1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

api.mybrowserbar.com

Discussion in 'Virus & Other Malware Removal' started by sipadan, Jul 22, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    My browser is recently being redirected to api.mybrowserbar.com. I use Chrome. I've checked settings in Chrome and Inet Options and both are set to google - my home page. Yet, the browser continues to open to the above site.
    I've run MLB and superspy but they didn't get rid of the problem. Looked in Uninstall for some program called "search settings" but didn't find any. I run windows 7 on a 2012 machine. need help. Thanks.
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    follow advice here and post the logs those programs make

    Did you see the big red message telling you what to do when you tried to make your first post in this topic or did you just decide to ignore it.
     
  3. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    Thanks for the reply. I read it, I ignored it. It's only because I had another infection problem with my old computer last year and the tech person who helped me actually wanted different logs, like MWB and OTL. No problem though. I'll post back within 24hrs with the required logs. Thanks.
     
  4. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    Here are the logs. A couple of things. When running Hijack, I received a warning message that said the computer denied access to the Hosts file. I didn't understand the instructions it gave afterwards, so I'm just reporting this to you.

    I run skype occasionally, but I do not have msn messenger, yahoo messenger or any other messenger. These items should not be installed on my computer.

    -----------------------


    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:00:43 PM, on 7/23/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Luminix\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
    O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    O4 - HKLM\..\Run: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: taisregispinger - Toshiba America Information Systems. - C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
    O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
    O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    O23 - Service: WiTopia Service (WiTopiaService) - SparkLabs - C:\Program Files\WiTopia\WiTopiaService.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 12735 bytes

    ------------------------------------------------------------

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Luminix at 20:05:13 on 2012-07-23
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6052.3680 [GMT 8:00]
    .
    AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
    SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\ThpSrv.exe
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\WiTopia\WiTopiaService.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\TOSHIBA\TECO\Teco.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
    C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
    C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtblfs.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskmgr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\WiTopia\WiTopia.exe
    C:\Program Files\WiTopia\Resources\openvpn.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\servicing\TrustedInstaller.exe
    C:\windows\System32\svchost.exe -k swprv
    C:\windows\system32\igfxsrvc.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
    uInternet Settings,ProxyOverride = <local>
    uURLSearchHooks: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: YouTube Downloader Toolbar: {f3fee66e-e034-436a-86e4-9690573bee8a} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
    mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
    mRun: [<NO NAME>]
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: DhcpNameServer = 10.118.0.1
    TCP: Interfaces\{80AC0AC7-711A-428B-9C92-16A305DEC4B6} : DhcpNameServer = 211.148.192.141 211.148.192.151
    TCP: Interfaces\{9AA5DADA-D777-4FA6-BC59-4AE5204D8C9C}\D49647A7976343839393 : DhcpNameServer = 192.168.4.1 10.0.0.1
    TCP: Interfaces\{BA084C69-A637-452E-B050-F15195B78506} : DhcpNameServer = 10.118.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
    BHO-X64: link filter bho - No File
    BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB-X64: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\6.0\youtubedownloaderToolbarIE.dll
    mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
    mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
    mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
    mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    mRun-x64: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
    mRun-x64: [(Default)]
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?]
    R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
    R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2012-6-27 791488]
    R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-4-24 202296]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-15 498688]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
    R2 taisregispinger;taisregispinger;C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe [2011-11-25 2191240]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-25 294848]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-28 2656280]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-15 986112]
    R2 WiTopiaService;WiTopia Service;C:\Program Files\WiTopia\WiTopiaService.exe [2012-7-1 40048]
    R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
    R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
    R3 CeKbFilter;CeKbFilter;C:\windows\system32\DRIVERS\CeKbFilter.sys --> C:\windows\system32\DRIVERS\CeKbFilter.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
    R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys --> C:\windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys --> C:\windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-3-28 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
    R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-2 828856]
    R3 visctap0901;Viscosity Virtual Adapter V9.1;C:\windows\system32\DRIVERS\visctap0901.sys --> C:\windows\system32\DRIVERS\visctap0901.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-28 136176]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-28 136176]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
    S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-2 340240]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-23 12:01:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BB447AD8-831B-4937-8F05-99371F4786D8}\mpengine.dll
    2012-07-19 14:41:50 -------- d-----w- C:\Users\Luminix\AppData\Roaming\SUPERAntiSpyware.com
    2012-07-19 14:41:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2012-07-19 14:41:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2012-07-19 14:29:10 -------- d-----w- C:\Users\Luminix\AppData\Roaming\Malwarebytes
    2012-07-19 14:29:00 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-19 14:28:59 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
    2012-07-19 14:28:59 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 14:18:20 -------- d-----w- C:\ProgramData\boost_interprocess
    2012-07-17 16:21:15 -------- d-----w- C:\Users\Luminix\AppData\Roaming\PeaZip
    2012-07-17 16:17:02 -------- d--h--w- C:\ProgramData\Common Files
    2012-07-17 16:12:11 -------- d-----w- C:\Users\Luminix\AppData\Roaming\EuroTalk
    2012-07-17 16:12:09 -------- d-----w- C:\Users\Luminix\AppData\Roaming\langmaster.com
    2012-07-17 16:11:24 -------- d-----w- C:\Program Files (x86)\Common Files\LANGMaster
    2012-07-17 16:10:57 -------- d-----w- C:\Program Files (x86)\LANGMaster
    2012-07-17 15:15:35 -------- d-----w- C:\Users\Luminix\AppData\Local\Ilivid Player
    2012-07-16 13:54:09 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-07-15 16:00:59 -------- d-----w- C:\Users\Luminix\AppData\Local\Adobe
    2012-07-04 15:40:16 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2012-07-04 15:40:16 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
    2012-07-04 15:14:02 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-07-01 13:10:49 -------- d-----w- C:\Users\Luminix\AppData\Local\Apple Computer
    2012-07-01 13:02:21 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-07-01 13:02:14 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-07-01 13:02:06 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-07-01 13:02:06 186752 ----a-w- C:\windows\System32\wuwebv.dll
    2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2012-07-01 12:17:44 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
    2012-07-01 12:16:39 -------- d-----w- C:\Users\Luminix\AppData\Local\Apple
    2012-07-01 12:02:03 -------- d-----w- C:\Program Files (x86)\MSECache
    2012-07-01 12:00:21 -------- d-----w- C:\Users\Luminix\.pdfsplitormerge
    2012-07-01 11:21:46 -------- d-----w- C:\ProgramData\Toshiba Book Place
    2012-07-01 11:20:31 -------- d-----r- C:\Program Files (x86)\Skype
    2012-07-01 11:11:39 -------- d-----w- C:\Users\Luminix\AppData\Roaming\Book Place
    2012-07-01 10:37:19 -------- d-----w- C:\Program Files (x86)\YouTube Downloader Toolbar
    2012-07-01 10:37:19 -------- d-----w- C:\Program Files (x86)\Common Files\Spigot
    2012-07-01 10:37:19 -------- d-----w- C:\Program Files (x86)\Application Updater
    2012-07-01 10:36:04 -------- d-----w- C:\ProgramData\YTD YouTube Downloader & Converter
    2012-07-01 10:35:33 -------- d-----w- C:\Program Files (x86)\GreenTree Applications
    2012-07-01 08:13:59 -------- d-----w- C:\Users\Luminix\AppData\Roaming\WiTopia
    2012-07-01 08:12:49 38368 ----a-w- C:\windows\System32\drivers\visctap0901.sys
    2012-07-01 08:12:47 -------- d-----w- C:\Program Files\WiTopia
    2012-06-24 06:55:00 -------- d-----w- C:\windows\SysWow64\Wat
    2012-06-24 06:55:00 -------- d-----w- C:\windows\System32\Wat
    2012-06-24 06:30:43 81408 ----a-w- C:\windows\System32\imagehlp.dll
    2012-06-24 06:30:43 5120 ----a-w- C:\windows\SysWow64\wmi.dll
    2012-06-24 06:30:43 5120 ----a-w- C:\windows\System32\wmi.dll
    2012-06-24 06:30:43 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
    2012-06-24 06:30:43 220672 ----a-w- C:\windows\System32\wintrust.dll
    2012-06-24 06:30:43 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
    2012-06-24 06:30:43 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
    .
    ==================== Find3M ====================
    .
    2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2012-05-31 04:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
    .
    ============= FINISH: 20:05:45.96 ===============
     

    Attached Files:

  5. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    it is part of youtube downloader
    if you don't want the mybrowserbar bits then you need to get rid of the youtube downlaoder program entirely. There is no such thing as a free lunch & you will pay somewhere along the line for the ability to breach youtbe T&C and downlaod videos that are not supposed to be downloaded
     
  6. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    First, thank you for taking the time to help me with this problem. Your help is really appreciated. Wrt the youtube DL program, I have had the pro version of the program installed now about 5 months and I have it currently installed on 3 other computers, but none of the other ones are redirecting me to that site.

    So, a few questions: Is this 'redirect' a hack? Is it dangerous (ie, is someone getting access to my computer or web browsing activities? Or, is it just annoying?

    Since none of the other computers are showing the same problem, are you 100% sure the redirect is coming directly from the YDL program, or could it have been due to another program/file I recently downloaded? This redirect actually started just after I downloaded a program for .rar files (called "pea" something - with a green logo). It allowed me to open a read .rar files. I since uninstalled it and then a week later I sent you the hijack this log.

    Since this just started about 10 days ago (but I've had the YDL software for about 5 months), could I reset the computer back 2 weeks? Would that be a good way to get rid of the redirect, but possibly be able to keep the YDL software?

    Once again, thanks for time in helping me with this.
     
  7. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    have you updated the You tube software recently
    all my searches indicate that mybrowserbar is a component of youtube toolbar
     
  8. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    Thanks for the reply and sorry for the delay in response. Its interesting you ask about an update. Actually, I have received many messages about updating the software, but I chose not to (the reason is a little complicated, but its mainly due to I have it installed on 3 computers which is sadly not allowed, so if I update it, the other 2 computers will lose the licence.) I'm surprised that the lack of an update would have suddenly caused this.

    Going on your advise, I also checked the web a little about this apimybrowser being connected to YTD. FYI, the info I found showed there being a "browser bar" which I don't have, it's not installed and it doesn't show up. My problem is that when I open Chrome, 2 pages open and neither of these are my home page (which is set to google). One page is called "X" and the other is called "Y". (At this point, I realized I need to send this message, close my browser and then reopen so I can get the exact names. I'll post back giving you the "X" and "Y".) So, I've checked all possible internal settings that my home page had been changed, and it hasn't. Both Internet Options and Chrome settings are showing google as my homepage. So, I can't explain why these 2 windows are opening and being directed to X and Y.

    Does any of this information help pinpoint the problem? Thanks again.
     
  9. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    I realized now that I have made a small mistake. When reopening the redirected sites, I found that:
    X = http://www.searchnu.com/406
    Y = http://isearch.avg.com/?cid={6C4F3CC1-B693-4D9C-AD1D-D72DD42E16F9}&mid=0c196092c63947d0a5160d47e7a814f8-d6b6b397a068b5ba9a059cf31d2c2d3f06848742&lang=en&ds=bm011&pr=sa&d=2012-07-18%2000:19:52&v=11.1.0.12&sap=hp

    As you can see, neither of these sites are the apimybrowser. I think what happened is the following.

    There were actually 2 phases of this problem. In phase one, when I posted the message, only 1 window was opening and redirecting my page to apimybrowser. Then, a few days later, phase 2 started when 2 windows started to open (the 2 I pasted above) and I was closing them immediately without actually noticing that neither were apimybrowser.

    So sorry to confuse.

    Any info wrt to this info? Thanks again.
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  11. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    Sorry for the delay. Here's the combofix log. I'm pasting it instead of attaching it - let me know if you want it attached. Btw, I'm not sure if combo is supposed to fix the problem or just draw attention to it, but upon opening chrome again, I got the same windows opening as before, hence everything is still the same.

    FYI, I did some research on registery keys that have supposedly been identified as culprits of this virus and I found some of them in the registery. However, I did not delete or modify any. i'm just letting you know that I found some keys that may be related to this virus and bad/dont belong.

    thanks again for this help.

    ComboFix 11-09-08.03 - Owner 09/08/2011 21:27:29.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1983.1453 [GMT 8:00]
    Running from: c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.000\WINDOWS
    c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
    c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
    c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001\WINDOWS
    c:\documents and settings\Administrator.YOUR-RVLNHR6V8D\WINDOWS
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\hpeC.dll
    c:\documents and settings\All Users\Documents\~WRL0994.tmp
    c:\documents and settings\All Users\Documents\Copy of ~WRL0994.tmp
    c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
    c:\documents and settings\Angie.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
    c:\documents and settings\Angie.YOUR-RVLNHR6V8D\WINDOWS
    c:\documents and settings\Angie\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\Guest\WINDOWS
    c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
    c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
    c:\documents and settings\Owner.YOUR-RVLNHR6V8D\WINDOWS
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\csc.exe.3e4ac0af.ini
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\HPQDOC~1.EXE.7f11b083.ini
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.9b7949a.ini.inuse
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\hpqthb08.exe.ccbceb54.ini.inuse
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\Install.exe.91d4de35.ini
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\ngen.exe.89f695a3.ini
    c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory\PolMigrate.exe.48b82cc6.ini
    c:\documents and settings\Owner\WINDOWS
    c:\program files\001JoinerSplitterPro_Setup.exe
    c:\program files\messenger\msmsgsin.exe
    C:\System
    c:\system\FILES\Desktop.ini
    c:\windows\bwUnin-6.1.0.155-8876480L.exe
    c:\windows\bwUnin-6.1.4.65-8876480L.exe
    c:\windows\CDAC13BA.EXE
    c:\windows\CDAC14BA.DLL
    c:\windows\dasetup.log
    c:\windows\help\wmplayer.bak
    c:\windows\system32\comct332.ocx
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\keylog.txt
    c:\windows\system32\ps2.bat
    c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    c:\windows\tsoc.log
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-08-08 to 2011-09-08 )))))))))))))))))))))))))))))))
    .
    .
    2011-09-07 15:44 . 2011-09-07 15:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
    2011-09-06 09:22 . 2004-08-03 16:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2011-09-06 09:22 . 2001-08-17 14:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2011-09-06 09:22 . 2001-08-17 14:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2011-09-06 09:22 . 2001-08-17 14:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2011-09-06 09:22 . 2001-08-17 14:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2011-09-06 09:22 . 2001-08-17 14:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2011-09-06 09:22 . 2001-08-17 04:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2011-09-06 09:22 . 2004-08-03 14:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2011-09-06 09:22 . 2004-08-03 16:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
    2011-09-06 09:22 . 2004-08-03 14:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2011-09-06 09:20 . 2001-08-17 05:28 794654 -c--a-w- c:\windows\system32\dllcache\usr1801.sys
    2011-09-06 09:19 . 2001-08-17 04:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2011-09-06 09:18 . 2004-08-03 14:59 79104 -c--a-w- c:\windows\system32\dllcache\rocket.sys
    2011-09-06 09:17 . 2001-08-17 04:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
    2011-09-06 09:16 . 2001-08-17 05:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2011-09-06 09:15 . 2001-08-17 05:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
    2011-09-06 09:14 . 2001-08-17 05:28 50751 -c--a-w- c:\windows\system32\dllcache\hsf_tone.sys
    2011-09-06 09:13 . 2001-08-17 14:36 53248 -c--a-w- c:\windows\system32\dllcache\eqndiag.exe
    2011-09-06 09:12 . 2001-08-17 14:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
    2011-09-06 09:11 . 2001-08-17 05:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
    2011-09-06 09:10 . 2001-08-17 06:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
    2011-09-02 14:14 . 2011-09-02 14:14 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-09-02 14:14 . 2011-09-02 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-09-02 10:41 . 2002-08-29 12:00 68608 ----a-w- c:\windows\system32\plugin.ocx
    2011-09-02 07:05 . 2011-09-01 18:27 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-09-01 18:12 . 2011-08-18 07:25 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-09-01 09:40 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-09-01 09:40 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-09-01 09:40 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-09-01 09:40 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-09-01 09:40 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-09-01 09:40 . 2011-07-04 11:35 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2011-09-01 09:40 . 2011-07-04 11:35 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2011-09-01 09:40 . 2011-07-04 11:32 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2011-09-01 09:39 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
    2011-09-01 09:39 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
    2011-09-01 03:27 . 2011-09-01 03:27 -------- d-----w- c:\program files\Common Files\Apple
    2011-09-01 03:27 . 2011-09-01 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
    2011-09-01 02:52 . 2011-09-01 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2011-09-01 02:52 . 2011-09-01 02:52 -------- d-----w- c:\program files\AVAST Software
    2011-08-31 16:52 . 2011-08-31 16:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
    2011-08-31 16:20 . 2011-08-31 16:20 2923248 ----a-w- c:\program files\WindowsXP-KB914882-x86-ENU.exe
    2011-08-31 13:52 . 2004-08-03 16:56 81920 -c--a-w- c:\windows\system32\dllcache\ieencode.dll
    2011-08-31 13:52 . 2004-08-03 16:56 81920 ----a-w- c:\windows\system32\ieencode.dll
    2011-08-31 13:48 . 2004-07-17 03:40 19528 ----a-w- c:\windows\005695_.tmp
    2011-08-31 13:27 . 2002-08-29 12:00 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe
    2011-08-31 13:04 . 2011-08-31 13:04 278927592 ----a-w- c:\program files\WindowsXP-KB835935-SP2-ENU.exe
    2011-08-31 08:22 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Angie.YOUR-RVLNHR6V8D
    2011-08-29 20:23 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Owner.YOUR-RVLNHR6V8D
    2011-08-29 20:18 . 2004-08-03 15:14 52736 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
    2011-08-29 20:18 . 2004-08-03 15:14 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2011-08-29 20:18 . 2004-08-03 14:58 24576 -c--a-w- c:\windows\system32\dllcache\kbdclass.sys
    2011-08-29 20:18 . 2004-08-03 14:58 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
    2011-08-29 17:39 . 2011-02-16 11:00 17370496 ----a-w- c:\program files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
    2011-08-29 15:02 . 2011-09-08 13:47 -------- d-----w- c:\documents and settings\Administrator.YOUR-RVLNHR6V8D.001
    2011-08-29 13:13 . 2004-08-03 15:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
    2011-08-29 13:11 . 2004-08-03 15:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
    2011-08-22 18:52 . 2011-08-22 18:52 1409 ----a-w- c:\windows\QTFont.for
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-01 03:58 . 2010-05-01 23:36 25740256 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
    2011-08-24 15:34 . 2011-05-14 06:55 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-01 06:14 . 2011-08-01 06:14 73048120 ----a-w- c:\program files\4vc9y445 dr webb 2.exe
    2011-07-22 20:51 . 2011-07-22 20:51 94208 ----a-w- c:\windows\system32\dpl100.dll
    2011-07-17 11:26 . 2011-07-17 11:26 6490479 ----a-w- c:\program files\Install_VideoTodoPro_6.0.0.0.exe
    2011-07-08 13:53 . 2011-08-07 14:34 14215496 ----a-w- c:\program files\PDFXVwer.exe
    2011-07-06 11:52 . 2009-08-24 02:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 11:52 . 2009-08-24 02:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-05 10:37 . 2011-07-05 10:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-07-05 10:37 . 2011-07-05 10:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-07-01 02:45 . 2010-07-31 07:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-06-23 12:05 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-03-31 18:19 . 2011-03-31 18:19 1448614 ----a-w- c:\program files\wrar400.exe
    2011-03-16 15:06 . 2011-03-16 15:06 6489190 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.3.exe
    2011-02-13 19:42 . 2011-02-13 19:42 6489068 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.2.exe
    2011-01-29 08:34 . 2011-01-29 08:34 4138449 ----a-w- c:\program files\personalVPN_Installer.exe
    2010-08-29 17:08 . 2010-08-29 17:08 1967336 ----a-w- c:\program files\installspeedfan441.exe
    2010-08-07 04:34 . 2010-08-07 04:34 6153352 ----a-w- c:\program files\mbam-setup-1.46.exe
    2010-08-07 02:09 . 2010-08-07 02:09 1364522 ----a-w- c:\program files\wrar393.exe
    2010-08-02 19:21 . 2010-08-02 19:12 19461015 ----a-w- c:\program files\vlc-1.1.2-win32.exe
    2010-07-31 02:56 . 2010-07-31 02:56 115547440 ----a-w- c:\program files\DigitalImageStarter06.exe
    2010-07-31 01:25 . 2010-07-31 01:25 20393805 ----a-w- c:\program files\Hugin_2009-4-0_win32_setup.exe
    2010-07-31 00:51 . 2010-07-31 00:51 128750008 ----a-w- c:\program files\Ad-AwareInstall.exe
    2010-07-31 00:36 . 2010-07-31 00:36 3366912 ----a-w- c:\program files\Panorama ICE-1.3.5-for-32-bit-Windows.msi
    2010-07-31 00:30 . 2010-07-31 00:30 9284121 ----a-w- c:\program files\PosPanoramaPro_SetUp.exe
    2010-07-23 00:52 . 2010-07-23 00:52 4203037 ----a-w- c:\program files\MyPhoneExplorer_Setup_1.7.6.exe
    2010-05-02 17:44 . 2010-05-02 17:44 6489810 ----a-w- c:\program files\Install_VideoTodoPro_5.0.0.1.exe
    2010-05-02 00:02 . 2009-08-19 16:41 693840 ----a-w- c:\program files\wmv9VCMsetup.exe
    2010-04-21 00:03 . 2010-04-21 00:03 2899511 ----a-w- c:\program files\SkypeRecorderSetup.exe
    2009-10-07 01:07 . 2009-10-07 01:07 7292928 ----a-w- c:\program files\VideoTodoPro2.exe
    2009-08-15 15:58 . 2009-08-15 14:34 7290880 ----a-w- c:\program files\VideoTodoPro.exe
    2009-08-12 13:39 . 2009-08-12 13:39 308160 ----a-w- c:\program files\avast_home_setup.exe
    2009-08-02 22:14 . 2009-08-02 22:14 1925024 ----a-w- c:\program files\install_flash_player.exe
    2009-07-22 01:50 . 2009-07-22 01:50 1092216 ----a-w- c:\program files\Google Updater.exe
    2009-06-06 23:02 . 2009-06-06 23:01 1237824 ----a-w- c:\program files\Setup 3D.exe
    2009-05-09 20:37 . 2009-05-09 20:37 812344 ----a-w- c:\program files\HJTInstall.exe
    2009-01-21 00:15 . 2009-01-21 00:15 4865408 ----a-w- c:\program files\Silverlight.2.0.exe
    2009-01-07 05:18 . 2009-01-07 05:18 19333112 ----a-w- c:\program files\DivXInstaller.exe
    2009-01-07 04:46 . 2009-01-07 04:46 16320472 ----a-w- c:\program files\vlc-0[1].9.8a-win32 VLC Media Player.exe
    2009-01-07 04:36 . 2009-01-07 04:36 9506511 ----a-w- c:\program files\FVStudio30.exe
    2008-12-15 16:38 . 2008-12-15 16:38 90749456 ----a-w- c:\program files\NVIDIA 178[1].13_geforce_winxp_32bit_english_whql.exe
    2008-12-15 16:02 . 2008-12-15 16:02 2462200 ----a-w- c:\program files\ac3filter_1_51a.exe
    2008-11-11 04:18 . 2008-11-11 04:18 28868320 ----a-w- c:\program files\FileFormatConverters.exe
    2008-08-18 01:04 . 2008-08-18 01:04 22453544 ----a-w- c:\program files\SkypeSetup.exe
    2008-08-17 19:56 . 2008-08-17 19:56 14905624 ----a-w- c:\program files\oovoosetup.exe
    2008-07-06 05:52 . 2008-07-06 05:44 382352 ----a-w- c:\program files\jre-6u6-windows-i586-p-iftw JAVA.exe
    2008-06-27 03:58 . 2008-06-27 03:58 21924608 ----a-w- c:\program files\Sony Ericsson PC Suite_3.209.00_EN.exe
    2008-06-23 04:31 . 2008-06-23 04:31 23454528 ----a-w- c:\program files\AdbeRdr812.exe
    2008-06-20 00:59 . 2008-06-20 00:59 20740760 ----a-w- c:\program files\avinstall pctools antivirus.exe
    2008-06-07 05:04 . 2008-06-07 05:04 840679 ----a-w- c:\program files\7z432 7zip.exe
    2008-06-06 05:13 . 2008-06-06 05:13 4974945 ----a-w- c:\program files\AVIMoviePlayer52.exe
    2008-06-03 00:46 . 2008-06-03 00:46 2400784 ----a-w- c:\program files\WLinstaller Messager.exe
    2008-05-29 01:14 . 2008-05-29 01:14 1559005 ----a-w- c:\program files\FreeFLVPlayer1[1].0.exe
    2008-05-20 02:42 . 2008-05-20 02:42 26815520 ----a-w- c:\program files\kis7[1].0.0.125en.exe
    2007-07-24 19:47 . 2007-07-24 19:47 219 ----a-w- c:\program files\setup.reg
    2007-06-28 17:15 . 2007-06-28 17:15 25556480 ----a-w- c:\program files\kis.en.msi
    2006-11-28 04:16 . 2006-11-28 04:16 484352 -c--a-w- c:\program files\ie6setup.exe
    2004-05-16 17:52 . 2004-05-16 17:52 276992 -c--a-w- c:\program files\mpeg_joiner.exe
    2004-04-03 01:32 . 2004-04-03 01:32 19979192 -c--a-w- c:\program files\iTunesSetup.exe
    2004-01-02 03:01 . 2004-01-02 03:01 10135688 -c--a-w- c:\program files\MPSetupXP.exe
    2003-12-29 05:35 . 2003-12-29 05:34 10802360 -c--a-w- c:\program files\RealOnePlayerV2GOLD_bb.exe
    2003-12-28 19:58 . 2003-12-28 19:58 5313488 -c--a-w- c:\program files\DivX51Bundle.exe
    2003-12-06 03:33 . 2003-12-06 03:33 3662787 -c--a-w- c:\program files\spybotsd12.exe
    2003-09-17 04:30 . 2003-09-17 04:29 3740624 -c--a-w- c:\program files\DivXPlayerInstaller.exe
    2003-07-09 05:11 . 2003-07-09 05:11 2270960 -c--a-w- c:\program files\nsradioplus.exe
    2003-07-07 03:55 . 2003-07-07 03:55 8365240 -c--a-w- c:\program files\RealOnePlayerV2GOLD.exe
    1998-09-30 14:26 . 2006-01-12 17:31 683520 -c--a-w- c:\program files\MSREGX32.DLL
    1998-08-25 15:47 . 2006-01-12 17:31 29696 -c--a-w- c:\program files\MSRUN32.EXE
    1996-11-06 06:10 . 2006-01-12 17:32 886784 ----a-w- c:\program files\MetaComp.exe
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
    [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
    .
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
    [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
    .
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
    [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
    .
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\ServicePackFiles\i386\d3d9.dll
    [-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-10-16 114688]
    "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
    "KBD"="c:\hp\KBD\KBD.EXE" [2001-07-07 61440]
    "StorageGuard"="c:\program files\VERITAS Software\Update Manager\sgtray.exe" [2002-06-18 155648]
    "WCOLOREAL"="c:\program files\Coloreal\coloreal.exe" [2002-11-27 131072]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-01-11 315392]
    "nwiz"="nwiz.exe" [2002-09-10 372736]
    "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2006-6-8 553021]
    hp center UI.lnk - c:\program files\hp center\137903\Shadow\ShadowBar.exe [N/A]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2003-7-9 156160]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
    MsnFixer.lnk - c:\hp\bin\msnfix\msnfixjs.js [N/A]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2002-9-21 53248]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    .
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-01 2151640]
    R2 mrtRate;mrtRate; [x]
    R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-08-18 15232]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 aswFsBlk;aswFsBlk; [x]
    S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - MBAMSwissArmy
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-09-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 18:26]
    .
    2011-09-07 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
    .
    2011-09-08 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-22 01:03]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 01:56]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-22 01:56]
    .
    2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786441397-2294659099-1544360120-1003Core.job
    - c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 15:49]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1786441397-2294659099-1544360120-1003UA.job
    - c:\documents and settings\Owner.YOUR-RVLNHR6V8D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-31 15:49]
    .
    2011-09-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1003Core.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 14:44]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1003UA.job
    - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 14:44]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1013Core.job
    - c:\documents and settings\Angie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 14:44]
    .
    2011-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3982574454-998691811-2800211257-1013UA.job
    - c:\documents and settings\Angie\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-05 14:44]
    .
    2011-09-08 c:\windows\Tasks\User_Feed_Synchronization-{798191DE-4619-4963-A03E-E2E7F57CD5DA}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uDefault_Search_URL = hxxp://srch-us7.hpwis.com/
    mSearch Bar = hxxp://srch-us7.hpwis.com/
    uInternet Connection Wizard,ShellNext = wmplayer.exe
    uInternet Settings,ProxyOverride = localhost
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-AutoTBar - c:\hp\bin\autotbar.exe
    AddRemove-{BC0EE7F1-32DE-4EE2-BE10-AE15DB394E84} - c:\program files\WildTangent\DDC\ActiveMenu\DDCActiveMenu.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-09-08 21:55
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(700)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    Completion time: 2011-09-08 22:07:37
    ComboFix-quarantined-files.txt 2011-09-08 14:07
    .
    Pre-Run: 4,048,519,168 bytes free
    Post-Run: 6,478,389,248 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - 875824994A733F1A514CED489B4AEE7F
     
  12. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  13. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    It didn't ask to delete anything.


    22:51:01.0895 2088 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    22:51:03.0898 2088 ============================================================
    22:51:03.0898 2088 Current date / time: 2012/08/01 22:51:03.0898
    22:51:03.0898 2088 SystemInfo:
    22:51:03.0898 2088
    22:51:03.0898 2088 OS Version: 6.1.7601 ServicePack: 1.0
    22:51:03.0898 2088 Product type: Workstation
    22:51:03.0898 2088 ComputerName: EM
    22:51:03.0898 2088 UserName: Luminix
    22:51:03.0898 2088 Windows directory: C:\windows
    22:51:03.0898 2088 System windows directory: C:\windows
    22:51:03.0898 2088 Running under WOW64
    22:51:03.0898 2088 Processor architecture: Intel x64
    22:51:03.0898 2088 Number of processors: 4
    22:51:03.0898 2088 Page size: 0x1000
    22:51:03.0898 2088 Boot type: Normal boot
    22:51:03.0898 2088 ============================================================
    22:51:04.0179 2088 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    22:51:04.0195 2088 ============================================================
    22:51:04.0195 2088 \Device\Harddisk0\DR0:
    22:51:04.0195 2088 MBR partitions:
    22:51:04.0195 2088 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x5540D000
    22:51:04.0195 2088 ============================================================
    22:51:04.0226 2088 C: <-> \Device\Harddisk0\DR0\Partition0
    22:51:04.0226 2088 ============================================================
    22:51:04.0226 2088 Initialize success
    22:51:04.0226 2088 ============================================================
    22:51:14.0569 1612 ============================================================
    22:51:14.0569 1612 Scan started
    22:51:14.0569 1612 Mode: Manual;
    22:51:14.0569 1612 ============================================================
    22:51:15.0255 1612 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    22:51:15.0255 1612 !SASCORE - ok
    22:51:15.0473 1612 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    22:51:15.0489 1612 1394ohci - ok
    22:51:15.0832 1612 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    22:51:15.0832 1612 ACPI - ok
    22:51:15.0863 1612 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    22:51:15.0863 1612 AcpiPmi - ok
    22:51:15.0957 1612 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    22:51:15.0973 1612 adp94xx - ok
    22:51:16.0051 1612 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    22:51:16.0066 1612 adpahci - ok
    22:51:16.0097 1612 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    22:51:16.0113 1612 adpu320 - ok
    22:51:16.0144 1612 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    22:51:16.0160 1612 AeLookupSvc - ok
    22:51:16.0207 1612 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    22:51:16.0222 1612 AFD - ok
    22:51:16.0269 1612 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    22:51:16.0269 1612 agp440 - ok
    22:51:16.0316 1612 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    22:51:16.0316 1612 ALG - ok
    22:51:16.0347 1612 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    22:51:16.0347 1612 aliide - ok
    22:51:16.0347 1612 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    22:51:16.0363 1612 amdide - ok
    22:51:16.0394 1612 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    22:51:16.0394 1612 AmdK8 - ok
    22:51:16.0425 1612 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
    22:51:16.0425 1612 AmdPPM - ok
    22:51:16.0456 1612 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    22:51:16.0456 1612 amdsata - ok
    22:51:16.0487 1612 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    22:51:16.0503 1612 amdsbs - ok
    22:51:16.0519 1612 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    22:51:16.0519 1612 amdxata - ok
    22:51:16.0550 1612 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    22:51:16.0550 1612 AppID - ok
    22:51:16.0581 1612 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    22:51:16.0581 1612 AppIDSvc - ok
    22:51:16.0597 1612 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    22:51:16.0597 1612 Appinfo - ok
    22:51:16.0690 1612 Application Updater (0805ecf10476a091999e4d59d0db71a2) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
    22:51:16.0706 1612 Application Updater - ok
    22:51:16.0768 1612 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    22:51:16.0768 1612 arc - ok
    22:51:16.0799 1612 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    22:51:16.0799 1612 arcsas - ok
    22:51:16.0831 1612 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    22:51:16.0831 1612 AsyncMac - ok
    22:51:16.0877 1612 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    22:51:16.0877 1612 atapi - ok
    22:51:16.0971 1612 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    22:51:16.0987 1612 AudioEndpointBuilder - ok
    22:51:17.0002 1612 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    22:51:17.0002 1612 AudioSrv - ok
    22:51:17.0158 1612 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
    22:51:17.0158 1612 AVP - ok
    22:51:17.0205 1612 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    22:51:17.0205 1612 AxInstSV - ok
    22:51:17.0283 1612 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    22:51:17.0299 1612 b06bdrv - ok
    22:51:17.0330 1612 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    22:51:17.0345 1612 b57nd60a - ok
    22:51:17.0392 1612 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    22:51:17.0392 1612 BDESVC - ok
    22:51:17.0408 1612 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    22:51:17.0408 1612 Beep - ok
    22:51:17.0470 1612 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    22:51:17.0486 1612 BFE - ok
    22:51:17.0579 1612 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
    22:51:17.0611 1612 BITS - ok
    22:51:17.0657 1612 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
    22:51:17.0657 1612 blbdrive - ok
    22:51:17.0704 1612 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    22:51:17.0704 1612 bowser - ok
    22:51:17.0735 1612 bpenum (56e4345f392f17d66683225e214840cb) C:\windows\system32\DRIVERS\bpenum.sys
    22:51:17.0735 1612 bpenum - ok
    22:51:17.0782 1612 bpmp (d50b07c4d7afec4ca6ac8fcb72583c5b) C:\windows\system32\DRIVERS\bpmp.sys
    22:51:17.0782 1612 bpmp - ok
    22:51:17.0798 1612 bpusb (a85ba55e4fe9cb2f342f281aaf7de810) C:\windows\system32\Drivers\bpusb.sys
    22:51:17.0798 1612 bpusb - ok
    22:51:17.0829 1612 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    22:51:17.0829 1612 BrFiltLo - ok
    22:51:17.0845 1612 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    22:51:17.0845 1612 BrFiltUp - ok
    22:51:17.0876 1612 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    22:51:17.0876 1612 BridgeMP - ok
    22:51:17.0923 1612 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    22:51:17.0923 1612 Browser - ok
    22:51:17.0954 1612 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    22:51:17.0954 1612 Brserid - ok
    22:51:17.0969 1612 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    22:51:17.0985 1612 BrSerWdm - ok
    22:51:17.0985 1612 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    22:51:17.0985 1612 BrUsbMdm - ok
    22:51:18.0001 1612 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    22:51:18.0001 1612 BrUsbSer - ok
    22:51:18.0001 1612 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    22:51:18.0001 1612 BTHMODEM - ok
    22:51:18.0032 1612 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    22:51:18.0032 1612 bthserv - ok
    22:51:18.0063 1612 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    22:51:18.0063 1612 cdfs - ok
    22:51:18.0094 1612 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    22:51:18.0094 1612 cdrom - ok
    22:51:18.0141 1612 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
    22:51:18.0141 1612 CeKbFilter - ok
    22:51:18.0188 1612 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    22:51:18.0188 1612 CertPropSvc - ok
    22:51:18.0219 1612 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    22:51:18.0219 1612 circlass - ok
    22:51:18.0250 1612 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    22:51:18.0266 1612 CLFS - ok
    22:51:18.0328 1612 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    22:51:18.0328 1612 clr_optimization_v2.0.50727_32 - ok
    22:51:18.0391 1612 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    22:51:18.0391 1612 clr_optimization_v2.0.50727_64 - ok
    22:51:18.0469 1612 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    22:51:18.0469 1612 clr_optimization_v4.0.30319_32 - ok
    22:51:18.0531 1612 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    22:51:18.0531 1612 clr_optimization_v4.0.30319_64 - ok
    22:51:18.0578 1612 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
    22:51:18.0578 1612 CmBatt - ok
    22:51:18.0593 1612 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    22:51:18.0593 1612 cmdide - ok
    22:51:18.0656 1612 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
    22:51:18.0656 1612 CNG - ok
    22:51:18.0687 1612 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    22:51:18.0703 1612 Compbatt - ok
    22:51:18.0718 1612 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
    22:51:18.0718 1612 CompositeBus - ok
    22:51:18.0734 1612 COMSysApp - ok
    22:51:18.0765 1612 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    22:51:18.0765 1612 crcdisk - ok
    22:51:18.0859 1612 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
    22:51:18.0859 1612 CryptSvc - ok
    22:51:19.0030 1612 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    22:51:19.0030 1612 cvhsvc - ok
    22:51:19.0124 1612 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    22:51:19.0139 1612 DcomLaunch - ok
    22:51:19.0186 1612 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    22:51:19.0186 1612 defragsvc - ok
    22:51:19.0264 1612 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    22:51:19.0264 1612 DfsC - ok
    22:51:19.0311 1612 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    22:51:19.0327 1612 Dhcp - ok
    22:51:19.0342 1612 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    22:51:19.0342 1612 discache - ok
    22:51:19.0389 1612 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    22:51:19.0389 1612 Disk - ok
    22:51:19.0483 1612 DMAgent (e7b489fa5b15d2fec3e52066e015b788) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    22:51:19.0498 1612 DMAgent - ok
    22:51:19.0545 1612 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    22:51:19.0545 1612 Dnscache - ok
    22:51:19.0561 1612 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    22:51:19.0576 1612 dot3svc - ok
    22:51:19.0607 1612 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    22:51:19.0607 1612 DPS - ok
    22:51:19.0639 1612 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    22:51:19.0654 1612 drmkaud - ok
    22:51:19.0717 1612 DXGKrnl (85dbf6ec7bdfa6187f4a1ec8f3145cd0) C:\windows\System32\drivers\dxgkrnl.sys
    22:51:19.0732 1612 DXGKrnl - ok
    22:51:19.0779 1612 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    22:51:19.0779 1612 EapHost - ok
    22:51:19.0951 1612 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    22:51:20.0013 1612 ebdrv - ok
    22:51:20.0122 1612 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    22:51:20.0122 1612 EFS - ok
    22:51:20.0200 1612 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    22:51:20.0216 1612 ehRecvr - ok
    22:51:20.0247 1612 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    22:51:20.0263 1612 ehSched - ok
    22:51:20.0341 1612 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    22:51:20.0356 1612 elxstor - ok
    22:51:20.0372 1612 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    22:51:20.0372 1612 ErrDev - ok
    22:51:20.0434 1612 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    22:51:20.0450 1612 EventSystem - ok
    22:51:20.0621 1612 EvtEng (57e61dc4f7980d57c0b162fc5b9f0b38) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    22:51:20.0637 1612 EvtEng - ok
    22:51:20.0793 1612 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    22:51:20.0793 1612 exfat - ok
    22:51:20.0840 1612 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    22:51:20.0840 1612 fastfat - ok
    22:51:20.0918 1612 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    22:51:20.0933 1612 Fax - ok
    22:51:20.0965 1612 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    22:51:20.0965 1612 fdc - ok
    22:51:20.0996 1612 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    22:51:20.0996 1612 fdPHost - ok
    22:51:21.0011 1612 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    22:51:21.0011 1612 FDResPub - ok
    22:51:21.0027 1612 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    22:51:21.0027 1612 FileInfo - ok
    22:51:21.0058 1612 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    22:51:21.0058 1612 Filetrace - ok
    22:51:21.0074 1612 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    22:51:21.0074 1612 flpydisk - ok
    22:51:21.0105 1612 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    22:51:21.0105 1612 FltMgr - ok
    22:51:21.0183 1612 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    22:51:21.0199 1612 FontCache - ok
    22:51:21.0261 1612 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    22:51:21.0261 1612 FontCache3.0.0.0 - ok
    22:51:21.0308 1612 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    22:51:21.0323 1612 FsDepends - ok
    22:51:21.0355 1612 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
    22:51:21.0355 1612 Fs_Rec - ok
    22:51:21.0386 1612 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    22:51:21.0386 1612 fvevol - ok
    22:51:21.0433 1612 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    22:51:21.0433 1612 gagp30kx - ok
    22:51:21.0511 1612 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    22:51:21.0526 1612 gpsvc - ok
    22:51:21.0620 1612 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:51:21.0620 1612 gupdate - ok
    22:51:21.0635 1612 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    22:51:21.0635 1612 gupdatem - ok
    22:51:21.0667 1612 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    22:51:21.0667 1612 gusvc - ok
    22:51:21.0702 1612 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    22:51:21.0702 1612 hcw85cir - ok
    22:51:21.0742 1612 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    22:51:21.0752 1612 HdAudAddService - ok
    22:51:21.0782 1612 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
    22:51:21.0782 1612 HDAudBus - ok
    22:51:21.0802 1612 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    22:51:21.0802 1612 HidBatt - ok
    22:51:21.0812 1612 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    22:51:21.0812 1612 HidBth - ok
    22:51:21.0822 1612 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    22:51:21.0822 1612 HidIr - ok
    22:51:21.0842 1612 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    22:51:21.0852 1612 hidserv - ok
    22:51:21.0872 1612 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
    22:51:21.0872 1612 HidUsb - ok
    22:51:21.0902 1612 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    22:51:21.0912 1612 hkmsvc - ok
    22:51:21.0932 1612 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    22:51:21.0932 1612 HomeGroupListener - ok
    22:51:21.0962 1612 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    22:51:21.0962 1612 HomeGroupProvider - ok
    22:51:21.0992 1612 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    22:51:21.0992 1612 HpSAMD - ok
    22:51:22.0052 1612 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    22:51:22.0062 1612 HTTP - ok
    22:51:22.0082 1612 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    22:51:22.0082 1612 hwpolicy - ok
    22:51:22.0092 1612 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
    22:51:22.0102 1612 i8042prt - ok
    22:51:22.0162 1612 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
    22:51:22.0172 1612 iaStor - ok
    22:51:22.0222 1612 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    22:51:22.0232 1612 iaStorV - ok
    22:51:22.0312 1612 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    22:51:22.0322 1612 idsvc - ok
    22:51:23.0002 1612 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys
    22:51:23.0292 1612 igfx - ok
    22:51:23.0422 1612 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    22:51:23.0422 1612 iirsp - ok
    22:51:23.0492 1612 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    22:51:23.0512 1612 IKEEXT - ok
    22:51:23.0552 1612 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
    22:51:23.0562 1612 intaud_WaveExtensible - ok
    22:51:23.0742 1612 IntcAzAudAddService (4b2151f04bb466ec1924aa27315e1118) C:\windows\system32\drivers\RTKVHD64.sys
    22:51:23.0783 1612 IntcAzAudAddService - ok
    22:51:23.0924 1612 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
    22:51:23.0924 1612 IntcDAud - ok
    22:51:23.0955 1612 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    22:51:23.0971 1612 intelide - ok
    22:51:24.0002 1612 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    22:51:24.0002 1612 intelppm - ok
    22:51:24.0049 1612 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    22:51:24.0049 1612 IPBusEnum - ok
    22:51:24.0095 1612 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    22:51:24.0095 1612 IpFilterDriver - ok
    22:51:24.0142 1612 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    22:51:24.0158 1612 iphlpsvc - ok
    22:51:24.0173 1612 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    22:51:24.0173 1612 IPMIDRV - ok
    22:51:24.0205 1612 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    22:51:24.0205 1612 IPNAT - ok
    22:51:24.0236 1612 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    22:51:24.0236 1612 IRENUM - ok
    22:51:24.0236 1612 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    22:51:24.0251 1612 isapnp - ok
    22:51:24.0283 1612 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    22:51:24.0283 1612 iScsiPrt - ok
    22:51:24.0329 1612 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
    22:51:24.0329 1612 iwdbus - ok
    22:51:24.0392 1612 JMCR (935301dd8306ceeaef0b84dd6abffdc6) C:\windows\system32\DRIVERS\jmcr.sys
    22:51:24.0392 1612 JMCR - ok
    22:51:24.0423 1612 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    22:51:24.0439 1612 kbdclass - ok
    22:51:24.0470 1612 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
    22:51:24.0470 1612 kbdhid - ok
    22:51:24.0501 1612 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:51:24.0501 1612 KeyIso - ok
    22:51:24.0563 1612 KL1 (e656fe10d6d27794afa08136685a69e8) C:\windows\system32\DRIVERS\kl1.sys
    22:51:24.0563 1612 KL1 - ok
    22:51:24.0595 1612 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\windows\system32\DRIVERS\kl2.sys
    22:51:24.0595 1612 kl2 - ok
    22:51:24.0657 1612 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\windows\system32\DRIVERS\klif.sys
    22:51:24.0657 1612 KLIF - ok
    22:51:24.0673 1612 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\windows\system32\DRIVERS\klim6.sys
    22:51:24.0673 1612 KLIM6 - ok
    22:51:24.0688 1612 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\windows\system32\DRIVERS\klmouflt.sys
    22:51:24.0704 1612 klmouflt - ok
    22:51:24.0735 1612 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
    22:51:24.0735 1612 KSecDD - ok
    22:51:24.0782 1612 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
    22:51:24.0782 1612 KSecPkg - ok
    22:51:24.0829 1612 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    22:51:24.0829 1612 ksthunk - ok
    22:51:24.0907 1612 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    22:51:24.0907 1612 KtmRm - ok
    22:51:24.0969 1612 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
    22:51:24.0969 1612 LanmanServer - ok
    22:51:25.0047 1612 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    22:51:25.0047 1612 LanmanWorkstation - ok
    22:51:25.0125 1612 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    22:51:25.0125 1612 lltdio - ok
    22:51:25.0250 1612 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    22:51:25.0265 1612 lltdsvc - ok
    22:51:25.0281 1612 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    22:51:25.0281 1612 lmhosts - ok
    22:51:25.0375 1612 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    22:51:25.0375 1612 LMS - ok
    22:51:25.0406 1612 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
    22:51:25.0406 1612 LPCFilter - ok
    22:51:25.0453 1612 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    22:51:25.0453 1612 LSI_FC - ok
    22:51:25.0453 1612 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    22:51:25.0453 1612 LSI_SAS - ok
    22:51:25.0468 1612 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    22:51:25.0468 1612 LSI_SAS2 - ok
    22:51:25.0468 1612 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    22:51:25.0468 1612 LSI_SCSI - ok
    22:51:25.0484 1612 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    22:51:25.0484 1612 luafv - ok
    22:51:25.0515 1612 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    22:51:25.0531 1612 Mcx2Svc - ok
    22:51:25.0531 1612 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    22:51:25.0531 1612 megasas - ok
    22:51:25.0577 1612 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    22:51:25.0577 1612 MegaSR - ok
    22:51:25.0624 1612 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
    22:51:25.0624 1612 MEIx64 - ok
    22:51:25.0671 1612 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    22:51:25.0671 1612 MMCSS - ok
    22:51:25.0687 1612 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    22:51:25.0687 1612 Modem - ok
    22:51:25.0718 1612 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    22:51:25.0718 1612 monitor - ok
    22:51:25.0733 1612 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    22:51:25.0733 1612 mouclass - ok
    22:51:25.0749 1612 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
    22:51:25.0765 1612 mouhid - ok
    22:51:25.0765 1612 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    22:51:25.0765 1612 mountmgr - ok
    22:51:25.0796 1612 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    22:51:25.0796 1612 mpio - ok
    22:51:25.0811 1612 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    22:51:25.0811 1612 mpsdrv - ok
    22:51:25.0874 1612 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    22:51:25.0889 1612 MpsSvc - ok
    22:51:25.0921 1612 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    22:51:25.0921 1612 MRxDAV - ok
    22:51:25.0952 1612 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    22:51:25.0967 1612 mrxsmb - ok
    22:51:25.0983 1612 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    22:51:25.0999 1612 mrxsmb10 - ok
    22:51:26.0014 1612 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    22:51:26.0014 1612 mrxsmb20 - ok
    22:51:26.0030 1612 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
    22:51:26.0030 1612 msahci - ok
    22:51:26.0061 1612 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    22:51:26.0061 1612 msdsm - ok
    22:51:26.0092 1612 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    22:51:26.0108 1612 MSDTC - ok
    22:51:26.0123 1612 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    22:51:26.0139 1612 Msfs - ok
    22:51:26.0170 1612 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    22:51:26.0170 1612 mshidkmdf - ok
    22:51:26.0186 1612 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    22:51:26.0186 1612 msisadrv - ok
    22:51:26.0233 1612 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    22:51:26.0233 1612 MSiSCSI - ok
    22:51:26.0233 1612 msiserver - ok
    22:51:26.0264 1612 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    22:51:26.0264 1612 MSKSSRV - ok
    22:51:26.0295 1612 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    22:51:26.0295 1612 MSPCLOCK - ok
    22:51:26.0295 1612 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    22:51:26.0295 1612 MSPQM - ok
    22:51:26.0326 1612 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    22:51:26.0326 1612 MsRPC - ok
    22:51:26.0342 1612 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
    22:51:26.0342 1612 mssmbios - ok
    22:51:26.0357 1612 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    22:51:26.0357 1612 MSTEE - ok
    22:51:26.0373 1612 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    22:51:26.0373 1612 MTConfig - ok
    22:51:26.0389 1612 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    22:51:26.0389 1612 Mup - ok
    22:51:26.0498 1612 MyWiFiDHCPDNS (50b99d53bc013458381c6476d790c9f3) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    22:51:26.0513 1612 MyWiFiDHCPDNS - ok
    22:51:26.0591 1612 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    22:51:26.0607 1612 napagent - ok
    22:51:26.0669 1612 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    22:51:26.0669 1612 NativeWifiP - ok
    22:51:26.0732 1612 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
    22:51:26.0747 1612 NDIS - ok
    22:51:26.0810 1612 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    22:51:26.0810 1612 NdisCap - ok
    22:51:26.0872 1612 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    22:51:26.0872 1612 NdisTapi - ok
    22:51:26.0888 1612 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    22:51:26.0888 1612 Ndisuio - ok
    22:51:26.0903 1612 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    22:51:26.0919 1612 NdisWan - ok
    22:51:26.0981 1612 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    22:51:26.0981 1612 NDProxy - ok
    22:51:27.0028 1612 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    22:51:27.0028 1612 NetBIOS - ok
    22:51:27.0044 1612 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    22:51:27.0059 1612 NetBT - ok
    22:51:27.0106 1612 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:51:27.0122 1612 Netlogon - ok
    22:51:27.0153 1612 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    22:51:27.0169 1612 Netman - ok
    22:51:27.0200 1612 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    22:51:27.0215 1612 netprofm - ok
    22:51:27.0293 1612 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    22:51:27.0293 1612 NetTcpPortSharing - ok
    22:51:27.0730 1612 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
    22:51:27.0871 1612 NETwNs64 - ok
    22:51:27.0995 1612 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    22:51:27.0995 1612 nfrd960 - ok
    22:51:28.0058 1612 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    22:51:28.0073 1612 NlaSvc - ok
    22:51:28.0089 1612 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    22:51:28.0089 1612 Npfs - ok
    22:51:28.0120 1612 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    22:51:28.0120 1612 nsi - ok
    22:51:28.0120 1612 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    22:51:28.0136 1612 nsiproxy - ok
    22:51:28.0245 1612 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    22:51:28.0276 1612 Ntfs - ok
    22:51:28.0385 1612 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    22:51:28.0385 1612 Null - ok
    22:51:28.0432 1612 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
    22:51:28.0448 1612 nusb3hub - ok
    22:51:28.0463 1612 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
    22:51:28.0463 1612 nusb3xhc - ok
    22:51:28.0510 1612 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    22:51:28.0510 1612 nvraid - ok
    22:51:28.0541 1612 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    22:51:28.0541 1612 nvstor - ok
    22:51:28.0573 1612 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    22:51:28.0573 1612 nv_agp - ok
    22:51:28.0604 1612 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    22:51:28.0604 1612 ohci1394 - ok
    22:51:28.0682 1612 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    22:51:28.0682 1612 ose - ok
    22:51:29.0119 1612 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    22:51:29.0228 1612 osppsvc - ok
    22:51:29.0353 1612 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    22:51:29.0368 1612 p2pimsvc - ok
    22:51:29.0399 1612 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    22:51:29.0399 1612 p2psvc - ok
    22:51:29.0446 1612 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    22:51:29.0446 1612 Parport - ok
    22:51:29.0477 1612 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
    22:51:29.0477 1612 partmgr - ok
    22:51:29.0524 1612 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    22:51:29.0524 1612 PcaSvc - ok
    22:51:29.0555 1612 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    22:51:29.0555 1612 pci - ok
    22:51:29.0571 1612 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
    22:51:29.0587 1612 pciide - ok
    22:51:29.0618 1612 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    22:51:29.0618 1612 pcmcia - ok
    22:51:29.0618 1612 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    22:51:29.0618 1612 pcw - ok
    22:51:29.0680 1612 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    22:51:29.0680 1612 PEAUTH - ok
    22:51:29.0758 1612 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    22:51:29.0774 1612 PerfHost - ok
    22:51:29.0821 1612 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
    22:51:29.0821 1612 PGEffect - ok
    22:51:29.0899 1612 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    22:51:29.0930 1612 pla - ok
    22:51:29.0992 1612 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    22:51:30.0008 1612 PlugPlay - ok
    22:51:30.0039 1612 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    22:51:30.0039 1612 PNRPAutoReg - ok
    22:51:30.0070 1612 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    22:51:30.0070 1612 PNRPsvc - ok
    22:51:30.0133 1612 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    22:51:30.0148 1612 PolicyAgent - ok
    22:51:30.0164 1612 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
    22:51:30.0179 1612 Power - ok
    22:51:30.0242 1612 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    22:51:30.0242 1612 PptpMiniport - ok
    22:51:30.0257 1612 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    22:51:30.0257 1612 Processor - ok
    22:51:30.0304 1612 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
    22:51:30.0304 1612 ProfSvc - ok
    22:51:30.0351 1612 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:51:30.0351 1612 ProtectedStorage - ok
    22:51:30.0413 1612 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    22:51:30.0413 1612 Psched - ok
    22:51:30.0554 1612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    22:51:30.0585 1612 ql2300 - ok
    22:51:30.0757 1612 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    22:51:30.0757 1612 ql40xx - ok
    22:51:30.0835 1612 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    22:51:30.0835 1612 QWAVE - ok
    22:51:30.0866 1612 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    22:51:30.0866 1612 QWAVEdrv - ok
    22:51:30.0881 1612 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    22:51:30.0881 1612 RasAcd - ok
    22:51:30.0928 1612 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    22:51:30.0928 1612 RasAgileVpn - ok
    22:51:30.0975 1612 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    22:51:30.0975 1612 RasAuto - ok
    22:51:31.0022 1612 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    22:51:31.0022 1612 Rasl2tp - ok
    22:51:31.0115 1612 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    22:51:31.0131 1612 RasMan - ok
    22:51:31.0162 1612 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    22:51:31.0162 1612 RasPppoe - ok
    22:51:31.0209 1612 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    22:51:31.0209 1612 RasSstp - ok
    22:51:31.0256 1612 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    22:51:31.0271 1612 rdbss - ok
    22:51:31.0287 1612 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
    22:51:31.0287 1612 rdpbus - ok
    22:51:31.0318 1612 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    22:51:31.0318 1612 RDPCDD - ok
    22:51:31.0349 1612 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    22:51:31.0349 1612 RDPENCDD - ok
    22:51:31.0365 1612 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    22:51:31.0365 1612 RDPREFMP - ok
    22:51:31.0412 1612 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
    22:51:31.0427 1612 RDPWD - ok
    22:51:31.0459 1612 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    22:51:31.0474 1612 rdyboost - ok
    22:51:31.0599 1612 RegSrvc (18505d90fee940ee9eae4c5b421f22b4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    22:51:31.0615 1612 RegSrvc - ok
    22:51:31.0646 1612 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    22:51:31.0661 1612 RemoteAccess - ok
    22:51:31.0708 1612 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    22:51:31.0708 1612 RemoteRegistry - ok
    22:51:31.0739 1612 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    22:51:31.0739 1612 RpcEptMapper - ok
    22:51:31.0771 1612 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    22:51:31.0786 1612 RpcLocator - ok
    22:51:31.0817 1612 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    22:51:31.0833 1612 RpcSs - ok
    22:51:31.0895 1612 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    22:51:31.0895 1612 rspndr - ok
    22:51:31.0973 1612 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
    22:51:31.0973 1612 RTL8167 - ok
    22:51:32.0036 1612 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:51:32.0036 1612 SamSs - ok
    22:51:32.0114 1612 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    22:51:32.0114 1612 SASDIFSV - ok
    22:51:32.0145 1612 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    22:51:32.0145 1612 SASKUTIL - ok
    22:51:32.0176 1612 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    22:51:32.0176 1612 sbp2port - ok
    22:51:32.0207 1612 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    22:51:32.0223 1612 SCardSvr - ok
    22:51:32.0254 1612 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    22:51:32.0254 1612 scfilter - ok
    22:51:32.0317 1612 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    22:51:32.0348 1612 Schedule - ok
    22:51:32.0379 1612 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    22:51:32.0379 1612 SCPolicySvc - ok
    22:51:32.0410 1612 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
    22:51:32.0410 1612 sdbus - ok
    22:51:32.0457 1612 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    22:51:32.0457 1612 SDRSVC - ok
    22:51:32.0488 1612 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    22:51:32.0488 1612 secdrv - ok
    22:51:32.0504 1612 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    22:51:32.0519 1612 seclogon - ok
    22:51:32.0535 1612 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    22:51:32.0551 1612 SENS - ok
    22:51:32.0582 1612 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    22:51:32.0597 1612 SensrSvc - ok
    22:51:32.0629 1612 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    22:51:32.0629 1612 Serenum - ok
    22:51:32.0644 1612 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    22:51:32.0644 1612 Serial - ok
    22:51:32.0675 1612 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    22:51:32.0675 1612 sermouse - ok
    22:51:32.0707 1612 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    22:51:32.0722 1612 SessionEnv - ok
    22:51:32.0722 1612 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    22:51:32.0738 1612 sffdisk - ok
    22:51:32.0738 1612 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    22:51:32.0738 1612 sffp_mmc - ok
    22:51:32.0753 1612 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    22:51:32.0753 1612 sffp_sd - ok
    22:51:32.0753 1612 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    22:51:32.0753 1612 sfloppy - ok
    22:51:32.0863 1612 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
    22:51:32.0878 1612 Sftfs - ok
    22:51:32.0987 1612 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    22:51:32.0987 1612 sftlist - ok
    22:51:33.0050 1612 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
    22:51:33.0050 1612 Sftplay - ok
    22:51:33.0081 1612 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
    22:51:33.0081 1612 Sftredir - ok
    22:51:33.0143 1612 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
    22:51:33.0159 1612 Sftvol - ok
    22:51:33.0206 1612 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    22:51:33.0221 1612 sftvsa - ok
    22:51:33.0284 1612 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    22:51:33.0284 1612 SharedAccess - ok
    22:51:33.0331 1612 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    22:51:33.0346 1612 ShellHWDetection - ok
    22:51:33.0377 1612 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    22:51:33.0377 1612 SiSRaid2 - ok
    22:51:33.0393 1612 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    22:51:33.0393 1612 SiSRaid4 - ok
    22:51:33.0611 1612 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    22:51:33.0674 1612 Skype C2C Service - ok
    22:51:33.0736 1612 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
    22:51:33.0736 1612 SkypeUpdate - ok
    22:51:33.0877 1612 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    22:51:33.0877 1612 Smb - ok
    22:51:33.0923 1612 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    22:51:33.0923 1612 SNMPTRAP - ok
    22:51:33.0939 1612 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    22:51:33.0955 1612 spldr - ok
    22:51:33.0986 1612 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    22:51:34.0001 1612 Spooler - ok
    22:51:34.0157 1612 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    22:51:34.0220 1612 sppsvc - ok
    22:51:34.0345 1612 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    22:51:34.0345 1612 sppuinotify - ok
    22:51:34.0423 1612 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    22:51:34.0423 1612 srv - ok
    22:51:34.0454 1612 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    22:51:34.0469 1612 srv2 - ok
    22:51:34.0485 1612 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    22:51:34.0485 1612 srvnet - ok
    22:51:34.0532 1612 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    22:51:34.0532 1612 SSDPSRV - ok
    22:51:34.0547 1612 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    22:51:34.0547 1612 SstpSvc - ok
    22:51:34.0579 1612 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    22:51:34.0579 1612 stexstor - ok
    22:51:34.0641 1612 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    22:51:34.0657 1612 stisvc - ok
    22:51:34.0688 1612 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
    22:51:34.0688 1612 swenum - ok
    22:51:34.0750 1612 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    22:51:34.0766 1612 swprv - ok
    22:51:34.0922 1612 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
    22:51:34.0953 1612 SynTP - ok
    22:51:35.0140 1612 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    22:51:35.0156 1612 SysMain - ok
    22:51:35.0249 1612 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    22:51:35.0265 1612 TabletInputService - ok
    22:51:35.0421 1612 taisregispinger (f38be8b8e7a5b8816a857b0ad0eb8aba) C:\Program Files (x86)\Toshiba\ToshibaRegistration\TaisRegistPinger.exe
    22:51:35.0468 1612 taisregispinger - ok
    22:51:35.0593 1612 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    22:51:35.0608 1612 TapiSrv - ok
    22:51:35.0608 1612 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    22:51:35.0624 1612 TBS - ok
    22:51:35.0749 1612 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
    22:51:35.0795 1612 Tcpip - ok
    22:51:36.0045 1612 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
    22:51:36.0061 1612 TCPIP6 - ok
    22:51:36.0201 1612 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    22:51:36.0201 1612 tcpipreg - ok
    22:51:36.0248 1612 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
    22:51:36.0248 1612 tdcmdpst - ok
    22:51:36.0263 1612 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    22:51:36.0263 1612 TDPIPE - ok
    22:51:36.0310 1612 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    22:51:36.0310 1612 TDTCP - ok
    22:51:36.0373 1612 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    22:51:36.0373 1612 tdx - ok
    22:51:36.0388 1612 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
    22:51:36.0388 1612 TermDD - ok
    22:51:36.0451 1612 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    22:51:36.0466 1612 TermService - ok
    22:51:36.0482 1612 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    22:51:36.0497 1612 Themes - ok
    22:51:36.0560 1612 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys
    22:51:36.0560 1612 Thpdrv - ok
    22:51:36.0575 1612 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
    22:51:36.0591 1612 Thpevm - ok
    22:51:36.0638 1612 Thpsrv (0b4734ae9ec70b843df02e7b1c056377) C:\windows\system32\ThpSrv.exe
    22:51:36.0653 1612 Thpsrv - ok
    22:51:36.0685 1612 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    22:51:36.0700 1612 THREADORDER - ok
    22:51:36.0809 1612 TMachInfo (521c21e7f6eab98679f90ca4e135fb95) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    22:51:36.0825 1612 TMachInfo - ok
    22:51:36.0872 1612 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
    22:51:36.0887 1612 TODDSrv - ok
    22:51:36.0981 1612 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    22:51:36.0997 1612 TosCoSrv - ok
    22:51:37.0075 1612 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    22:51:37.0075 1612 TOSHIBA eco Utility Service - ok
    22:51:37.0137 1612 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    22:51:37.0137 1612 TOSHIBA HDD SSD Alert Service - ok
    22:51:37.0231 1612 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
    22:51:37.0231 1612 tos_sps64 - ok
    22:51:37.0324 1612 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    22:51:37.0324 1612 TPCHSrv - ok
    22:51:37.0449 1612 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    22:51:37.0449 1612 TrkWks - ok
    22:51:37.0511 1612 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    22:51:37.0511 1612 TrustedInstaller - ok
    22:51:37.0589 1612 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    22:51:37.0589 1612 tssecsrv - ok
    22:51:37.0621 1612 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    22:51:37.0636 1612 TsUsbFlt - ok
    22:51:37.0636 1612 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    22:51:37.0636 1612 TsUsbGD - ok
    22:51:37.0683 1612 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    22:51:37.0683 1612 tunnel - ok
    22:51:37.0730 1612 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
    22:51:37.0730 1612 TVALZ - ok
    22:51:37.0761 1612 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
    22:51:37.0761 1612 TVALZFL - ok
    22:51:37.0777 1612 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    22:51:37.0777 1612 uagp35 - ok
    22:51:37.0839 1612 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    22:51:37.0839 1612 udfs - ok
    22:51:37.0886 1612 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    22:51:37.0901 1612 UI0Detect - ok
    22:51:37.0917 1612 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    22:51:37.0917 1612 uliagpkx - ok
    22:51:37.0948 1612 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    22:51:37.0948 1612 umbus - ok
    22:51:37.0979 1612 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    22:51:37.0979 1612 UmPass - ok
    22:51:38.0167 1612 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    22:51:38.0198 1612 UNS - ok
    22:51:38.0323 1612 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    22:51:38.0323 1612 upnphost - ok
    22:51:38.0369 1612 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
    22:51:38.0369 1612 usbccgp - ok
    22:51:38.0401 1612 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    22:51:38.0401 1612 usbcir - ok
    22:51:38.0416 1612 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    22:51:38.0416 1612 usbehci - ok
    22:51:38.0463 1612 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
    22:51:38.0463 1612 usbhub - ok
    22:51:38.0494 1612 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
    22:51:38.0494 1612 usbohci - ok
    22:51:38.0510 1612 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    22:51:38.0510 1612 usbprint - ok
    22:51:38.0541 1612 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    22:51:38.0541 1612 USBSTOR - ok
    22:51:38.0541 1612 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    22:51:38.0557 1612 usbuhci - ok
    22:51:38.0572 1612 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    22:51:38.0588 1612 usbvideo - ok
    22:51:38.0603 1612 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    22:51:38.0619 1612 UxSms - ok
    22:51:38.0650 1612 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    22:51:38.0650 1612 VaultSvc - ok
    22:51:38.0666 1612 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    22:51:38.0666 1612 vdrvroot - ok
    22:51:38.0713 1612 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    22:51:38.0728 1612 vds - ok
    22:51:38.0775 1612 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    22:51:38.0775 1612 vga - ok
    22:51:38.0775 1612 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    22:51:38.0791 1612 VgaSave - ok
    22:51:38.0806 1612 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    22:51:38.0822 1612 vhdmp - ok
    22:51:38.0822 1612 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    22:51:38.0822 1612 viaide - ok
    22:51:38.0884 1612 visctap0901 (a886fa72eed1164d91527387dbee2e02) C:\windows\system32\DRIVERS\visctap0901.sys
    22:51:38.0884 1612 visctap0901 - ok
    22:51:38.0900 1612 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    22:51:38.0900 1612 volmgr - ok
    22:51:38.0931 1612 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    22:51:38.0931 1612 volmgrx - ok
    22:51:38.0947 1612 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
    22:51:38.0947 1612 volsnap - ok
    22:51:38.0993 1612 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    22:51:38.0993 1612 vsmraid - ok
    22:51:39.0087 1612 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    22:51:39.0118 1612 VSS - ok
    22:51:39.0227 1612 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    22:51:39.0227 1612 vwifibus - ok
    22:51:39.0243 1612 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    22:51:39.0259 1612 vwififlt - ok
    22:51:39.0274 1612 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
    22:51:39.0274 1612 vwifimp - ok
    22:51:39.0321 1612 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    22:51:39.0337 1612 W32Time - ok
    22:51:39.0368 1612 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    22:51:39.0368 1612 WacomPen - ok
    22:51:39.0399 1612 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    22:51:39.0415 1612 WANARP - ok
    22:51:39.0415 1612 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    22:51:39.0415 1612 Wanarpv6 - ok
    22:51:39.0524 1612 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    22:51:39.0555 1612 WatAdminSvc - ok
    22:51:39.0633 1612 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    22:51:39.0664 1612 wbengine - ok
    22:51:39.0773 1612 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    22:51:39.0789 1612 WbioSrvc - ok
    22:51:39.0820 1612 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    22:51:39.0820 1612 wcncsvc - ok
    22:51:39.0836 1612 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    22:51:39.0836 1612 WcsPlugInService - ok
    22:51:39.0883 1612 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    22:51:39.0883 1612 Wd - ok
    22:51:39.0945 1612 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    22:51:39.0945 1612 Wdf01000 - ok
    22:51:39.0976 1612 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    22:51:39.0976 1612 WdiServiceHost - ok
    22:51:39.0976 1612 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    22:51:39.0992 1612 WdiSystemHost - ok
    22:51:40.0039 1612 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    22:51:40.0039 1612 WebClient - ok
    22:51:40.0070 1612 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    22:51:40.0070 1612 Wecsvc - ok
    22:51:40.0085 1612 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    22:51:40.0101 1612 wercplsupport - ok
    22:51:40.0117 1612 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    22:51:40.0117 1612 WerSvc - ok
    22:51:40.0179 1612 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    22:51:40.0179 1612 WfpLwf - ok
    22:51:40.0304 1612 WiMAXAppSrv (245ea6a2cfae7b183ee9a14a4673b1f1) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    22:51:40.0319 1612 WiMAXAppSrv - ok
    22:51:40.0351 1612 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    22:51:40.0351 1612 WIMMount - ok
    22:51:40.0382 1612 WinDefend - ok
    22:51:40.0397 1612 WinHttpAutoProxySvc - ok
    22:51:40.0475 1612 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    22:51:40.0491 1612 Winmgmt - ok
    22:51:40.0631 1612 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    22:51:40.0678 1612 WinRM - ok
    22:51:40.0772 1612 WiTopiaService (bcdca2c65a685e54c5f9f7ee769a3ce0) C:\Program Files\WiTopia\WiTopiaService.exe
    22:51:40.0772 1612 WiTopiaService - ok
    22:51:40.0959 1612 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    22:51:40.0990 1612 Wlansvc - ok
    22:51:41.0053 1612 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    22:51:41.0068 1612 wlcrasvc - ok
    22:51:41.0193 1612 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    22:51:41.0209 1612 wlidsvc - ok
    22:51:41.0360 1612 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
    22:51:41.0370 1612 WmiAcpi - ok
    22:51:41.0480 1612 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    22:51:41.0490 1612 wmiApSrv - ok
    22:51:41.0530 1612 WMPNetworkSvc - ok
    22:51:41.0570 1612 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    22:51:41.0580 1612 WPCSvc - ok
    22:51:41.0600 1612 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    22:51:41.0610 1612 WPDBusEnum - ok
    22:51:41.0630 1612 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    22:51:41.0630 1612 ws2ifsl - ok
    22:51:41.0650 1612 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
    22:51:41.0660 1612 wscsvc - ok
    22:51:41.0660 1612 WSearch - ok
    22:51:41.0810 1612 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
    22:51:41.0870 1612 wuauserv - ok
    22:51:41.0980 1612 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    22:51:41.0990 1612 WudfPf - ok
    22:51:42.0020 1612 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    22:51:42.0020 1612 WUDFRd - ok
    22:51:42.0050 1612 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    22:51:42.0060 1612 wudfsvc - ok
    22:51:42.0090 1612 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    22:51:42.0100 1612 WwanSvc - ok
    22:51:42.0150 1612 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
    22:51:42.0330 1612 \Device\Harddisk0\DR0 - ok
    22:51:42.0340 1612 Boot (0x1200) (5b27bbe662b88f50d6c02e5321319c4c) \Device\Harddisk0\DR0\Partition0
    22:51:42.0340 1612 \Device\Harddisk0\DR0\Partition0 - ok
    22:51:42.0340 1612 ============================================================
    22:51:42.0340 1612 Scan finished
    22:51:42.0340 1612 ============================================================
    22:51:42.0370 13720 Detected object count: 0
    22:51:42.0370 13720 Actual detected object count: 0
     
  14. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,861
    nothing showing there
    do you get the same problem in Internet Explorer or only in chrome
     
  15. sipadan

    sipadan Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    12
    That was an interesting question. I had never checked IE because I never use it. I just opened it now, x2, and both times it opened to Google. No sign at all of those other 2 bad web sites.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1062114