Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

api.mybrowserbar.com

(In Progress)
(!)

sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
22-Jul-2012, 06:50 AM #1
api.mybrowserbar.com
My browser is recently being redirected to api.mybrowserbar.com. I use Chrome. I've checked settings in Chrome and Inet Options and both are set to google - my home page. Yet, the browser continues to open to the above site.
I've run MLB and superspy but they didn't get rid of the problem. Looked in Uninstall for some program called "search settings" but didn't find any. I run windows 7 on a 2012 machine. need help. Thanks.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,592 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
22-Jul-2012, 07:04 AM #2
follow advice here and post the logs those programs make

Did you see the big red message telling you what to do when you tried to make your first post in this topic or did you just decide to ignore it.
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
22-Jul-2012, 12:58 PM #3
Thanks for the reply. I read it, I ignored it. It's only because I had another infection problem with my old computer last year and the tech person who helped me actually wanted different logs, like MWB and OTL. No problem though. I'll post back within 24hrs with the required logs. Thanks.
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
23-Jul-2012, 09:33 AM #4
Here are the logs. A couple of things. When running Hijack, I received a warning message that said the computer denied access to the Hosts file. I didn't understand the instructions it gave afterwards, so I'm just reporting this to you.

I run skype occasionally, but I do not have msn messenger, yahoo messenger or any other messenger. These items should not be installed on my computer.

-----------------------


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:00:43 PM, on 7/23/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Luminix\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: taisregispinger - Toshiba America Information Systems. - C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: WiTopia Service (WiTopiaService) - SparkLabs - C:\Program Files\WiTopia\WiTopiaService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12735 bytes

------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Luminix at 20:05:13 on 2012-07-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6052.3680 [GMT 8:00]
.
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\WiTopia\WiTopiaService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\WiTopia\WiTopia.exe
C:\Program Files\WiTopia\Resources\openvpn.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 10.118.0.1
TCP: Interfaces\{80AC0AC7-711A-428B-9C92-16A305DEC4B6} : DhcpNameServer = 211.148.192.141 211.148.192.151
TCP: Interfaces\{9AA5DADA-D777-4FA6-BC59-4AE5204D8C9C}\D49647A7976343839393 : DhcpNameServer = 192.168.4.1 10.0.0.1
TCP: Interfaces\{BA084C69-A637-452E-B050-F15195B78506} : DhcpNameServer = 10.118.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
BHO-X64: link filter bho - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-27 791488]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-15 498688]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2011-11-25 2191240]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-25 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-28 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-15 986112]
R2 WiTopiaService;WiTopia Service;C:\Program Files\WiTopia\WiTopiaService.exe [2012-7-1 40048]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-3-28 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-2 828856]
R3 visctap0901;Viscosity Virtual Adapter V9.1;C:\windows\system32\DRIVERS\visctap0901.sys --> C:\windows\system32\DRIVERS\visctap0901.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-28 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-28 136176]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-2 340240]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-07-23 12:01:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB447AD8-831B-4937-8F05-99371F4786D8}\mpengine.dll
2012-07-19 14:41:50 -------- d-----w- C:\Users\Luminix\AppData\Roaming\SUPERAntiSpyware.com
2012-07-19 14:41:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-19 14:41:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-19 14:29:10 -------- d-----w- C:\Users\Luminix\AppData\Roaming\Malwarebytes
2012-07-19 14:29:00 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-19 14:28:59 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-19 14:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-18 14:18:20 -------- d-----w- C:\ProgramData\boost_interprocess
2012-07-17 16:21:15 -------- d-----w- C:\Users\Luminix\AppData\Roaming\PeaZip
2012-07-17 16:17:02 -------- d--h--w- C:\ProgramData\Common Files
2012-07-17 16:12:11 -------- d-----w- C:\Users\Luminix\AppData\Roaming\EuroTalk
2012-07-17 16:12:09 -------- d-----w- C:\Users\Luminix\AppData\Roaming\langmaster.com
2012-07-17 16:11:24 -------- d-----w- C:\Program Files (x86)\Common Files\LANGMaster
2012-07-17 16:10:57 -------- d-----w- C:\Program Files (x86)\LANGMaster
2012-07-17 15:15:35 -------- d-----w- C:\Users\Luminix\AppData\Local\Ilivid Player
2012-07-16 13:54:09 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-15 16:00:59 -------- d-----w- C:\Users\Luminix\AppData\Local\Adobe
2012-07-04 15:40:16 -------- d-----w- C:\ProgramData\Kaspersky Lab
2012-07-04 15:40:16 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-07-04 15:14:02 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-01 13:10:49 -------- d-----w- C:\Users\Luminix\AppData\Local\Apple Computer
2012-07-01 13:02:21 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-07-01 13:02:14 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-07-01 13:02:06 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-07-01 13:02:06 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-01 12:16:39 -------- d-----w- C:\Users\Luminix\AppData\Local\Apple
2012-07-01 12:02:03 -------- d-----w- C:\Program Files (x86)\MSECache
2012-07-01 12:00:21 -------- d-----w- C:\Users\Luminix\.pdfsplitormerge
2012-07-01 11:21:46 -------- d-----w- C:\ProgramData\Toshiba Book Place
2012-07-01 11:20:31 -------- d-----r- C:\Program Files (x86)\Skype
2012-07-01 11:11:39 -------- d-----w- C:\Users\Luminix\AppData\Roaming\Book Place
2012-07-01 10:37:19 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
2012-07-01 10:37:19 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
2012-07-01 10:37:19 -------- d-----w- C:\Program Files (x86)\Application Updater
2012-07-01 10:36:04 -------- d-----w- C:\ProgramData\YTD YouTube Downloader & Converter
2012-07-01 10:35:33 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
2012-07-01 08:13:59 -------- d-----w- C:\Users\Luminix\AppData\Roaming\WiTopia
2012-07-01 08:12:49 38368 ----a-w- C:\windows\System32\drivers\visctap0901.sys
2012-07-01 08:12:47 -------- d-----w- C:\Program Files\WiTopia
2012-06-24 06:55:00 -------- d-----w- C:\windows\SysWow64\Wat
2012-06-24 06:55:00 -------- d-----w- C:\windows\System32\Wat
2012-06-24 06:30:43 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-06-24 06:30:43 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-06-24 06:30:43 5120 ----a-w- C:\windows\System32\wmi.dll
2012-06-24 06:30:43 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-06-24 06:30:43 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-06-24 06:30:43 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-06-24 06:30:43 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 04:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:05:45.96 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,592 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
23-Jul-2012, 03:06 PM #5
it is part of youtube downloader
if you don't want the mybrowserbar bits then you need to get rid of the youtube downlaoder program entirely. There is no such thing as a free lunch & you will pay somewhere along the line for the ability to breach youtbe T&C and downlaod videos that are not supposed to be downloaded
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
25-Jul-2012, 09:07 AM #6
First, thank you for taking the time to help me with this problem. Your help is really appreciated. Wrt the youtube DL program, I have had the pro version of the program installed now about 5 months and I have it currently installed on 3 other computers, but none of the other ones are redirecting me to that site.

So, a few questions: Is this 'redirect' a hack? Is it dangerous (ie, is someone getting access to my computer or web browsing activities? Or, is it just annoying?

Since none of the other computers are showing the same problem, are you 100% sure the redirect is coming directly from the YDL program, or could it have been due to another program/file I recently downloaded? This redirect actually started just after I downloaded a program for .rar files (called "pea" something - with a green logo). It allowed me to open a read .rar files. I since uninstalled it and then a week later I sent you the hijack this log.

Since this just started about 10 days ago (but I've had the YDL software for about 5 months), could I reset the computer back 2 weeks? Would that be a good way to get rid of the redirect, but possibly be able to keep the YDL software?

Once again, thanks for time in helping me with this.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,592 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
25-Jul-2012, 03:18 PM #7
have you updated the You tube software recently
all my searches indicate that mybrowserbar is a component of youtube toolbar
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
28-Jul-2012, 01:37 AM #8
Thanks for the reply and sorry for the delay in response. Its interesting you ask about an update. Actually, I have received many messages about updating the software, but I chose not to (the reason is a little complicated, but its mainly due to I have it installed on 3 computers which is sadly not allowed, so if I update it, the other 2 computers will lose the licence.) I'm surprised that the lack of an update would have suddenly caused this.

Going on your advise, I also checked the web a little about this apimybrowser being connected to YTD. FYI, the info I found showed there being a "browser bar" which I don't have, it's not installed and it doesn't show up. My problem is that when I open Chrome, 2 pages open and neither of these are my home page (which is set to google). One page is called "X" and the other is called "Y". (At this point, I realized I need to send this message, close my browser and then reopen so I can get the exact names. I'll post back giving you the "X" and "Y".) So, I've checked all possible internal settings that my home page had been changed, and it hasn't. Both Internet Options and Chrome settings are showing google as my homepage. So, I can't explain why these 2 windows are opening and being directed to X and Y.

Does any of this information help pinpoint the problem? Thanks again.
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
28-Jul-2012, 01:44 AM #9
I realized now that I have made a small mistake. When reopening the redirected sites, I found that:
X = http://www.searchnu.com/406
Y = http://isearch.avg.com/?cid={6C4F3CC1-B693-4D9C-AD1D-D72DD42E16F9}&mid=0c196092c63947d0a5160d47e7a814f8-d6b6b397a068b5ba9a059cf31d2c2d3f06848742&lang=en&ds=bm011&pr=sa&d=2012-07-18%2000:19:52&v=11.1.0.12&sap=hp

As you can see, neither of these sites are the apimybrowser. I think what happened is the following.

There were actually 2 phases of this problem. In phase one, when I posted the message, only 1 window was opening and redirecting my page to apimybrowser. Then, a few days later, phase 2 started when 2 windows started to open (the 2 I pasted above) and I was closing them immediately without actually noticing that neither were apimybrowser.

So sorry to confuse.

Any info wrt to this info? Thanks again.
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,592 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
28-Jul-2012, 06:39 AM #10
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.
As you download it rename it to username123.exe


**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
31-Jul-2012, 11:14 AM #11
Sorry for the delay. Here's the combofix log. I'm pasting it instead of attaching it - let me know if you want it attached. Btw, I'm not sure if combo is supposed to fix the problem or just draw attention to it, but upon opening chrome again, I got the same windows opening as before, hence everything is still the same.

FYI, I did some research on registery keys that have supposedly been identified as culprits of this virus and I found some of them in the registery. However, I did not delete or modify any. i'm just letting you know that I found some keys that may be related to this virus and bad/dont belong.

thanks again for this help.

ComboFix 11-09-08.03 - Owner 09/08/2011 21:27:29.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1453 [GMT 8:00]
Running from: c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.000\WINDOWS
c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\WINDOWS
c:\documents and settings\Administrator.YOUR-RVLNHR6V8D\WINDOWS
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\hpeC.dll
c:\documents and settings\All Users\Documents\~WRL0994.tmp
c:\documents and settings\All Users\Documents\Copy of ~WRL0994.tmp
c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Angie.YOUR-RVLNHR6V8D\WINDOWS
c:\documents and settings\Angie\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Guest\WINDOWS
c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Owner.YOUR-RVLNHR6V8D\WINDOWS
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\HPQDOC~1.EXE.7f11b083.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini.inuse
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini.inuse
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\Install.exe.91d4de35.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
c:\documents and settings\Owner\WINDOWS
c:\program files\001JoinerSplitterPro_Setup.exe
c:\program files\messenger\msmsgsin.exe
C:\System
c:\system\FILES\Desktop.ini
c:\windows\bwUnin-6.1.0.155-8876480L.exe
c:\windows\bwUnin-6.1.4.65-8876480L.exe
c:\windows\CDAC13BA.EXE
c:\windows\CDAC14BA.DLL
c:\windows\dasetup.log
c:\windows\help\wmplayer.bak
c:\windows\system32\comct332.ocx
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\keylog.txt
c:\windows\system32\ps2.bat
c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
c:\windows\tsoc.log
.
.
((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
.
.
2011-09-07 15:44 . 2011-09-07 15:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2011-09-06 09:22 . 2004-08-03 16:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-09-06 09:22 . 2001-08-17 14:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-09-06 09:22 . 2001-08-17 14:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-09-06 09:22 . 2001-08-17 14:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-09-06 09:22 . 2001-08-17 14:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-09-06 09:22 . 2001-08-17 14:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-09-06 09:22 . 2001-08-17 04:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-09-06 09:22 . 2004-08-03 14:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-09-06 09:22 . 2004-08-03 16:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2011-09-06 09:22 . 2004-08-03 14:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-09-06 09:20 . 2001-08-17 05:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
2011-09-06 09:19 . 2001-08-17 04:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2011-09-06 09:18 . 2004-08-03 14:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
2011-09-06 09:17 . 2001-08-17 04:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2011-09-06 09:16 . 2001-08-17 05:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-09-06 09:15 . 2001-08-17 05:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2011-09-06 09:14 . 2001-08-17 05:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
2011-09-06 09:13 . 2001-08-17 14:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
2011-09-06 09:12 . 2001-08-17 14:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2011-09-06 09:11 . 2001-08-17 05:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2011-09-06 09:10 . 2001-08-17 06:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2011-09-02 14:14 . 2011-09-02 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-09-02 14:14 . 2011-09-02 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-09-02 10:41 . 2002-08-29 12:00 68608 ----a-w- c:\windows\system32\plugin.ocx
2011-09-02 07:05 . 2011-09-01 18:27 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-09-01 18:12 . 2011-08-18 07:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-09-01 09:40 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-09-01 09:40 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-09-01 09:40 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-09-01 09:40 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-09-01 09:40 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-09-01 09:40 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-09-01 09:40 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-09-01 09:40 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-09-01 09:39 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-09-01 09:39 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-09-01 03:27 . 2011-09-01 03:27 -------- d-----w- c:\program files\Common Files\Apple
2011-09-01 03:27 . 2011-09-01 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-09-01 02:52 . 2011-09-01 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-09-01 02:52 . 2011-09-01 02:52 -------- d-----w- c:\program files\AVAST Software
2011-08-31 16:52 . 2011-08-31 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2011-08-31 16:20 . 2011-08-31 16:20 2923248 ----a-w- c:\program files\WindowsXP-KB914882-x86-ENU.exe
2011-08-31 13:52 . 2004-08-03 16:56 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
2011-08-31 13:52 . 2004-08-03 16:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-08-31 13:48 . 2004-07-17 03:40 19528 ----a-w- c:\windows\005695_.tmp
2011-08-31 13:27 . 2002-08-29 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
2011-08-31 13:04 . 2011-08-31 13:04 278927592 ----a-w- c:\program files\WindowsXP-KB835935-SP2-ENU.exe
2011-08-31 08:22 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Angie.YOUR-RVLNHR6V8D
2011-08-29 20:23 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Owner.YOUR-RVLNHR6V8D
2011-08-29 20:18 . 2004-08-03 15:14 52736 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2011-08-29 20:18 . 2004-08-03 15:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2011-08-29 20:18 . 2004-08-03 14:58 24576 -c--a-w- c:\windows\system32\dllcache\kbdclass.sys
2011-08-29 20:18 . 2004-08-03 14:58 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2011-08-29 17:39 . 2011-02-16 11:00 17370496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
2011-08-29 15:02 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001
2011-08-29 13:13 . 2004-08-03 15:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2011-08-29 13:11 . 2004-08-03 15:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2011-08-22 18:52 . 2011-08-22 18:52 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 03:58 . 2010-05-01 23:36 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2011-08-24 15:34 . 2011-05-14 06:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-01 06:14 . 2011-08-01 06:14 73048120 ----a-w- c:\program files\4vc9y445 dr webb 2.exe
2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-07-17 11:26 . 2011-07-17 11:26 6490479 ----a-w- c:\program files\Install_VideoTodoPro_6.0.0.0.exe
2011-07-08 13:53 . 2011-08-07 14:34 14215496 ----a-w- c:\program files\PDFXVwer.exe
2011-07-06 11:52 . 2009-08-24 02:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 11:52 . 2009-08-24 02:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-01 02:45 . 2010-07-31 07:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2011-03-31 18:19 . 2011-03-31 18:19 1448614 ----a-w- c:\program files\wrar400.exe
2011-03-16 15:06 . 2011-03-16 15:06 6489190 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.3.exe
2011-02-13 19:42 . 2011-02-13 19:42 6489068 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.2.exe
2011-01-29 08:34 . 2011-01-29 08:34 4138449 ----a-w- c:\program files\personalVPN_Installer.exe
2010-08-29 17:08 . 2010-08-29 17:08 1967336 ----a-w- c:\program files\installspeedfan441.exe
2010-08-07 04:34 . 2010-08-07 04:34 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
2010-08-07 02:09 . 2010-08-07 02:09 1364522 ----a-w- c:\program files\wrar393.exe
2010-08-02 19:21 . 2010-08-02 19:12 19461015 ----a-w- c:\program files\vlc-1.1.2-win32.exe
2010-07-31 02:56 . 2010-07-31 02:56 115547440 ----a-w- c:\program files\DigitalImageStarter06.exe
2010-07-31 01:25 . 2010-07-31 01:25 20393805 ----a-w- c:\program files\Hugin_2009-4-0_win32_setup.exe
2010-07-31 00:51 . 2010-07-31 00:51 128750008 ----a-w- c:\program files\Ad-AwareInstall.exe
2010-07-31 00:36 . 2010-07-31 00:36 3366912 ----a-w- c:\program files\Panorama ICE-1.3.5-for-32-bit-Windows.msi
2010-07-31 00:30 . 2010-07-31 00:30 9284121 ----a-w- c:\program files\PosPanoramaPro_SetUp.exe
2010-07-23 00:52 . 2010-07-23 00:52 4203037 ----a-w- c:\program files\MyPhoneExplorer_Setup_1.7.6.exe
2010-05-02 17:44 . 2010-05-02 17:44 6489810 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.1.exe
2010-05-02 00:02 . 2009-08-19 16:41 693840 ----a-w- c:\program files\wmv9VCMsetup.exe
2010-04-21 00:03 . 2010-04-21 00:03 2899511 ----a-w- c:\program files\SkypeRecorderSetup.exe
2009-10-07 01:07 . 2009-10-07 01:07 7292928 ----a-w- c:\program files\VideoTodoPro2.exe
2009-08-15 15:58 . 2009-08-15 14:34 7290880 ----a-w- c:\program files\VideoTodoPro.exe
2009-08-12 13:39 . 2009-08-12 13:39 308160 ----a-w- c:\program files\avast_home_setup.exe
2009-08-02 22:14 . 2009-08-02 22:14 1925024 ----a-w- c:\program files\install_flash_player.exe
2009-07-22 01:50 . 2009-07-22 01:50 1092216 ----a-w- c:\program files\Google Updater.exe
2009-06-06 23:02 . 2009-06-06 23:01 1237824 ----a-w- c:\program files\Setup 3D.exe
2009-05-09 20:37 . 2009-05-09 20:37 812344 ----a-w- c:\program files\HJTInstall.exe
2009-01-21 00:15 . 2009-01-21 00:15 4865408 ----a-w- c:\program files\Silverlight.2.0.exe
2009-01-07 05:18 . 2009-01-07 05:18 19333112 ----a-w- c:\program files\DivXInstaller.exe
2009-01-07 04:46 . 2009-01-07 04:46 16320472 ----a-w- c:\program files\vlc-0[1].9.8a-win32 VLC Media Player.exe
2009-01-07 04:36 . 2009-01-07 04:36 9506511 ----a-w- c:\program files\FVStudio30.exe
2008-12-15 16:38 . 2008-12-15 16:38 90749456 ----a-w- c:\program files\NVIDIA 178[1].13_geforce_winxp_32bit_english_whql.exe
2008-12-15 16:02 . 2008-12-15 16:02 2462200 ----a-w- c:\program files\ac3filter_1_51a.exe
2008-11-11 04:18 . 2008-11-11 04:18 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2008-08-18 01:04 . 2008-08-18 01:04 22453544 ----a-w- c:\program files\SkypeSetup.exe
2008-08-17 19:56 . 2008-08-17 19:56 14905624 ----a-w- c:\program files\oovoosetup.exe
2008-07-06 05:52 . 2008-07-06 05:44 382352 ----a-w- c:\program files\jre-6u6-windows-i586-p-iftw JAVA.exe
2008-06-27 03:58 . 2008-06-27 03:58 21924608 ----a-w- c:\program files\Sony Ericsson PC Suite_3.209.00_EN.exe
2008-06-23 04:31 . 2008-06-23 04:31 23454528 ----a-w- c:\program files\AdbeRdr812.exe
2008-06-20 00:59 . 2008-06-20 00:59 20740760 ----a-w- c:\program files\avinstall pctools antivirus.exe
2008-06-07 05:04 . 2008-06-07 05:04 840679 ----a-w- c:\program files\7z432 7zip.exe
2008-06-06 05:13 . 2008-06-06 05:13 4974945 ----a-w- c:\program files\AVIMoviePlayer52.exe
2008-06-03 00:46 . 2008-06-03 00:46 2400784 ----a-w- c:\program files\WLinstaller Messager.exe
2008-05-29 01:14 . 2008-05-29 01:14 1559005 ----a-w- c:\program files\FreeFLVPlayer1[1].0.exe
2008-05-20 02:42 . 2008-05-20 02:42 26815520 ----a-w- c:\program files\kis7[1].0.0.125en.exe
2007-07-24 19:47 . 2007-07-24 19:47 219 ----a-w- c:\program files\setup.reg
2007-06-28 17:15 . 2007-06-28 17:15 25556480 ----a-w- c:\program files\kis.en.msi
2006-11-28 04:16 . 2006-11-28 04:16 484352 -c--a-w- c:\program files\ie6setup.exe
2004-05-16 17:52 . 2004-05-16 17:52 276992 -c--a-w- c:\program files\mpeg_joiner.exe
2004-04-03 01:32 . 2004-04-03 01:32 19979192 -c--a-w- c:\program files\iTunesSetup.exe
2004-01-02 03:01 . 2004-01-02 03:01 10135688 -c--a-w- c:\program files\MPSetupXP.exe
2003-12-29 05:35 . 2003-12-29 05:34 10802360 -c--a-w- c:\program files\RealOnePlayerV2GOLD_bb.exe
2003-12-28 19:58 . 2003-12-28 19:58 5313488 -c--a-w- c:\program files\DivX51Bundle.exe
2003-12-06 03:33 . 2003-12-06 03:33 3662787 -c--a-w- c:\program files\spybotsd12.exe
2003-09-17 04:30 . 2003-09-17 04:29 3740624 -c--a-w- c:\program files\DivXPlayerInstaller.exe
2003-07-09 05:11 . 2003-07-09 05:11 2270960 -c--a-w- c:\program files\nsradioplus.exe
2003-07-07 03:55 . 2003-07-07 03:55 8365240 -c--a-w- c:\program files\RealOnePlayerV2GOLD.exe
1998-09-30 14:26 . 2006-01-12 17:31 683520 -c--a-w- c:\program files\MSREGX32.DLL
1998-08-25 15:47 . 2006-01-12 17:31 29696 -c--a-w- c:\program files\MSRUN32.EXE
1996-11-06 06:10 . 2006-01-12 17:32 886784 ----a-w- c:\program files\MetaComp.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
"StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
"WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" [2002-11-27 131072]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-01-11 315392]
"nwiz"="nwiz.exe" [2002-09-10 372736]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-8 553021]
hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [N/A]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-7-9 156160]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
MsnFixer.lnk - c:\hp\bin\msnfix\msnfixjs.js [N/A]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-21 53248]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavaso ft Ad-Aware Service]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]
R2 mrtRate;mrtRate; [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 aswFsBlk;aswFsBlk; [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:26]
.
2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2011-09-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 01:03]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 01:56]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 01:56]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786441397-2294659099-1544360120-1003Core.job
- c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 15:49]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786441397-2294659099-1544360120-1003UA.job
- c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 15:49]
.
2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 14:44]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 14:44]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1013Core.job
- c:\documents and settings\Angie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 14:44]
.
2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1013UA.job
- c:\documents and settings\Angie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 14:44]
.
2011-09-08 c:\windows\Tasks\User_Feed_Synchronization-{798191DE-4619-4963-A03E-E2E7F57CD5DA}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uDefault_Search_URL = hxxp://srch-us7.hpwis.com/
mSearch Bar = hxxp://srch-us7.hpwis.com/
uInternet Connection Wizard,ShellNext = wmplayer.exe
uInternet Settings,ProxyOverride = localhost
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-AutoTBar - c:\hp\bin\autotbar.exe
AddRemove-{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-08 21:55
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(700)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-09-08 22:07:37
ComboFix-quarantined-files.txt 2011-09-08 14:07
.
Pre-Run: 4,048,519,168 bytes free
Post-Run: 6,478,389,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 875824994A733F1A514CED489B4AEE7F
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,592 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
31-Jul-2012, 04:46 PM #12
Run tdss killer from http://support.kaspersky.com/viruses...?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
01-Aug-2012, 10:53 AM #13
It didn't ask to delete anything.


22:51:01.0895 2088 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:51:03.0898 2088 ============================================================
22:51:03.0898 2088 Current date / time: 2012/08/01 22:51:03.0898
22:51:03.0898 2088 SystemInfo:
22:51:03.0898 2088
22:51:03.0898 2088 OS Version: 6.1.7601 ServicePack: 1.0
22:51:03.0898 2088 Product type: Workstation
22:51:03.0898 2088 ComputerName: EM
22:51:03.0898 2088 UserName: Luminix
22:51:03.0898 2088 Windows directory: C:\windows
22:51:03.0898 2088 System windows directory: C:\windows
22:51:03.0898 2088 Running under WOW64
22:51:03.0898 2088 Processor architecture: Intel x64
22:51:03.0898 2088 Number of processors: 4
22:51:03.0898 2088 Page size: 0x1000
22:51:03.0898 2088 Boot type: Normal boot
22:51:03.0898 2088 ============================================================
22:51:04.0179 2088 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:51:04.0195 2088 ============================================================
22:51:04.0195 2088 \Device\Harddisk0\DR0:
22:51:04.0195 2088 MBR partitions:
22:51:04.0195 2088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x5540D000
22:51:04.0195 2088 ============================================================
22:51:04.0226 2088 C: <-> \Device\Harddisk0\DR0\Partition0
22:51:04.0226 2088 ============================================================
22:51:04.0226 2088 Initialize success
22:51:04.0226 2088 ============================================================
22:51:14.0569 1612 ============================================================
22:51:14.0569 1612 Scan started
22:51:14.0569 1612 Mode: Manual;
22:51:14.0569 1612 ============================================================
22:51:15.0255 1612 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
22:51:15.0255 1612 !SASCORE - ok
22:51:15.0473 1612 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
22:51:15.0489 1612 1394ohci - ok
22:51:15.0832 1612 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
22:51:15.0832 1612 ACPI - ok
22:51:15.0863 1612 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
22:51:15.0863 1612 AcpiPmi - ok
22:51:15.0957 1612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
22:51:15.0973 1612 adp94xx - ok
22:51:16.0051 1612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
22:51:16.0066 1612 adpahci - ok
22:51:16.0097 1612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
22:51:16.0113 1612 adpu320 - ok
22:51:16.0144 1612 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
22:51:16.0160 1612 AeLookupSvc - ok
22:51:16.0207 1612 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
22:51:16.0222 1612 AFD - ok
22:51:16.0269 1612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
22:51:16.0269 1612 agp440 - ok
22:51:16.0316 1612 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
22:51:16.0316 1612 ALG - ok
22:51:16.0347 1612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
22:51:16.0347 1612 aliide - ok
22:51:16.0347 1612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
22:51:16.0363 1612 amdide - ok
22:51:16.0394 1612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
22:51:16.0394 1612 AmdK8 - ok
22:51:16.0425 1612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
22:51:16.0425 1612 AmdPPM - ok
22:51:16.0456 1612 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
22:51:16.0456 1612 amdsata - ok
22:51:16.0487 1612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
22:51:16.0503 1612 amdsbs - ok
22:51:16.0519 1612 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
22:51:16.0519 1612 amdxata - ok
22:51:16.0550 1612 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
22:51:16.0550 1612 AppID - ok
22:51:16.0581 1612 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
22:51:16.0581 1612 AppIDSvc - ok
22:51:16.0597 1612 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
22:51:16.0597 1612 Appinfo - ok
22:51:16.0690 1612 Application Updater (0805ecf10476a091999e4d59d0db71a2) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
22:51:16.0706 1612 Application Updater - ok
22:51:16.0768 1612 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
22:51:16.0768 1612 arc - ok
22:51:16.0799 1612 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
22:51:16.0799 1612 arcsas - ok
22:51:16.0831 1612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
22:51:16.0831 1612 AsyncMac - ok
22:51:16.0877 1612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
22:51:16.0877 1612 atapi - ok
22:51:16.0971 1612 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:51:16.0987 1612 AudioEndpointBuilder - ok
22:51:17.0002 1612 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
22:51:17.0002 1612 AudioSrv - ok
22:51:17.0158 1612 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
22:51:17.0158 1612 AVP - ok
22:51:17.0205 1612 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
22:51:17.0205 1612 AxInstSV - ok
22:51:17.0283 1612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
22:51:17.0299 1612 b06bdrv - ok
22:51:17.0330 1612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
22:51:17.0345 1612 b57nd60a - ok
22:51:17.0392 1612 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
22:51:17.0392 1612 BDESVC - ok
22:51:17.0408 1612 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
22:51:17.0408 1612 Beep - ok
22:51:17.0470 1612 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
22:51:17.0486 1612 BFE - ok
22:51:17.0579 1612 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
22:51:17.0611 1612 BITS - ok
22:51:17.0657 1612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
22:51:17.0657 1612 blbdrive - ok
22:51:17.0704 1612 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
22:51:17.0704 1612 bowser - ok
22:51:17.0735 1612 bpenum (56e4345f392f17d66683225e214840cb) C:\windows\system32\DRIVERS\bpenum.sys
22:51:17.0735 1612 bpenum - ok
22:51:17.0782 1612 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\windows\system32\DRIVERS\bpmp.sys
22:51:17.0782 1612 bpmp - ok
22:51:17.0798 1612 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\windows\system32\Drivers\bpusb.sys
22:51:17.0798 1612 bpusb - ok
22:51:17.0829 1612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
22:51:17.0829 1612 BrFiltLo - ok
22:51:17.0845 1612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
22:51:17.0845 1612 BrFiltUp - ok
22:51:17.0876 1612 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
22:51:17.0876 1612 BridgeMP - ok
22:51:17.0923 1612 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
22:51:17.0923 1612 Browser - ok
22:51:17.0954 1612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
22:51:17.0954 1612 Brserid - ok
22:51:17.0969 1612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
22:51:17.0985 1612 BrSerWdm - ok
22:51:17.0985 1612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
22:51:17.0985 1612 BrUsbMdm - ok
22:51:18.0001 1612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
22:51:18.0001 1612 BrUsbSer - ok
22:51:18.0001 1612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
22:51:18.0001 1612 BTHMODEM - ok
22:51:18.0032 1612 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
22:51:18.0032 1612 bthserv - ok
22:51:18.0063 1612 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
22:51:18.0063 1612 cdfs - ok
22:51:18.0094 1612 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
22:51:18.0094 1612 cdrom - ok
22:51:18.0141 1612 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
22:51:18.0141 1612 CeKbFilter - ok
22:51:18.0188 1612 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:51:18.0188 1612 CertPropSvc - ok
22:51:18.0219 1612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
22:51:18.0219 1612 circlass - ok
22:51:18.0250 1612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
22:51:18.0266 1612 CLFS - ok
22:51:18.0328 1612 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:51:18.0328 1612 clr_optimization_v2.0.50727_32 - ok
22:51:18.0391 1612 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:51:18.0391 1612 clr_optimization_v2.0.50727_64 - ok
22:51:18.0469 1612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:51:18.0469 1612 clr_optimization_v4.0.30319_32 - ok
22:51:18.0531 1612 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:51:18.0531 1612 clr_optimization_v4.0.30319_64 - ok
22:51:18.0578 1612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
22:51:18.0578 1612 CmBatt - ok
22:51:18.0593 1612 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
22:51:18.0593 1612 cmdide - ok
22:51:18.0656 1612 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
22:51:18.0656 1612 CNG - ok
22:51:18.0687 1612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
22:51:18.0703 1612 Compbatt - ok
22:51:18.0718 1612 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
22:51:18.0718 1612 CompositeBus - ok
22:51:18.0734 1612 COMSysApp - ok
22:51:18.0765 1612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
22:51:18.0765 1612 crcdisk - ok
22:51:18.0859 1612 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
22:51:18.0859 1612 CryptSvc - ok
22:51:19.0030 1612 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
22:51:19.0030 1612 cvhsvc - ok
22:51:19.0124 1612 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:51:19.0139 1612 DcomLaunch - ok
22:51:19.0186 1612 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
22:51:19.0186 1612 defragsvc - ok
22:51:19.0264 1612 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
22:51:19.0264 1612 DfsC - ok
22:51:19.0311 1612 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
22:51:19.0327 1612 Dhcp - ok
22:51:19.0342 1612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
22:51:19.0342 1612 discache - ok
22:51:19.0389 1612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
22:51:19.0389 1612 Disk - ok
22:51:19.0483 1612 DMAgent (e7b489fa5b15d2fec3e52066e015b788) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
22:51:19.0498 1612 DMAgent - ok
22:51:19.0545 1612 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
22:51:19.0545 1612 Dnscache - ok
22:51:19.0561 1612 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
22:51:19.0576 1612 dot3svc - ok
22:51:19.0607 1612 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
22:51:19.0607 1612 DPS - ok
22:51:19.0639 1612 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
22:51:19.0654 1612 drmkaud - ok
22:51:19.0717 1612 DXGKrnl (85dbf6ec7bdfa6187f4a1ec8f3145cd0) C:\windows\System32\drivers\dxgkrnl.sys
22:51:19.0732 1612 DXGKrnl - ok
22:51:19.0779 1612 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
22:51:19.0779 1612 EapHost - ok
22:51:19.0951 1612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
22:51:20.0013 1612 ebdrv - ok
22:51:20.0122 1612 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
22:51:20.0122 1612 EFS - ok
22:51:20.0200 1612 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
22:51:20.0216 1612 ehRecvr - ok
22:51:20.0247 1612 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
22:51:20.0263 1612 ehSched - ok
22:51:20.0341 1612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
22:51:20.0356 1612 elxstor - ok
22:51:20.0372 1612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
22:51:20.0372 1612 ErrDev - ok
22:51:20.0434 1612 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
22:51:20.0450 1612 EventSystem - ok
22:51:20.0621 1612 EvtEng (57e61dc4f7980d57c0b162fc5b9f0b38) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:51:20.0637 1612 EvtEng - ok
22:51:20.0793 1612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
22:51:20.0793 1612 exfat - ok
22:51:20.0840 1612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
22:51:20.0840 1612 fastfat - ok
22:51:20.0918 1612 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
22:51:20.0933 1612 Fax - ok
22:51:20.0965 1612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
22:51:20.0965 1612 fdc - ok
22:51:20.0996 1612 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
22:51:20.0996 1612 fdPHost - ok
22:51:21.0011 1612 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
22:51:21.0011 1612 FDResPub - ok
22:51:21.0027 1612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
22:51:21.0027 1612 FileInfo - ok
22:51:21.0058 1612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
22:51:21.0058 1612 Filetrace - ok
22:51:21.0074 1612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
22:51:21.0074 1612 flpydisk - ok
22:51:21.0105 1612 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
22:51:21.0105 1612 FltMgr - ok
22:51:21.0183 1612 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
22:51:21.0199 1612 FontCache - ok
22:51:21.0261 1612 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:51:21.0261 1612 FontCache3.0.0.0 - ok
22:51:21.0308 1612 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
22:51:21.0323 1612 FsDepends - ok
22:51:21.0355 1612 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
22:51:21.0355 1612 Fs_Rec - ok
22:51:21.0386 1612 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
22:51:21.0386 1612 fvevol - ok
22:51:21.0433 1612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
22:51:21.0433 1612 gagp30kx - ok
22:51:21.0511 1612 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
22:51:21.0526 1612 gpsvc - ok
22:51:21.0620 1612 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:51:21.0620 1612 gupdate - ok
22:51:21.0635 1612 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:51:21.0635 1612 gupdatem - ok
22:51:21.0667 1612 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:51:21.0667 1612 gusvc - ok
22:51:21.0702 1612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
22:51:21.0702 1612 hcw85cir - ok
22:51:21.0742 1612 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
22:51:21.0752 1612 HdAudAddService - ok
22:51:21.0782 1612 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
22:51:21.0782 1612 HDAudBus - ok
22:51:21.0802 1612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
22:51:21.0802 1612 HidBatt - ok
22:51:21.0812 1612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
22:51:21.0812 1612 HidBth - ok
22:51:21.0822 1612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
22:51:21.0822 1612 HidIr - ok
22:51:21.0842 1612 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
22:51:21.0852 1612 hidserv - ok
22:51:21.0872 1612 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
22:51:21.0872 1612 HidUsb - ok
22:51:21.0902 1612 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
22:51:21.0912 1612 hkmsvc - ok
22:51:21.0932 1612 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
22:51:21.0932 1612 HomeGroupListener - ok
22:51:21.0962 1612 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
22:51:21.0962 1612 HomeGroupProvider - ok
22:51:21.0992 1612 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
22:51:21.0992 1612 HpSAMD - ok
22:51:22.0052 1612 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
22:51:22.0062 1612 HTTP - ok
22:51:22.0082 1612 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
22:51:22.0082 1612 hwpolicy - ok
22:51:22.0092 1612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
22:51:22.0102 1612 i8042prt - ok
22:51:22.0162 1612 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
22:51:22.0172 1612 iaStor - ok
22:51:22.0222 1612 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
22:51:22.0232 1612 iaStorV - ok
22:51:22.0312 1612 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:51:22.0322 1612 idsvc - ok
22:51:23.0002 1612 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys
22:51:23.0292 1612 igfx - ok
22:51:23.0422 1612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
22:51:23.0422 1612 iirsp - ok
22:51:23.0492 1612 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
22:51:23.0512 1612 IKEEXT - ok
22:51:23.0552 1612 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
22:51:23.0562 1612 intaud_WaveExtensible - ok
22:51:23.0742 1612 IntcAzAudAddService (4b2151f04bb466ec1924aa27315e1118) C:\windows\system32\drivers\RTKVHD64.sys
22:51:23.0783 1612 IntcAzAudAddService - ok
22:51:23.0924 1612 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
22:51:23.0924 1612 IntcDAud - ok
22:51:23.0955 1612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
22:51:23.0971 1612 intelide - ok
22:51:24.0002 1612 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
22:51:24.0002 1612 intelppm - ok
22:51:24.0049 1612 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
22:51:24.0049 1612 IPBusEnum - ok
22:51:24.0095 1612 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:51:24.0095 1612 IpFilterDriver - ok
22:51:24.0142 1612 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
22:51:24.0158 1612 iphlpsvc - ok
22:51:24.0173 1612 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
22:51:24.0173 1612 IPMIDRV - ok
22:51:24.0205 1612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
22:51:24.0205 1612 IPNAT - ok
22:51:24.0236 1612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
22:51:24.0236 1612 IRENUM - ok
22:51:24.0236 1612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
22:51:24.0251 1612 isapnp - ok
22:51:24.0283 1612 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
22:51:24.0283 1612 iScsiPrt - ok
22:51:24.0329 1612 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
22:51:24.0329 1612 iwdbus - ok
22:51:24.0392 1612 JMCR (935301dd8306ceeaef0b84dd6abffdc6) C:\windows\system32\DRIVERS\jmcr.sys
22:51:24.0392 1612 JMCR - ok
22:51:24.0423 1612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
22:51:24.0439 1612 kbdclass - ok
22:51:24.0470 1612 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
22:51:24.0470 1612 kbdhid - ok
22:51:24.0501 1612 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:51:24.0501 1612 KeyIso - ok
22:51:24.0563 1612 KL1 (e656fe10d6d27794afa08136685a69e8) C:\windows\system32\DRIVERS\kl1.sys
22:51:24.0563 1612 KL1 - ok
22:51:24.0595 1612 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\windows\system32\DRIVERS\kl2.sys
22:51:24.0595 1612 kl2 - ok
22:51:24.0657 1612 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\windows\system32\DRIVERS\klif.sys
22:51:24.0657 1612 KLIF - ok
22:51:24.0673 1612 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\windows\system32\DRIVERS\klim6.sys
22:51:24.0673 1612 KLIM6 - ok
22:51:24.0688 1612 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
22:51:24.0704 1612 klmouflt - ok
22:51:24.0735 1612 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
22:51:24.0735 1612 KSecDD - ok
22:51:24.0782 1612 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
22:51:24.0782 1612 KSecPkg - ok
22:51:24.0829 1612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
22:51:24.0829 1612 ksthunk - ok
22:51:24.0907 1612 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
22:51:24.0907 1612 KtmRm - ok
22:51:24.0969 1612 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
22:51:24.0969 1612 LanmanServer - ok
22:51:25.0047 1612 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
22:51:25.0047 1612 LanmanWorkstation - ok
22:51:25.0125 1612 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
22:51:25.0125 1612 lltdio - ok
22:51:25.0250 1612 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
22:51:25.0265 1612 lltdsvc - ok
22:51:25.0281 1612 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
22:51:25.0281 1612 lmhosts - ok
22:51:25.0375 1612 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:51:25.0375 1612 LMS - ok
22:51:25.0406 1612 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
22:51:25.0406 1612 LPCFilter - ok
22:51:25.0453 1612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
22:51:25.0453 1612 LSI_FC - ok
22:51:25.0453 1612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
22:51:25.0453 1612 LSI_SAS - ok
22:51:25.0468 1612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
22:51:25.0468 1612 LSI_SAS2 - ok
22:51:25.0468 1612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
22:51:25.0468 1612 LSI_SCSI - ok
22:51:25.0484 1612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
22:51:25.0484 1612 luafv - ok
22:51:25.0515 1612 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
22:51:25.0531 1612 Mcx2Svc - ok
22:51:25.0531 1612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
22:51:25.0531 1612 megasas - ok
22:51:25.0577 1612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
22:51:25.0577 1612 MegaSR - ok
22:51:25.0624 1612 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
22:51:25.0624 1612 MEIx64 - ok
22:51:25.0671 1612 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:51:25.0671 1612 MMCSS - ok
22:51:25.0687 1612 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
22:51:25.0687 1612 Modem - ok
22:51:25.0718 1612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
22:51:25.0718 1612 monitor - ok
22:51:25.0733 1612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
22:51:25.0733 1612 mouclass - ok
22:51:25.0749 1612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
22:51:25.0765 1612 mouhid - ok
22:51:25.0765 1612 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
22:51:25.0765 1612 mountmgr - ok
22:51:25.0796 1612 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
22:51:25.0796 1612 mpio - ok
22:51:25.0811 1612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
22:51:25.0811 1612 mpsdrv - ok
22:51:25.0874 1612 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
22:51:25.0889 1612 MpsSvc - ok
22:51:25.0921 1612 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
22:51:25.0921 1612 MRxDAV - ok
22:51:25.0952 1612 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
22:51:25.0967 1612 mrxsmb - ok
22:51:25.0983 1612 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:51:25.0999 1612 mrxsmb10 - ok
22:51:26.0014 1612 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:51:26.0014 1612 mrxsmb20 - ok
22:51:26.0030 1612 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
22:51:26.0030 1612 msahci - ok
22:51:26.0061 1612 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
22:51:26.0061 1612 msdsm - ok
22:51:26.0092 1612 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
22:51:26.0108 1612 MSDTC - ok
22:51:26.0123 1612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
22:51:26.0139 1612 Msfs - ok
22:51:26.0170 1612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
22:51:26.0170 1612 mshidkmdf - ok
22:51:26.0186 1612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
22:51:26.0186 1612 msisadrv - ok
22:51:26.0233 1612 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
22:51:26.0233 1612 MSiSCSI - ok
22:51:26.0233 1612 msiserver - ok
22:51:26.0264 1612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
22:51:26.0264 1612 MSKSSRV - ok
22:51:26.0295 1612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
22:51:26.0295 1612 MSPCLOCK - ok
22:51:26.0295 1612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
22:51:26.0295 1612 MSPQM - ok
22:51:26.0326 1612 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
22:51:26.0326 1612 MsRPC - ok
22:51:26.0342 1612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
22:51:26.0342 1612 mssmbios - ok
22:51:26.0357 1612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
22:51:26.0357 1612 MSTEE - ok
22:51:26.0373 1612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
22:51:26.0373 1612 MTConfig - ok
22:51:26.0389 1612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
22:51:26.0389 1612 Mup - ok
22:51:26.0498 1612 MyWiFiDHCPDNS (50b99d53bc013458381c6476d790c9f3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
22:51:26.0513 1612 MyWiFiDHCPDNS - ok
22:51:26.0591 1612 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
22:51:26.0607 1612 napagent - ok
22:51:26.0669 1612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
22:51:26.0669 1612 NativeWifiP - ok
22:51:26.0732 1612 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
22:51:26.0747 1612 NDIS - ok
22:51:26.0810 1612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
22:51:26.0810 1612 NdisCap - ok
22:51:26.0872 1612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
22:51:26.0872 1612 NdisTapi - ok
22:51:26.0888 1612 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
22:51:26.0888 1612 Ndisuio - ok
22:51:26.0903 1612 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
22:51:26.0919 1612 NdisWan - ok
22:51:26.0981 1612 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
22:51:26.0981 1612 NDProxy - ok
22:51:27.0028 1612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
22:51:27.0028 1612 NetBIOS - ok
22:51:27.0044 1612 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
22:51:27.0059 1612 NetBT - ok
22:51:27.0106 1612 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:51:27.0122 1612 Netlogon - ok
22:51:27.0153 1612 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
22:51:27.0169 1612 Netman - ok
22:51:27.0200 1612 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
22:51:27.0215 1612 netprofm - ok
22:51:27.0293 1612 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:51:27.0293 1612 NetTcpPortSharing - ok
22:51:27.0730 1612 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
22:51:27.0871 1612 NETwNs64 - ok
22:51:27.0995 1612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
22:51:27.0995 1612 nfrd960 - ok
22:51:28.0058 1612 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
22:51:28.0073 1612 NlaSvc - ok
22:51:28.0089 1612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
22:51:28.0089 1612 Npfs - ok
22:51:28.0120 1612 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
22:51:28.0120 1612 nsi - ok
22:51:28.0120 1612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
22:51:28.0136 1612 nsiproxy - ok
22:51:28.0245 1612 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
22:51:28.0276 1612 Ntfs - ok
22:51:28.0385 1612 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
22:51:28.0385 1612 Null - ok
22:51:28.0432 1612 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
22:51:28.0448 1612 nusb3hub - ok
22:51:28.0463 1612 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
22:51:28.0463 1612 nusb3xhc - ok
22:51:28.0510 1612 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
22:51:28.0510 1612 nvraid - ok
22:51:28.0541 1612 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
22:51:28.0541 1612 nvstor - ok
22:51:28.0573 1612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
22:51:28.0573 1612 nv_agp - ok
22:51:28.0604 1612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
22:51:28.0604 1612 ohci1394 - ok
22:51:28.0682 1612 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:51:28.0682 1612 ose - ok
22:51:29.0119 1612 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:51:29.0228 1612 osppsvc - ok
22:51:29.0353 1612 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:51:29.0368 1612 p2pimsvc - ok
22:51:29.0399 1612 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
22:51:29.0399 1612 p2psvc - ok
22:51:29.0446 1612 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
22:51:29.0446 1612 Parport - ok
22:51:29.0477 1612 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
22:51:29.0477 1612 partmgr - ok
22:51:29.0524 1612 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
22:51:29.0524 1612 PcaSvc - ok
22:51:29.0555 1612 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
22:51:29.0555 1612 pci - ok
22:51:29.0571 1612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
22:51:29.0587 1612 pciide - ok
22:51:29.0618 1612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
22:51:29.0618 1612 pcmcia - ok
22:51:29.0618 1612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
22:51:29.0618 1612 pcw - ok
22:51:29.0680 1612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
22:51:29.0680 1612 PEAUTH - ok
22:51:29.0758 1612 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
22:51:29.0774 1612 PerfHost - ok
22:51:29.0821 1612 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
22:51:29.0821 1612 PGEffect - ok
22:51:29.0899 1612 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
22:51:29.0930 1612 pla - ok
22:51:29.0992 1612 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
22:51:30.0008 1612 PlugPlay - ok
22:51:30.0039 1612 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
22:51:30.0039 1612 PNRPAutoReg - ok
22:51:30.0070 1612 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
22:51:30.0070 1612 PNRPsvc - ok
22:51:30.0133 1612 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
22:51:30.0148 1612 PolicyAgent - ok
22:51:30.0164 1612 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
22:51:30.0179 1612 Power - ok
22:51:30.0242 1612 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
22:51:30.0242 1612 PptpMiniport - ok
22:51:30.0257 1612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
22:51:30.0257 1612 Processor - ok
22:51:30.0304 1612 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
22:51:30.0304 1612 ProfSvc - ok
22:51:30.0351 1612 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:51:30.0351 1612 ProtectedStorage - ok
22:51:30.0413 1612 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
22:51:30.0413 1612 Psched - ok
22:51:30.0554 1612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
22:51:30.0585 1612 ql2300 - ok
22:51:30.0757 1612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
22:51:30.0757 1612 ql40xx - ok
22:51:30.0835 1612 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
22:51:30.0835 1612 QWAVE - ok
22:51:30.0866 1612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
22:51:30.0866 1612 QWAVEdrv - ok
22:51:30.0881 1612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
22:51:30.0881 1612 RasAcd - ok
22:51:30.0928 1612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
22:51:30.0928 1612 RasAgileVpn - ok
22:51:30.0975 1612 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
22:51:30.0975 1612 RasAuto - ok
22:51:31.0022 1612 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
22:51:31.0022 1612 Rasl2tp - ok
22:51:31.0115 1612 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
22:51:31.0131 1612 RasMan - ok
22:51:31.0162 1612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
22:51:31.0162 1612 RasPppoe - ok
22:51:31.0209 1612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
22:51:31.0209 1612 RasSstp - ok
22:51:31.0256 1612 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
22:51:31.0271 1612 rdbss - ok
22:51:31.0287 1612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
22:51:31.0287 1612 rdpbus - ok
22:51:31.0318 1612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
22:51:31.0318 1612 RDPCDD - ok
22:51:31.0349 1612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
22:51:31.0349 1612 RDPENCDD - ok
22:51:31.0365 1612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
22:51:31.0365 1612 RDPREFMP - ok
22:51:31.0412 1612 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
22:51:31.0427 1612 RDPWD - ok
22:51:31.0459 1612 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
22:51:31.0474 1612 rdyboost - ok
22:51:31.0599 1612 RegSrvc (18505d90fee940ee9eae4c5b421f22b4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:51:31.0615 1612 RegSrvc - ok
22:51:31.0646 1612 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
22:51:31.0661 1612 RemoteAccess - ok
22:51:31.0708 1612 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
22:51:31.0708 1612 RemoteRegistry - ok
22:51:31.0739 1612 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
22:51:31.0739 1612 RpcEptMapper - ok
22:51:31.0771 1612 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
22:51:31.0786 1612 RpcLocator - ok
22:51:31.0817 1612 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
22:51:31.0833 1612 RpcSs - ok
22:51:31.0895 1612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
22:51:31.0895 1612 rspndr - ok
22:51:31.0973 1612 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
22:51:31.0973 1612 RTL8167 - ok
22:51:32.0036 1612 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:51:32.0036 1612 SamSs - ok
22:51:32.0114 1612 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
22:51:32.0114 1612 SASDIFSV - ok
22:51:32.0145 1612 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
22:51:32.0145 1612 SASKUTIL - ok
22:51:32.0176 1612 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
22:51:32.0176 1612 sbp2port - ok
22:51:32.0207 1612 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
22:51:32.0223 1612 SCardSvr - ok
22:51:32.0254 1612 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
22:51:32.0254 1612 scfilter - ok
22:51:32.0317 1612 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
22:51:32.0348 1612 Schedule - ok
22:51:32.0379 1612 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
22:51:32.0379 1612 SCPolicySvc - ok
22:51:32.0410 1612 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
22:51:32.0410 1612 sdbus - ok
22:51:32.0457 1612 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
22:51:32.0457 1612 SDRSVC - ok
22:51:32.0488 1612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
22:51:32.0488 1612 secdrv - ok
22:51:32.0504 1612 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
22:51:32.0519 1612 seclogon - ok
22:51:32.0535 1612 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
22:51:32.0551 1612 SENS - ok
22:51:32.0582 1612 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
22:51:32.0597 1612 SensrSvc - ok
22:51:32.0629 1612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
22:51:32.0629 1612 Serenum - ok
22:51:32.0644 1612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
22:51:32.0644 1612 Serial - ok
22:51:32.0675 1612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
22:51:32.0675 1612 sermouse - ok
22:51:32.0707 1612 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
22:51:32.0722 1612 SessionEnv - ok
22:51:32.0722 1612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
22:51:32.0738 1612 sffdisk - ok
22:51:32.0738 1612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
22:51:32.0738 1612 sffp_mmc - ok
22:51:32.0753 1612 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
22:51:32.0753 1612 sffp_sd - ok
22:51:32.0753 1612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
22:51:32.0753 1612 sfloppy - ok
22:51:32.0863 1612 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
22:51:32.0878 1612 Sftfs - ok
22:51:32.0987 1612 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
22:51:32.0987 1612 sftlist - ok
22:51:33.0050 1612 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
22:51:33.0050 1612 Sftplay - ok
22:51:33.0081 1612 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
22:51:33.0081 1612 Sftredir - ok
22:51:33.0143 1612 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
22:51:33.0159 1612 Sftvol - ok
22:51:33.0206 1612 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
22:51:33.0221 1612 sftvsa - ok
22:51:33.0284 1612 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
22:51:33.0284 1612 SharedAccess - ok
22:51:33.0331 1612 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
22:51:33.0346 1612 ShellHWDetection - ok
22:51:33.0377 1612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
22:51:33.0377 1612 SiSRaid2 - ok
22:51:33.0393 1612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
22:51:33.0393 1612 SiSRaid4 - ok
22:51:33.0611 1612 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
22:51:33.0674 1612 Skype C2C Service - ok
22:51:33.0736 1612 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:51:33.0736 1612 SkypeUpdate - ok
22:51:33.0877 1612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
22:51:33.0877 1612 Smb - ok
22:51:33.0923 1612 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
22:51:33.0923 1612 SNMPTRAP - ok
22:51:33.0939 1612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
22:51:33.0955 1612 spldr - ok
22:51:33.0986 1612 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
22:51:34.0001 1612 Spooler - ok
22:51:34.0157 1612 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
22:51:34.0220 1612 sppsvc - ok
22:51:34.0345 1612 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
22:51:34.0345 1612 sppuinotify - ok
22:51:34.0423 1612 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
22:51:34.0423 1612 srv - ok
22:51:34.0454 1612 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
22:51:34.0469 1612 srv2 - ok
22:51:34.0485 1612 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
22:51:34.0485 1612 srvnet - ok
22:51:34.0532 1612 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
22:51:34.0532 1612 SSDPSRV - ok
22:51:34.0547 1612 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
22:51:34.0547 1612 SstpSvc - ok
22:51:34.0579 1612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
22:51:34.0579 1612 stexstor - ok
22:51:34.0641 1612 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
22:51:34.0657 1612 stisvc - ok
22:51:34.0688 1612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
22:51:34.0688 1612 swenum - ok
22:51:34.0750 1612 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
22:51:34.0766 1612 swprv - ok
22:51:34.0922 1612 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
22:51:34.0953 1612 SynTP - ok
22:51:35.0140 1612 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
22:51:35.0156 1612 SysMain - ok
22:51:35.0249 1612 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
22:51:35.0265 1612 TabletInputService - ok
22:51:35.0421 1612 taisregispinger (f38be8b8e7a5b8816a857b0ad0eb8aba) C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
22:51:35.0468 1612 taisregispinger - ok
22:51:35.0593 1612 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
22:51:35.0608 1612 TapiSrv - ok
22:51:35.0608 1612 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
22:51:35.0624 1612 TBS - ok
22:51:35.0749 1612 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
22:51:35.0795 1612 Tcpip - ok
22:51:36.0045 1612 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
22:51:36.0061 1612 TCPIP6 - ok
22:51:36.0201 1612 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
22:51:36.0201 1612 tcpipreg - ok
22:51:36.0248 1612 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
22:51:36.0248 1612 tdcmdpst - ok
22:51:36.0263 1612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
22:51:36.0263 1612 TDPIPE - ok
22:51:36.0310 1612 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
22:51:36.0310 1612 TDTCP - ok
22:51:36.0373 1612 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
22:51:36.0373 1612 tdx - ok
22:51:36.0388 1612 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
22:51:36.0388 1612 TermDD - ok
22:51:36.0451 1612 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
22:51:36.0466 1612 TermService - ok
22:51:36.0482 1612 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
22:51:36.0497 1612 Themes - ok
22:51:36.0560 1612 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys
22:51:36.0560 1612 Thpdrv - ok
22:51:36.0575 1612 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
22:51:36.0591 1612 Thpevm - ok
22:51:36.0638 1612 Thpsrv (0b4734ae9ec70b843df02e7b1c056377) C:\windows\system32\ThpSrv.exe
22:51:36.0653 1612 Thpsrv - ok
22:51:36.0685 1612 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
22:51:36.0700 1612 THREADORDER - ok
22:51:36.0809 1612 TMachInfo (521c21e7f6eab98679f90ca4e135fb95) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
22:51:36.0825 1612 TMachInfo - ok
22:51:36.0872 1612 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
22:51:36.0887 1612 TODDSrv - ok
22:51:36.0981 1612 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:51:36.0997 1612 TosCoSrv - ok
22:51:37.0075 1612 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:51:37.0075 1612 TOSHIBA eco Utility Service - ok
22:51:37.0137 1612 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:51:37.0137 1612 TOSHIBA HDD SSD Alert Service - ok
22:51:37.0231 1612 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
22:51:37.0231 1612 tos_sps64 - ok
22:51:37.0324 1612 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
22:51:37.0324 1612 TPCHSrv - ok
22:51:37.0449 1612 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
22:51:37.0449 1612 TrkWks - ok
22:51:37.0511 1612 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
22:51:37.0511 1612 TrustedInstaller - ok
22:51:37.0589 1612 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
22:51:37.0589 1612 tssecsrv - ok
22:51:37.0621 1612 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
22:51:37.0636 1612 TsUsbFlt - ok
22:51:37.0636 1612 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
22:51:37.0636 1612 TsUsbGD - ok
22:51:37.0683 1612 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
22:51:37.0683 1612 tunnel - ok
22:51:37.0730 1612 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
22:51:37.0730 1612 TVALZ - ok
22:51:37.0761 1612 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
22:51:37.0761 1612 TVALZFL - ok
22:51:37.0777 1612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
22:51:37.0777 1612 uagp35 - ok
22:51:37.0839 1612 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
22:51:37.0839 1612 udfs - ok
22:51:37.0886 1612 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
22:51:37.0901 1612 UI0Detect - ok
22:51:37.0917 1612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
22:51:37.0917 1612 uliagpkx - ok
22:51:37.0948 1612 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
22:51:37.0948 1612 umbus - ok
22:51:37.0979 1612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
22:51:37.0979 1612 UmPass - ok
22:51:38.0167 1612 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:51:38.0198 1612 UNS - ok
22:51:38.0323 1612 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
22:51:38.0323 1612 upnphost - ok
22:51:38.0369 1612 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
22:51:38.0369 1612 usbccgp - ok
22:51:38.0401 1612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
22:51:38.0401 1612 usbcir - ok
22:51:38.0416 1612 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
22:51:38.0416 1612 usbehci - ok
22:51:38.0463 1612 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
22:51:38.0463 1612 usbhub - ok
22:51:38.0494 1612 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
22:51:38.0494 1612 usbohci - ok
22:51:38.0510 1612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
22:51:38.0510 1612 usbprint - ok
22:51:38.0541 1612 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:51:38.0541 1612 USBSTOR - ok
22:51:38.0541 1612 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
22:51:38.0557 1612 usbuhci - ok
22:51:38.0572 1612 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
22:51:38.0588 1612 usbvideo - ok
22:51:38.0603 1612 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
22:51:38.0619 1612 UxSms - ok
22:51:38.0650 1612 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
22:51:38.0650 1612 VaultSvc - ok
22:51:38.0666 1612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
22:51:38.0666 1612 vdrvroot - ok
22:51:38.0713 1612 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
22:51:38.0728 1612 vds - ok
22:51:38.0775 1612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
22:51:38.0775 1612 vga - ok
22:51:38.0775 1612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
22:51:38.0791 1612 VgaSave - ok
22:51:38.0806 1612 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
22:51:38.0822 1612 vhdmp - ok
22:51:38.0822 1612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
22:51:38.0822 1612 viaide - ok
22:51:38.0884 1612 visctap0901 (a886fa72eed1164d91527387dbee2e02) C:\windows\system32\DRIVERS\visctap0901.sys
22:51:38.0884 1612 visctap0901 - ok
22:51:38.0900 1612 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
22:51:38.0900 1612 volmgr - ok
22:51:38.0931 1612 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
22:51:38.0931 1612 volmgrx - ok
22:51:38.0947 1612 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
22:51:38.0947 1612 volsnap - ok
22:51:38.0993 1612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
22:51:38.0993 1612 vsmraid - ok
22:51:39.0087 1612 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
22:51:39.0118 1612 VSS - ok
22:51:39.0227 1612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
22:51:39.0227 1612 vwifibus - ok
22:51:39.0243 1612 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
22:51:39.0259 1612 vwififlt - ok
22:51:39.0274 1612 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
22:51:39.0274 1612 vwifimp - ok
22:51:39.0321 1612 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
22:51:39.0337 1612 W32Time - ok
22:51:39.0368 1612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
22:51:39.0368 1612 WacomPen - ok
22:51:39.0399 1612 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:51:39.0415 1612 WANARP - ok
22:51:39.0415 1612 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
22:51:39.0415 1612 Wanarpv6 - ok
22:51:39.0524 1612 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
22:51:39.0555 1612 WatAdminSvc - ok
22:51:39.0633 1612 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
22:51:39.0664 1612 wbengine - ok
22:51:39.0773 1612 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
22:51:39.0789 1612 WbioSrvc - ok
22:51:39.0820 1612 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
22:51:39.0820 1612 wcncsvc - ok
22:51:39.0836 1612 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
22:51:39.0836 1612 WcsPlugInService - ok
22:51:39.0883 1612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
22:51:39.0883 1612 Wd - ok
22:51:39.0945 1612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
22:51:39.0945 1612 Wdf01000 - ok
22:51:39.0976 1612 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:51:39.0976 1612 WdiServiceHost - ok
22:51:39.0976 1612 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
22:51:39.0992 1612 WdiSystemHost - ok
22:51:40.0039 1612 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
22:51:40.0039 1612 WebClient - ok
22:51:40.0070 1612 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
22:51:40.0070 1612 Wecsvc - ok
22:51:40.0085 1612 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
22:51:40.0101 1612 wercplsupport - ok
22:51:40.0117 1612 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
22:51:40.0117 1612 WerSvc - ok
22:51:40.0179 1612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
22:51:40.0179 1612 WfpLwf - ok
22:51:40.0304 1612 WiMAXAppSrv (245ea6a2cfae7b183ee9a14a4673b1f1) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
22:51:40.0319 1612 WiMAXAppSrv - ok
22:51:40.0351 1612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
22:51:40.0351 1612 WIMMount - ok
22:51:40.0382 1612 WinDefend - ok
22:51:40.0397 1612 WinHttpAutoProxySvc - ok
22:51:40.0475 1612 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
22:51:40.0491 1612 Winmgmt - ok
22:51:40.0631 1612 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
22:51:40.0678 1612 WinRM - ok
22:51:40.0772 1612 WiTopiaService (bcdca2c65a685e54c5f9f7ee769a3ce0) C:\Program Files\WiTopia\WiTopiaService.exe
22:51:40.0772 1612 WiTopiaService - ok
22:51:40.0959 1612 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
22:51:40.0990 1612 Wlansvc - ok
22:51:41.0053 1612 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:51:41.0068 1612 wlcrasvc - ok
22:51:41.0193 1612 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:51:41.0209 1612 wlidsvc - ok
22:51:41.0360 1612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
22:51:41.0370 1612 WmiAcpi - ok
22:51:41.0480 1612 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
22:51:41.0490 1612 wmiApSrv - ok
22:51:41.0530 1612 WMPNetworkSvc - ok
22:51:41.0570 1612 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
22:51:41.0580 1612 WPCSvc - ok
22:51:41.0600 1612 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
22:51:41.0610 1612 WPDBusEnum - ok
22:51:41.0630 1612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
22:51:41.0630 1612 ws2ifsl - ok
22:51:41.0650 1612 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
22:51:41.0660 1612 wscsvc - ok
22:51:41.0660 1612 WSearch - ok
22:51:41.0810 1612 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
22:51:41.0870 1612 wuauserv - ok
22:51:41.0980 1612 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
22:51:41.0990 1612 WudfPf - ok
22:51:42.0020 1612 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
22:51:42.0020 1612 WUDFRd - ok
22:51:42.0050 1612 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
22:51:42.0060 1612 wudfsvc - ok
22:51:42.0090 1612 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
22:51:42.0100 1612 WwanSvc - ok
22:51:42.0150 1612 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:51:42.0330 1612 \Device\Harddisk0\DR0 - ok
22:51:42.0340 1612 Boot (0x1200) (5b27bbe662b88f50d6c02e5321319c4c) \Device\Harddisk0\DR0\Partition0
22:51:42.0340 1612 \Device\Harddisk0\DR0\Partition0 - ok
22:51:42.0340 1612 ============================================================
22:51:42.0340 1612 Scan finished
22:51:42.0340 1612 ============================================================
22:51:42.0370 13720 Detected object count: 0
22:51:42.0370 13720 Actual detected object count: 0
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,592 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
01-Aug-2012, 12:07 PM #14
nothing showing there
do you get the same problem in Internet Explorer or only in chrome
sipadan's Avatar
sipadan sipadan is offline
Member with 12 posts.
THREAD STARTER
 
Join Date: Jul 2012
01-Aug-2012, 12:40 PM #15
That was an interesting question. I had never checked IE because I never use it. I just opened it now, x2, and both times it opened to Google. No sign at all of those other 2 bad web sites.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑