View Full Version : Google redirect problems and slow computer
Hello, my laptop has been running rather slowly over the past few weeks and I keep getting redirected when I try to navigate through Google links. I suspect spyware.
Any help would be greatly appreciated.
Here is my DDS log file:
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Miyoko at 16:28:35 on 2012-06-23
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.49 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files\Toshiba TEMPRO\TemproTray.exe
C:\Windows\system32\TODDSrv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MIF5BA~1\Office14\OUTLOOK.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bt.yahoo.com
uDefault_Page_URL = hxxp://toshiba.msn.com
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\config\systemprofile\appdata\local\hjekehwt\ppvwrkdk.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
TB: BT Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [{B911A5DA-90AE-CEFE-2236-9811AFFBF9E2}] c:\users\miyoko\appdata\roaming\skype\miyokosmets\chatsync\46\upnpcont.exe
uRun: [lpc] rundll32.exe "c:\users\miyoko\appdata\roaming\remote\prg5.dll", RegisterDll
uRun: [4Y3Y0C3AZF7XZA7EACFT] c:\recycle.bin\B6232F3A877.exe /q
uRun: [PpvWrkdk] c:\windows\system32\config\systemprofile\appdata\local\hjekehwt\ppvwrkdk.exe
uRun: [GameXN GO] "c:\programdata\gamexn\GameXNGO.exe" /startup
mRun: [NBAgent] "c:\program files\nero\nero backitup & burn\nero backitup\NBAgent.exe" /WinStart
mRun: [Toshiba TEMPRO] c:\program files\toshiba tempro\TemproTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [RtHDVBg] c:\program files\realtek\audio\hda\RtHDVBg.exe /FORPCEE3
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [Toshiba Registration] c:\program files\toshiba\registration\ToshibaReminder.exe
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [CLMLServer] "c:\program files\cyberlink\power2go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1449.0\mswinext.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe"
mRun: [jswtrayutil] "c:\program files\netgear\wna1100\jswtrayutil.exe"
dRun: [TOSHIBA Online Product Information] c:\program files\toshiba\toshiba online product information\topi.exe
dRun: [dplaysvr] c:\windows\system32\config\systemprofile\appdata\local\dplaysvr.exe
dRun: [lpc] rundll32.exe "c:\users\miyoko\appdata\roaming\remote\prg5.dll",RegisterDll
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna1100\WNA1100.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{7599AFB3-EE99-41E4-B192-5C060047197F} : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{7599AFB3-EE99-41E4-B192-5C060047197F}\244584F6D65684572623D253830545 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{C52397A6-A80A-482A-B469-8C0EA7203EC3} : DhcpNameServer = 192.168.22.22 192.168.22.23
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\570\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\drivers\SCMNdisP.sys [2012-5-23 21728]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2012-5-23 20384]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2010-1-28 185712]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 WSWNA1100;WSWNA1100;c:\program files\netgear\wna1100\WifiSvc.exe [2012-5-23 266240]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2010-10-14 24064]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-5-20 277536]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2010-10-14 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2010-2-5 111960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-6-5 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-1 257696]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-5-23 1564160]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wna1100\jswpsapi.exe [2012-5-23 960992]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2010-10-14 189984]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\toshiba tempro\TemproSvc.exe [2010-2-11 124368]
.
=============== Created Last 30 ================
.
2012-06-22 09:16:16 6762896 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fab8a643-d25f-4281-a8e2-5471564c3e7b}\mpengine.dll
2012-06-21 10:55:36 -------- d-----w- c:\users\miyoko\appdata\local\{52762C92-4699-45CE-B299-DB53091FB873}
2012-06-20 10:37:08 -------- d-----w- c:\users\miyoko\appdata\local\Windows Live
2012-06-20 10:36:59 -------- d-----w- c:\users\miyoko\appdata\local\{ECF7826F-588D-4C60-A198-20F9429EE8A9}
2012-06-13 22:13:31 163328 ----a-w- c:\windows\system32\profsvc.dll
.
==================== Find3M ====================
.
2012-06-23 15:27:25 111456 ---ha-w- c:\windows\system32\092RLa8
2012-06-23 15:25:19 103648 ---ha-w- c:\windows\system32\cDb4823
2012-06-19 17:09:00 111808 ---ha-w- c:\windows\system32\dtINN23
2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 01:12:09 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 14:02:56 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 14:02:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-07 11:34:37 2342400 ----a-w- c:\windows\system32\msi.dll
2012-04-02 04:46:44 3958128 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46:44 3902320 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:29:05 1287024 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
============= FINISH: 16:32:26.93 ===============
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Running programs with Vista or Windows 7 , you need to Right Click on the program and select RUN AS ADMINISTATOR
You are infected, lets check a bit deeper
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
http://public.avast.com/~gmerek/aswMBR1.png
On completion of the scan click save log, save it to your desktop and post in your next reply
http://public.avast.com/~gmerek/aswMBR2.png
Hello here is the logfile:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-26 23:38:26
-----------------------------
23:38:26.632 OS Version: Windows 6.1.7600
23:38:26.632 Number of processors: 2 586 0x1C0A
23:38:26.632 ComputerName: MIYOKO-TOSH UserName: Miyoko
23:38:28.785 Initialize success
23:40:53.020 AVAST engine defs: 12062601
23:41:56.978 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
23:41:57.076 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
23:41:57.147 Disk 0 MBR read successfully
23:41:57.161 Disk 0 MBR scan
23:41:58.724 Disk 0 MBR:Pihar-C [Rtk]
23:41:58.739 Disk 0 TDL4@MBR code has been found
23:41:58.755 Disk 0 Windows 7 default MBR code found via API
23:41:58.771 Disk 0 MBR hidden
23:41:58.856 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
23:41:59.092 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119237 MB offset 821248
23:41:59.288 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 118837 MB offset 245018624
23:41:59.314 Disk 0 MBR [TDL4] **ROOTKIT**
23:41:59.335 Disk 0 trace - called modules:
23:41:59.837 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8552d49f]<<
23:41:59.879 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85262a58]
23:41:59.923 3 CLASSPNP.SYS[86b7c59e] -> nt!IofCallDriver -> [0x855a35c0]
23:41:59.961 \Driver\iaStor[0x855625a8] -> IRP_MJ_CREATE -> 0x8552d49f
23:42:29.127 AVAST engine scan C:\Windows
23:42:42.501 AVAST engine scan C:\Windows\system32
23:42:43.610 File: C:\Windows\system32\092RLa8 **INFECTED** Win32:Katusha-FK [Trj]
23:43:44.389 File: C:\Windows\system32\cDb4823 **INFECTED** Win32:Katusha-FK [Trj]
23:44:49.709 File: C:\Windows\system32\dtINN23 **INFECTED** Win32:Katusha-FK [Trj]
23:44:59.079 File: C:\Windows\system32\ELiEi23 **INFECTED** Win32:Katusha-FK [Trj]
23:54:18.850 AVAST engine scan C:\Windows\system32\drivers
23:55:09.877 AVAST engine scan C:\Users\Miyoko
23:55:10.987 File: C:\Users\Miyoko\AppData\Local\dplayx.dll **INFECTED** Win32:MalOb-KB [Cryp]
00:01:45.343 File: C:\Users\Miyoko\AppData\Local\Temp\DA7F.tmp **INFECTED** Win32:SmokeLoader-JS [Trj]
00:01:47.547 File: C:\Users\Miyoko\AppData\Local\Temp\F6B4.tmp **INFECTED** Win32:Rootkit-gen [Rtk]
00:01:55.761 File: C:\Users\Miyoko\AppData\Local\Temp\hutrtmfqhtcvjxvt.exe **INFECTED** Win32:Katusha-FK [Trj]
00:04:31.319 File: C:\Users\Miyoko\AppData\Roaming\Remote\prg5.dll **INFECTED** Win32:Malware-gen
00:04:49.146 File: C:\Users\Miyoko\Desktop\092RLa8 **INFECTED** Win32:Katusha-FK [Trj]
00:04:50.827 File: C:\Users\Miyoko\Desktop\dtINN23 **INFECTED** Win32:Katusha-FK [Trj]
00:04:55.660 File: C:\Users\Miyoko\ELiEi23 **INFECTED** Win32:Katusha-FK [Trj]
00:05:01.697 AVAST engine scan C:\ProgramData
00:05:51.921 File: C:\ProgramData\Microsoft\Windows\DRM\EF53.tmp **INFECTED** Win32:Malware-gen
00:06:57.322 File: C:\ProgramData\vista32\EBLib.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:06:57.792 File: C:\ProgramData\vista32\Microsoft.VC80.MFC\mfc80.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:06:58.152 File: C:\ProgramData\vista32\Microsoft.VC80.MFC\mfc80u.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:07:27.089 File: C:\ProgramData\win7_32\Microsoft.VC80.MFC\mfc80.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:07:27.683 File: C:\ProgramData\win7_32\Microsoft.VC80.MFC\mfc80u.dll **INFECTED** Win32:Ramnit-AC [Drp]
00:07:29.349 Scan finished successfully
00:14:36.233 Disk 0 MBR has been saved successfully to "C:\Users\Miyoko\Desktop\MBR.dat"
00:14:36.554 The log file has been saved successfully to "C:\Users\Miyoko\Desktop\aswMBR.txt"
Hi,
Wow, you have one heavily infected computer. Sometimes I scratch my head and wonder what people do to infect there system so heavily. Your infections on this system are very very serious and not to be taken lightly
Your infected with a Rootkit and much more, you have an infected partition on your hard drive that your computer is booting from and you also are infected with Ramnit and Sality that are uncleanable
This entry from aswMBR
00:06:57.322 File: C:\ProgramData\vista32\EBLib.dll **INFECTED** Win32:Ramnit-AC [Drp]
Ramnit is an uncleanable infection, its most likely infected all .exe files on your system, even the ones in your windows backup folder so replacing them is not an option.
These are in the same catagory as Ramnit, there called Sality and there uncleanable
23:42:43.610 File: C:\Windows\system32\092RLa8 **INFECTED** Win32:Katusha-FK [Trj]
23:43:44.389 File: C:\Windows\system32\cDb4823 **INFECTED** Win32:Katusha-FK [Trj]
23:44:49.709 File: C:\Windows\system32\dtINN23 **INFECTED** Win32:Katusha-FK [Trj]
23:44:59.079 File: C:\Windows\system32\ELiEi23 **INFECTED** Win32:Katusha-FK [Trj]
What I would strongly advise you to do at this point is to back up any documents or pictures you dont want to lose to a thumb drive or CD.
I would use a known clean computer and change all your passwords for accounts you frequent, especially if you do any online banking or purchase goods from sites using a credit card
What I would strongly suggest is that you reformat your hard drive and do a clean install of windows
We can attempt to clean your system but I believe it would be fruitless, but if you want to try let me know
Hmm this is very strange. My mother uses this laptop and I am posting on her behalf. As far as I know she only uses this laptop to check her emails and occasionally watch programs on bbc iplayer/itv iplayer. She doesn't even know how to use the address bar, all the websites she accesses I had to create desktop shortcuts for (which are only yahoo messenger/bbc website and itv website) hence it's unlikely she stumbled upon some dodgey website by accident. She doesn't use torrents or anything either so I have no idea how the laptop could have gotten so badly infected.
I've backed up the documents she has saved to a flash drive, will reinstalling windows and stating from scratch get rid of the infection?
Good Morning,
Its possible that she wandered into a bad site, maybe opening up spam email and clicking on a link.
If aswMBR picked up one bad or iffy entry we could check it to make sure it was not a false positive but it picked up many serious infections, some of these infections are capable of downloading other garbage as well.
With Sality and Ramnit, your most likely safe backing up your pictures and documents but not programs, those you will have to reinstall after you reinstall windows, and not from a previous downloaded copy as the .exe file could be infected and you would just reinfect your system again, but you can reinstall programs from a CD if you have it for that program. If you need help with this let me know and I can link you to a good site that can help you, do you have your windows CD
As I understand it this laptop didn't come with a Windows CD, Windows 7 was already installed on it.
I notice there is a thread here on the ramnit virus: http://forums.spybot.info/showthread.php?t=63469
Would it be worth following those instructions? I don't mind reinstalling windows but if any other options can be explored before we go down that route I'd be grateful for your assistance.
In any case I will back up all text files.
This is somewhere where your at, as those two infections fall somewhere in the same area
http://miekiemoes.blogspot.com/2009/02/virut-and-other-file-infectors-throwing.html
Lets do this, this is of course at your own risk
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
Hello here is the TDS log:
14:42:07.0291 5536 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
14:42:07.0704 5536 ============================================================
14:42:07.0704 5536 Current date / time: 2012/07/01 14:42:07.0703
14:42:07.0704 5536 SystemInfo:
14:42:07.0704 5536
14:42:07.0705 5536 OS Version: 6.1.7600 ServicePack: 0.0
14:42:07.0705 5536 Product type: Workstation
14:42:07.0706 5536 ComputerName: MIYOKO-TOSH
14:42:07.0706 5536 UserName: Miyoko
14:42:07.0706 5536 Windows directory: C:\Windows
14:42:07.0706 5536 System windows directory: C:\Windows
14:42:07.0706 5536 Processor architecture: Intel x86
14:42:07.0706 5536 Number of processors: 2
14:42:07.0706 5536 Page size: 0x1000
14:42:07.0706 5536 Boot type: Normal boot
14:42:07.0707 5536 ============================================================
14:42:10.0967 5536 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
14:42:11.0097 5536 Drive \Device\Harddisk1\DR1 - Size: 0xF2C00000 (3.79 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
14:42:11.0126 5536 ============================================================
14:42:11.0126 5536 \Device\Harddisk0\DR0:
14:42:11.0143 5536 MBR partitions:
14:42:11.0144 5536 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE8E2800
14:42:11.0144 5536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE9AB000, BlocksNum 0xE81A800
14:42:11.0144 5536 \Device\Harddisk1\DR1:
14:42:11.0145 5536 MBR partitions:
14:42:11.0145 5536 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x794000
14:42:11.0145 5536 ============================================================
14:42:11.0401 5536 C: <-> \Device\Harddisk0\DR0\Partition0
14:42:11.0465 5536 D: <-> \Device\Harddisk0\DR0\Partition1
14:42:11.0465 5536 ============================================================
14:42:11.0465 5536 Initialize success
14:42:11.0466 5536 ============================================================
14:42:21.0511 4212 ============================================================
14:42:21.0511 4212 Scan started
14:42:21.0512 4212 Mode: Manual;
14:42:21.0512 4212 ============================================================
14:42:27.0766 4212 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
14:42:27.0772 4212 1394ohci - ok
14:42:27.0849 4212 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
14:42:27.0856 4212 ACPI - ok
14:42:27.0935 4212 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
14:42:27.0939 4212 AcpiPmi - ok
14:42:28.0093 4212 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:42:28.0102 4212 AdobeFlashPlayerUpdateSvc - ok
14:42:28.0266 4212 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
14:42:28.0397 4212 adp94xx - ok
14:42:28.0497 4212 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
14:42:28.0506 4212 adpahci - ok
14:42:28.0597 4212 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
14:42:28.0602 4212 adpu320 - ok
14:42:28.0716 4212 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
14:42:28.0719 4212 AeLookupSvc - ok
14:42:29.0005 4212 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
14:42:29.0079 4212 AFD - ok
14:42:29.0210 4212 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
14:42:29.0225 4212 agp440 - ok
14:42:29.0291 4212 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
14:42:29.0313 4212 aic78xx - ok
14:42:29.0382 4212 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
14:42:29.0398 4212 ALG - ok
14:42:29.0423 4212 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
14:42:29.0427 4212 aliide - ok
14:42:29.0482 4212 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
14:42:29.0486 4212 amdagp - ok
14:42:29.0498 4212 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
14:42:29.0501 4212 amdide - ok
14:42:29.0541 4212 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
14:42:29.0544 4212 AmdK8 - ok
14:42:29.0561 4212 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
14:42:29.0567 4212 AmdPPM - ok
14:42:29.0660 4212 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
14:42:29.0664 4212 amdsata - ok
14:42:29.0713 4212 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
14:42:29.0731 4212 amdsbs - ok
14:42:29.0767 4212 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
14:42:29.0770 4212 amdxata - ok
14:42:29.0823 4212 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
14:42:29.0828 4212 AppID - ok
14:42:29.0898 4212 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
14:42:29.0917 4212 AppIDSvc - ok
14:42:29.0939 4212 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
14:42:29.0943 4212 Appinfo - ok
14:42:30.0076 4212 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
14:42:30.0081 4212 arc - ok
14:42:30.0122 4212 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
14:42:30.0128 4212 arcsas - ok
14:42:30.0176 4212 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
14:42:30.0179 4212 AsyncMac - ok
14:42:30.0353 4212 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
14:42:30.0355 4212 atapi - ok
14:42:30.0676 4212 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\Windows\system32\DRIVERS\athr.sys
14:42:30.0778 4212 athr - ok
14:42:31.0231 4212 athur (3426386f125dd820e0651e5833f9849b) C:\Windows\system32\DRIVERS\athur.sys
14:42:31.0303 4212 athur - ok
14:42:31.0797 4212 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:42:31.0808 4212 AudioEndpointBuilder - ok
14:42:31.0828 4212 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
14:42:31.0856 4212 Audiosrv - ok
14:42:31.0930 4212 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
14:42:31.0933 4212 AxInstSV - ok
14:42:32.0127 4212 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
14:42:32.0139 4212 b06bdrv - ok
14:42:32.0367 4212 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
14:42:32.0373 4212 b57nd60x - ok
14:42:32.0783 4212 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
14:42:32.0788 4212 BBSvc - ok
14:42:32.0873 4212 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
14:42:32.0880 4212 BBUpdate - ok
14:42:32.0919 4212 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
14:42:32.0923 4212 BDESVC - ok
14:42:33.0005 4212 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
14:42:33.0007 4212 Beep - ok
14:42:33.0148 4212 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
14:42:33.0160 4212 BFE - ok
14:42:33.0319 4212 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
14:42:33.0464 4212 BITS - ok
14:42:33.0487 4212 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
14:42:33.0491 4212 blbdrive - ok
14:42:33.0586 4212 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
14:42:33.0600 4212 bowser - ok
14:42:33.0665 4212 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:42:33.0693 4212 BrFiltLo - ok
14:42:33.0736 4212 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:42:33.0738 4212 BrFiltUp - ok
14:42:33.0821 4212 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
14:42:33.0846 4212 Browser - ok
14:42:33.0975 4212 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
14:42:33.0983 4212 Brserid - ok
14:42:34.0057 4212 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
14:42:34.0108 4212 BrSerWdm - ok
14:42:34.0137 4212 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:42:34.0140 4212 BrUsbMdm - ok
14:42:34.0156 4212 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
14:42:34.0159 4212 BrUsbSer - ok
14:42:34.0190 4212 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
14:42:34.0193 4212 BTHMODEM - ok
14:42:34.0254 4212 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
14:42:34.0258 4212 bthserv - ok
14:42:34.0287 4212 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
14:42:34.0292 4212 cdfs - ok
14:42:34.0393 4212 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
14:42:34.0393 4212 cdrom - ok
14:42:34.0533 4212 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:42:34.0533 4212 CertPropSvc - ok
14:42:34.0818 4212 cfWiMAXService (3653fd7871e8b5b92e9c3e2945bd293d) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
14:42:34.0823 4212 cfWiMAXService - ok
14:42:34.0871 4212 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
14:42:34.0888 4212 circlass - ok
14:42:34.0951 4212 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
14:42:34.0958 4212 CLFS - ok
14:42:35.0082 4212 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:42:35.0089 4212 clr_optimization_v2.0.50727_32 - ok
14:42:35.0258 4212 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:42:35.0279 4212 clr_optimization_v4.0.30319_32 - ok
14:42:35.0333 4212 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
14:42:35.0337 4212 CmBatt - ok
14:42:35.0360 4212 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
14:42:35.0363 4212 cmdide - ok
14:42:35.0481 4212 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
14:42:35.0491 4212 CNG - ok
14:42:35.0563 4212 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
14:42:35.0567 4212 Compbatt - ok
14:42:35.0606 4212 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:42:35.0621 4212 CompositeBus - ok
14:42:35.0652 4212 COMSysApp - ok
14:42:35.0782 4212 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
14:42:35.0784 4212 ConfigFree Service - ok
14:42:35.0867 4212 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
14:42:35.0870 4212 crcdisk - ok
14:42:35.0958 4212 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
14:42:35.0980 4212 CryptSvc - ok
14:42:36.0184 4212 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
14:42:36.0344 4212 DcomLaunch - ok
14:42:36.0431 4212 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
14:42:36.0467 4212 defragsvc - ok
14:42:36.0533 4212 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
14:42:36.0538 4212 DfsC - ok
14:42:36.0642 4212 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
14:42:36.0650 4212 Dhcp - ok
14:42:36.0709 4212 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
14:42:36.0739 4212 discache - ok
14:42:36.0790 4212 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
14:42:36.0795 4212 Disk - ok
14:42:36.0848 4212 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
14:42:36.0855 4212 Dnscache - ok
14:42:36.0971 4212 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
14:42:36.0996 4212 dot3svc - ok
14:42:37.0065 4212 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
14:42:37.0072 4212 DPS - ok
14:42:37.0122 4212 drhvmyvf - ok
14:42:37.0209 4212 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
14:42:37.0212 4212 drmkaud - ok
14:42:37.0501 4212 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
14:42:37.0579 4212 DXGKrnl - ok
14:42:37.0667 4212 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
14:42:37.0674 4212 EapHost - ok
14:42:38.0699 4212 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
14:42:38.0859 4212 ebdrv - ok
14:42:39.0019 4212 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
14:42:39.0029 4212 EFS - ok
14:42:39.0139 4212 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
14:42:39.0159 4212 elxstor - ok
14:42:39.0189 4212 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
14:42:39.0189 4212 ErrDev - ok
14:42:39.0379 4212 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
14:42:39.0389 4212 EventSystem - ok
14:42:39.0504 4212 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
14:42:39.0509 4212 exfat - ok
14:42:39.0584 4212 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
14:42:39.0608 4212 fastfat - ok
14:42:39.0704 4212 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
14:42:39.0719 4212 Fax - ok
14:42:39.0763 4212 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
14:42:39.0767 4212 fdc - ok
14:42:39.0849 4212 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
14:42:39.0864 4212 fdPHost - ok
14:42:39.0882 4212 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
14:42:39.0888 4212 FDResPub - ok
14:42:39.0919 4212 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
14:42:39.0923 4212 FileInfo - ok
14:42:39.0953 4212 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
14:42:39.0957 4212 Filetrace - ok
14:42:39.0973 4212 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
14:42:39.0975 4212 flpydisk - ok
14:42:40.0039 4212 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
14:42:40.0045 4212 FltMgr - ok
14:42:40.0211 4212 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
14:42:40.0234 4212 FontCache - ok
14:42:40.0392 4212 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
14:42:40.0413 4212 FontCache3.0.0.0 - ok
14:42:40.0456 4212 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
14:42:40.0459 4212 FsDepends - ok
14:42:40.0563 4212 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
14:42:40.0566 4212 Fs_Rec - ok
14:42:40.0648 4212 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
14:42:40.0689 4212 fvevol - ok
14:42:40.0780 4212 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:42:40.0784 4212 gagp30kx - ok
14:42:40.0988 4212 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
14:42:41.0007 4212 GameConsoleService - ok
14:42:41.0118 4212 GoToAssist (5cc2b1d06ac1962af5fbbcf88d781dd8) C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
14:42:41.0123 4212 GoToAssist - ok
14:42:41.0289 4212 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
14:42:41.0334 4212 gpsvc - ok
14:42:41.0364 4212 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
14:42:41.0368 4212 hcw85cir - ok
14:42:41.0420 4212 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
14:42:41.0444 4212 HdAudAddService - ok
14:42:41.0492 4212 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:42:41.0497 4212 HDAudBus - ok
14:42:41.0512 4212 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
14:42:41.0515 4212 HidBatt - ok
14:42:41.0564 4212 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
14:42:41.0568 4212 HidBth - ok
14:42:41.0604 4212 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
14:42:41.0616 4212 HidIr - ok
14:42:41.0748 4212 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
14:42:41.0755 4212 hidserv - ok
14:42:41.0855 4212 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
14:42:41.0868 4212 HidUsb - ok
14:42:41.0922 4212 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
14:42:41.0934 4212 hkmsvc - ok
14:42:41.0965 4212 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
14:42:41.0996 4212 HomeGroupListener - ok
14:42:42.0131 4212 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
14:42:42.0143 4212 HomeGroupProvider - ok
14:42:42.0263 4212 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:42:42.0287 4212 HpSAMD - ok
14:42:42.0487 4212 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
14:42:42.0507 4212 HTTP - ok
14:42:42.0605 4212 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
14:42:42.0625 4212 hwpolicy - ok
14:42:42.0720 4212 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
14:42:42.0725 4212 i8042prt - ok
14:42:42.0829 4212 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys
14:42:42.0835 4212 iaStor - ok
14:42:42.0945 4212 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
14:42:42.0955 4212 iaStorV - ok
14:42:43.0210 4212 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:42:43.0233 4212 idsvc - ok
14:42:44.0375 4212 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
14:42:44.0725 4212 igfx - ok
14:42:45.0359 4212 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
14:42:45.0362 4212 iirsp - ok
14:42:45.0536 4212 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
14:42:45.0556 4212 IKEEXT - ok
14:42:46.0179 4212 IntcAzAudAddService (c4b1d45fe135286155b9e6aa0db4e4d3) C:\Windows\system32\drivers\RTKVHDA.sys
14:42:46.0333 4212 IntcAzAudAddService - ok
14:42:46.0562 4212 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
14:42:46.0564 4212 intelide - ok
14:42:46.0623 4212 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
14:42:46.0626 4212 intelppm - ok
14:42:46.0673 4212 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
14:42:46.0681 4212 IPBusEnum - ok
14:42:46.0815 4212 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:42:46.0819 4212 IpFilterDriver - ok
14:42:46.0977 4212 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
14:42:46.0991 4212 iphlpsvc - ok
14:42:47.0128 4212 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:42:47.0136 4212 IPMIDRV - ok
14:42:47.0191 4212 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
14:42:47.0196 4212 IPNAT - ok
14:42:47.0255 4212 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
14:42:47.0263 4212 IRENUM - ok
14:42:47.0325 4212 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
14:42:47.0329 4212 isapnp - ok
14:42:47.0388 4212 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
14:42:47.0395 4212 iScsiPrt - ok
14:42:47.0846 4212 jswpsapi (cf9ba304b8047b9582d72d9bfef42eae) C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe
14:42:47.0920 4212 jswpsapi - ok
14:42:48.0052 4212 jswpslwf (55c9b4252b751226b838eed2bc50bb64) C:\Windows\system32\DRIVERS\jswpslwf.sys
14:42:48.0058 4212 jswpslwf - ok
14:42:48.0101 4212 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
14:42:48.0106 4212 kbdclass - ok
14:42:48.0146 4212 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
14:42:48.0150 4212 kbdhid - ok
14:42:48.0297 4212 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:42:48.0305 4212 KeyIso - ok
14:42:48.0396 4212 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
14:42:48.0400 4212 KSecDD - ok
14:42:48.0496 4212 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
14:42:48.0502 4212 KSecPkg - ok
14:42:48.0602 4212 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
14:42:48.0702 4212 KtmRm - ok
14:42:48.0856 4212 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
14:42:48.0953 4212 LanmanServer - ok
14:42:48.0997 4212 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
14:42:49.0024 4212 LanmanWorkstation - ok
14:42:49.0118 4212 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
14:42:49.0122 4212 lltdio - ok
14:42:49.0190 4212 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
14:42:49.0241 4212 lltdsvc - ok
14:42:49.0290 4212 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
14:42:49.0297 4212 lmhosts - ok
14:42:49.0362 4212 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\Windows\system32\DRIVERS\LPCFilter.sys
14:42:49.0366 4212 LPCFilter - ok
14:42:49.0399 4212 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:42:49.0404 4212 LSI_FC - ok
14:42:49.0473 4212 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:42:49.0483 4212 LSI_SAS - ok
14:42:49.0511 4212 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:42:49.0514 4212 LSI_SAS2 - ok
14:42:49.0560 4212 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:42:49.0566 4212 LSI_SCSI - ok
14:42:49.0596 4212 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
14:42:49.0601 4212 luafv - ok
14:42:49.0636 4212 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
14:42:49.0657 4212 megasas - ok
14:42:49.0808 4212 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
14:42:49.0815 4212 MegaSR - ok
14:42:50.0118 4212 Micorsoft Windows Service - ok
14:42:50.0233 4212 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:42:50.0244 4212 MMCSS - ok
14:42:50.0293 4212 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
14:42:50.0326 4212 Modem - ok
14:42:50.0409 4212 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
14:42:50.0412 4212 monitor - ok
14:42:50.0543 4212 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
14:42:50.0547 4212 mouclass - ok
14:42:50.0683 4212 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
14:42:50.0687 4212 mouhid - ok
14:42:50.0762 4212 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
14:42:50.0767 4212 mountmgr - ok
14:42:50.0873 4212 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
14:42:50.0892 4212 mpio - ok
14:42:51.0060 4212 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
14:42:51.0063 4212 mpsdrv - ok
14:42:51.0326 4212 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
14:42:51.0357 4212 MpsSvc - ok
14:42:51.0522 4212 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
14:42:51.0524 4212 MREMP50 - ok
14:42:51.0536 4212 MREMPR5 - ok
14:42:51.0559 4212 MRENDIS5 - ok
14:42:51.0592 4212 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
14:42:51.0596 4212 MRESP50 - ok
14:42:51.0746 4212 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
14:42:51.0759 4212 MRxDAV - ok
14:42:51.0841 4212 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:42:51.0890 4212 mrxsmb - ok
14:42:51.0958 4212 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:42:51.0970 4212 mrxsmb10 - ok
14:42:52.0124 4212 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:42:52.0129 4212 mrxsmb20 - ok
14:42:52.0199 4212 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
14:42:52.0204 4212 msahci - ok
14:42:52.0248 4212 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
14:42:52.0253 4212 msdsm - ok
14:42:52.0352 4212 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
14:42:52.0402 4212 MSDTC - ok
14:42:52.0521 4212 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
14:42:52.0525 4212 Msfs - ok
14:42:52.0553 4212 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
14:42:52.0568 4212 mshidkmdf - ok
14:42:52.0651 4212 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
14:42:52.0654 4212 msisadrv - ok
14:42:52.0771 4212 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
14:42:52.0809 4212 MSiSCSI - ok
14:42:52.0822 4212 msiserver - ok
14:42:52.0940 4212 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
14:42:52.0943 4212 MSKSSRV - ok
14:42:53.0007 4212 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
14:42:53.0010 4212 MSPCLOCK - ok
14:42:53.0046 4212 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
14:42:53.0050 4212 MSPQM - ok
14:42:53.0161 4212 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
14:42:53.0167 4212 MsRPC - ok
14:42:53.0220 4212 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
14:42:53.0249 4212 mssmbios - ok
14:42:53.0293 4212 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
14:42:53.0296 4212 MSTEE - ok
14:42:53.0320 4212 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
14:42:53.0323 4212 MTConfig - ok
14:42:53.0399 4212 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
14:42:53.0406 4212 Mup - ok
14:42:53.0493 4212 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
14:42:53.0529 4212 napagent - ok
14:42:53.0651 4212 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
14:42:53.0662 4212 NativeWifiP - ok
14:42:53.0761 4212 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
14:42:53.0784 4212 NDIS - ok
14:42:53.0836 4212 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
14:42:53.0840 4212 NdisCap - ok
14:42:53.0873 4212 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
14:42:53.0876 4212 NdisTapi - ok
14:42:53.0919 4212 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
14:42:53.0925 4212 Ndisuio - ok
14:42:53.0981 4212 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
14:42:54.0004 4212 NdisWan - ok
14:42:54.0056 4212 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
14:42:54.0060 4212 NDProxy - ok
14:42:54.0456 4212 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
14:42:54.0519 4212 Nero BackItUp Scheduler 4.0 - ok
14:42:54.0574 4212 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
14:42:54.0578 4212 NetBIOS - ok
14:42:54.0689 4212 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
14:42:54.0716 4212 NetBT - ok
14:42:54.0772 4212 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:42:54.0779 4212 Netlogon - ok
14:42:54.0892 4212 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
14:42:54.0929 4212 Netman - ok
14:42:55.0032 4212 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
14:42:55.0057 4212 netprofm - ok
14:42:55.0143 4212 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:42:55.0149 4212 NetTcpPortSharing - ok
14:42:55.0248 4212 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
14:42:55.0253 4212 nfrd960 - ok
14:42:55.0320 4212 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
14:42:55.0344 4212 NlaSvc - ok
14:42:55.0373 4212 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
14:42:55.0379 4212 Npfs - ok
14:42:55.0396 4212 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
14:42:55.0405 4212 nsi - ok
14:42:55.0436 4212 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
14:42:55.0439 4212 nsiproxy - ok
14:42:55.0668 4212 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
14:42:55.0696 4212 Ntfs - ok
14:42:55.0738 4212 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
14:42:55.0741 4212 Null - ok
14:42:55.0797 4212 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
14:42:55.0803 4212 nvraid - ok
14:42:55.0834 4212 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
14:42:55.0840 4212 nvstor - ok
14:42:55.0875 4212 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
14:42:55.0880 4212 nv_agp - ok
14:42:55.0910 4212 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
14:42:55.0914 4212 ohci1394 - ok
14:42:56.0039 4212 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:42:56.0058 4212 ose - ok
14:42:56.0881 4212 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:42:57.0069 4212 osppsvc - ok
14:42:57.0407 4212 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:42:57.0422 4212 p2pimsvc - ok
14:42:57.0524 4212 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
14:42:57.0556 4212 p2psvc - ok
14:42:57.0704 4212 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
14:42:57.0713 4212 Parport - ok
14:42:57.0807 4212 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
14:42:57.0813 4212 partmgr - ok
14:42:57.0843 4212 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
14:42:57.0847 4212 Parvdm - ok
14:42:57.0897 4212 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
14:42:57.0909 4212 PcaSvc - ok
14:42:57.0968 4212 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
14:42:57.0974 4212 pci - ok
14:42:57.0995 4212 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
14:42:57.0998 4212 pciide - ok
14:42:58.0070 4212 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
14:42:58.0077 4212 pcmcia - ok
14:42:58.0119 4212 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
14:42:58.0123 4212 pcw - ok
14:42:58.0259 4212 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
14:42:58.0302 4212 PEAUTH - ok
14:42:58.0393 4212 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\Windows\system32\DRIVERS\pgeffect.sys
14:42:58.0396 4212 PGEffect - ok
14:42:58.0665 4212 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
14:42:58.0727 4212 pla - ok
14:42:58.0979 4212 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
14:42:58.0998 4212 PlugPlay - ok
14:42:59.0089 4212 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
14:42:59.0099 4212 PNRPAutoReg - ok
14:42:59.0144 4212 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
14:42:59.0162 4212 PNRPsvc - ok
14:42:59.0249 4212 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
14:42:59.0263 4212 PolicyAgent - ok
14:42:59.0332 4212 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
14:42:59.0348 4212 Power - ok
14:42:59.0462 4212 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
14:42:59.0466 4212 PptpMiniport - ok
14:42:59.0500 4212 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
14:42:59.0504 4212 Processor - ok
14:42:59.0601 4212 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
14:42:59.0616 4212 ProfSvc - ok
14:42:59.0682 4212 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:42:59.0689 4212 ProtectedStorage - ok
14:42:59.0798 4212 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
14:42:59.0803 4212 Psched - ok
14:43:00.0045 4212 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
14:43:00.0101 4212 ql2300 - ok
14:43:00.0465 4212 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
14:43:00.0469 4212 ql40xx - ok
14:43:00.0527 4212 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
14:43:00.0542 4212 QWAVE - ok
14:43:00.0582 4212 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
14:43:00.0588 4212 QWAVEdrv - ok
14:43:00.0612 4212 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
14:43:00.0657 4212 RasAcd - ok
14:43:00.0709 4212 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:43:00.0712 4212 RasAgileVpn - ok
14:43:00.0743 4212 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
14:43:00.0755 4212 RasAuto - ok
14:43:00.0814 4212 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:43:00.0818 4212 Rasl2tp - ok
14:43:00.0881 4212 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
14:43:01.0286 4212 RasMan - ok
14:43:01.0326 4212 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
14:43:01.0331 4212 RasPppoe - ok
14:43:01.0381 4212 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
14:43:01.0387 4212 RasSstp - ok
14:43:01.0448 4212 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
14:43:01.0459 4212 rdbss - ok
14:43:01.0479 4212 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
14:43:01.0485 4212 rdpbus - ok
14:43:01.0509 4212 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:43:01.0513 4212 RDPCDD - ok
14:43:01.0573 4212 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
14:43:01.0576 4212 RDPENCDD - ok
14:43:01.0601 4212 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
14:43:01.0605 4212 RDPREFMP - ok
14:43:01.0637 4212 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
14:43:01.0645 4212 RDPWD - ok
14:43:01.0715 4212 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
14:43:01.0747 4212 rdyboost - ok
14:43:01.0810 4212 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
14:43:01.0831 4212 RemoteAccess - ok
14:43:01.0887 4212 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
14:43:01.0911 4212 RemoteRegistry - ok
14:43:01.0945 4212 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
14:43:01.0956 4212 RpcEptMapper - ok
14:43:01.0975 4212 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
14:43:01.0985 4212 RpcLocator - ok
14:43:02.0088 4212 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
14:43:02.0103 4212 RpcSs - ok
14:43:02.0147 4212 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
14:43:02.0153 4212 rspndr - ok
14:43:02.0226 4212 RSUSBSTOR (5bef0fd9b6e57bbc6f7920e3118ae108) C:\Windows\system32\Drivers\RtsUStor.sys
14:43:02.0233 4212 RSUSBSTOR - ok
14:43:02.0299 4212 RTL8167 (80b66a4181f782884a815e69d0afa743) C:\Windows\system32\DRIVERS\Rt86win7.sys
14:43:02.0308 4212 RTL8167 - ok
14:43:02.0396 4212 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:43:02.0404 4212 SamSs - ok
14:43:02.0477 4212 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
14:43:02.0482 4212 sbp2port - ok
14:43:02.0554 4212 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
14:43:02.0568 4212 SCardSvr - ok
14:43:02.0624 4212 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
14:43:02.0639 4212 scfilter - ok
14:43:02.0904 4212 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
14:43:02.0944 4212 Schedule - ok
14:43:03.0002 4212 SCMNdisP (3b68015683c27cb00c7a6b60a37cbcfd) C:\Windows\system32\DRIVERS\scmndisp.sys
14:43:03.0006 4212 SCMNdisP - ok
14:43:03.0084 4212 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
14:43:03.0087 4212 SCPolicySvc - ok
14:43:03.0201 4212 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
14:43:03.0214 4212 SDRSVC - ok
14:43:03.0303 4212 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
14:43:03.0338 4212 secdrv - ok
14:43:03.0398 4212 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
14:43:03.0410 4212 seclogon - ok
14:43:03.0456 4212 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
14:43:03.0473 4212 SENS - ok
14:43:03.0599 4212 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
14:43:03.0626 4212 Serenum - ok
14:43:03.0656 4212 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
14:43:03.0661 4212 Serial - ok
14:43:03.0694 4212 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
14:43:03.0716 4212 sermouse - ok
14:43:03.0780 4212 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
14:43:03.0792 4212 SessionEnv - ok
14:43:03.0904 4212 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
14:43:03.0908 4212 sffdisk - ok
14:43:03.0937 4212 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:43:03.0940 4212 sffp_mmc - ok
14:43:03.0959 4212 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:43:03.0962 4212 sffp_sd - ok
14:43:03.0979 4212 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
14:43:03.0983 4212 sfloppy - ok
14:43:04.0044 4212 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
14:43:04.0056 4212 SharedAccess - ok
14:43:04.0321 4212 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
14:43:04.0381 4212 ShellHWDetection - ok
14:43:04.0511 4212 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
14:43:04.0515 4212 sisagp - ok
14:43:04.0632 4212 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:43:04.0637 4212 SiSRaid2 - ok
14:43:04.0785 4212 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
14:43:04.0797 4212 SiSRaid4 - ok
14:43:04.0981 4212 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) C:\Program Files\Skype\Updater\Updater.exe
14:43:04.0987 4212 SkypeUpdate - ok
14:43:05.0053 4212 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
14:43:05.0057 4212 Smb - ok
14:43:05.0158 4212 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
14:43:05.0214 4212 SNMPTRAP - ok
14:43:05.0304 4212 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
14:43:05.0308 4212 spldr - ok
14:43:05.0491 4212 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
14:43:05.0507 4212 Spooler - ok
14:43:05.0769 4212 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
14:43:05.0896 4212 sppsvc - ok
14:43:06.0056 4212 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
14:43:06.0071 4212 sppuinotify - ok
14:43:06.0181 4212 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
14:43:06.0208 4212 srv - ok
14:43:06.0268 4212 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
14:43:06.0277 4212 srv2 - ok
14:43:06.0306 4212 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
14:43:06.0330 4212 srvnet - ok
14:43:06.0375 4212 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
14:43:06.0403 4212 SSDPSRV - ok
14:43:06.0528 4212 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
14:43:06.0562 4212 SstpSvc - ok
14:43:06.0605 4212 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
14:43:06.0613 4212 stexstor - ok
14:43:06.0795 4212 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
14:43:06.0847 4212 StiSvc - ok
14:43:06.0896 4212 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
14:43:06.0899 4212 swenum - ok
14:43:06.0953 4212 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
14:43:06.0971 4212 swprv - ok
14:43:07.0096 4212 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\Windows\system32\DRIVERS\SynTP.sys
14:43:07.0119 4212 SynTP - ok
14:43:07.0383 4212 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
14:43:07.0453 4212 SysMain - ok
14:43:07.0557 4212 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
14:43:07.0600 4212 TabletInputService - ok
14:43:07.0658 4212 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
14:43:07.0675 4212 TapiSrv - ok
14:43:07.0746 4212 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
14:43:07.0799 4212 TBS - ok
14:43:08.0118 4212 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
14:43:08.0200 4212 Tcpip - ok
14:43:08.0311 4212 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
14:43:08.0364 4212 TCPIP6 - ok
14:43:08.0431 4212 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
14:43:08.0442 4212 tcpipreg - ok
14:43:08.0523 4212 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
14:43:08.0541 4212 tdcmdpst - ok
14:43:08.0623 4212 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
14:43:08.0626 4212 TDPIPE - ok
14:43:08.0642 4212 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
14:43:08.0645 4212 TDTCP - ok
14:43:08.0693 4212 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
14:43:08.0738 4212 tdx - ok
14:43:08.0895 4212 TemproMonitoringService (1b43fdbfe5a98f6b3d90595c6b2e5277) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
14:43:08.0901 4212 TemproMonitoringService - ok
14:43:08.0936 4212 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
14:43:08.0940 4212 TermDD - ok
14:43:09.0054 4212 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
14:43:09.0077 4212 TermService - ok
14:43:09.0132 4212 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
14:43:09.0174 4212 Themes - ok
14:43:09.0243 4212 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
14:43:09.0253 4212 THREADORDER - ok
14:43:09.0369 4212 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
14:43:09.0373 4212 TMachInfo - ok
14:43:09.0414 4212 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe
14:43:09.0431 4212 TODDSrv - ok
14:43:09.0629 4212 TosCoSrv (85edf7a274435e4df051bb23f8e01581) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
14:43:09.0640 4212 TosCoSrv - ok
14:43:09.0721 4212 TOSHIBA HDD SSD Alert Service (991e324dc137402148e01c2269632c6b) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
14:43:09.0725 4212 TOSHIBA HDD SSD Alert Service - ok
14:43:09.0770 4212 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
14:43:09.0786 4212 TrkWks - ok
14:43:09.0900 4212 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
14:43:09.0906 4212 TrustedInstaller - ok
14:43:09.0970 4212 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:43:09.0976 4212 tssecsrv - ok
14:43:10.0015 4212 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
14:43:10.0020 4212 tunnel - ok
14:43:10.0087 4212 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
14:43:10.0091 4212 TVALZ - ok
14:43:10.0121 4212 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
14:43:10.0125 4212 uagp35 - ok
14:43:10.0160 4212 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
14:43:10.0177 4212 udfs - ok
14:43:10.0304 4212 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
14:43:10.0336 4212 UI0Detect - ok
14:43:10.0421 4212 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:43:10.0438 4212 uliagpkx - ok
14:43:10.0472 4212 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
14:43:10.0476 4212 umbus - ok
14:43:10.0547 4212 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
14:43:10.0566 4212 UmPass - ok
14:43:10.0715 4212 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
14:43:10.0753 4212 upnphost - ok
14:43:10.0790 4212 usbccgp (5c233aefb566ee78c1efbc0493fb066a) C:\Windows\system32\DRIVERS\usbccgp.sys
14:43:10.0795 4212 usbccgp - ok
14:43:10.0834 4212 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
14:43:10.0841 4212 usbcir - ok
14:43:10.0900 4212 usbehci (5b71019a6aca0116fd21b368f19c0b91) C:\Windows\system32\drivers\usbehci.sys
14:43:10.0904 4212 usbehci - ok
14:43:11.0031 4212 usbhub (5823d3965c2a4f6f785ed1a3b403f3b8) C:\Windows\system32\DRIVERS\usbhub.sys
14:43:11.0039 4212 usbhub - ok
14:43:11.0083 4212 usbohci (e753ed6c49da13967ebabf9ea616454a) C:\Windows\system32\drivers\usbohci.sys
14:43:11.0101 4212 usbohci - ok
14:43:11.0158 4212 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
14:43:11.0161 4212 usbprint - ok
14:43:11.0205 4212 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
14:43:11.0209 4212 usbscan - ok
14:43:11.0398 4212 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:43:11.0403 4212 USBSTOR - ok
14:43:11.0476 4212 usbuhci (6a30928a469ce802600e1ea8c0f2f53f) C:\Windows\system32\drivers\usbuhci.sys
14:43:11.0480 4212 usbuhci - ok
14:43:11.0679 4212 usbvideo (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
14:43:11.0685 4212 usbvideo - ok
14:43:11.0736 4212 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
14:43:11.0748 4212 UxSms - ok
14:43:11.0884 4212 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
14:43:11.0891 4212 VaultSvc - ok
14:43:12.0002 4212 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:43:12.0006 4212 vdrvroot - ok
14:43:12.0152 4212 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
14:43:12.0175 4212 vds - ok
14:43:12.0276 4212 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
14:43:12.0301 4212 vga - ok
14:43:12.0408 4212 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
14:43:12.0423 4212 VgaSave - ok
14:43:12.0524 4212 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
14:43:12.0541 4212 vhdmp - ok
14:43:12.0673 4212 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
14:43:12.0692 4212 viaagp - ok
14:43:12.0736 4212 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
14:43:12.0739 4212 ViaC7 - ok
14:43:12.0773 4212 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
14:43:12.0845 4212 viaide - ok
14:43:12.0906 4212 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
14:43:12.0910 4212 volmgr - ok
14:43:12.0962 4212 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
14:43:12.0971 4212 volmgrx - ok
14:43:13.0021 4212 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
14:43:13.0033 4212 volsnap - ok
14:43:13.0147 4212 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
14:43:13.0153 4212 vsmraid - ok
14:43:13.0443 4212 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
14:43:13.0500 4212 VSS - ok
14:43:13.0774 4212 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
14:43:13.0808 4212 vwifibus - ok
14:43:13.0907 4212 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
14:43:13.0911 4212 vwififlt - ok
14:43:13.0960 4212 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
14:43:13.0987 4212 W32Time - ok
14:43:14.0029 4212 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
14:43:14.0034 4212 WacomPen - ok
14:43:14.0055 4212 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:14.0060 4212 WANARP - ok
14:43:14.0072 4212 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
14:43:14.0075 4212 Wanarpv6 - ok
14:43:14.0191 4212 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
14:43:14.0233 4212 wbengine - ok
14:43:14.0297 4212 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
14:43:14.0328 4212 WbioSrvc - ok
14:43:14.0477 4212 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
14:43:14.0495 4212 wcncsvc - ok
14:43:14.0583 4212 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
14:43:14.0598 4212 WcsPlugInService - ok
14:43:14.0696 4212 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
14:43:14.0700 4212 Wd - ok
14:43:14.0774 4212 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
14:43:14.0789 4212 Wdf01000 - ok
14:43:14.0846 4212 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:43:14.0862 4212 WdiServiceHost - ok
14:43:14.0874 4212 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
14:43:14.0888 4212 WdiSystemHost - ok
14:43:14.0969 4212 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
14:43:14.0986 4212 WebClient - ok
14:43:15.0068 4212 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
14:43:15.0083 4212 Wecsvc - ok
14:43:15.0177 4212 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
14:43:15.0189 4212 wercplsupport - ok
14:43:15.0229 4212 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
14:43:15.0241 4212 WerSvc - ok
14:43:15.0284 4212 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
14:43:15.0288 4212 WfpLwf - ok
14:43:15.0315 4212 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
14:43:15.0320 4212 WIMMount - ok
14:43:15.0526 4212 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
14:43:15.0542 4212 WinDefend - ok
14:43:15.0565 4212 WinHttpAutoProxySvc - ok
14:43:15.0737 4212 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
14:43:15.0746 4212 Winmgmt - ok
14:43:15.0998 4212 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
14:43:16.0070 4212 WinRM - ok
14:43:16.0268 4212 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
14:43:16.0298 4212 Wlansvc - ok
14:43:16.0939 4212 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:43:16.0996 4212 wlidsvc - ok
14:43:17.0253 4212 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:43:17.0257 4212 WmiAcpi - ok
14:43:17.0570 4212 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
14:43:17.0590 4212 wmiApSrv - ok
14:43:17.0868 4212 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
14:43:17.0901 4212 WMPNetworkSvc - ok
14:43:17.0951 4212 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
14:43:17.0974 4212 WPCSvc - ok
14:43:18.0005 4212 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
14:43:18.0020 4212 WPDBusEnum - ok
14:43:18.0161 4212 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
14:43:18.0164 4212 ws2ifsl - ok
14:43:18.0217 4212 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\System32\wscsvc.dll
14:43:18.0231 4212 wscsvc - ok
14:43:18.0299 4212 WSearch - ok
14:43:18.0432 4212 WSWNA1100 (35a20217c4d06d1d36a3addfd8ce58c2) C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe
14:43:18.0454 4212 WSWNA1100 - ok
14:43:19.0706 4212 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
14:43:19.0807 4212 wuauserv - ok
14:43:20.0182 4212 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
14:43:20.0188 4212 WudfPf - ok
14:43:20.0328 4212 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:43:20.0334 4212 WUDFRd - ok
14:43:20.0456 4212 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
14:43:20.0472 4212 wudfsvc - ok
14:43:20.0627 4212 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
14:43:20.0669 4212 WwanSvc - ok
14:43:20.0976 4212 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
14:43:20.0990 4212 YahooAUService - ok
14:43:21.0059 4212 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0
14:43:21.0224 4212 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:43:21.0225 4212 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:43:21.0282 4212 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
14:43:21.0293 4212 \Device\Harddisk1\DR1 - ok
14:43:21.0338 4212 Boot (0x1200) (3163685bbf78ae24220c5b80b553d8ed) \Device\Harddisk0\DR0\Partition0
14:43:21.0390 4212 \Device\Harddisk0\DR0\Partition0 - ok
14:43:21.0422 4212 Boot (0x1200) (07f8fe8c81f1aa466d4f753f3d748149) \Device\Harddisk0\DR0\Partition1
14:43:21.0447 4212 \Device\Harddisk0\DR0\Partition1 - ok
14:43:21.0460 4212 Boot (0x1200) (b1416c57362f35ed816bfad2a7ad95f3) \Device\Harddisk1\DR1\Partition0
14:43:21.0463 4212 \Device\Harddisk1\DR1\Partition0 - ok
14:43:21.0468 4212 ============================================================
14:43:21.0469 4212 Scan finished
14:43:21.0469 4212 ============================================================
14:43:22.0668 5996 Detected object count: 1
14:43:22.0668 5996 Actual detected object count: 1
14:43:47.0493 5996 \Device\Harddisk0\DR0\# - copied to quarantine
14:43:47.0494 5996 \Device\Harddisk0\DR0 - copied to quarantine
14:43:47.0582 5996 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
14:43:47.0586 5996 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
14:43:47.0599 5996 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
14:43:47.0604 5996 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
14:43:47.0619 5996 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
14:43:47.0630 5996 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
14:43:47.0734 5996 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
14:43:47.0739 5996 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
14:43:47.0745 5996 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
14:43:47.0751 5996 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
14:43:47.0771 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
14:43:47.0773 5996 \Device\Harddisk0\DR0 - ok
14:43:47.0828 5996 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
14:43:53.0943 5884 Deinitialize success
And the combofix log:
ComboFix 12-06-28.03 - Miyoko 01/07/2012 14:57:06.1.2 - x86
Microsoft Windows 7 Starter 6.1.7600.0.1252.44.1033.18.1013.162 [GMT 1:00]
Running from: F:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\recycle.bin\B6232F3A877.exe
c:\users\Miyoko\AppData\Local\dplayx.dll
c:\users\Miyoko\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0307F095-A9AA-4141-AE10-1606169486DD}.xps
c:\users\Miyoko\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C572F691-B1EA-4E44-AC45-810C8E7BD8E6}.xps
c:\users\Miyoko\AppData\Roaming\Remote\mxd1.txt
c:\users\Miyoko\AppData\Roaming\Remote\prg5.dll
c:\users\Miyoko\Documents\~WRL1520.tmp
c:\users\Miyoko\Documents\~WRL3921.tmp
c:\users\Miyoko\ELiEi23
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.00412003387555648467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.00774629830861439767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.01412620727323954467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0193581174904856667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.02564673041192877567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0296566270303304567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0419732592387611667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0427786878640082967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.05299027655186805467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0571246774811813367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0663407119619523567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0786005897222479367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0795745120259759967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.099014395279076367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.0992905857049233367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1013110725084946967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.132262775907849467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1501821977118532667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1546130791841824367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1546876261877602267f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1636770014591216767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1643029631328476567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1698140496739244467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1710065660057501567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1744857738460121667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1819070620109113467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1995417808951841567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.203760071321029767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.252532710800529567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2537667365589658767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.269277189591427167f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.2731627668975109667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.275379525682410367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3091107239350987567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.310308556043402967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.310464128229394467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3110983152990911567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.312315392014851867f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3153638863217639367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.317685262846212767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3253787926901069467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3431355768605872767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.3501549514807380567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.355594084958709967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.383281029418624267f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.394341066309473567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.402222417683702767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4103114662536603367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4170700220955010467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.449562661286820167f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.4841668915547271467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.518253578979128267f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.543914907328173867f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.547322189802186567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.557384828625046167f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.558273928716192567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.604273137552298867f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.608680507162669767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.623576412464306467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.633704511488916467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.660691684335953267f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.676369553590817167f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.686179077083767567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.706478497931031667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.714952529896585167f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.717534648255697867f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.721660887835794567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.721853054572275367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.730752001830257667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.731002589953138467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.760839448847261567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.7713691550579467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.779496629513513667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.807623389110303167f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.81977474669057667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.825286634752124767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.83136812827274367f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.838203117486105467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.885523210075154967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.896087790907203967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.919573700818822467f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.935792061283136967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.938162310469465567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.94094532664028567f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.941515729786148667f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.948608717979439167f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.949860812767122867f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.951334054013436867f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.979247423302830767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.981532887186341767f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.98715131033420967f76.exe.lnk
c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.991898163033928267f76.exe.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MICORSOFT_WINDOWS_SERVICE
-------\Service_Micorsoft Windows Service
.
.
((((((((((((((((((((((((( Files Created from 2012-06-01 to 2012-07-01 )))))))))))))))))))))))))))))))
.
.
2012-07-01 13:43 . 2012-07-01 13:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-22 09:16 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FAB8A643-D25F-4281-A8E2-5471564C3E7B}\mpengine.dll
2012-06-20 10:37 . 2012-06-20 10:37 -------- d-----w- c:\users\Miyoko\AppData\Local\Windows Live
2012-06-13 22:13 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-01 14:25 . 2012-03-15 10:23 103648 ---ha-w- c:\windows\system32\cDb4823
2012-07-01 14:23 . 2012-02-26 18:29 107456 ---ha-w- c:\windows\system32\092RLa8
2012-06-19 17:09 . 2012-02-29 15:50 111808 ---ha-w- c:\windows\system32\dtINN23
2012-05-05 14:02 . 2012-05-01 20:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:02 . 2011-09-17 19:55 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"{B911A5DA-90AE-CEFE-2236-9811AFFBF9E2}"="c:\users\Miyoko\AppData\Roaming\Skype\miyokosmets\chatsync\46\upnpcont.exe" [2009-07-14 172032]
"GameXN GO"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-23 150552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-13 8555040]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-04-13 694816]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-11-05 480608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-08-13 521528]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-03-25 742712]
"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2010-03-19 467816]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-03-03 30040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2011-07-13 557056]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-04-12 222504]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2011-05-26 1590144]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
.
c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ppvwrkdk.exe [2012-2-26 97844]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files\NETGEAR\WNA1100\WNA1100.exe [2012-5-23 4545024]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-05-23 14:30 16680 ----a-w- c:\program files\Citrix\GoToAssist\570\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@=""
.
R1 drhvmyvf;drhvmyvf;c:\windows\system32\drivers\drhvmyvf.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 14:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bt.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-lpc - c:\users\Miyoko\AppData\Roaming\Remote\prg5.dll
HKCU-Run-4Y3Y0C3AZF7XZA7EACFT - c:\recycle.bin\B6232F3A877.exe
HKLM-Run-Bing Bar - c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WNA1100\jswtrayutil.exe
HKU-Default-Run-lpc - c:\users\Miyoko\AppData\Roaming\Remote\prg5.dll
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files\Bing Bar Installer\InstallManager.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\conhost.exe
c:\windows\system32\TODDSrv.exe
c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxext.exe
c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe
c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-07-01 15:35:28 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-01 14:35
.
Pre-Run: 78,236,585,984 bytes free
Post-Run: 91,917,295,616 bytes free
.
- - End Of File - - 69252C5E13ED6C07403555FE0E4394DF
So far so good, there are a couple of suspicious files on your system.
You need to enable windows to show all files and folders, instructions Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html)
Go to VirusTotal (http://www.virustotal.com/) and submit this file for analysis, just use the browse feature and then Send File, if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
c:\windows\system32\drivers\drhvmyvf.sys
If the site is busy you can try this one
http://virusscan.jotti.org/en
Check this file as well , you will have to do a windows search for it
ppvwrkdk.exe
Then go ahead and run aswMBR once more and post the NEW LOG please
I'm afraid after numerous attempts I haven't been able to locate either file. I did follow the instructions to make hidden folders visible but even when I copied and pasted both file names into the search bar I couldn't find them.
ok, how are things running now ?
It's not as slow as it used to be and I haven't noticed any redirection issues lately, would you still advise reinstalling windows?
Go ahead and open aswMBR and let it update if it asks and run a new scan and post the log please
Hello again, here is the aswMBR logfile:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-08 22:17:29
-----------------------------
22:17:29.796 OS Version: Windows 6.1.7600
22:17:29.796 Number of processors: 2 586 0x1C0A
22:17:29.796 ComputerName: MIYOKO-TOSH UserName: Miyoko
22:17:32.931 Initialize success
22:17:53.274 AVAST engine defs: 12070801
22:19:07.811 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:19:07.826 Disk 0 Vendor: Hitachi_ PB2O Size: 238475MB BusType: 3
22:19:07.842 Disk 0 MBR read successfully
22:19:07.857 Disk 0 MBR scan
22:19:07.920 Disk 0 Windows 7 default MBR code
22:19:07.951 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
22:19:07.982 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119237 MB offset 821248
22:19:08.013 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 118837 MB offset 245018624
22:19:08.045 Disk 0 scanning sectors +488396800
22:19:08.138 Disk 0 scanning C:\Windows\system32\drivers
22:19:24.456 Service scanning
22:20:09.633 Modules scanning
22:20:27.012 AVAST engine scan C:\Windows
22:20:31.021 AVAST engine scan C:\Windows\system32
22:20:31.364 File: C:\Windows\system32\092RLa8 **INFECTED** Win32:Katusha-FK [Trj]
22:20:44.858 File: C:\Windows\system32\cDb4823 **INFECTED** Win32:Katusha-FK [Trj]
22:21:05.591 File: C:\Windows\system32\dtINN23 **INFECTED** Win32:Katusha-FK [Trj]
22:21:08.508 File: C:\Windows\system32\ELiEi23 **INFECTED** Win32:Katusha-FK [Trj]
22:25:20.903 AVAST engine scan C:\Windows\system32\drivers
22:25:39.062 AVAST engine scan C:\Users\Miyoko
22:29:58.428 File: C:\Users\Miyoko\Desktop\092RLa8 **INFECTED** Win32:Katusha-FK [Trj]
22:30:00.643 File: C:\Users\Miyoko\Desktop\dtINN23 **INFECTED** Win32:Katusha-FK [Trj]
22:30:18.724 AVAST engine scan C:\ProgramData
22:30:50.360 File: C:\ProgramData\Microsoft\Windows\DRM\EF53.tmp **INFECTED** Win32:Malware-gen
22:31:39.859 File: C:\ProgramData\vista32\EBLib.dll **INFECTED** Win32:Ramnit-AC [Drp]
22:31:40.280 File: C:\ProgramData\vista32\Microsoft.VC80.MFC\mfc80.dll **INFECTED** Win32:Ramnit-AC [Drp]
22:31:40.608 File: C:\ProgramData\vista32\Microsoft.VC80.MFC\mfc80u.dll **INFECTED** Win32:Ramnit-AC [Drp]
22:32:10.825 File: C:\ProgramData\win7_32\Microsoft.VC80.MFC\mfc80.dll **INFECTED** Win32:Ramnit-AC [Drp]
22:32:11.200 File: C:\ProgramData\win7_32\Microsoft.VC80.MFC\mfc80u.dll **INFECTED** Win32:Ramnit-AC [Drp]
22:32:12.729 Scan finished successfully
22:38:05.352 Disk 0 MBR has been saved successfully to "C:\Users\Miyoko\Desktop\MBR.dat"
22:38:05.398 The log file has been saved successfully to "C:\Users\Miyoko\Desktop\aswMBR3.txt"
Sorry to tell you my friend but your still very much infected with Ramnit
Some reading for you so you can see what your up against
http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Virus%3AWin32%2FRamnit.A
http://www.f-secure.com/v-descs/virus_w32_ramnit_n.shtml
http://arstechnica.com/business/2012/01/part-virus-part-botnet-spreading-fast-ramnit-moves-past-facebook-passwords/
At this point a complete format of your hard drive and reinstall of windows would be the only option. This virus can spread via usb thumb drives, I think it may be safe to back up any documents or pictures to a CD, not a thumb drive. Any programs that you installed that you have downloaded, the exe file to install those programs are infected as well, this virus infects all .exe files on your system.
I hope you followed my previous instructions to use a known clean computer to change all your passwords for any banking or shopping sites you use.
If you need help with the format and reinstall, please let me know and I can link you to a good windows forum to help you.
Sorry, wish I had better news for you
Ken :sad:
Thank you for trying, if you could link me to any of the windows forums re: reformating I would be grateful.
Do you think it would be worth my Mother alerting her bank as she has used her debit card on this laptop before but it was a long time ago and as far as I know she hasn't noticed any strange activities on her statements. In any case all of her passwords have been changed on my Mac which has had no contact with this laptop via USB or any other medium.
Hi,
As far as the bank, it wouldn't hurt to give them a heads up.
You can post here, you can also link them to this thread so they can see what we have done and what where up against. This forum like Safer is free but you will need to register, use the same user name that your using now so that I can find you and follow along and offer any advice that may be needed.
http://forums.whatthetech.com/index.php?showforum=119
Good Luck,
Ken :)
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken