================================
20:41:00.0310 4848 Initialize success
20:41:00.0310 4848 ============================================================
20:41:03.0882 4040 ============================================================
20:41:03.0882 4040 Scan started
20:41:03.0882 4040 Mode: Manual;
20:41:03.0882 4040 ============================================================
20:41:04.0475 4040 ================ Scan system memory ========================
20:41:04.0475 4040 System memory - ok
20:41:04.0475 4040 ================ Scan services =============================
20:41:04.0709 4040 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
20:41:04.0709 4040 1394ohci - ok
20:41:04.0802 4040 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
20:41:04.0802 4040 ACPI - ok
20:41:04.0865 4040 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
20:41:04.0865 4040 AcpiPmi - ok
20:41:04.0943 4040 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
20:41:04.0958 4040 adp94xx - ok
20:41:04.0990 4040 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
20:41:04.0990 4040 adpahci - ok
20:41:05.0005 4040 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
20:41:05.0005 4040 adpu320 - ok
20:41:05.0052 4040 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
20:41:05.0068 4040 AeLookupSvc - ok
20:41:05.0130 4040 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
20:41:05.0130 4040 AFD - ok
20:41:05.0224 4040 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
20:41:05.0239 4040 AgereSoftModem - ok
20:41:05.0302 4040 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
20:41:05.0302 4040 agp440 - ok
20:41:05.0364 4040 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
20:41:05.0364 4040 ALG - ok
20:41:05.0426 4040 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
20:41:05.0426 4040 aliide - ok
20:41:05.0458 4040 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
20:41:05.0458 4040 amdide - ok
20:41:05.0536 4040 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
20:41:05.0536 4040 AmdK8 - ok
20:41:05.0551 4040 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
20:41:05.0551 4040 AmdPPM - ok
20:41:05.0614 4040 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
20:41:05.0614 4040 amdsata - ok
20:41:05.0660 4040 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
20:41:05.0660 4040 amdsbs - ok
20:41:05.0692 4040 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
20:41:05.0692 4040 amdxata - ok
20:41:05.0754 4040 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
20:41:05.0770 4040 AppID - ok
20:41:05.0816 4040 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
20:41:05.0816 4040 AppIDSvc - ok
20:41:05.0879 4040 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
20:41:05.0879 4040 Appinfo - ok
20:41:05.0941 4040 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
20:41:05.0941 4040 arc - ok
20:41:05.0941 4040 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
20:41:05.0957 4040 arcsas - ok
20:41:06.0004 4040 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
20:41:06.0004 4040 AsyncMac - ok
20:41:06.0050 4040 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
20:41:06.0066 4040 atapi - ok
20:41:06.0144 4040 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
20:41:06.0144 4040 AudioEndpointBuilder - ok
20:41:06.0160 4040 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
20:41:06.0160 4040 AudioSrv - ok
20:41:06.0425 4040 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
20:41:06.0737 4040 AVGIDSAgent - ok
20:41:06.0799 4040 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\windows\system32\DRIVERS\avgidsdrivera.sys
20:41:06.0815 4040 AVGIDSDriver - ok
20:41:06.0862 4040 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\windows\system32\DRIVERS\avgidsfiltera.sys
20:41:06.0862 4040 AVGIDSFilter - ok
20:41:06.0893 4040 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\windows\system32\DRIVERS\avgidsha.sys
20:41:06.0893 4040 AVGIDSHA - ok
20:41:06.0940 4040 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\windows\system32\DRIVERS\avgldx64.sys
20:41:06.0940 4040 Avgldx64 - ok
20:41:06.0971 4040 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\windows\system32\DRIVERS\avgmfx64.sys
20:41:06.0971 4040 Avgmfx64 - ok
20:41:07.0049 4040 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\windows\system32\DRIVERS\avgrkx64.sys
20:41:07.0049 4040 Avgrkx64 - ok
20:41:07.0111 4040 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\windows\system32\DRIVERS\avgtdia.sys
20:41:07.0111 4040 Avgtdia - ok
20:41:07.0189 4040 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
20:41:07.0189 4040 avgwd - ok
20:41:07.0252 4040 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
20:41:07.0252 4040 AxInstSV - ok
20:41:07.0314 4040 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
20:41:07.0330 4040 b06bdrv - ok
20:41:07.0376 4040 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
20:41:07.0376 4040 b57nd60a - ok
20:41:07.0454 4040 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
20:41:07.0454 4040 BDESVC - ok
20:41:07.0470 4040 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
20:41:07.0470 4040 Beep - ok
20:41:07.0548 4040 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
20:41:07.0564 4040 BFE - ok
20:41:07.0766 4040 [ 3B9B31981894123F78C4EF0D97184319 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx64.sys
20:41:07.0782 4040 BHDrvx64 - ok
20:41:07.0829 4040 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
20:41:07.0844 4040 BITS - ok
20:41:07.0907 4040 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
20:41:07.0907 4040 blbdrive - ok
20:41:07.0969 4040 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
20:41:07.0969 4040 bowser - ok
20:41:08.0000 4040 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
20:41:08.0000 4040 BrFiltLo - ok
20:41:08.0000 4040 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
20:41:08.0016 4040 BrFiltUp - ok
20:41:08.0047 4040 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
20:41:08.0047 4040 BridgeMP - ok
20:41:08.0110 4040 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
20:41:08.0110 4040 Browser - ok
20:41:08.0156 4040 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
20:41:08.0156 4040 Brserid - ok
20:41:08.0172 4040 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
20:41:08.0172 4040 BrSerWdm - ok
20:41:08.0172 4040 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
20:41:08.0188 4040 BrUsbMdm - ok
20:41:08.0188 4040 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
20:41:08.0188 4040 BrUsbSer - ok
20:41:08.0203 4040 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
20:41:08.0203 4040 BTHMODEM - ok
20:41:08.0266 4040 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
20:41:08.0266 4040 bthserv - ok
20:41:08.0437 4040 catchme - ok
20:41:08.0531 4040 [ 37F1BAEC39B505B3B51893A35C8337EA ] ccHP C:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys
20:41:08.0531 4040 ccHP - ok
20:41:08.0593 4040 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
20:41:08.0593 4040 cdfs - ok
20:41:08.0656 4040 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
20:41:08.0656 4040 cdrom - ok
20:41:08.0718 4040 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
20:41:08.0734 4040 CertPropSvc - ok
20:41:08.0812 4040 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
20:41:08.0812 4040 cfWiMAXService - ok
20:41:08.0874 4040 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
20:41:08.0874 4040 circlass - ok
20:41:08.0905 4040 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
20:41:08.0921 4040 CLFS - ok
20:41:08.0968 4040 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:41:08.0983 4040 clr_optimization_v2.0.50727_32 - ok
20:41:09.0030 4040 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:41:09.0030 4040 clr_optimization_v2.0.50727_64 - ok
20:41:09.0124 4040 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:41:09.0155 4040 clr_optimization_v4.0.30319_32 - ok
20:41:09.0217 4040 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:41:09.0217 4040 clr_optimization_v4.0.30319_64 - ok
20:41:09.0264 4040 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
20:41:09.0264 4040 CmBatt - ok
20:41:09.0295 4040 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
20:41:09.0295 4040 cmdide - ok
20:41:09.0326 4040 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
20:41:09.0326 4040 CNG - ok
20:41:09.0389 4040 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
20:41:09.0389 4040 Compbatt - ok
20:41:09.0451 4040 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
20:41:09.0451 4040 CompositeBus - ok
20:41:09.0482 4040 COMSysApp - ok
20:41:09.0514 4040 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
20:41:09.0514 4040 ConfigFree Gadget Service - ok
20:41:09.0545 4040 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
20:41:09.0545 4040 ConfigFree Service - ok
20:41:09.0576 4040 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
20:41:09.0576 4040 crcdisk - ok
20:41:09.0654 4040 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
20:41:09.0654 4040 CryptSvc - ok
20:41:09.0716 4040 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
20:41:09.0716 4040 DcomLaunch - ok
20:41:09.0779 4040 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
20:41:09.0779 4040 defragsvc - ok
20:41:09.0841 4040 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
20:41:09.0841 4040 DfsC - ok
20:41:09.0919 4040 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
20:41:09.0919 4040 Dhcp - ok
20:41:09.0950 4040 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
20:41:09.0950 4040 discache - ok
20:41:10.0028 4040 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
20:41:10.0028 4040 Disk - ok
20:41:10.0075 4040 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
20:41:10.0075 4040 Dnscache - ok
20:41:10.0106 4040 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
20:41:10.0122 4040 dot3svc - ok
20:41:10.0138 4040 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
20:41:10.0138 4040 DPS - ok
20:41:10.0200 4040 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
20:41:10.0200 4040 drmkaud - ok
20:41:10.0247 4040 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
20:41:10.0262 4040 DXGKrnl - ok
20:41:10.0278 4040 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
20:41:10.0278 4040 EapHost - ok
20:41:10.0372 4040 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
20:41:10.0465 4040 ebdrv - ok
20:41:10.0543 4040 [ EB0883462AC43829E47929D705D40933 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
20:41:10.0559 4040 eeCtrl - ok
20:41:10.0590 4040 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
20:41:10.0590 4040 EFS - ok
20:41:10.0668 4040 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
20:41:10.0668 4040 ehRecvr - ok
20:41:10.0699 4040 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
20:41:10.0715 4040 ehSched - ok
20:41:10.0777 4040 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
20:41:10.0777 4040 elxstor - ok
20:41:10.0808 4040 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
20:41:10.0824 4040 ErrDev - ok
20:41:10.0886 4040 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
20:41:10.0902 4040 EventSystem - ok
20:41:10.0918 4040 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
20:41:10.0918 4040 exfat - ok
20:41:10.0949 4040 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
20:41:10.0949 4040 fastfat - ok
20:41:11.0027 4040 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
20:41:11.0042 4040 Fax - ok
20:41:11.0058 4040 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
20:41:11.0058 4040 fdc - ok
20:41:11.0074 4040 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
20:41:11.0074 4040 fdPHost - ok
20:41:11.0105 4040 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
20:41:11.0105 4040 FDResPub - ok
20:41:11.0136 4040 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
20:41:11.0136 4040 FileInfo - ok
20:41:11.0152 4040 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
20:41:11.0152 4040 Filetrace - ok
20:41:11.0167 4040 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
20:41:11.0167 4040 flpydisk - ok
20:41:11.0214 4040 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
20:41:11.0214 4040 FltMgr - ok
20:41:11.0292 4040 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
20:41:11.0308 4040 FontCache - ok
20:41:11.0370 4040 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:41:11.0370 4040 FontCache3.0.0.0 - ok
20:41:11.0386 4040 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
20:41:11.0401 4040 FsDepends - ok
20:41:11.0432 4040 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
20:41:11.0432 4040 Fs_Rec - ok
20:41:11.0495 4040 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
20:41:11.0495 4040 fvevol - ok
20:41:11.0542 4040 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
20:41:11.0542 4040 FwLnk - ok
20:41:11.0604 4040 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
20:41:11.0604 4040 gagp30kx - ok
20:41:11.0651 4040 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
20:41:11.0651 4040 gpsvc - ok
20:41:11.0807 4040 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:41:11.0807 4040 gupdate - ok
20:41:11.0838 4040 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:41:11.0854 4040 gupdatem - ok
20:41:11.0885 4040 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
20:41:11.0885 4040 hcw85cir - ok
20:41:11.0963 4040 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
20:41:11.0963 4040 HdAudAddService - ok
20:41:12.0041 4040 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
20:41:12.0041 4040 HDAudBus - ok
20:41:12.0056 4040 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
20:41:12.0056 4040 HidBatt - ok
20:41:12.0088 4040 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
20:41:12.0088 4040 HidBth - ok
20:41:12.0103 4040 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
20:41:12.0103 4040 HidIr - ok
20:41:12.0134 4040 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
20:41:12.0134 4040 hidserv - ok
20:41:12.0181 4040 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\drivers\hidusb.sys
20:41:12.0181 4040 HidUsb - ok
20:41:12.0212 4040 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
20:41:12.0212 4040 hkmsvc - ok
20:41:12.0259 4040 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
20:41:12.0259 4040 HomeGroupListener - ok
20:41:12.0322 4040 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
20:41:12.0322 4040 HomeGroupProvider - ok
20:41:12.0368 4040 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
20:41:12.0384 4040 HpSAMD - ok
20:41:12.0462 4040 [ 1BE48B0542C91487BB8A94BF2278F55D ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:41:12.0478 4040 HPSLPSVC - ok
20:41:12.0556 4040 [ 7C7C986776D00E575BFBDE5DCBDC615D ] HtcUsbMdmV64 C:\windows\system32\DRIVERS\HtcUsbMdmV64.sys
20:41:12.0571 4040 HtcUsbMdmV64 - ok
20:41:12.0634 4040 [ 7C7C986776D00E575BFBDE5DCBDC615D ] HtcVCom32 C:\windows\system32\DRIVERS\HtcVComV64.sys
20:41:12.0649 4040 HtcVCom32 - ok
20:41:12.0727 4040 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
20:41:12.0743 4040 HTTP - ok
20:41:12.0774 4040 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
20:41:12.0774 4040 hwpolicy - ok
20:41:12.0805 4040 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
20:41:12.0805 4040 i8042prt - ok
20:41:12.0868 4040 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
20:41:12.0868 4040 iaStor - ok
20:41:12.0946 4040 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
20:41:12.0961 4040 iaStorV - ok
20:41:13.0039 4040 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:41:13.0055 4040 idsvc - ok
20:41:13.0164 4040 [ 8F9FAA4583E634A1505BAD8D0C04C5C9 ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110511.001\IDSvia64.sys
20:41:13.0164 4040 IDSVia64 - ok
20:41:13.0398 4040 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
20:41:13.0585 4040 igfx - ok
20:41:13.0648 4040 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
20:41:13.0648 4040 iirsp - ok
20:41:13.0694 4040 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
20:41:13.0710 4040 IKEEXT - ok
20:41:13.0819 4040 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
20:41:13.0850 4040 IntcAzAudAddService - ok
20:41:13.0882 4040 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
20:41:13.0897 4040 intelide - ok
20:41:13.0944 4040 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
20:41:13.0944 4040 intelppm - ok
20:41:13.0975 4040 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
20:41:13.0975 4040 IPBusEnum - ok
20:41:14.0022 4040 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
20:41:14.0022 4040 IpFilterDriver - ok
20:41:14.0069 4040 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
20:41:14.0084 4040 iphlpsvc - ok
20:41:14.0116 4040 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
20:41:14.0116 4040 IPMIDRV - ok
20:41:14.0147 4040 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
20:41:14.0147 4040 IPNAT - ok
20:41:14.0194 4040 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
20:41:14.0209 4040 IRENUM - ok
20:41:14.0240 4040 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
20:41:14.0240 4040 isapnp - ok
20:41:14.0272 4040 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
20:41:14.0272 4040 iScsiPrt - ok
20:41:14.0318 4040 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
20:41:14.0318 4040 kbdclass - ok
20:41:14.0350 4040 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
20:41:14.0350 4040 kbdhid - ok
20:41:14.0381 4040 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
20:41:14.0381 4040 KeyIso - ok
20:41:14.0443 4040 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
20:41:14.0443 4040 KSecDD - ok
20:41:14.0474 4040 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
20:41:14.0474 4040 KSecPkg - ok
20:41:14.0521 4040 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
20:41:14.0537 4040 ksthunk - ok
20:41:14.0568 4040 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
20:41:14.0568 4040 KtmRm - ok
20:41:14.0646 4040 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
20:41:14.0646 4040 LanmanServer - ok
20:41:14.0677 4040 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
20:41:14.0677 4040 LanmanWorkstation - ok
20:41:14.0740 4040 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
20:41:14.0740 4040 lltdio - ok
20:41:14.0771 4040 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
20:41:14.0771 4040 lltdsvc - ok
20:41:14.0802 4040 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
20:41:14.0802 4040 lmhosts - ok
20:41:14.0864 4040 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
20:41:14.0880 4040 LSI_FC - ok
20:41:14.0880 4040 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
20:41:14.0880 4040 LSI_SAS - ok
20:41:14.0896 4040 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
20:41:14.0896 4040 LSI_SAS2 - ok
20:41:14.0911 4040 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
20:41:14.0911 4040 LSI_SCSI - ok
20:41:14.0958 4040 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
20:41:14.0958 4040 luafv - ok
20:41:14.0989 4040 MBAMProtector - ok
20:41:15.0083 4040 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:41:15.0083 4040 MBAMScheduler - ok
20:41:15.0130 4040 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:41:15.0145 4040 MBAMService - ok
20:41:15.0192 4040 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
20:41:15.0192 4040 Mcx2Svc - ok
20:41:15.0208 4040 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
20:41:15.0223 4040 megasas - ok
20:41:15.0254 4040 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
20:41:15.0254 4040 MegaSR - ok
20:41:15.0317 4040 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
20:41:15.0317 4040 MMCSS - ok
20:41:15.0332 4040 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
20:41:15.0332 4040 Modem - ok
20:41:15.0348 4040 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
20:41:15.0348 4040 monitor - ok
20:41:15.0395 4040 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\drivers\mouclass.sys
20:41:15.0410 4040 mouclass - ok
20:41:15.0457 4040 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
20:41:15.0457 4040 mouhid - ok
20:41:15.0504 4040 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
20:41:15.0504 4040 mountmgr - ok
20:41:15.0535 4040 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
20:41:15.0535 4040 mpio - ok
20:41:15.0566 4040 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
20:41:15.0566 4040 mpsdrv - ok
20:41:15.0613 4040 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
20:41:15.0613 4040 MpsSvc - ok
20:41:15.0676 4040 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
20:41:15.0676 4040 MRxDAV - ok
20:41:15.0722 4040 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
20:41:15.0722 4040 mrxsmb - ok
20:41:15.0754 4040 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
20:41:15.0754 4040 mrxsmb10 - ok
20:41:15.0785 4040 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
20:41:15.0785 4040 mrxsmb20 - ok
20:41:15.0816 4040 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
20:41:15.0816 4040 msahci - ok
20:41:15.0847 4040 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
20:41:15.0847 4040 msdsm - ok
20:41:15.0894 4040 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
20:41:15.0894 4040 MSDTC - ok
20:41:15.0956 4040 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
20:41:15.0956 4040 Msfs - ok
20:41:15.0972 4040 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
20:41:15.0972 4040 mshidkmdf - ok
20:41:16.0003 4040 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
20:41:16.0003 4040 msisadrv - ok
20:41:16.0066 4040 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
20:41:16.0081 4040 MSiSCSI - ok
20:41:16.0081 4040 msiserver - ok
20:41:16.0128 4040 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
20:41:16.0128 4040 MSKSSRV - ok
20:41:16.0190 4040 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
20:41:16.0190 4040 MSPCLOCK - ok
20:41:16.0206 4040 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
20:41:16.0206 4040 MSPQM - ok
20:41:16.0253 4040 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
20:41:16.0253 4040 MsRPC - ok
20:41:16.0300 4040 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
20:41:16.0300 4040 mssmbios - ok
20:41:16.0315 4040 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
20:41:16.0331 4040 MSTEE - ok
20:41:16.0331 4040 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
20:41:16.0331 4040 MTConfig - ok
20:41:16.0378 4040 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
20:41:16.0378 4040 Mup - ok
20:41:16.0409 4040 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
20:41:16.0424 4040 napagent - ok
20:41:16.0487 4040 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
20:41:16.0487 4040 NativeWifiP - ok
20:41:16.0518 4040 NAVENG - ok
20:41:16.0534 4040 NAVEX15 - ok
20:41:16.0596 4040 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
20:41:16.0596 4040 NDIS - ok
20:41:16.0658 4040 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
20:41:16.0658 4040 NdisCap - ok
20:41:16.0721 4040 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
20:41:16.0721 4040 NdisTapi - ok
20:41:16.0768 4040 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
20:41:16.0768 4040 Ndisuio - ok
20:41:16.0799 4040 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
20:41:16.0799 4040 NdisWan - ok
20:41:16.0846 4040 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
20:41:16.0846 4040 NDProxy - ok
20:41:16.0877 4040 [ DC6530A291D4BDF6DF399F1F128E7F8F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:41:16.0877 4040 Net Driver HPZ12 - ok
20:41:16.0939 4040 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
20:41:16.0939 4040 NetBIOS - ok
20:41:16.0970 4040 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
20:41:16.0970 4040 NetBT - ok
20:41:17.0002 4040 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
20:41:17.0002 4040 Netlogon - ok
20:41:17.0064 4040 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
20:41:17.0080 4040 Netman - ok
20:41:17.0111 4040 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
20:41:17.0126 4040 netprofm - ok
20:41:17.0158 4040 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:41:17.0158 4040 NetTcpPortSharing - ok
20:41:17.0220 4040 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
20:41:17.0220 4040 nfrd960 - ok
20:41:17.0345 4040 [ B4187346F54E362DAFFE647B25A58D50 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
20:41:17.0345 4040 NIS - ok
20:41:17.0407 4040 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
20:41:17.0407 4040 NlaSvc - ok
20:41:17.0438 4040 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
20:41:17.0454 4040 Npfs - ok
20:41:17.0470 4040 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
20:41:17.0470 4040 nsi - ok
20:41:17.0485 4040 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
20:41:17.0485 4040 nsiproxy - ok
20:41:17.0548 4040 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
20:41:17.0579 4040 Ntfs - ok
20:41:17.0594 4040 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
20:41:17.0594 4040 Null - ok
20:41:17.0657 4040 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
20:41:17.0672 4040 nvraid - ok
20:41:17.0704 4040 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
20:41:17.0704 4040 nvstor - ok
20:41:17.0766 4040 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
20:41:17.0766 4040 nv_agp - ok
20:41:17.0860 4040 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:41:17.0875 4040 odserv - ok
20:41:17.0906 4040 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
20:41:17.0922 4040 ohci1394 - ok
20:41:18.0016 4040 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:41:18.0016 4040 ose - ok
20:41:18.0047 4040 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
20:41:18.0062 4040 p2pimsvc - ok
20:41:18.0094 4040 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
20:41:18.0094 4040 p2psvc - ok
20:41:18.0125 4040 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
20:41:18.0125 4040 Parport - ok
20:41:18.0172 4040 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
20:41:18.0187 4040 partmgr - ok
20:41:18.0218 4040 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
20:41:18.0218 4040 PcaSvc - ok
20:41:18.0265 4040 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
20:41:18.0265 4040 pci - ok
20:41:18.0296 4040 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
20:41:18.0296 4040 pciide - ok
20:41:18.0359 4040 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
20:41:18.0359 4040 pcmcia - ok
20:41:18.0374 4040 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
20:41:18.0390 4040 pcw - ok
20:41:18.0421 4040 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
20:41:18.0421 4040 PEAUTH - ok
20:41:18.0499 4040 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
20:41:18.0499 4040 PerfHost - ok
20:41:18.0562 4040 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
20:41:18.0562 4040 PGEffect - ok
20:41:18.0624 4040 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
20:41:18.0655 4040 pla - ok
20:41:18.0702 4040 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
20:41:18.0718 4040 PlugPlay - ok
20:41:18.0764 4040 [ 71F62C51DFDFBC04C83C5C64B2B8058E ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:41:18.0764 4040 Pml Driver HPZ12 - ok
20:41:18.0780 4040 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
20:41:18.0796 4040 PNRPAutoReg - ok
20:41:18.0811 4040 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
20:41:18.0811 4040 PNRPsvc - ok
20:41:18.0842 4040 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
20:41:18.0858 4040 PolicyAgent - ok
20:41:18.0889 4040 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
20:41:18.0889 4040 Power - ok
20:41:18.0952 4040 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
20:41:18.0967 4040 PptpMiniport - ok
20:41:18.0998 4040 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
20:41:18.0998 4040 Processor - ok
20:41:19.0061 4040 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
20:41:19.0061 4040 ProfSvc - ok
20:41:19.0076 4040 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
20:41:19.0076 4040 ProtectedStorage - ok
20:41:19.0139 4040 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
20:41:19.0139 4040 Psched - ok
20:41:19.0201 4040 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
20:41:19.0201 4040 PxHlpa64 - ok
20:41:19.0279 4040 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
20:41:19.0310 4040 ql2300 - ok
20:41:19.0326 4040 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
20:41:19.0342 4040 ql40xx - ok
20:41:19.0373 4040 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
20:41:19.0373 4040 QWAVE - ok
20:41:19.0388 4040 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
20:41:19.0388 4040 QWAVEdrv - ok
20:41:19.0404 4040 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
20:41:19.0404 4040 RasAcd - ok
20:41:19.0451 4040 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
20:41:19.0451 4040 RasAgileVpn - ok
20:41:19.0466 4040 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
20:41:19.0466 4040 RasAuto - ok
20:41:19.0513 4040 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
20:41:19.0513 4040 Rasl2tp - ok
20:41:19.0544 4040 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
20:41:19.0560 4040 RasMan - ok
20:41:19.0591 4040 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
20:41:19.0591 4040 RasPppoe - ok
20:41:19.0638 4040 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
20:41:19.0638 4040 RasSstp - ok
20:41:19.0654 4040 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
20:41:19.0669 4040 rdbss - ok
20:41:19.0685 4040 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
20:41:19.0700 4040 rdpbus - ok
20:41:19.0716 4040 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
20:41:19.0716 4040 RDPCDD - ok
20:41:19.0732 4040 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
20:41:19.0747 4040 RDPENCDD - ok
20:41:19.0778 4040 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
20:41:19.0778 4040 RDPREFMP - ok
20:41:19.0810 4040 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
20:41:19.0810 4040 RDPWD - ok
20:41:19.0872 4040 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
20:41:19.0872 4040 rdyboost - ok
20:41:19.0903 4040 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
20:41:19.0903 4040 RemoteAccess - ok
20:41:19.0934 4040 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
20:41:19.0934 4040 RemoteRegistry - ok
20:41:19.0981 4040 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
20:41:19.0997 4040 RpcEptMapper - ok
20:41:20.0028 4040 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
20:41:20.0028 4040 RpcLocator - ok
20:41:20.0075 4040 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\System32\rpcss.dll
20:41:20.0075 4040 RpcSs - ok
20:41:20.0137 4040 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
20:41:20.0137 4040 rspndr - ok
20:41:20.0200 4040 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
20:41:20.0200 4040 RSUSBSTOR - ok
20:41:20.0262 4040 [ F65F171165FBB613F7AA3CC78E8CAB42 ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
20:41:20.0262 4040 RTL8167 - ok
20:41:20.0309 4040 [ 7CD14BF5B42931FB80BEE5D3E6BA7089 ] rtl8192se C:\windows\system32\DRIVERS\rtl8192se.sys
20:41:20.0324 4040 rtl8192se - ok
20:41:20.0324 4040 RtsUIR - ok
20:41:20.0356 4040 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
20:41:20.0356 4040 SamSs - ok
20:41:20.0402 4040 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
20:41:20.0402 4040 sbp2port - ok
20:41:20.0434 4040 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
20:41:20.0449 4040 SCardSvr - ok
20:41:20.0480 4040 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
20:41:20.0480 4040 scfilter - ok
20:41:20.0527 4040 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
20:41:20.0543 4040 Schedule - ok
20:41:20.0574 4040 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
20:41:20.0590 4040 SCPolicySvc - ok
20:41:20.0605 4040 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
20:41:20.0605 4040 SDRSVC - ok
20:41:20.0652 4040 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
20:41:20.0652 4040 secdrv - ok
20:41:20.0683 4040 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
20:41:20.0683 4040 seclogon - ok
20:41:20.0714 4040 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
20:41:20.0714 4040 SENS - ok
20:41:20.0761 4040 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
20:41:20.0761 4040 SensrSvc - ok
20:41:20.0777 4040 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
20:41:20.0792 4040 Serenum - ok
20:41:20.0808 4040 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
20:41:20.0824 4040 Serial - ok
20:41:20.0855 4040 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
20:41:20.0855 4040 sermouse - ok
20:41:20.0902 4040 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
20:41:20.0902 4040 SessionEnv - ok
20:41:20.0933 4040 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
20:41:20.0933 4040 sffdisk - ok
20:41:20.0964 4040 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
20:41:20.0964 4040 sffp_mmc - ok
20:41:20.0980 4040 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
20:41:20.0995 4040 sffp_sd - ok
20:41:21.0026 4040 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
20:41:21.0026 4040 sfloppy - ok
20:41:21.0089 4040 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
20:41:21.0089 4040 SharedAccess - ok
20:41:21.0136 4040 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
20:41:21.0151 4040 ShellHWDetection - ok
20:41:21.0167 4040 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
20:41:21.0167 4040 SiSRaid2 - ok
20:41:21.0182 4040 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
20:41:21.0182 4040 SiSRaid4 - ok
20:41:21.0198 4040 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
20:41:21.0198 4040 Smb - ok
20:41:21.0245 4040 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
20:41:21.0245 4040 SNMPTRAP - ok
20:41:21.0276 4040 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
20:41:21.0276 4040 spldr - ok
20:41:21.0323 4040 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
20:41:21.0338 4040 Spooler - ok
20:41:21.0448 4040 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
20:41:21.0526 4040 sppsvc - ok
20:41:21.0557 4040 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
20:41:21.0557 4040 sppuinotify - ok
20:41:21.0666 4040 [ 96BABC4906ECDB1C69D1176F8647AD8E ] SRTSP C:\windows\System32\Drivers\NISx64\1109000.00C\SRTSP64.SYS
20:41:21.0666 4040 SRTSP - ok
20:41:21.0697 4040 [ C7F491A290E0E4222F5CDCD50EEB8167 ] SRTSPX C:\windows\system32\drivers\NISx64\1109000.00C\SRTSPX64.SYS
20:41:21.0697 4040 SRTSPX - ok
20:41:21.0744 4040 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
20:41:21.0744 4040 srv - ok
20:41:21.0791 4040 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
20:41:21.0806 4040 srv2 - ok
20:41:21.0838 4040 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
20:41:21.0838 4040 srvnet - ok
20:41:21.0884 4040 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
20:41:21.0900 4040 SSDPSRV - ok
20:41:21.0931 4040 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
20:41:21.0931 4040 SstpSvc - ok
20:41:21.0978 4040 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
20:41:21.0978 4040 stexstor - ok
20:41:22.0072 4040 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
20:41:22.0087 4040 StillCam - ok
20:41:22.0181 4040 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
20:41:22.0196 4040 stisvc - ok
20:41:22.0259 4040 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
20:41:22.0274 4040 stllssvr - ok
20:41:22.0337 4040 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
20:41:22.0337 4040 swenum - ok
20:41:22.0384 4040 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
20:41:22.0399 4040 swprv - ok
20:41:22.0446 4040 [ 659B227A72B76115975A6A9491B2FE1F ] SymDS C:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS
20:41:22.0446 4040 SymDS - ok
20:41:22.0524 4040 [ 9F5783A4A03D0091CDBDAA858B566926 ] SymEFA C:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS
20:41:22.0524 4040 SymEFA - ok
20:41:22.0602 4040 [ 3F9D5FE52585E2653E59FDBFDF09A94C ] SymEvent C:\windows\system32\Drivers\SYMEVENT64x86.SYS
20:41:22.0602 4040 SymEvent - ok
20:41:22.0664 4040 [ F57588546E738DB1583981D8F44E9BC2 ] SymIRON C:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS
20:41:22.0680 4040 SymIRON - ok
20:41:22.0742 4040 [ 3ADFB72F0797AE3832509FE030755E21 ] SYMTDIv C:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS
20:41:22.0758 4040 SYMTDIv - ok
20:41:22.0852 4040 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
20:41:22.0852 4040 SynTP - ok
20:41:23.0008 4040 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
20:41:23.0039 4040 SysMain - ok
20:41:23.0070 4040 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
20:41:23.0070 4040 TabletInputService - ok
20:41:23.0101 4040 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
20:41:23.0101 4040 TapiSrv - ok
20:41:23.0132 4040 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
20:41:23.0132 4040 TBS - ok
20:41:23.0257 4040 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
20:41:23.0273 4040 Tcpip - ok
20:41:23.0335 4040 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
20:41:23.0366 4040 TCPIP6 - ok
20:41:23.0413 4040 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
20:41:23.0413 4040 tcpipreg - ok
20:41:23.0522 4040 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
20:41:23.0522 4040 tdcmdpst - ok
20:41:23.0554 4040 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
20:41:23.0569 4040 TDPIPE - ok
20:41:23.0616 4040 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
20:41:23.0632 4040 TDTCP - ok
20:41:23.0694 4040 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
20:41:23.0694 4040 tdx - ok
20:41:23.0725 4040 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
20:41:23.0725 4040 TermDD - ok
20:41:23.0756 4040 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
20:41:23.0772 4040 TermService - ok
20:41:23.0788 4040 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
20:41:23.0788 4040 Themes - ok
20:41:23.0803 4040 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
20:41:23.0803 4040 THREADORDER - ok
20:41:23.0897 4040 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
20:41:23.0897 4040 TMachInfo - ok
20:41:23.0928 4040 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
20:41:23.0928 4040 TODDSrv - ok
20:41:24.0037 4040 [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
20:41:24.0037 4040 TosCoSrv - ok
20:41:24.0131 4040 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
20:41:24.0131 4040 TOSHIBA HDD SSD Alert Service - ok
20:41:24.0209 4040 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
20:41:24.0209 4040 tos_sps64 - ok
20:41:24.0240 4040 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
20:41:24.0240 4040 TrkWks - ok
20:41:24.0302 4040 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
20:41:24.0302 4040 TrustedInstaller - ok
20:41:24.0349 4040 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
20:41:24.0349 4040 tssecsrv - ok
20:41:24.0443 4040 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
20:41:24.0458 4040 TsUsbFlt - ok
20:41:24.0505 4040 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
20:41:24.0521 4040 tunnel - ok
20:41:24.0568 4040 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
20:41:24.0568 4040 TVALZ - ok
20:41:24.0614 4040 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
20:41:24.0614 4040 uagp35 - ok
20:41:24.0661 4040 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
20:41:24.0677 4040 udfs - ok
20:41:24.0708 4040 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
20:41:24.0724 4040 UI0Detect - ok
20:41:24.0786 4040 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
20:41:24.0802 4040 uliagpkx - ok
20:41:24.0848 4040 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\drivers\umbus.sys
20:41:24.0848 4040 umbus - ok
20:41:24.0880 4040 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
20:41:24.0880 4040 UmPass - ok
20:41:24.0911 4040 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
20:41:24.0911 4040 upnphost - ok
20:41:24.0942 4040 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
20:41:24.0958 4040 usbccgp - ok
20:41:24.0973 4040 USBCCID - ok
20:41:25.0020 4040 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
20:41:25.0036 4040 usbcir - ok
20:41:25.0051 4040 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
20:41:25.0051 4040 usbehci - ok
20:41:25.0114 4040 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
20:41:25.0129 4040 usbhub - ok
20:41:25.0145 4040 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
20:41:25.0145 4040 usbohci - ok
20:41:25.0207 4040 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
20:41:25.0207 4040 usbprint - ok
20:41:25.0223 4040 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
20:41:25.0223 4040 usbscan - ok
20:41:25.0254 4040 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
20:41:25.0254 4040 USBSTOR - ok
20:41:25.0285 4040 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
20:41:25.0285 4040 usbuhci - ok
20:41:25.0363 4040 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
20:41:25.0363 4040 usbvideo - ok
20:41:25.0379 4040 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
20:41:25.0379 4040 UxSms - ok
20:41:25.0410 4040 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
20:41:25.0410 4040 VaultSvc - ok
20:41:25.0457 4040 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
20:41:25.0472 4040 vdrvroot - ok
20:41:25.0504 4040 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
20:41:25.0519 4040 vds - ok
20:41:25.0550 4040 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
20:41:25.0550 4040 vga - ok
20:41:25.0566 4040 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
20:41:25.0582 4040 VgaSave - ok
20:41:25.0597 4040 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
20:41:25.0613 4040 vhdmp - ok
20:41:25.0644 4040 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
20:41:25.0644 4040 viaide - ok
20:41:25.0675 4040 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
20:41:25.0675 4040 volmgr - ok
20:41:25.0706 4040 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
20:41:25.0722 4040 volmgrx - ok
20:41:25.0753 4040 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
20:41:25.0753 4040 volsnap - ok
20:41:25.0816 4040 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
20:41:25.0816 4040 vsmraid - ok
20:41:25.0878 4040 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
20:41:25.0909 4040 VSS - ok
20:41:25.0925 4040 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
20:41:25.0940 4040 vwifibus - ok
20:41:25.0987 4040 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
20:41:25.0987 4040 vwififlt - ok
20:41:26.0034 4040 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
20:41:26.0034 4040 vwifimp - ok
20:41:26.0081 4040 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
20:41:26.0081 4040 W32Time - ok
20:41:26.0112 4040 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
20:41:26.0112 4040 WacomPen - ok
20:41:26.0174 4040 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
20:41:26.0174 4040 WANARP - ok
20:41:26.0190 4040 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
20:41:26.0190 4040 Wanarpv6 - ok
20:41:26.0284 4040 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
20:41:26.0299 4040 WatAdminSvc - ok
20:41:26.0362 4040 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
20:41:26.0393 4040 wbengine - ok
20:41:26.0424 4040 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
20:41:26.0424 4040 WbioSrvc - ok
20:41:26.0471 4040 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
20:41:26.0471 4040 wcncsvc - ok
20:41:26.0486 4040 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
20:41:26.0486 4040 WcsPlugInService - ok
20:41:26.0533 4040 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
20:41:26.0533 4040 Wd - ok
20:41:26.0564 4040 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
20:41:26.0580 4040 Wdf01000 - ok
20:41:26.0596 4040 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
20:41:26.0596 4040 WdiServiceHost - ok
20:41:26.0611 4040 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
20:41:26.0611 4040 WdiSystemHost - ok
20:41:26.0642 4040 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
20:41:26.0658 4040 WebClient - ok
20:41:26.0674 4040 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
20:41:26.0689 4040 Wecsvc - ok
20:41:26.0720 4040 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
20:41:26.0736 4040 wercplsupport - ok
20:41:26.0767 4040 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
20:41:26.0783 4040 WerSvc - ok
20:41:26.0830 4040 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
20:41:26.0830 4040 WfpLwf - ok
20:41:26.0845 4040 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
20:41:26.0845 4040 WIMMount - ok
20:41:26.0861 4040 WinDefend - ok
20:41:26.0876 4040 WinHttpAutoProxySvc - ok
20:41:26.0923 4040 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
20:41:26.0923 4040 Winmgmt - ok
20:41:27.0001 4040 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
20:41:27.0032 4040 WinRM - ok
20:41:27.0126 4040 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
20:41:27.0126 4040 WinUsb - ok
20:41:27.0173 4040 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
20:41:27.0173 4040 Wlansvc - ok
20:41:27.0298 4040 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:41:27.0329 4040 wlidsvc - ok
20:41:27.0344 4040 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
20:41:27.0344 4040 WmiAcpi - ok
20:41:27.0376 4040 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
20:41:27.0376 4040 wmiApSrv - ok
20:41:27.0438 4040 WMPNetworkSvc - ok
20:41:27.0454 4040 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
20:41:27.0454 4040 WPCSvc - ok
20:41:27.0485 4040 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
20:41:27.0500 4040 WPDBusEnum - ok
20:41:27.0532 4040 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
20:41:27.0532 4040 ws2ifsl - ok
20:41:27.0547 4040 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
20:41:27.0547 4040 wscsvc - ok
20:41:27.0563 4040 WSearch - ok
20:41:27.0672 4040 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
20:41:27.0703 4040 wuauserv - ok
20:41:27.0734 4040 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
20:41:27.0734 4040 WudfPf - ok
20:41:27.0797 4040 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
20:41:27.0797 4040 WUDFRd - ok
20:41:27.0844 4040 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
20:41:27.0844 4040 wudfsvc - ok
20:41:27.0875 4040 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
20:41:27.0890 4040 WwanSvc - ok
20:41:27.0922 4040 ================ Scan global ===============================
20:41:27.0968 4040 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
20:41:28.0000 4040 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
20:41:28.0015 4040 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
20:41:28.0046 4040 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
20:41:28.0093 4040 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
20:41:28.0093 4040 [Global] - ok
20:41:28.0093 4040 ================ Scan MBR ==================================
20:41:28.0109 4040 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:41:28.0312 4040 \Device\Harddisk0\DR0 - ok
20:41:28.0312 4040 ================ Scan VBR ==================================
20:41:28.0327 4040 [ C90924E1B86E734E8944EBE91163990D ] \Device\Harddisk0\DR0\Partition1
20:41:28.0327 4040 \Device\Harddisk0\DR0\Partition1 - ok
20:41:28.0327 4040 ============================================================
20:41:28.0327 4040 Scan finished
20:41:28.0327 4040 ============================================================
20:41:28.0390 1584 Detected object count: 0
20:41:28.0390 1584 Actual detected object count: 0
  • 0

Advertisements

#26
gringo_pr
Posted 30 October 2012 - 07:04 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#27
OSUbrian
Posted 31 October 2012 - 09:17 PM

OSUbrian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Gringo,

Everything appears to be working correctly. Internet Explorer is running a lot quicker now.

Here is the Combofix log:

ComboFix 12-10-31.03 - Steve 10/31/2012 22:48:15.8.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2940.1829 [GMT -4:00]
Running from: c:\users\Steve\Desktop\ComboFix.exe
Command switches used :: c:\users\Steve\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 )))))))))))))))))))))))))))))))
.
.
2012-11-01 02:58 . 2012-11-01 02:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-01 02:58 . 2012-11-01 02:58 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-24 02:23 . 2012-10-24 02:24 -------- d-----w- C:\FRST
2012-10-16 01:52 . 2012-10-16 01:52 -------- d-----w- c:\users\Steve\AppData\Roaming\Malwarebytes
2012-10-16 01:52 . 2012-10-16 01:52 -------- d-----w- c:\programdata\Malwarebytes
2012-10-16 01:52 . 2012-10-16 01:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-10-13 15:25 . 2012-10-13 15:25 -------- d-----w- c:\programdata\Kaspersky Lab
2012-10-13 14:26 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-13 14:26 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-13 14:26 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-13 14:26 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-13 14:23 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-13 14:23 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-13 14:23 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-13 14:23 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-13 14:23 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-13 14:23 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-13 14:23 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-13 14:23 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-13 14:12 . 2012-10-13 14:12 -------- d-----w- C:\_OTM
2012-10-13 14:09 . 2012-10-13 14:09 -------- d-----w- c:\program files (x86)\ERUNT
2012-10-07 21:30 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-10-07 21:26 . 2012-08-24 18:03 9056256 ----a-w- c:\windows\system32\mshtml.dll
2012-10-07 21:24 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-10-07 21:24 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-10-07 21:24 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-10-07 21:24 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-10-07 21:24 . 2012-06-16 05:16 609792 ----a-w- c:\windows\system32\vbscript.dll
2012-10-07 21:24 . 2012-06-16 05:15 911360 ----a-w- c:\windows\system32\jscript.dll
2012-10-07 21:24 . 2012-06-16 04:26 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-10-07 21:23 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-10-07 21:23 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-10-07 21:23 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-10-07 21:23 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-10-07 21:23 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-10-07 21:23 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-10-07 21:23 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-10-07 21:23 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-07 21:23 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-10-07 21:23 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-10-07 21:23 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-10-07 20:46 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-10-07 20:46 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-10-07 20:46 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-10-07 20:46 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-10-07 20:45 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-10-07 20:45 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-10-07 20:45 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-10-07 20:45 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-10-07 20:45 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-13 16:32 . 2010-12-28 22:16 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-08-24 19:43 . 2012-08-24 19:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-20 17:38 . 2012-10-13 14:25 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110430.001\BHDrvx64.sys [2011-04-15 1127032]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 136176]
R3 HtcUsbMdmV64;HTC Proprietary USB Driver;c:\windows\system32\DRIVERS\HtcUsbMdmV64.sys [2010-03-08 121800]
R3 HtcVCom32;HTC Diagnostic Port;c:\windows\system32\DRIVERS\HtcVComV64.sys [2010-03-08 121800]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-06 222208]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1255736]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-08-30 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110511.001\IDSvia64.sys [2011-03-14 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-09-09 943616]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-04 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 21:51]
.
2012-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-03 21:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-08-04 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ebay.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}\4556E676F694E6475627E65647E233734323: DhcpNameServer = 10.37.42.1
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}\77963616C6: DhcpNameServer = 206.51.128.55 206.51.143.55
TCP: Interfaces\{8067F842-98D9-4978-BAFF-039F8CFDC30E}\C416B65602C4F62716D6965602350502055726C696360275966496: DhcpNameServer = 10.128.128.128
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-31 23:13:02
ComboFix-quarantined-files.txt 2012-11-01 03:12
ComboFix2.txt 2012-10-27 16:22
ComboFix3.txt 2012-10-27 14:57
ComboFix4.txt 2012-10-27 13:05
ComboFix5.txt 2012-11-01 02:46
.
Pre-Run: 258,410,958,848 bytes free
Post-Run: 258,380,484,608 bytes free
.
- - End Of File - - E0C737FF1A71FE1BE5ECCF73B6B5C4F7
  • 0

#28
gringo_pr
Posted 01 November 2012 - 06:29 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#29
OSUbrian
Posted 01 November 2012 - 03:23 PM

OSUbrian

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Gringo,

Here are the results:


Update for Microsoft Office 2007 (KB2508958)
7500_7600_7700_Help1
Adobe Reader 9.4.6
bpd_scan_Carrier
BPDSoftware
BPDSoftware_Ini
BufferChm
Compatibility Pack for the 2007 Office system
ERUNT 1.1j
Google Chrome
Google Update Helper
Java™ 6 Update 14
Junk Mail filter update
L7000_Basic
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Internet Security
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Roxio Burn
Roxio Express Labeler 3
Roxio Roxio Burn
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Toolbox
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Quality Application
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio 2008 x64 Redistributables
WebReg
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WModem Driver Installer
  • 0

#30
gringo_pr
Posted 01 November 2012 - 07:19 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Adobe Reader 9.4.6
Java™ 6 Update 14
 [/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com.../readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP