Random Website Redirects

**Masterchiefxx17** · 04-01-2012, 08:06 PM

Hi,

When I search in google I get random redirects a "web search". This started happening today.

It seems to be a "web search" tool that gives me other links to click on.
This computer is running Windows Vista SP2. Microsoft Security Essenitals did not find anything on a full scan. Yes I have the Boot Disk.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Toshiba at 21:35:21 on 2012-04-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1526.415 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Update] rundll32.exe "c:\users\toshiba\appdata\roaming\.minecraft\.minecraft\vmvsz.dll",DllRegisterServer
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{82B17A13-3D8B-444F-9AA7-CF0D21E089A7} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl62642b70;MpKsl62642b70;c:\programdata\microsoft\microsoft antimalware\definition updates\{6c3ea7f8-5157-4976-bd65-c642dfef5ccf}\MpKsl62642b70.sys [2012-4-1 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-12-26 21504]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-11-6 7168]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-26 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-26 136176]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-02 01:04:23 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c3ea7f8-5157-4976-bd65-c642dfef5ccf}\offreg.dll
2012-04-02 01:04:23 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c3ea7f8-5157-4976-bd65-c642dfef5ccf}\MpKsl62642b70.sys
2012-04-01 16:12:36 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{6c3ea7f8-5157-4976-bd65-c642dfef5ccf}\mpengine.dll
2012-03-19 21:41:18 -------- d-----w- c:\users\toshiba\appdata\roaming\Visan
2012-03-19 21:40:40 -------- d-----w- c:\programdata\Visan
2012-03-13 20:15:27 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:15:25 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 20:15:25 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 20:15:25 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 20:15:25 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 20:15:25 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 20:15:24 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-13 20:15:02 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:15:01 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-02-21 16:03:10 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:36:46.95 ===============

**Masterchiefxx17** · 04-03-2012, 06:05 PM

BUMP!

**chemist** · 04-04-2012, 08:24 AM

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download aswMBR.exe to your desktop.

Double-click aswMBR.exe to run it.
Click the Scan button to start scan.
Wait until it says, 'Scan finished successfully'. ( Note - do not select any Fix at this time)
Click Save log, and save it to your desktop.
Click Exit.
Please post the contents of that log, aswMBR.txt, in your next reply.

There shall also be a file on your desktop named MBR.dat. Right-click that file and select Send To > Compressed (zipped) folder. Please attach that zipped file in your next reply.

------------------------------------------------------

When you run this tool, remember to choose 'Skip' not 'Cure' if it finds something. We just want a scan, not a fix.

Download tdsskiller.exe and Save it to your Desktop.

Double-click tdsskiller.exe and click 'Run'

Click 'Change parameters' then under 'Additional options' tick both boxes > OK.

Click 'Start scan'.

If no infection is found, click 'Close' and let me know.

If an infection is found, select 'Skip' from the dropdown menu under 'Cure' then click 'Continue' > 'Close' > 'Close'.

It will produce a log here > C:\TDSSKiller.2.7.25.0_date_time_log.txt

Please navigate to the file, double-click to open it, and copy/paste the contents in your next reply.

------------------------------------------------------

**Masterchiefxx17** · 04-04-2012, 01:55 PM

Hi Chemist! Thanks for the help.

When running the "aswMBR.exe" I recieved a blue screen of death.

Here is the report of the BSOD:

Code:

 
Problem signature:
  Problem Event Name: BlueScreen
  OS Version: 6.0.6002.2.2.0.768.3
  Locale ID: 1033
Additional information about the problem:
  BCCode: d1
  BCP1: 00000000
  BCP2: 000000FF
  BCP3: 00000008
  BCP4: 00000000
  OS Version: 6_0_6002
  Service Pack: 2_0
  Product: 768_1
Files that help describe the problem:
  C:\Windows\Minidump\Mini040412-01.dmp
  C:\Users\John-Toshiba\AppData\Local\Temp\WER-138528-0.sysdata.xml
  C:\Users\John-Toshiba\AppData\Local\Temp\WER536C.tmp.version.txt
Read our privacy statement:
  hxxp://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409

I did not try again to rerun the program.

--------------------

When running "tdsskiller.exe" I did recieve some infection. Here is the Log:

15:20:57.0868 6044 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
15:20:58.0276 6044 ============================================================
15:20:58.0276 6044 Current date / time: 2012/04/04 15:20:58.0275
15:20:58.0276 6044 SystemInfo:
15:20:58.0276 6044
15:20:58.0276 6044 OS Version: 6.0.6002 ServicePack: 2.0
15:20:58.0276 6044 Product type: Workstation
15:20:58.0276 6044 ComputerName: JOHN-TOSHIBA-PC
15:20:58.0276 6044 UserName: John-Toshiba
15:20:58.0276 6044 Windows directory: C:\Windows
15:20:58.0276 6044 System windows directory: C:\Windows
15:20:58.0276 6044 Processor architecture: Intel x86
15:20:58.0276 6044 Number of processors: 2
15:20:58.0276 6044 Page size: 0x1000
15:20:58.0276 6044 Boot type: Normal boot
15:20:58.0276 6044 ============================================================
15:21:01.0351 6044 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:21:01.0353 6044 \Device\Harddisk0\DR0:
15:21:01.0354 6044 MBR used
15:21:01.0354 6044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0xDCA6000
15:21:01.0392 6044 Initialize success
15:21:01.0392 6044 ============================================================
15:21:20.0742 4092 ============================================================
15:21:20.0742 4092 Scan started
15:21:20.0742 4092 Mode: Manual; SigCheck; TDLFS;
15:21:20.0742 4092 ============================================================
15:21:23.0871 4092 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:21:24.0094 4092 ACPI - ok
15:21:24.0207 4092 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
15:21:24.0387 4092 AdobeARMservice - ok
15:21:24.0574 4092 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:21:24.0997 4092 AdobeFlashPlayerUpdateSvc - ok
15:21:25.0128 4092 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
15:21:25.0209 4092 adp94xx - ok
15:21:25.0393 4092 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
15:21:25.0541 4092 adpahci - ok
15:21:25.0664 4092 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
15:21:25.0725 4092 adpu160m - ok
15:21:25.0745 4092 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
15:21:25.0806 4092 adpu320 - ok
15:21:25.0881 4092 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
15:21:26.0110 4092 AeLookupSvc - ok
15:21:26.0330 4092 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:21:26.0472 4092 AFD - ok
15:21:26.0605 4092 AgereModemAudio (39e435c90c9c4f780fa0ed05ca3c3a1b) C:\Windows\system32\agrsmsvc.exe
15:21:26.0748 4092 AgereModemAudio - ok
15:21:26.0871 4092 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\Windows\system32\DRIVERS\AGRSM.sys
15:21:27.0021 4092 AgereSoftModem - ok
15:21:27.0191 4092 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
15:21:27.0269 4092 agp440 - ok
15:21:27.0360 4092 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:21:27.0407 4092 aic78xx - ok
15:21:27.0462 4092 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
15:21:27.0750 4092 ALG - ok
15:21:27.0856 4092 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
15:21:27.0879 4092 aliide - ok
15:21:27.0920 4092 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
15:21:27.0982 4092 amdagp - ok
15:21:28.0018 4092 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
15:21:28.0060 4092 amdide - ok
15:21:28.0108 4092 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
15:21:28.0394 4092 AmdK7 - ok
15:21:28.0512 4092 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
15:21:28.0661 4092 AmdK8 - ok
15:21:28.0723 4092 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
15:21:28.0829 4092 Appinfo - ok
15:21:28.0952 4092 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
15:21:29.0001 4092 arc - ok
15:21:29.0060 4092 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
15:21:29.0126 4092 arcsas - ok
15:21:29.0177 4092 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:21:29.0306 4092 AsyncMac - ok
15:21:29.0421 4092 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:21:29.0449 4092 atapi - ok
15:21:29.0552 4092 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:21:29.0683 4092 AudioEndpointBuilder - ok
15:21:29.0732 4092 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
15:21:29.0912 4092 Audiosrv - ok
15:21:30.0067 4092 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:21:30.0157 4092 Beep - ok
15:21:30.0367 4092 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
15:21:30.0567 4092 BFE - ok
15:21:30.0720 4092 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
15:21:31.0079 4092 BITS - ok
15:21:31.0175 4092 blbdrive - ok
15:21:31.0261 4092 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:21:31.0353 4092 bowser - ok
15:21:31.0466 4092 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:21:31.0527 4092 BrFiltLo - ok
15:21:31.0542 4092 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:21:31.0625 4092 BrFiltUp - ok
15:21:31.0672 4092 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
15:21:31.0789 4092 Browser - ok
15:21:31.0919 4092 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:21:32.0052 4092 Brserid - ok
15:21:32.0077 4092 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:21:32.0200 4092 BrSerWdm - ok
15:21:32.0226 4092 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:21:32.0321 4092 BrUsbMdm - ok
15:21:32.0335 4092 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:21:32.0427 4092 BrUsbSer - ok
15:21:32.0547 4092 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:21:32.0632 4092 BTHMODEM - ok
15:21:32.0707 4092 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:21:32.0806 4092 cdfs - ok
15:21:32.0922 4092 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:21:33.0000 4092 cdrom - ok
15:21:33.0053 4092 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:21:33.0156 4092 CertPropSvc - ok
15:21:33.0260 4092 CFSvcs (c82162949bba6cc5d006c7bd008f3cf1) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
15:21:33.0340 4092 CFSvcs ( UnsignedFile.Multi.Generic ) - warning
15:21:33.0340 4092 CFSvcs - detected UnsignedFile.Multi.Generic (1)
15:21:33.0466 4092 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
15:21:33.0574 4092 circlass - ok
15:21:33.0626 4092 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:21:33.0688 4092 CLFS - ok
15:21:33.0798 4092 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:21:33.0883 4092 clr_optimization_v2.0.50727_32 - ok
15:21:34.0026 4092 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:21:34.0071 4092 clr_optimization_v4.0.30319_32 - ok
15:21:34.0174 4092 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:21:34.0224 4092 CmBatt - ok
15:21:34.0337 4092 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
15:21:34.0365 4092 cmdide - ok
15:21:34.0448 4092 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:21:34.0475 4092 Compbatt - ok
15:21:34.0488 4092 COMSysApp - ok
15:21:34.0510 4092 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
15:21:34.0544 4092 crcdisk - ok
15:21:34.0560 4092 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
15:21:34.0678 4092 Crusoe - ok
15:21:34.0793 4092 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
15:21:34.0940 4092 CryptSvc - ok
15:21:35.0024 4092 CWMonitor - ok
15:21:35.0292 4092 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:21:35.0457 4092 DcomLaunch - ok
15:21:35.0620 4092 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:21:35.0758 4092 DfsC - ok
15:21:35.0931 4092 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
15:21:36.0329 4092 DFSR - ok
15:21:36.0450 4092 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
15:21:36.0546 4092 Dhcp - ok
15:21:36.0622 4092 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:21:36.0681 4092 disk - ok
15:21:36.0803 4092 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
15:21:36.0929 4092 Dnscache - ok
15:21:36.0989 4092 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
15:21:37.0100 4092 dot3svc - ok
15:21:37.0220 4092 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
15:21:37.0289 4092 DPS - ok
15:21:37.0354 4092 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:21:37.0430 4092 drmkaud - ok
15:21:37.0603 4092 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:21:37.0676 4092 DXGKrnl - ok
15:21:37.0770 4092 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:21:37.0905 4092 E1G60 - ok
15:21:38.0030 4092 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
15:21:38.0106 4092 EapHost - ok
15:21:38.0195 4092 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:21:38.0273 4092 Ecache - ok
15:21:38.0357 4092 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
15:21:38.0488 4092 ehRecvr - ok
15:21:38.0607 4092 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
15:21:38.0699 4092 ehSched - ok
15:21:38.0731 4092 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
15:21:38.0779 4092 ehstart - ok
15:21:38.0897 4092 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
15:21:38.0942 4092 elxstor - ok
15:21:39.0057 4092 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
15:21:39.0188 4092 EMDMgmt - ok
15:21:39.0343 4092 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
15:21:39.0424 4092 EventSystem - ok
15:21:39.0541 4092 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:21:39.0647 4092 exfat - ok
15:21:39.0824 4092 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:21:39.0908 4092 fastfat - ok
15:21:40.0023 4092 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
15:21:40.0115 4092 fdc - ok
15:21:40.0213 4092 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
15:21:40.0272 4092 fdPHost - ok
15:21:40.0338 4092 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
15:21:40.0446 4092 FDResPub - ok
15:21:40.0526 4092 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:21:40.0582 4092 FileInfo - ok
15:21:40.0691 4092 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:21:40.0772 4092 Filetrace - ok
15:21:40.0838 4092 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
15:21:40.0936 4092 flpydisk - ok
15:21:41.0052 4092 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:21:41.0099 4092 FltMgr - ok
15:21:41.0320 4092 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
15:21:41.0531 4092 FontCache - ok
15:21:41.0666 4092 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:21:41.0722 4092 FontCache3.0.0.0 - ok
15:21:41.0802 4092 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:21:41.0850 4092 Fs_Rec - ok
15:21:41.0957 4092 FwLnk (cbc22823628544735625b280665e434e) C:\Windows\system32\DRIVERS\FwLnk.sys
15:21:42.0014 4092 FwLnk - ok
15:21:42.0061 4092 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
15:21:42.0126 4092 gagp30kx - ok
15:21:42.0185 4092 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
15:21:42.0447 4092 gpsvc - ok
15:21:42.0565 4092 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:21:42.0668 4092 gupdate - ok
15:21:42.0680 4092 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
15:21:42.0786 4092 gupdatem - ok
15:21:42.0925 4092 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
15:21:43.0013 4092 HdAudAddService - ok
15:21:43.0096 4092 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:21:43.0184 4092 HDAudBus - ok
15:21:43.0295 4092 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:21:43.0428 4092 HidBth - ok
15:21:43.0461 4092 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:21:43.0559 4092 HidIr - ok
15:21:43.0667 4092 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
15:21:43.0760 4092 hidserv - ok
15:21:43.0830 4092 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:21:43.0896 4092 HidUsb - ok
15:21:43.0997 4092 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
15:21:44.0090 4092 hkmsvc - ok
15:21:44.0157 4092 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
15:21:44.0189 4092 HpCISSs - ok
15:21:44.0495 4092 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
15:21:44.0846 4092 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
15:21:44.0847 4092 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
15:21:45.0004 4092 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
15:21:45.0222 4092 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
15:21:45.0222 4092 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
15:21:45.0282 4092 HPSLPSVC (75f122cdca3c71bd09089f2ca824b796) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
15:21:45.0571 4092 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
15:21:45.0571 4092 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
15:21:45.0705 4092 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:21:45.0856 4092 HTTP - ok
15:21:45.0987 4092 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
15:21:46.0025 4092 i2omp - ok
15:21:46.0102 4092 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:21:46.0178 4092 i8042prt - ok
15:21:46.0331 4092 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
15:21:46.0380 4092 iaStorV - ok
15:21:46.0521 4092 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:21:46.0617 4092 IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:21:46.0617 4092 IDriverT - detected UnsignedFile.Multi.Generic (1)
15:21:46.0753 4092 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:21:46.0962 4092 idsvc - ok
15:21:47.0181 4092 igfx (038815297078d236d8cc064c295a74c6) C:\Windows\system32\DRIVERS\igdkmd32.sys
15:21:47.0615 4092 igfx - ok
15:21:47.0724 4092 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:21:47.0770 4092 iirsp - ok
15:21:47.0833 4092 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
15:21:47.0927 4092 IKEEXT - ok
15:21:48.0129 4092 IntcAzAudAddService (b84732d9f8459abf6323d28a3270dc19) C:\Windows\system32\drivers\RTKVHDA.sys
15:21:48.0265 4092 IntcAzAudAddService - ok
15:21:48.0449 4092 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:21:48.0479 4092 intelide - ok
15:21:48.0573 4092 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:21:48.0659 4092 intelppm - ok
15:21:48.0770 4092 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
15:21:48.0835 4092 IPBusEnum - ok
15:21:48.0912 4092 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:21:49.0005 4092 IpFilterDriver - ok
15:21:49.0111 4092 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
15:21:49.0253 4092 iphlpsvc - ok
15:21:49.0293 4092 IpInIp - ok
15:21:49.0394 4092 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
15:21:49.0525 4092 IPMIDRV - ok
15:21:49.0599 4092 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:21:49.0651 4092 IPNAT - ok
15:21:49.0728 4092 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:21:49.0783 4092 IRENUM - ok
15:21:49.0892 4092 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
15:21:49.0941 4092 isapnp - ok
15:21:50.0007 4092 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:21:50.0053 4092 iScsiPrt - ok
15:21:50.0112 4092 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:21:50.0158 4092 iteatapi - ok
15:21:50.0415 4092 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:21:50.0448 4092 iteraid - ok
15:21:50.0506 4092 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:21:50.0553 4092 kbdclass - ok
15:21:50.0660 4092 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
15:21:50.0746 4092 kbdhid - ok
15:21:50.0809 4092 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:21:50.0928 4092 KeyIso - ok
15:21:51.0092 4092 KR10I (e8ca038f51f7761bd6e3a3b0b8014263) C:\Windows\system32\drivers\kr10i.sys
15:21:51.0258 4092 KR10I - ok
15:21:51.0302 4092 KR10N (6a4adb9186dd0e114e623daf57e42b31) C:\Windows\system32\drivers\kr10n.sys
15:21:51.0420 4092 KR10N - ok
15:21:51.0480 4092 KR3NPXP (485e005cd51ff502fb16483eb4b69c17) C:\Windows\system32\drivers\kr3npxp.sys
15:21:51.0665 4092 KR3NPXP ( UnsignedFile.Multi.Generic ) - warning
15:21:51.0665 4092 KR3NPXP - detected UnsignedFile.Multi.Generic (1)
15:21:51.0782 4092 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:21:51.0840 4092 KSecDD - ok
15:21:51.0990 4092 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
15:21:52.0133 4092 KtmRm - ok
15:21:52.0244 4092 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
15:21:52.0361 4092 LanmanServer - ok
15:21:52.0420 4092 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
15:21:52.0519 4092 LanmanWorkstation - ok
15:21:52.0644 4092 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:21:52.0715 4092 lltdio - ok
15:21:52.0810 4092 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
15:21:52.0907 4092 lltdsvc - ok
15:21:53.0013 4092 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
15:21:53.0103 4092 lmhosts - ok
15:21:53.0213 4092 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
15:21:53.0265 4092 LSI_FC - ok
15:21:53.0290 4092 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
15:21:53.0335 4092 LSI_SAS - ok
15:21:53.0353 4092 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
15:21:53.0416 4092 LSI_SCSI - ok
15:21:53.0555 4092 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:21:53.0671 4092 luafv - ok
15:21:53.0742 4092 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
15:21:53.0820 4092 Mcx2Svc - ok
15:21:53.0901 4092 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
15:21:53.0939 4092 megasas - ok
15:21:54.0010 4092 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:21:54.0107 4092 MMCSS - ok
15:21:54.0190 4092 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:21:54.0299 4092 Modem - ok
15:21:54.0395 4092 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:21:54.0468 4092 monitor - ok
15:21:54.0565 4092 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:21:54.0599 4092 mouclass - ok
15:21:54.0648 4092 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:21:54.0721 4092 mouhid - ok
15:21:54.0802 4092 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:21:54.0848 4092 MountMgr - ok
15:21:54.0924 4092 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
15:21:54.0999 4092 MpFilter - ok
15:21:55.0133 4092 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
15:21:55.0253 4092 mpio - ok
15:21:55.0464 4092 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
15:21:55.0541 4092 MpNWMon - ok
15:21:55.0700 4092 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:21:55.0801 4092 mpsdrv - ok
15:21:56.0011 4092 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
15:21:56.0143 4092 MpsSvc - ok
15:21:56.0321 4092 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:21:56.0355 4092 Mraid35x - ok
15:21:56.0429 4092 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:21:56.0518 4092 MRxDAV - ok
15:21:56.0631 4092 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:21:56.0738 4092 mrxsmb - ok
15:21:56.0835 4092 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:21:56.0893 4092 mrxsmb10 - ok
15:21:56.0951 4092 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:21:57.0086 4092 mrxsmb20 - ok
15:21:57.0471 4092 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:21:57.0508 4092 msahci - ok
15:21:57.0627 4092 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
15:21:57.0694 4092 msdsm - ok
15:21:57.0739 4092 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
15:21:57.0825 4092 MSDTC - ok
15:21:57.0896 4092 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:21:57.0974 4092 Msfs - ok
15:21:58.0117 4092 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:21:58.0151 4092 msisadrv - ok
15:21:58.0200 4092 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
15:21:58.0297 4092 MSiSCSI - ok
15:21:58.0312 4092 msiserver - ok
15:21:58.0364 4092 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:21:58.0437 4092 MSKSSRV - ok
15:21:58.0519 4092 MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
15:21:58.0562 4092 MsMpSvc - ok
15:21:58.0695 4092 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:21:58.0744 4092 MSPCLOCK - ok
15:21:58.0782 4092 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:21:58.0846 4092 MSPQM - ok
15:21:58.0907 4092 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:21:59.0015 4092 MsRPC - ok
15:21:59.0137 4092 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:21:59.0181 4092 mssmbios - ok
15:21:59.0246 4092 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:21:59.0316 4092 MSTEE - ok
15:21:59.0442 4092 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:21:59.0490 4092 Mup - ok
15:21:59.0549 4092 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
15:21:59.0635 4092 napagent - ok
15:21:59.0768 4092 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:21:59.0853 4092 NativeWifiP - ok
15:21:59.0934 4092 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:22:00.0008 4092 NDIS - ok
15:22:00.0133 4092 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:22:00.0196 4092 NdisTapi - ok
15:22:00.0291 4092 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:22:00.0389 4092 Ndisuio - ok
15:22:00.0508 4092 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:22:00.0575 4092 NdisWan - ok
15:22:00.0631 4092 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:22:00.0697 4092 NDProxy - ok
15:22:00.0812 4092 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
15:22:00.0872 4092 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:22:00.0872 4092 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:22:00.0950 4092 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:22:01.0039 4092 NetBIOS - ok
15:22:01.0152 4092 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:22:01.0271 4092 netbt - ok
15:22:01.0352 4092 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:22:01.0411 4092 Netlogon - ok
15:22:01.0529 4092 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
15:22:01.0691 4092 Netman - ok
15:22:01.0793 4092 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
15:22:01.0906 4092 netprofm - ok
15:22:02.0013 4092 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:22:02.0055 4092 NetTcpPortSharing - ok
15:22:02.0144 4092 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:22:02.0188 4092 nfrd960 - ok
15:22:02.0295 4092 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
15:22:02.0404 4092 NlaSvc - ok
15:22:02.0518 4092 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:22:02.0597 4092 Npfs - ok
15:22:02.0737 4092 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
15:22:02.0794 4092 nsi - ok
15:22:02.0857 4092 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:22:02.0931 4092 nsiproxy - ok
15:22:03.0013 4092 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:22:03.0430 4092 Ntfs - ok
15:22:03.0554 4092 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:22:03.0635 4092 ntrigdigi - ok
15:22:03.0680 4092 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:22:03.0753 4092 Null - ok
15:22:03.0870 4092 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
15:22:03.0937 4092 nvraid - ok
15:22:03.0982 4092 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
15:22:04.0031 4092 nvstor - ok
15:22:04.0052 4092 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
15:22:04.0102 4092 nv_agp - ok
15:22:04.0118 4092 NwlnkFlt - ok
15:22:04.0139 4092 NwlnkFwd - ok
15:22:04.0177 4092 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
15:22:04.0274 4092 ohci1394 - ok
15:22:04.0394 4092 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:22:04.0491 4092 ose - ok
15:22:04.0730 4092 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:22:05.0497 4092 osppsvc - ok
15:22:05.0651 4092 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:22:05.0790 4092 p2pimsvc - ok
15:22:05.0818 4092 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:22:05.0886 4092 p2psvc - ok
15:22:06.0010 4092 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:22:06.0124 4092 Parport - ok
15:22:06.0182 4092 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:22:06.0230 4092 partmgr - ok
15:22:06.0268 4092 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:22:06.0349 4092 Parvdm - ok
15:22:06.0456 4092 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
15:22:06.0514 4092 PcaSvc - ok
15:22:06.0577 4092 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:22:06.0635 4092 pci - ok
15:22:06.0776 4092 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
15:22:06.0801 4092 pciide - ok
15:22:06.0843 4092 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
15:22:06.0887 4092 pcmcia - ok
15:22:06.0977 4092 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:22:07.0105 4092 PEAUTH - ok
15:22:07.0197 4092 pinger (6dbf2ac2bdaff355995ab25eccc4cfe1) C:\TOSHIBA\IVP\ISM\pinger.exe
15:22:07.0370 4092 pinger - ok
15:22:07.0517 4092 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
15:22:07.0778 4092 pla - ok
15:22:08.0155 4092 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
15:22:10.0167 4092 PlugPlay - ok
15:22:10.0375 4092 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
15:22:10.0449 4092 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
15:22:10.0449 4092 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
15:22:10.0539 4092 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:22:10.0614 4092 PNRPAutoReg - ok
15:22:10.0634 4092 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
15:22:10.0712 4092 PNRPsvc - ok
15:22:10.0865 4092 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
15:22:11.0045 4092 PolicyAgent - ok
15:22:11.0174 4092 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:22:11.0278 4092 PptpMiniport - ok
15:22:11.0375 4092 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
15:22:11.0487 4092 Processor - ok
15:22:11.0585 4092 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
15:22:11.0665 4092 ProfSvc - ok
15:22:11.0718 4092 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:22:11.0795 4092 ProtectedStorage - ok
15:22:11.0859 4092 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:22:11.0948 4092 PSched - ok
15:22:12.0107 4092 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
15:22:12.0185 4092 ql2300 - ok
15:22:12.0318 4092 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:22:12.0384 4092 ql40xx - ok
15:22:12.0452 4092 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
15:22:12.0672 4092 QWAVE - ok
15:22:12.0774 4092 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:22:12.0827 4092 QWAVEdrv - ok
15:22:12.0874 4092 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:22:12.0932 4092 RasAcd - ok
15:22:12.0990 4092 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
15:22:13.0119 4092 RasAuto - ok
15:22:13.0227 4092 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:22:13.0363 4092 Rasl2tp - ok
15:22:13.0447 4092 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
15:22:13.0555 4092 RasMan - ok
15:22:13.0658 4092 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:22:13.0769 4092 RasPppoe - ok
15:22:13.0804 4092 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:22:13.0925 4092 RasSstp - ok
15:22:14.0043 4092 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:22:14.0121 4092 rdbss - ok
15:22:14.0167 4092 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:22:14.0252 4092 RDPCDD - ok
15:22:14.0309 4092 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
15:22:14.0442 4092 rdpdr - ok
15:22:14.0557 4092 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:22:14.0612 4092 RDPENCDD - ok
15:22:14.0688 4092 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
15:22:14.0830 4092 RDPWD - ok
15:22:14.0946 4092 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
15:22:15.0147 4092 RemoteAccess - ok
15:22:15.0263 4092 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
15:22:15.0447 4092 RemoteRegistry - ok
15:22:15.0538 4092 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
15:22:15.0627 4092 RpcLocator - ok
15:22:15.0711 4092 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
15:22:15.0847 4092 RpcSs - ok
15:22:15.0977 4092 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:22:16.0062 4092 rspndr - ok
15:22:16.0145 4092 RTL8187B (7fe5089eb5f624899de08c30db4377fc) C:\Windows\system32\DRIVERS\RTL8187B.sys
15:22:16.0244 4092 RTL8187B - ok
15:22:16.0362 4092 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
15:22:16.0428 4092 SamSs - ok
15:22:16.0487 4092 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:22:16.0555 4092 sbp2port - ok
15:22:16.0610 4092 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
15:22:16.0711 4092 SCardSvr - ok
15:22:16.0834 4092 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
15:22:16.0976 4092 Schedule - ok
15:22:17.0095 4092 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
15:22:17.0148 4092 SCPolicySvc - ok
15:22:17.0237 4092 sdbus (bcca63a3d143938273a3158757389dc7) C:\Windows\system32\DRIVERS\sdbus.sys
15:22:17.0277 4092 sdbus - ok
15:22:17.0320 4092 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
15:22:17.0414 4092 SDRSVC - ok
15:22:17.0532 4092 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:22:17.0624 4092 secdrv - ok
15:22:17.0663 4092 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
15:22:17.0729 4092 seclogon - ok
15:22:17.0772 4092 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
15:22:17.0845 4092 SENS - ok
15:22:17.0936 4092 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:22:18.0030 4092 Serenum - ok
15:22:18.0077 4092 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:22:18.0161 4092 Serial - ok
15:22:18.0215 4092 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:22:18.0275 4092 sermouse - ok
15:22:18.0386 4092 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
15:22:18.0455 4092 SessionEnv - ok
15:22:18.0529 4092 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
15:22:18.0599 4092 sffdisk - ok
15:22:18.0641 4092 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
15:22:18.0718 4092 sffp_mmc - ok
15:22:18.0808 4092 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
15:22:18.0888 4092 sffp_sd - ok
15:22:18.0975 4092 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:22:19.0045 4092 sfloppy - ok
15:22:19.0096 4092 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
15:22:19.0225 4092 SharedAccess - ok
15:22:19.0354 4092 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
15:22:19.0422 4092 ShellHWDetection - ok
15:22:19.0471 4092 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
15:22:19.0521 4092 sisagp - ok
15:22:19.0568 4092 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
15:22:19.0599 4092 SiSRaid2 - ok
15:22:19.0620 4092 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
15:22:19.0668 4092 SiSRaid4 - ok
15:22:19.0874 4092 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
15:22:20.0372 4092 slsvc - ok
15:22:20.0480 4092 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
15:22:20.0640 4092 SLUINotify - ok
15:22:20.0720 4092 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:22:20.0820 4092 Smb - ok
15:22:20.0924 4092 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
15:22:20.0981 4092 SNMPTRAP - ok
15:22:21.0038 4092 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:22:21.0067 4092 spldr - ok
15:22:21.0119 4092 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
15:22:21.0209 4092 Spooler - ok
15:22:21.0343 4092 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:22:21.0472 4092 srv - ok
15:22:21.0590 4092 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:22:21.0671 4092 srv2 - ok
15:22:21.0731 4092 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:22:21.0775 4092 srvnet - ok
15:22:21.0877 4092 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
15:22:21.0950 4092 SSDPSRV - ok
15:22:22.0001 4092 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
15:22:22.0059 4092 SstpSvc - ok
15:22:22.0129 4092 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
15:22:22.0217 4092 StillCam - ok
15:22:22.0352 4092 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
15:22:22.0443 4092 stisvc - ok
15:22:22.0582 4092 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:22:22.0610 4092 swenum - ok
15:22:22.0770 4092 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:22:23.0054 4092 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:22:23.0055 4092 SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:22:23.0177 4092 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
15:22:23.0284 4092 swprv - ok
15:22:23.0458 4092 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:22:23.0516 4092 Symc8xx - ok
15:22:23.0567 4092 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:22:23.0599 4092 Sym_hi - ok
15:22:23.0629 4092 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:22:23.0662 4092 Sym_u3 - ok
15:22:23.0749 4092 SynTP (70534d1e4f9ac990536d5fb5b550b3de) C:\Windows\system32\DRIVERS\SynTP.sys
15:22:23.0785 4092 SynTP - ok
15:22:23.0929 4092 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
15:22:24.0043 4092 SysMain - ok
15:22:24.0153 4092 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
15:22:24.0207 4092 TabletInputService - ok
15:22:24.0272 4092 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
15:22:24.0342 4092 TapiSrv - ok
15:22:24.0400 4092 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
15:22:24.0473 4092 TBS - ok
15:22:24.0602 4092 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:22:24.0754 4092 Tcpip - ok
15:22:24.0934 4092 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:22:25.0016 4092 Tcpip6 - ok
15:22:25.0169 4092 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:22:25.0210 4092 tcpipreg - ok
15:22:25.0289 4092 tdcmdpst (1825bceb47bf41c5a9f0e44de82fc27a) C:\Windows\system32\DRIVERS\tdcmdpst.sys
15:22:25.0431 4092 tdcmdpst - ok
15:22:25.0584 4092 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:22:25.0654 4092 TDPIPE - ok
15:22:25.0681 4092 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:22:25.0735 4092 TDTCP - ok
15:22:25.0819 4092 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:22:25.0918 4092 tdx - ok
15:22:25.0972 4092 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:22:26.0029 4092 TermDD - ok
15:22:26.0177 4092 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
15:22:26.0327 4092 TermService - ok
15:22:26.0387 4092 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
15:22:26.0465 4092 Themes - ok
15:22:26.0575 4092 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
15:22:26.0628 4092 THREADORDER - ok
15:22:26.0702 4092 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
15:22:26.0749 4092 tifm21 ( UnsignedFile.Multi.Generic ) - warning
15:22:26.0749 4092 tifm21 - detected UnsignedFile.Multi.Generic (1)
15:22:26.0875 4092 TNaviSrv (b351aa72eae95c4447a3c5329977f064) C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
15:22:27.0121 4092 TNaviSrv ( UnsignedFile.Multi.Generic ) - warning
15:22:27.0121 4092 TNaviSrv - detected UnsignedFile.Multi.Generic (1)
15:22:27.0244 4092 TODDSrv (d540858e65bfa6fded41ad2495ece344) C:\Windows\system32\TODDSrv.exe
15:22:27.0555 4092 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
15:22:27.0555 4092 TODDSrv - detected UnsignedFile.Multi.Generic (1)
15:22:29.0043 4092 TosCoSrv (6a54c28b53c6b50d333c8ee974c6b208) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
15:22:29.0214 4092 TosCoSrv - ok
15:22:29.0423 4092 TOSHIBA Bluetooth Service (87843b2da99051bc66e2d6c211e3d6a4) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
15:22:29.0523 4092 TOSHIBA Bluetooth Service - ok
15:22:29.0623 4092 Tosrfcom - ok
15:22:29.0681 4092 tos_sps32 (1ea5f27c29405bf49799feca77186da9) C:\Windows\system32\DRIVERS\tos_sps32.sys
15:22:29.0777 4092 tos_sps32 - ok
15:22:29.0876 4092 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
15:22:29.0960 4092 TrkWks - ok
15:22:30.0025 4092 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
15:22:30.0093 4092 TrustedInstaller - ok
15:22:30.0152 4092 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:22:30.0217 4092 tssecsrv - ok
15:22:30.0332 4092 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:22:30.0392 4092 tunmp - ok
15:22:30.0415 4092 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:22:30.0470 4092 tunnel - ok
15:22:30.0516 4092 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
15:22:30.0568 4092 TVALZ - ok
15:22:30.0680 4092 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
15:22:30.0732 4092 uagp35 - ok
15:22:30.0785 4092 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:22:30.0840 4092 udfs - ok
15:22:30.0896 4092 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
15:22:30.0977 4092 UI0Detect - ok
15:22:31.0075 4092 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
15:22:31.0942 4092 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
15:22:31.0942 4092 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
15:22:32.0058 4092 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
15:22:32.0110 4092 uliagpkx - ok
15:22:32.0136 4092 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
15:22:32.0228 4092 uliahci - ok
15:22:32.0253 4092 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:22:32.0287 4092 UlSata - ok
15:22:32.0499 4092 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:22:32.0713 4092 ulsata2 - ok
15:22:32.0815 4092 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:22:32.0890 4092 umbus - ok
15:22:32.0995 4092 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
15:22:33.0109 4092 upnphost - ok
15:22:33.0243 4092 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
15:22:33.0333 4092 usbaudio - ok
15:22:33.0398 4092 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:22:33.0497 4092 usbccgp - ok
15:22:33.0609 4092 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:22:33.0731 4092 usbcir - ok
15:22:33.0776 4092 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:22:33.0862 4092 usbehci - ok
15:22:33.0987 4092 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:22:34.0049 4092 usbhub - ok
15:22:34.0098 4092 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:22:34.0188 4092 usbohci - ok
15:22:34.0300 4092 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
15:22:34.0404 4092 usbprint - ok
15:22:34.0468 4092 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:22:34.0550 4092 USBSTOR - ok
15:22:34.0657 4092 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:22:34.0720 4092 usbuhci - ok
15:22:34.0778 4092 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
15:22:34.0864 4092 usbvideo - ok
15:22:34.0964 4092 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
15:22:35.0048 4092 UxSms - ok
15:22:35.0091 4092 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
15:22:35.0196 4092 vds - ok
15:22:35.0356 4092 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
15:22:35.0438 4092 vga - ok
15:22:35.0500 4092 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:22:35.0561 4092 VgaSave - ok
15:22:35.0599 4092 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
15:22:35.0643 4092 viaagp - ok
15:22:35.0749 4092 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
15:22:35.0842 4092 ViaC7 - ok
15:22:35.0860 4092 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
15:22:35.0888 4092 viaide - ok
15:22:35.0936 4092 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:22:35.0983 4092 volmgr - ok
15:22:36.0016 4092 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:22:36.0090 4092 volmgrx - ok
15:22:36.0194 4092 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:22:36.0241 4092 volsnap - ok
15:22:36.0291 4092 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
15:22:36.0360 4092 vsmraid - ok
15:22:36.0425 4092 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
15:22:36.0601 4092 VSS - ok
15:22:36.0709 4092 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
15:22:36.0807 4092 W32Time - ok
15:22:36.0869 4092 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:22:36.0954 4092 WacomPen - ok
15:22:37.0044 4092 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:22:37.0138 4092 Wanarp - ok
15:22:37.0148 4092 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:22:37.0232 4092 Wanarpv6 - ok
15:22:37.0278 4092 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
15:22:37.0619 4092 wcncsvc - ok
15:22:37.0730 4092 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
15:22:37.0836 4092 WcsPlugInService - ok
15:22:37.0895 4092 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
15:22:37.0926 4092 Wd - ok
15:22:37.0980 4092 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:22:38.0035 4092 Wdf01000 - ok
15:22:38.0120 4092 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:22:38.0201 4092 WdiServiceHost - ok
15:22:38.0209 4092 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
15:22:38.0272 4092 WdiSystemHost - ok
15:22:38.0327 4092 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
15:22:38.0384 4092 WebClient - ok
15:22:38.0443 4092 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
15:22:38.0532 4092 Wecsvc - ok
15:22:38.0607 4092 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
15:22:38.0670 4092 wercplsupport - ok
15:22:38.0754 4092 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
15:22:38.0854 4092 WerSvc - ok
15:22:38.0945 4092 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
15:22:39.0007 4092 WinDefend - ok
15:22:39.0016 4092 WinHttpAutoProxySvc - ok
15:22:39.0156 4092 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
15:22:39.0220 4092 Winmgmt - ok
15:22:39.0291 4092 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
15:22:39.0433 4092 WinRM - ok
15:22:39.0572 4092 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
15:22:39.0720 4092 Wlansvc - ok
15:22:39.0850 4092 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
15:22:39.0929 4092 WmiAcpi - ok
15:22:40.0007 4092 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
15:22:40.0101 4092 wmiApSrv - ok
15:22:40.0213 4092 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
15:22:40.0657 4092 WMPNetworkSvc - ok
15:22:40.0765 4092 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
15:22:40.0847 4092 WPCSvc - ok
15:22:40.0900 4092 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
15:22:40.0966 4092 WPDBusEnum - ok
15:22:41.0126 4092 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
15:22:41.0190 4092 WPFFontCache_v0400 - ok
15:22:41.0299 4092 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:22:41.0372 4092 ws2ifsl - ok
15:22:41.0417 4092 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
15:22:41.0518 4092 wscsvc - ok
15:22:41.0547 4092 WSearch - ok
15:22:41.0645 4092 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
15:22:41.0821 4092 wuauserv - ok
15:22:41.0955 4092 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:22:42.0074 4092 WUDFRd - ok
15:22:42.0114 4092 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
15:22:42.0181 4092 wudfsvc - ok
15:22:42.0228 4092 yukonwlh (1dd951cf8a69fa2bea82f3e3a811fa95) C:\Windows\system32\DRIVERS\yk60x86.sys
15:22:42.0292 4092 yukonwlh - ok
15:22:42.0411 4092 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
15:22:42.0634 4092 \Device\Harddisk0\DR0 - ok
15:22:42.0666 4092 Boot (0x1200) (e92a2ba33c72c05375240b6d5248f1db) \Device\Harddisk0\DR0\Partition0
15:22:42.0669 4092 \Device\Harddisk0\DR0\Partition0 - ok
15:22:42.0669 4092 ============================================================
15:22:42.0669 4092 Scan finished
15:22:42.0669 4092 ============================================================
15:22:42.0697 4148 Detected object count: 13
15:22:42.0697 4148 Actual detected object count: 13
15:23:33.0199 4148 CFSvcs ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0199 4148 CFSvcs ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0200 4148 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0200 4148 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0205 4148 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0205 4148 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0209 4148 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0209 4148 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0214 4148 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0214 4148 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0217 4148 KR3NPXP ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0217 4148 KR3NPXP ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0225 4148 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0225 4148 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0225 4148 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0226 4148 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0230 4148 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0230 4148 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0234 4148 tifm21 ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0235 4148 tifm21 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0239 4148 TNaviSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0240 4148 TNaviSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0242 4148 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0242 4148 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:33.0246 4148 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
15:23:33.0246 4148 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:23:47.0259 6040 Deinitialize success

**chemist** · 04-04-2012, 02:05 PM

Hello Masterchiefxx17. Run aswMBR again, but this time uncheck Trace disk IO calls

------------------------------------------------------

**Masterchiefxx17** · 04-04-2012, 02:10 PM

Worked! Do note: The first time with IO unchecked the program did crash.

----------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-04 16:07:32
-----------------------------
16:07:32.197 OS Version: Windows 6.0.6002 Service Pack 2
16:07:32.212 Number of processors: 2 586 0xF0D
16:07:32.212 ComputerName: JOHN-TOSHIBA-PC UserName: John-Toshiba
16:07:32.961 Initialize success
16:07:37.489 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
16:07:37.489 Disk 0 Vendor: Hitachi_HTS542512K9SA00 BB2OC33P Size: 114473MB BusType: 3
16:07:37.520 Disk 0 MBR read successfully
16:07:37.520 Disk 0 MBR scan
16:07:37.520 Disk 0 Windows VISTA default MBR code
16:07:37.536 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:07:37.551 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 112972 MB offset 3074048
16:07:37.551 Disk 0 scanning sectors +234440704
16:07:37.614 Disk 0 scanning C:\Windows\system32\drivers
16:07:44.790 Service scanning
16:07:54.134 Service MpKsl8fa3a3df c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8467CF6E-A744-4A18-8B82-A223BB0AA495}\MpKsl8fa3a3df.sys **LOCKED** 32
16:07:54.306 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
16:08:06.864 Modules scanning
16:08:15.397 Scan finished successfully
16:08:23.571 Disk 0 MBR has been saved successfully to "C:\Users\John-Toshiba\Desktop\MBR.dat"
16:08:23.602 The log file has been saved successfully to "C:\Users\John-Toshiba\Desktop\aswMBR.txt"

**chemist** · 04-04-2012, 03:45 PM

Hello again, Masterchiefxx17.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please reboot your machine.

------------------------------------------------------

**Masterchiefxx17** · 04-04-2012, 03:51 PM

Before I begin this ComboFix is there a possiblity that the computer could become in useable by running the program? Or do you always say: "Backup your files"?

**Masterchiefxx17** · 04-04-2012, 04:02 PM

Chemist,

As I was waiting for your reply a Virus program called "Internet Security" started up and is now running on the computer. I recently had the same virus on another computer I posted about here:

Internet Security (Virus)

^^TSF Website.

Luckly I know how to remove the .exe in Safe Mode. On the computer above Microsoft Security Essentials removed all files on that computer and there are 0 signs on the virus on the other computer.

On this computer you are currently helping me on, I can NOT remove the .exe in Safe Mode. The virus will NOT allow any programs to run in normal mode.

I just found the virus in Safe Mode. I deleted the .exe and the application named "isecutiry.exe". Programs are now free to run but MSE is warning me about other files. I have NOT deleted those or scanned.

What would you like me to do now? As a side note since this virus had been two of my computers now, could it be on my network?

Another Edit: ComboFix has NOT been ran.

**chemist** · 04-04-2012, 04:20 PM

Yes, it is possible it is on your network, and yes, I routinely ask users to backup their files to be prudent. My previous instructions stated to do no fixing on your own.

If you still want my help, please follow my last instructions.

**Masterchiefxx17** · 04-04-2012, 04:36 PM

Ok currently ComboFix is running and I will post back when it it finished.

Since the program could be on the network should I post a new virus thread about it?

My apologies for removing the .exe. I shall do as you say

.

**Masterchiefxx17** · 04-04-2012, 04:57 PM

ComboFix Log:

ComboFix 12-04-04.02 - John-Toshiba 04/04/2012 18:35:48.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1526.582 [GMT -5:00]
Running from: c:\users\John-Toshiba\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John-Toshiba\AppData\Roaming\.minecraft\.minecraft\vmvsz.dll
.
Infected copy of c:\windows\system32\Drivers\atapi.sys was found and disinfected
Restored copy from - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 20:25 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8467CF6E-A744-4A18-8B82-A223BB0AA495}\mpengine.dll
2012-04-04 20:06 . 2012-04-04 20:06 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-19 21:41 . 2012-03-19 21:41 -------- d-----w- c:\users\John-Toshiba\AppData\Roaming\Visan
2012-03-19 21:40 . 2012-03-19 21:41 -------- d-----w- c:\programdata\Visan
2012-03-13 20:15 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:15 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 20:15 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 20:15 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 20:15 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 20:15 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 20:15 . 2012-01-31 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 20:15 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:15 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 20:06 . 2011-12-26 20:03 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-14 02:15 . 2011-12-26 14:59 6582328 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-31 12:44 . 2011-12-25 21:45 237072 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-23 538744]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-15 102400]
"NDSTray.exe"="NDSTray.exe" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 253600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 20:06]
.
2012-04-04 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2011-12-26 21:10]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-26 20:23]
.
2012-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-26 20:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.leftlanenews.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-Internet Security - c:\users\John-Toshiba\AppData\Roaming\isecurity.exe
HKLM-Run-hpqSRMon - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\windows\RtHDVCpl.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynToshiba.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-04-04 18:53:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 23:52
.
Pre-Run: 66,684,866,560 bytes free
Post-Run: 66,605,051,904 bytes free
.
- - End Of File - - BCB97EF296932C044FFE1859BC59E4B7

**chemist** · 04-04-2012, 05:17 PM

Hello again, Masterchiefxx17. Are the redirects gone now?

Quote:

Since the program could be on the network should I post a new virus thread about it?

I'm afraid you'll have to start a separate thread for each system.

------------------------------------------------------

Please download Malwarebytes' Anti-Malware and Save it to your Desktop.

Right-click mbam-setup.exe and choose 'Run as administrator' to install it.
At the end, be sure a checkmark is placed next to the following:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Under the Scanner tab, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad and you may be prompted to Restart your computer.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy/Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

------------------------------------------------------

Uninstall the following via the Programs and Features Panel (Start->(Settings)->Control Panel->Programs->Programs and Features):

Java(TM) 6 Update 2

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

In fact, you should be able to update your current Java, Java(TM) 6 Update 30, by going to Control Panel > Programs > Java (looks like a coffee cup). Click on the Update tab. On the lower right, click on Update Now. An update should begin. Allow the install of the new Java.

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.

After the install is complete, go back to your Control Panel > Programs and click the Java icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button.
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
  - Trace and Log Files
- Click OK on Delete Temporary Files Window.
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
- Click OK to leave the Temporary Files Window.
- Click OK to leave the Java Control Panel.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

In Microsoft Windows Vista/Win7, you must open the Web browser via a right-click using the Run as Administrator command.

Go here and click 'ESET Online Scanner'.

If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
Turn off the real-time scanner of any existing antivirus program while performing the online scan.
Tick the box next to YES, I accept the Terms of Use.
Click Start
If using Internet Explorer, allow the ActiveX control to install when asked.
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives', click the Change.. button.
Tick all the boxes that correspond to your external/inserted drives.
Click Start
Wait for the scan to finish.
When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
Save that text file to your desktop, and then copy/paste the contents in your next reply.

------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior

**Masterchiefxx17** · 04-05-2012, 04:50 AM

MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
wxw.malwarebytes.org
Database version: v2012.04.04.10
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
John-Toshiba :: JOHN-TOSHIBA-PC [administrator]
Protection: Enabled
4/4/2012 9:00:23 PM
mbam-log-2012-04-04 (21-00-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 185163
Time elapsed: 6 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

----------------------------------------

Online Scan Log:

Said No virus found.

----------------------------------------

So far there are 0 signs of the redirects. I have done 15 searches in google and none of them lead to the weird redirect page. I would say the virus is gone.

**chemist** · 04-05-2012, 06:35 AM

Hello again, Masterchiefxx17. Please run tdsskiller once more as before.

Also, please run dds again and post the first log, DDS.txt, in your next reply.

------------------------------------------------------

**Masterchiefxx17** · 04-05-2012, 01:12 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by John-Toshiba at 15:07:32 on 2012-04-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1526.428 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_2_202_228_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.leftlanenews.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Skytel] Skytel.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
TCP: Interfaces\{82B17A13-3D8B-444F-9AA7-CF0D21E089A7} : DhcpNameServer = 209.18.47.61 209.18.47.62 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-12-26 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-4 652360]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-11-6 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-4 20464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-26 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 253600]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-26 136176]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-04-05 11:31:45 6582328 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7ef94567-6e86-481b-b5bb-3f1aa77f20be}\mpengine.dll
2012-04-05 02:30:28 -------- d-----w- c:\program files\ESET
2012-04-05 01:59:32 -------- d-----w- c:\users\john-toshiba\appdata\roaming\Malwarebytes
2012-04-05 01:59:20 -------- d-----w- c:\programdata\Malwarebytes
2012-04-05 01:59:18 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 01:59:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-04 23:53:42 -------- d-----w- c:\users\john-toshiba\appdata\local\temp
2012-04-04 23:47:45 -------- d-sh--w- C:\$RECYCLE.BIN
2012-04-04 23:33:06 98816 ----a-w- c:\windows\sed.exe
2012-04-04 23:33:06 518144 ----a-w- c:\windows\SWREG.exe
2012-04-04 23:33:06 256000 ----a-w- c:\windows\PEV.exe
2012-04-04 23:33:06 208896 ----a-w- c:\windows\MBR.exe
2012-04-04 23:32:55 -------- d-----w- C:\ComboFix
2012-04-04 20:06:58 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-19 21:41:18 -------- d-----w- c:\users\john-toshiba\appdata\roaming\Visan
2012-03-19 21:40:40 -------- d-----w- c:\programdata\Visan
2012-03-13 20:15:27 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 20:15:25 683008 ----a-w- c:\windows\system32\d2d1.dll
2012-03-13 20:15:25 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-13 20:15:25 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-13 20:15:25 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2012-03-13 20:15:25 1068544 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 20:15:24 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2012-03-13 20:15:02 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-13 20:15:01 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
==================== Find3M ====================
.
2012-04-05 02:23:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-04 20:06:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44:05 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 15:09:06.76 ===============

**chemist** · 04-05-2012, 01:44 PM

Congratulations. Well done! Your logs appear clean. You should be good to go.

Please disable MSE before uninstalling ComboFix and then re-enable it after doing so.

Press the Windows "logo" key and "R" key then Copy/Paste the following single-line command into the Run box and click OK:

combofix /uninstall

This will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

Also, support is ending for some versions of Windows > Windows End of Support Information - Windows Help & How-to

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article:

PC Safety and Security - What Do I Need?

To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an add-on available for both Firefox and IE.
SpywareBlaster prevents the installation of ActiveX-based malware, blocks cookies, and restricts the actions of "bad" sites in Internet Explorer. See tutorial here
MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is the IP of your local computer. See guide here and for Windows Vista here

Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.

**Masterchiefxx17** · 04-05-2012, 02:01 PM

Ok thank you Chemist for the quick and easy help!

**chemist** · 04-05-2012, 02:45 PM

You're very welcome, Masterchiefxx17! Glad to have helped.