Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Happili


  • This topic is locked This topic is locked
20 replies to this topic

#1 MANGOMASTER

MANGOMASTER

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 27 April 2012 - 11:41 AM

Previous post: http://www.bleepingcomputer.com/forums/topic451473.html/page__p__2679398__hl__happili__fromsearch__1#entry2679398
Windows 7
Mozilla Firefox 11.0
Skipped Step 8 "Create a GMER Log" - I have 64-bit

Hi,
I am having trouble with Google's search links. When I click on the links I am redirected to a site name Happili and sometimes Scour. I have used MacAfee to no avail. I used Combofix before I asked for help on Bleeping Computer not knowing what it does. After joining Bleeping Computer, I have disabled my cd-emulation software, but was not prompted to reboot. I have run the DDS Tool, but not GMER because of the 64-bit. Please let me know if you require the combofix logs as well. Thank you.

DDS made the following logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Owner at 11:39:40 on 2012-04-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4027.2275 [GMT -4:00]
.
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe
C:\windows\system32\conhost.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\AppData\Roaming\KB00030782.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
uRun: [KB00030782.exe] "C:\Users\Owner\AppData\Roaming\KB00030782.exe"
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
TCP: Interfaces\{37B84DF3-B097-4361-BE5A-24FAB2ACAEB9} : DhcpNameServer = 68.87.74.166 68.87.68.166 0.0.0.0
TCP: Interfaces\{40AD2FB4-B076-43B4-9C44-84F600CE8344} : DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
TCP: Interfaces\{40AD2FB4-B076-43B4-9C44-84F600CE8344}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 68.87.74.166 68.87.68.166 192.168.1.1
TCP: Interfaces\{40AD2FB4-B076-43B4-9C44-84F600CE8344}\649455355434552554 : DhcpNameServer = 131.94.7.220 131.94.205.10 131.94.226.10
TCP: Interfaces\{40AD2FB4-B076-43B4-9C44-84F600CE8344}\A4563616451647F6 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\coIEPlg.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s3kuuvkl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [2009-10-22 178920]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\SYMEFA64.SYS [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110114.001\BHDrvx64.sys [2011-1-14 953904]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110225.001\IDSviA64.sys [2011-2-25 476792]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1207010.003\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS --> C:\windows\system32\Drivers\NISx64\1207010.003\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
R2 McAfeeEngineService;McAfee Engine Service;C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-22 19720]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2009-8-25 103744]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2009-10-22 66896]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\system32\mfevtps.exe --> C:\windows\system32\mfevtps.exe [?]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-3-9 1104608]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.7.1.3\ccsvchst.exe [2012-4-3 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-11-25 1604200]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-7-28 267192]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-25 2320920]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
R3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-1-29 132656]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-25 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-7-22 822192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 253088]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-30 136176]
S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-27 14:43:21 -------- d-----w- C:\b5bd690d3f5a5d6a596b9c3f41e9
2012-04-26 04:51:14 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-04-26 04:51:10 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 04:51:10 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 19:30:53 8917360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{177AFD6F-4FFA-41B2-BCC4-8E8F91E55BD8}\mpengine.dll
2012-04-24 18:34:21 -------- d--h--w- C:\Users\Owner\AppData\Roaming\8DF05298
2012-04-24 18:34:20 100688 ----a-w- C:\Users\Owner\AppData\Roaming\KB00030782.exe
2012-04-19 02:48:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-18 23:24:41 -------- d-----w- C:\$RECYCLE.BIN
2012-04-18 22:40:13 16200 ----a-w- C:\windows\stinger.sys
2012-04-18 22:39:59 -------- d-----w- C:\Program Files (x86)\stinger
2012-04-18 14:16:16 -------- d-----w- C:\Users\Owner\AppData\Local\{C5578F38-57C6-4BA7-9F5D-ABD2043579DD}
2012-04-18 14:16:05 -------- d-----w- C:\Users\Owner\AppData\Local\{C544061F-307B-480E-BEB8-53A019A4C263}
2012-04-18 02:15:33 -------- d-----w- C:\Users\Owner\AppData\Local\{47DFFF9F-8AE7-4922-9A57-BF847E403AB1}
2012-04-17 14:15:04 -------- d-----w- C:\Users\Owner\AppData\Local\{6F367C41-B402-4DBB-A77C-E16E2C980796}
2012-04-17 14:14:52 -------- d-----w- C:\Users\Owner\AppData\Local\{0B25EA8D-ADCF-44B0-82EE-AE85B23A29A0}
2012-04-17 02:14:22 -------- d-----w- C:\Users\Owner\AppData\Local\{71C4A5D8-3FF2-459C-A8F8-3B076A3CE559}
2012-04-17 02:14:10 -------- d-----w- C:\Users\Owner\AppData\Local\{102E15AE-50D1-431C-94CF-0397BF6FD907}
2012-04-16 14:13:21 -------- d-----w- C:\Users\Owner\AppData\Local\{42D61D4C-08B2-43D7-83C5-31EB52158B3A}
2012-04-16 14:12:41 -------- d-----w- C:\Users\Owner\AppData\Local\{4307BA32-EBBF-421C-9910-92918790AF63}
2012-04-16 01:46:45 -------- d-----w- C:\Users\Owner\AppData\Local\{4A51A5E5-2C6A-47E9-B605-0607A35603A5}
2012-04-15 13:45:10 -------- d-----w- C:\Users\Owner\AppData\Local\{267368ED-6559-47E1-B066-40CC7CEDF1E1}
2012-04-15 13:44:17 -------- d-----w- C:\Users\Owner\AppData\Local\{9769AD4E-FCA0-4C23-86D4-2BF6F68FB261}
2012-04-15 01:40:51 -------- d-----w- C:\Users\Owner\AppData\Local\{4F05D1A5-8FB2-49CB-AA6F-B1211C56A933}
2012-04-14 13:38:35 -------- d-----w- C:\Users\Owner\AppData\Local\{E66006A2-572C-40E3-B226-98F075E54749}
2012-04-14 13:37:11 -------- d-----w- C:\Users\Owner\AppData\Local\{683BC3D6-C893-4457-BE4B-3E137FD4777A}
2012-04-14 01:41:06 -------- d-----w- C:\windows\en
2012-04-14 01:37:36 48488 ----a-w- C:\windows\System32\drivers\fssfltr.sys
2012-04-14 01:31:12 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\467a29931cd19de02\MeshBetaRemover.exe
2012-04-14 01:31:11 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\DSETUP.dll
2012-04-14 01:31:11 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\DXSETUP.exe
2012-04-14 01:31:11 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\dsetup32.dll
2012-04-14 01:26:13 -------- d-----w- C:\Users\Owner\AppData\Local\{C8426453-9154-4E40-A8E9-2CE34F81A53D}
2012-04-14 01:25:44 -------- d-----w- C:\Users\Owner\AppData\Local\{3785828C-D6FF-43CD-A743-CB447F704D44}
2012-04-13 21:16:49 -------- d-----w- C:\Users\Owner\AppData\Local\{3289B407-82BE-430F-983E-9AB3EE8D5C8E}
2012-04-13 18:43:08 -------- d-----w- C:\Users\Owner\AppData\Local\{A7F9E06F-8EB5-4F23-BFA1-3D573D71CFDF}
2012-04-12 14:14:56 -------- d-----w- C:\Users\Owner\AppData\Local\{854C13E7-DCB4-4641-B7A2-8E48B248D38C}
2012-04-12 06:31:45 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 06:31:44 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 06:31:44 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 06:28:02 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 06:28:02 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 06:28:02 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 06:28:01 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 06:28:01 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 06:28:01 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 06:28:01 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-11 13:48:58 -------- d-----w- C:\Users\Owner\AppData\Local\{B66CB971-AF9A-4A71-98F2-90308BB5A840}
2012-04-10 12:02:56 -------- d-----w- C:\Users\Owner\AppData\Local\{1CB5EB55-C2E2-4D6D-8AEE-505F427FB85C}
2012-04-09 14:50:38 -------- d-----w- C:\Users\Owner\AppData\Local\{57F17C74-281C-4433-80F8-CCEA61FDCDD2}
2012-04-08 15:18:19 8741536 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 14:51:40 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-04-08 14:49:40 -------- d-----w- C:\Users\Owner\AppData\Local\{DCD22DF7-5CA4-4E18-B424-4EE91CE8D5D0}
2012-04-07 14:26:07 -------- d-----w- C:\Users\Owner\AppData\Local\{422517E1-FAF0-4DC6-92EB-B85A6932CF63}
2012-04-06 14:25:30 -------- d-----w- C:\Users\Owner\AppData\Local\{B6A4C167-3022-4F27-9835-82139D557545}
2012-04-06 02:02:17 -------- d-----w- C:\Users\Owner\AppData\Local\{0F1E64A2-0827-45B5-8667-BDB88C9B2D6E}
2012-04-05 17:58:18 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-05 17:58:17 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-05 17:24:27 -------- d-----w- C:\windows\System32\ms-MY
2012-04-05 17:10:43 -------- d-----w- C:\windows\System32\SPReview
2012-04-05 17:09:11 -------- d-----w- C:\windows\System32\EventProviders
2012-04-05 16:45:02 -------- d-----w- C:\QUARANTINE
2012-04-05 11:43:41 -------- d-----w- C:\Users\Owner\AppData\Local\{79B5D1B2-9C8A-445A-83FD-631B1E9D749C}
2012-04-04 14:48:42 -------- d-----w- C:\Users\Owner\AppData\Local\{2AC878FC-3EA0-4473-B003-FE608C59A071}
2012-04-03 23:08:20 912504 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symefa64.sys
2012-04-03 23:08:20 386168 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symnets.sys
2012-04-03 23:08:19 744568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtsp64.sys
2012-04-03 23:08:19 450680 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\symds64.sys
2012-04-03 23:08:19 40568 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\srtspx64.sys
2012-04-03 23:08:19 171128 ----a-w- C:\windows\System32\drivers\NISx64\1207010.003\ironx64.sys
2012-04-03 22:30:53 -------- d-----w- C:\windows\System32\drivers\NISx64\1207010.003
2012-04-03 14:47:51 -------- d-----w- C:\Users\Owner\AppData\Local\{0F1231C5-501A-4B48-A63C-AF4198594CA7}
2012-04-02 15:26:52 -------- d-----w- C:\Users\Owner\AppData\Local\{EA3D6632-6873-4A9A-8A44-F691820E913A}
2012-04-01 15:17:06 -------- d-----w- C:\Users\Owner\AppData\Local\{A9832B5A-E285-4D1C-A163-C5828E17D182}
2012-03-31 17:46:45 -------- d-----w- C:\Users\Owner\AppData\Local\{34B59058-54B0-4501-AE53-1465E1C77F05}
2012-03-30 15:06:44 -------- d-----w- C:\Users\Owner\AppData\Local\{62A13DBC-08DD-463E-A974-DD4C1244A6E0}
2012-03-29 14:15:44 -------- d-----w- C:\Users\Owner\AppData\Local\{D08B0F57-4B70-43A9-AD7C-64F674C8ACC6}
2012-03-29 00:17:22 -------- d-----w- C:\Users\Owner\AppData\Local\{5A309708-54A9-4679-9145-19334B184C16}
.
==================== Find3M ====================
.
2012-04-13 22:18:11 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 17:23:37 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2012-04-05 17:23:36 175616 ----a-w- C:\windows\System32\msclmd.dll
2012-03-08 22:50:28 49016 ----a-w- C:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37:20 302448 ----a-w- C:\windows\WLXPGSS.SCR
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-02-14 16:09:44 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36:07 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 11:40:01.27 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 PM

Posted 28 April 2012 - 02:25 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 MANGOMASTER

MANGOMASTER
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 28 April 2012 - 09:03 PM

Hello Gringo,

I removed Norton Internet Security.
I ran Security Check without any problem.

I ran Combofix without any interruption. However, when I rebooted to fix the "Illegal operation attempted on a registery key that has been marked for deletion" as instructed, I got an error message when I got to my desktop after reboot, "Web camera instalization failed. Please check your camera device and restart application or computer".

I used Google search and some of the links redirected me to Happili, as it has been doing. The rest of the computer seems to be running normal.
Here are the logs you requested. Thank you for your instruction so far.

Security Check Log:

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee VirusScan Enterprise
McAfee Agent
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 26
Java™ 7
Java™ SE Development Kit 7
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

McAfee VirusScan Enterprise x64 EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise x64 McShield.exe
McAfee VirusScan Enterprise x64 mfeann.exe
McAfee VirusScan Enterprise shstat.exe
``````````End of Log````````````


Combofix Log:

ComboFix 12-04-28.01 - Owner 04/28/2012 20:46:21.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4027.2598 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Owner\AppData\Roaming\KB00030782.exe
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s3kuuvkl.default\weave\toFetch
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s3kuuvkl.default\weave\toFetch\clients.json
c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s3kuuvkl.default\weave\toFetch\tabs.json
c:\windows\SysWow64\bdaplgin.ax
c:\windows\SysWow64\cero.rs
c:\windows\SysWow64\csrr.rs
c:\windows\SysWow64\esrb.rs
c:\windows\SysWow64\g711codc.ax
c:\windows\SysWow64\grb.rs
c:\windows\SysWow64\iac25_32.ax
c:\windows\SysWow64\ir41_32.ax
c:\windows\SysWow64\ivfsrc.ax
c:\windows\SysWow64\ksproxy.ax
c:\windows\SysWow64\kstvtune.ax
c:\windows\SysWow64\Kswdmcap.ax
c:\windows\SysWow64\ksxbar.ax
c:\windows\SysWow64\Mpeg2Data.ax
c:\windows\SysWow64\mpg2splt.ax
c:\windows\SysWow64\MSDvbNP.ax
c:\windows\SysWow64\MSNP.ax
c:\windows\SysWow64\oflc.rs
c:\windows\SysWow64\pegi-fi.rs
c:\windows\SysWow64\pegi-pt.rs
c:\windows\SysWow64\pegi.rs
c:\windows\SysWow64\pegibbfc.rs
c:\windows\SysWow64\psisrndr.ax
c:\windows\SysWow64\usk.rs
c:\windows\SysWow64\VBICodec.ax
c:\windows\SysWow64\vbisurf.ax
c:\windows\SysWow64\vidcap.ax
c:\windows\SysWow64\WEB.rs
c:\windows\SysWow64\WSTPager.ax
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 00:58 . 2012-04-29 01:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-29 00:58 . 2012-04-29 00:58 -------- d-----w- c:\users\Mcx1-OWNER-PC\AppData\Local\temp
2012-04-29 00:58 . 2012-04-29 00:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-26 04:51 . 2012-04-26 04:51 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-26 04:51 . 2012-04-26 04:51 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 04:51 . 2012-04-26 04:51 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-24 19:30 . 2012-04-13 08:46 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{177AFD6F-4FFA-41B2-BCC4-8E8F91E55BD8}\mpengine.dll
2012-04-24 18:34 . 2012-04-29 00:39 -------- d--h--w- c:\users\Owner\AppData\Roaming\8DF05298
2012-04-19 02:48 . 2012-04-19 02:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-18 22:40 . 2012-04-18 22:40 16200 ----a-w- c:\windows\stinger.sys
2012-04-18 22:39 . 2012-04-18 22:46 -------- d-----w- c:\program files (x86)\stinger
2012-04-14 01:41 . 2012-04-14 01:41 -------- d-----w- c:\windows\en
2012-04-14 01:37 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-14 01:31 . 2012-04-14 01:31 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\467a29931cd19de02\MeshBetaRemover.exe
2012-04-14 01:31 . 2012-04-14 01:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\DSETUP.dll
2012-04-14 01:31 . 2012-04-14 01:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\DXSETUP.exe
2012-04-14 01:31 . 2012-04-14 01:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\dsetup32.dll
2012-04-12 06:31 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 06:31 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 06:31 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 06:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 06:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 06:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 06:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 06:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 06:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 06:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 15:18 . 2012-04-13 22:18 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 14:51 . 2012-04-13 22:18 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-08 14:51 . 2012-04-08 14:51 -------- d-----w- c:\windows\system32\Macromed
2012-04-05 17:58 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-05 17:58 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-05 17:24 . 2012-04-05 17:24 -------- d-----w- c:\windows\system32\ms-MY
2012-04-05 17:10 . 2012-04-05 17:10 -------- d-----w- c:\windows\system32\SPReview
2012-04-05 17:09 . 2012-04-05 17:09 -------- d-----w- c:\windows\system32\EventProviders
2012-04-05 16:45 . 2012-04-27 15:35 -------- d-----w- C:\QUARANTINE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 22:18 . 2011-05-16 16:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 17:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-05 17:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 14:18 . 2011-01-27 20:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 04:45 . 2012-02-23 04:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 04:45 . 2012-02-23 04:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-23 04:45 . 2012-02-23 04:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-23 04:45 . 2012-02-23 04:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 04:45 . 2012-02-23 04:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-23 04:45 . 2012-02-23 04:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 04:45 . 2012-02-23 04:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-23 04:45 . 2012-02-23 04:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-23 04:45 . 2012-02-23 04:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-23 04:45 . 2012-02-23 04:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-23 04:45 . 2012-02-23 04:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-23 04:45 . 2012-02-23 04:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-23 04:45 . 2012-02-23 04:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-23 04:45 . 2012-02-23 04:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-23 04:45 . 2012-02-23 04:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-23 04:45 . 2012-02-23 04:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-23 04:45 . 2012-02-23 04:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 04:45 . 2012-02-23 04:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 04:45 . 2012-02-23 04:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-23 04:45 . 2012-02-23 04:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-23 04:45 . 2012-02-23 04:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-23 04:45 . 2012-02-23 04:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-23 04:45 . 2012-02-23 04:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 04:45 . 2012-02-23 04:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 04:45 . 2012-02-23 04:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-23 04:45 . 2012-02-23 04:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-23 04:45 . 2012-02-23 04:45 448512 ----a-w- c:\windows\system32\html.iec
2012-02-23 04:45 . 2012-02-23 04:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 04:45 . 2012-02-23 04:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 04:45 . 2012-02-23 04:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-23 04:45 . 2012-02-23 04:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 04:45 . 2012-02-23 04:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-23 04:45 . 2012-02-23 04:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-23 04:45 . 2012-02-23 04:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-17 06:38 . 2012-03-14 14:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 17:39 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:39 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 17:39 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-23 822192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-03-09 1104608]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:18]
.
2012-04-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 22:09]
.
2012-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 22:09]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 01:04]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 01:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s3kuuvkl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-KB00030782.exe - c:\users\Owner\AppData\Roaming\KB00030782.exe
SafeBoot-75387632.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3883306894-3449574430-328466408-1001\Software\SecuROM\License information*]
"datasecu"=hex:00,3f,50,af,17,02,08,55,7d,89,a9,ee,9a,af,f6,09,1e,84,35,09,5a,
c2,59,4a,aa,23,35,a7,76,5b,04,38,cf,34,87,0d,58,10,19,19,9d,6a,86,0f,b4,85,\
"rkeysecu"=hex:fa,98,a9,e8,45,96,5c,0b,64,d7,f4,6c,04,ee,0d,4a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
.
**************************************************************************
.
Completion time: 2012-04-28 21:17:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 01:17
ComboFix2.txt 2012-04-18 23:46
.
Pre-Run: 522,896,764,928 bytes free
Post-Run: 522,651,119,616 bytes free
.
- - End Of File - - BE1C1E1F508DB7FF441DDF1E564EB901

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 PM

Posted 28 April 2012 - 09:08 PM

Greetings

I would like to know which browsers are redirecting - please check all that are installed

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 MANGOMASTER

MANGOMASTER
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 29 April 2012 - 01:11 PM

Hi,

Mozilla Firefox and Google Chrome redirect. Internet Explorer does not redirect.

TDSSKiller log:

13:20:36.0954 1896 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
13:20:37.0235 1896 ============================================================
13:20:37.0235 1896 Current date / time: 2012/04/29 13:20:37.0235
13:20:37.0235 1896 SystemInfo:
13:20:37.0235 1896
13:20:37.0236 1896 OS Version: 6.1.7601 ServicePack: 1.0
13:20:37.0236 1896 Product type: Workstation
13:20:37.0236 1896 ComputerName: OWNER-PC
13:20:37.0236 1896 UserName: Owner
13:20:37.0236 1896 Windows directory: C:\windows
13:20:37.0236 1896 System windows directory: C:\windows
13:20:37.0236 1896 Running under WOW64
13:20:37.0236 1896 Processor architecture: Intel x64
13:20:37.0236 1896 Number of processors: 8
13:20:37.0236 1896 Page size: 0x1000
13:20:37.0236 1896 Boot type: Normal boot
13:20:37.0236 1896 ============================================================
13:20:37.0650 1896 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:20:37.0664 1896 ============================================================
13:20:37.0664 1896 \Device\Harddisk0\DR0:
13:20:37.0665 1896 MBR partitions:
13:20:37.0665 1896 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48E39800
13:20:37.0665 1896 ============================================================
13:20:37.0704 1896 C: <-> \Device\Harddisk0\DR0\Partition0
13:20:37.0704 1896 ============================================================
13:20:37.0704 1896 Initialize success
13:20:37.0704 1896 ============================================================
13:20:59.0004 4132 ============================================================
13:20:59.0004 4132 Scan started
13:20:59.0004 4132 Mode: Manual;
13:20:59.0004 4132 ============================================================
13:21:01.0141 4132 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:21:01.0141 4132 1394ohci - ok
13:21:01.0203 4132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:21:01.0203 4132 ACPI - ok
13:21:01.0250 4132 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
13:21:01.0250 4132 acpials - ok
13:21:01.0297 4132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:21:01.0297 4132 AcpiPmi - ok
13:21:01.0453 4132 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:21:01.0453 4132 AdobeFlashPlayerUpdateSvc - ok
13:21:01.0531 4132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
13:21:01.0546 4132 adp94xx - ok
13:21:01.0609 4132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
13:21:01.0609 4132 adpahci - ok
13:21:01.0640 4132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
13:21:01.0640 4132 adpu320 - ok
13:21:01.0687 4132 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
13:21:01.0687 4132 AeLookupSvc - ok
13:21:01.0765 4132 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
13:21:01.0780 4132 AFD - ok
13:21:01.0812 4132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:21:01.0812 4132 agp440 - ok
13:21:01.0858 4132 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
13:21:01.0858 4132 ALG - ok
13:21:01.0905 4132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:21:01.0905 4132 aliide - ok
13:21:01.0921 4132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:21:01.0921 4132 amdide - ok
13:21:01.0968 4132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
13:21:01.0968 4132 AmdK8 - ok
13:21:01.0999 4132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
13:21:01.0999 4132 AmdPPM - ok
13:21:02.0046 4132 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:21:02.0061 4132 amdsata - ok
13:21:02.0092 4132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
13:21:02.0092 4132 amdsbs - ok
13:21:02.0139 4132 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:21:02.0139 4132 amdxata - ok
13:21:02.0186 4132 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:21:02.0186 4132 AppID - ok
13:21:02.0217 4132 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
13:21:02.0217 4132 AppIDSvc - ok
13:21:02.0264 4132 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
13:21:02.0280 4132 Appinfo - ok
13:21:02.0342 4132 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
13:21:02.0358 4132 arc - ok
13:21:02.0404 4132 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
13:21:02.0404 4132 arcsas - ok
13:21:02.0467 4132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:21:02.0467 4132 AsyncMac - ok
13:21:02.0529 4132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:21:02.0529 4132 atapi - ok
13:21:02.0638 4132 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:21:02.0654 4132 AudioEndpointBuilder - ok
13:21:02.0654 4132 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:21:02.0670 4132 AudioSrv - ok
13:21:02.0748 4132 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
13:21:02.0748 4132 AxInstSV - ok
13:21:02.0857 4132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
13:21:02.0857 4132 b06bdrv - ok
13:21:02.0904 4132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:21:02.0919 4132 b57nd60a - ok
13:21:03.0013 4132 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:21:03.0028 4132 BBSvc - ok
13:21:03.0075 4132 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
13:21:03.0075 4132 BDESVC - ok
13:21:03.0122 4132 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:21:03.0122 4132 Beep - ok
13:21:03.0216 4132 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
13:21:03.0216 4132 BFE - ok
13:21:03.0278 4132 BITCOMET_HELPER_SERVICE - ok
13:21:03.0372 4132 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
13:21:03.0387 4132 BITS - ok
13:21:03.0450 4132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:21:03.0450 4132 blbdrive - ok
13:21:03.0481 4132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:21:03.0496 4132 bowser - ok
13:21:03.0528 4132 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
13:21:03.0528 4132 bpenum - ok
13:21:03.0559 4132 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
13:21:03.0574 4132 bpmp - ok
13:21:03.0621 4132 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
13:21:03.0621 4132 bpusb - ok
13:21:03.0652 4132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:21:03.0668 4132 BrFiltLo - ok
13:21:03.0699 4132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:21:03.0699 4132 BrFiltUp - ok
13:21:03.0746 4132 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
13:21:03.0746 4132 BridgeMP - ok
13:21:03.0808 4132 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
13:21:03.0808 4132 Browser - ok
13:21:03.0871 4132 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\windows\system32\DRIVERS\BrSerIb.sys
13:21:03.0871 4132 BrSerIb - ok
13:21:03.0918 4132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:21:03.0933 4132 Brserid - ok
13:21:03.0949 4132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:21:03.0949 4132 BrSerWdm - ok
13:21:03.0964 4132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:21:03.0964 4132 BrUsbMdm - ok
13:21:03.0980 4132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:21:03.0980 4132 BrUsbSer - ok
13:21:04.0011 4132 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\windows\system32\DRIVERS\BrUsbSIb.sys
13:21:04.0011 4132 BrUsbSIb - ok
13:21:04.0042 4132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
13:21:04.0042 4132 BTHMODEM - ok
13:21:04.0120 4132 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
13:21:04.0120 4132 bthserv - ok
13:21:04.0167 4132 catchme - ok
13:21:04.0214 4132 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:21:04.0214 4132 cdfs - ok
13:21:04.0261 4132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
13:21:04.0276 4132 cdrom - ok
13:21:04.0323 4132 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:21:04.0323 4132 CertPropSvc - ok
13:21:04.0370 4132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
13:21:04.0370 4132 circlass - ok
13:21:04.0433 4132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:21:04.0448 4132 CLFS - ok
13:21:04.0511 4132 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:21:04.0511 4132 clr_optimization_v2.0.50727_32 - ok
13:21:04.0542 4132 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:21:04.0557 4132 clr_optimization_v2.0.50727_64 - ok
13:21:04.0620 4132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:21:04.0620 4132 clr_optimization_v4.0.30319_32 - ok
13:21:04.0698 4132 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:21:04.0698 4132 clr_optimization_v4.0.30319_64 - ok
13:21:04.0729 4132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:21:04.0745 4132 CmBatt - ok
13:21:04.0776 4132 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:21:04.0776 4132 cmdide - ok
13:21:04.0869 4132 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
13:21:04.0869 4132 CNG - ok
13:21:04.0901 4132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
13:21:04.0901 4132 Compbatt - ok
13:21:04.0947 4132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
13:21:04.0947 4132 CompositeBus - ok
13:21:04.0963 4132 COMSysApp - ok
13:21:04.0994 4132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
13:21:04.0994 4132 crcdisk - ok
13:21:05.0057 4132 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
13:21:05.0057 4132 CryptSvc - ok
13:21:05.0135 4132 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:21:05.0150 4132 DcomLaunch - ok
13:21:05.0197 4132 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
13:21:05.0213 4132 defragsvc - ok
13:21:05.0259 4132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:21:05.0259 4132 DfsC - ok
13:21:05.0322 4132 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
13:21:05.0337 4132 Dhcp - ok
13:21:05.0369 4132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:21:05.0369 4132 discache - ok
13:21:05.0400 4132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
13:21:05.0415 4132 Disk - ok
13:21:05.0509 4132 DMAgent (61458c120cddfe7514e2db125568ca59) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
13:21:05.0509 4132 DMAgent - ok
13:21:05.0571 4132 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
13:21:05.0571 4132 Dnscache - ok
13:21:05.0618 4132 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
13:21:05.0634 4132 dot3svc - ok
13:21:05.0681 4132 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
13:21:05.0681 4132 DPS - ok
13:21:05.0712 4132 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:21:05.0712 4132 drmkaud - ok
13:21:05.0805 4132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:21:05.0837 4132 DXGKrnl - ok
13:21:05.0868 4132 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
13:21:05.0883 4132 EapHost - ok
13:21:06.0149 4132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
13:21:06.0195 4132 ebdrv - ok
13:21:06.0351 4132 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
13:21:06.0351 4132 EFS - ok
13:21:06.0461 4132 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
13:21:06.0461 4132 ehRecvr - ok
13:21:06.0507 4132 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
13:21:06.0523 4132 ehSched - ok
13:21:06.0617 4132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
13:21:06.0617 4132 elxstor - ok
13:21:06.0663 4132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:21:06.0663 4132 ErrDev - ok
13:21:06.0726 4132 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
13:21:06.0741 4132 EventSystem - ok
13:21:06.0788 4132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:21:06.0788 4132 exfat - ok
13:21:06.0819 4132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:21:06.0819 4132 fastfat - ok
13:21:06.0913 4132 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
13:21:06.0913 4132 Fax - ok
13:21:06.0944 4132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
13:21:06.0944 4132 fdc - ok
13:21:06.0991 4132 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
13:21:06.0991 4132 fdPHost - ok
13:21:07.0007 4132 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
13:21:07.0007 4132 FDResPub - ok
13:21:07.0053 4132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:21:07.0053 4132 FileInfo - ok
13:21:07.0085 4132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:21:07.0085 4132 Filetrace - ok
13:21:07.0116 4132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
13:21:07.0116 4132 flpydisk - ok
13:21:07.0178 4132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:21:07.0178 4132 FltMgr - ok
13:21:07.0303 4132 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
13:21:07.0319 4132 FontCache - ok
13:21:07.0412 4132 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:21:07.0412 4132 FontCache3.0.0.0 - ok
13:21:07.0475 4132 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:21:07.0475 4132 FsDepends - ok
13:21:07.0537 4132 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
13:21:07.0537 4132 fssfltr - ok
13:21:07.0740 4132 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:21:07.0771 4132 fsssvc - ok
13:21:07.0911 4132 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
13:21:07.0911 4132 Fs_Rec - ok
13:21:07.0989 4132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:21:07.0989 4132 fvevol - ok
13:21:08.0021 4132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
13:21:08.0021 4132 gagp30kx - ok
13:21:08.0114 4132 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
13:21:08.0130 4132 gpsvc - ok
13:21:08.0208 4132 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:21:08.0208 4132 gupdate - ok
13:21:08.0255 4132 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:21:08.0255 4132 gupdatem - ok
13:21:08.0301 4132 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:21:08.0301 4132 gusvc - ok
13:21:08.0348 4132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:21:08.0348 4132 hcw85cir - ok
13:21:08.0411 4132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:21:08.0426 4132 HdAudAddService - ok
13:21:08.0473 4132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
13:21:08.0473 4132 HDAudBus - ok
13:21:08.0520 4132 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
13:21:08.0520 4132 HECIx64 - ok
13:21:08.0551 4132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
13:21:08.0551 4132 HidBatt - ok
13:21:08.0567 4132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
13:21:08.0567 4132 HidBth - ok
13:21:08.0613 4132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
13:21:08.0613 4132 HidIr - ok
13:21:08.0660 4132 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
13:21:08.0660 4132 hidserv - ok
13:21:08.0691 4132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
13:21:08.0691 4132 HidUsb - ok
13:21:08.0738 4132 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
13:21:08.0754 4132 hkmsvc - ok
13:21:08.0801 4132 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
13:21:08.0801 4132 HomeGroupListener - ok
13:21:08.0863 4132 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
13:21:08.0863 4132 HomeGroupProvider - ok
13:21:08.0894 4132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:21:08.0910 4132 HpSAMD - ok
13:21:08.0988 4132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:21:08.0988 4132 HTTP - ok
13:21:09.0035 4132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:21:09.0035 4132 hwpolicy - ok
13:21:09.0081 4132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
13:21:09.0081 4132 i8042prt - ok
13:21:09.0144 4132 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
13:21:09.0159 4132 iaStor - ok
13:21:09.0222 4132 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:21:09.0222 4132 iaStorV - ok
13:21:09.0362 4132 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:21:09.0409 4132 idsvc - ok
13:21:09.0456 4132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
13:21:09.0456 4132 iirsp - ok
13:21:09.0534 4132 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
13:21:09.0549 4132 IKEEXT - ok
13:21:09.0752 4132 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
13:21:09.0799 4132 IntcAzAudAddService - ok
13:21:09.0939 4132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:21:09.0939 4132 intelide - ok
13:21:10.0002 4132 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:21:10.0002 4132 intelppm - ok
13:21:10.0049 4132 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
13:21:10.0049 4132 IPBusEnum - ok
13:21:10.0095 4132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:21:10.0095 4132 IpFilterDriver - ok
13:21:10.0173 4132 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
13:21:10.0173 4132 iphlpsvc - ok
13:21:10.0220 4132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:21:10.0220 4132 IPMIDRV - ok
13:21:10.0267 4132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:21:10.0267 4132 IPNAT - ok
13:21:10.0298 4132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:21:10.0298 4132 IRENUM - ok
13:21:10.0329 4132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:21:10.0329 4132 isapnp - ok
13:21:10.0392 4132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:21:10.0392 4132 iScsiPrt - ok
13:21:10.0439 4132 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
13:21:10.0439 4132 JMCR - ok
13:21:10.0485 4132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
13:21:10.0485 4132 kbdclass - ok
13:21:10.0532 4132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:21:10.0532 4132 kbdhid - ok
13:21:10.0595 4132 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:21:10.0595 4132 KeyIso - ok
13:21:10.0610 4132 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
13:21:10.0610 4132 KSecDD - ok
13:21:10.0641 4132 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
13:21:10.0641 4132 KSecPkg - ok
13:21:10.0688 4132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:21:10.0688 4132 ksthunk - ok
13:21:10.0735 4132 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
13:21:10.0751 4132 KtmRm - ok
13:21:10.0829 4132 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
13:21:10.0829 4132 LanmanServer - ok
13:21:10.0875 4132 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
13:21:10.0891 4132 LanmanWorkstation - ok
13:21:10.0922 4132 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:21:10.0922 4132 lltdio - ok
13:21:10.0969 4132 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
13:21:10.0969 4132 lltdsvc - ok
13:21:11.0016 4132 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
13:21:11.0016 4132 lmhosts - ok
13:21:11.0094 4132 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:21:11.0094 4132 LMS - ok
13:21:11.0141 4132 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
13:21:11.0141 4132 LPCFilter - ok
13:21:11.0172 4132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
13:21:11.0187 4132 LSI_FC - ok
13:21:11.0219 4132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
13:21:11.0219 4132 LSI_SAS - ok
13:21:11.0265 4132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:21:11.0265 4132 LSI_SAS2 - ok
13:21:11.0312 4132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:21:11.0312 4132 LSI_SCSI - ok
13:21:11.0343 4132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:21:11.0343 4132 luafv - ok
13:21:11.0437 4132 McAfeeEngineService (639da8f468552785e15f0f2fd8db44b3) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
13:21:11.0437 4132 McAfeeEngineService - ok
13:21:11.0562 4132 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
13:21:11.0577 4132 McAfeeFramework - ok
13:21:11.0624 4132 McShield (4e09d8c4c861348a7f1c12a5aa9c4de7) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
13:21:11.0624 4132 McShield - ok
13:21:11.0671 4132 McTaskManager (3774aad155f31d58d932861d0a4fd641) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
13:21:11.0671 4132 McTaskManager - ok
13:21:11.0718 4132 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
13:21:11.0718 4132 Mcx2Svc - ok
13:21:11.0749 4132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
13:21:11.0749 4132 megasas - ok
13:21:11.0796 4132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
13:21:11.0796 4132 MegaSR - ok
13:21:11.0858 4132 mfeapfk (e2d642a38a8dc4722f859092f731b6a3) C:\windows\system32\drivers\mfeapfk.sys
13:21:11.0858 4132 mfeapfk - ok
13:21:11.0874 4132 mfeavfk (ae23ed41216e160f54e5ef1a5ee325f7) C:\windows\system32\drivers\mfeavfk.sys
13:21:11.0874 4132 mfeavfk - ok
13:21:11.0936 4132 mfehidk (bc76bc7129b2206098ac220b656f15b7) C:\windows\system32\drivers\mfehidk.sys
13:21:11.0936 4132 mfehidk - ok
13:21:11.0967 4132 mferkdet (c7c15d125aa697be97087d197c9fad08) C:\windows\system32\drivers\mferkdet.sys
13:21:11.0967 4132 mferkdet - ok
13:21:11.0983 4132 mfetdik (41ca4c4292004486d004d357b9c19718) C:\windows\system32\drivers\mfetdik.sys
13:21:11.0983 4132 mfetdik - ok
13:21:12.0014 4132 mfevtp (c39855495e82ec6b02e6190c34a1b752) C:\windows\system32\mfevtps.exe
13:21:12.0014 4132 mfevtp - ok
13:21:12.0092 4132 Microsoft SharePoint Workspace Audit Service - ok
13:21:12.0139 4132 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:21:12.0139 4132 MMCSS - ok
13:21:12.0186 4132 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:21:12.0186 4132 Modem - ok
13:21:12.0201 4132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:21:12.0201 4132 monitor - ok
13:21:12.0248 4132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
13:21:12.0248 4132 mouclass - ok
13:21:12.0295 4132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:21:12.0311 4132 mouhid - ok
13:21:12.0342 4132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:21:12.0357 4132 mountmgr - ok
13:21:12.0404 4132 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:21:12.0420 4132 MozillaMaintenance - ok
13:21:12.0451 4132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:21:12.0451 4132 mpio - ok
13:21:12.0498 4132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:21:12.0498 4132 mpsdrv - ok
13:21:12.0576 4132 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
13:21:12.0591 4132 MpsSvc - ok
13:21:12.0623 4132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:21:12.0638 4132 MRxDAV - ok
13:21:12.0669 4132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:21:12.0685 4132 mrxsmb - ok
13:21:12.0732 4132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:21:12.0732 4132 mrxsmb10 - ok
13:21:12.0779 4132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:21:12.0794 4132 mrxsmb20 - ok
13:21:12.0825 4132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
13:21:12.0825 4132 msahci - ok
13:21:12.0857 4132 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:21:12.0857 4132 msdsm - ok
13:21:12.0903 4132 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
13:21:12.0903 4132 MSDTC - ok
13:21:12.0935 4132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:21:12.0935 4132 Msfs - ok
13:21:12.0966 4132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:21:12.0966 4132 mshidkmdf - ok
13:21:13.0013 4132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:21:13.0013 4132 msisadrv - ok
13:21:13.0059 4132 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
13:21:13.0059 4132 MSiSCSI - ok
13:21:13.0075 4132 msiserver - ok
13:21:13.0106 4132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:21:13.0106 4132 MSKSSRV - ok
13:21:13.0122 4132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:21:13.0122 4132 MSPCLOCK - ok
13:21:13.0169 4132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:21:13.0169 4132 MSPQM - ok
13:21:13.0215 4132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:21:13.0231 4132 MsRPC - ok
13:21:13.0278 4132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
13:21:13.0278 4132 mssmbios - ok
13:21:13.0293 4132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:21:13.0293 4132 MSTEE - ok
13:21:13.0325 4132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
13:21:13.0325 4132 MTConfig - ok
13:21:13.0340 4132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:21:13.0340 4132 Mup - ok
13:21:13.0512 4132 NACAgent (4fdde4568415ee067750840ba5ae0657) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
13:21:13.0512 4132 NACAgent - ok
13:21:13.0574 4132 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
13:21:13.0590 4132 napagent - ok
13:21:13.0668 4132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:21:13.0668 4132 NativeWifiP - ok
13:21:13.0777 4132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:21:13.0793 4132 NDIS - ok
13:21:13.0824 4132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:21:13.0824 4132 NdisCap - ok
13:21:13.0855 4132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:21:13.0855 4132 NdisTapi - ok
13:21:13.0902 4132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:21:13.0902 4132 Ndisuio - ok
13:21:13.0949 4132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:21:13.0949 4132 NdisWan - ok
13:21:13.0995 4132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:21:13.0995 4132 NDProxy - ok
13:21:14.0042 4132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:21:14.0042 4132 NetBIOS - ok
13:21:14.0105 4132 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:21:14.0105 4132 NetBT - ok
13:21:14.0167 4132 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:21:14.0167 4132 Netlogon - ok
13:21:14.0245 4132 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
13:21:14.0245 4132 Netman - ok
13:21:14.0292 4132 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
13:21:14.0307 4132 netprofm - ok
13:21:14.0385 4132 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:21:14.0385 4132 NetTcpPortSharing - ok
13:21:14.0885 4132 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\windows\system32\DRIVERS\NETwNs64.sys
13:21:15.0009 4132 NETwNs64 - ok
13:21:15.0134 4132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
13:21:15.0134 4132 nfrd960 - ok
13:21:15.0212 4132 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
13:21:15.0212 4132 NlaSvc - ok
13:21:15.0243 4132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:21:15.0243 4132 Npfs - ok
13:21:15.0275 4132 npggsvc - ok
13:21:15.0275 4132 NPPTNT2 - ok
13:21:15.0306 4132 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
13:21:15.0306 4132 nsi - ok
13:21:15.0337 4132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:21:15.0337 4132 nsiproxy - ok
13:21:15.0477 4132 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:21:15.0509 4132 Ntfs - ok
13:21:15.0633 4132 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:21:15.0633 4132 Null - ok
13:21:15.0665 4132 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\windows\system32\drivers\nvhda64v.sys
13:21:15.0680 4132 NVHDA - ok
13:21:16.0429 4132 nvlddmkm (56743d7b668a19bd83bcdfb1f2136738) C:\windows\system32\DRIVERS\nvlddmkm.sys
13:21:16.0632 4132 nvlddmkm - ok
13:21:16.0788 4132 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:21:16.0788 4132 nvraid - ok
13:21:16.0835 4132 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:21:16.0835 4132 nvstor - ok
13:21:16.0897 4132 nvsvc (1d462154c746161683ebb7d95d0c0af1) C:\windows\system32\nvvsvc.exe
13:21:16.0913 4132 nvsvc - ok
13:21:17.0084 4132 nvUpdatusService (18f1906bfe993ead51200e3195b3d6e2) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:21:17.0100 4132 nvUpdatusService - ok
13:21:17.0240 4132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:21:17.0240 4132 nv_agp - ok
13:21:17.0287 4132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:21:17.0287 4132 ohci1394 - ok
13:21:17.0365 4132 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:21:17.0365 4132 ose - ok
13:21:17.0755 4132 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:21:17.0880 4132 osppsvc - ok
13:21:18.0067 4132 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:21:18.0067 4132 p2pimsvc - ok
13:21:18.0114 4132 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
13:21:18.0129 4132 p2psvc - ok
13:21:18.0176 4132 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
13:21:18.0192 4132 Parport - ok
13:21:18.0223 4132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
13:21:18.0223 4132 partmgr - ok
13:21:18.0270 4132 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
13:21:18.0270 4132 PcaSvc - ok
13:21:18.0317 4132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:21:18.0317 4132 pci - ok
13:21:18.0332 4132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
13:21:18.0332 4132 pciide - ok
13:21:18.0379 4132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
13:21:18.0379 4132 pcmcia - ok
13:21:18.0410 4132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:21:18.0410 4132 pcw - ok
13:21:18.0457 4132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:21:18.0473 4132 PEAUTH - ok
13:21:18.0566 4132 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
13:21:18.0566 4132 PerfHost - ok
13:21:18.0675 4132 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
13:21:18.0675 4132 PGEffect - ok
13:21:18.0816 4132 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
13:21:18.0847 4132 pla - ok
13:21:18.0956 4132 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
13:21:18.0956 4132 PlugPlay - ok
13:21:18.0987 4132 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
13:21:18.0987 4132 PNRPAutoReg - ok
13:21:19.0034 4132 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:21:19.0034 4132 PNRPsvc - ok
13:21:19.0112 4132 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
13:21:19.0128 4132 PolicyAgent - ok
13:21:19.0175 4132 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
13:21:19.0175 4132 Power - ok
13:21:19.0253 4132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:21:19.0253 4132 PptpMiniport - ok
13:21:19.0284 4132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
13:21:19.0284 4132 Processor - ok
13:21:19.0331 4132 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
13:21:19.0331 4132 ProfSvc - ok
13:21:19.0377 4132 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:21:19.0377 4132 ProtectedStorage - ok
13:21:19.0424 4132 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:21:19.0424 4132 Psched - ok
13:21:19.0455 4132 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
13:21:19.0455 4132 PxHlpa64 - ok
13:21:19.0596 4132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
13:21:19.0627 4132 ql2300 - ok
13:21:19.0783 4132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
13:21:19.0783 4132 ql40xx - ok
13:21:19.0830 4132 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
13:21:19.0845 4132 QWAVE - ok
13:21:19.0861 4132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:21:19.0861 4132 QWAVEdrv - ok
13:21:19.0892 4132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:21:19.0892 4132 RasAcd - ok
13:21:19.0923 4132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:21:19.0923 4132 RasAgileVpn - ok
13:21:19.0955 4132 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
13:21:19.0955 4132 RasAuto - ok
13:21:20.0017 4132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:21:20.0017 4132 Rasl2tp - ok
13:21:20.0095 4132 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
13:21:20.0095 4132 RasMan - ok
13:21:20.0126 4132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:21:20.0126 4132 RasPppoe - ok
13:21:20.0157 4132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:21:20.0173 4132 RasSstp - ok
13:21:20.0235 4132 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:21:20.0251 4132 rdbss - ok
13:21:20.0282 4132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
13:21:20.0282 4132 rdpbus - ok
13:21:20.0313 4132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:21:20.0313 4132 RDPCDD - ok
13:21:20.0329 4132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:21:20.0329 4132 RDPENCDD - ok
13:21:20.0345 4132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:21:20.0345 4132 RDPREFMP - ok
13:21:20.0391 4132 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
13:21:20.0391 4132 RDPWD - ok
13:21:20.0469 4132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:21:20.0469 4132 rdyboost - ok
13:21:20.0501 4132 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
13:21:20.0501 4132 RemoteAccess - ok
13:21:20.0547 4132 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
13:21:20.0563 4132 RemoteRegistry - ok
13:21:20.0579 4132 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
13:21:20.0594 4132 RpcEptMapper - ok
13:21:20.0625 4132 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
13:21:20.0625 4132 RpcLocator - ok
13:21:20.0688 4132 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:21:20.0688 4132 RpcSs - ok
13:21:20.0735 4132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:21:20.0735 4132 rspndr - ok
13:21:20.0781 4132 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
13:21:20.0797 4132 RTL8167 - ok
13:21:20.0844 4132 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:21:20.0844 4132 SamSs - ok
13:21:20.0875 4132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:21:20.0891 4132 sbp2port - ok
13:21:20.0922 4132 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
13:21:20.0937 4132 SCardSvr - ok
13:21:20.0969 4132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:21:20.0969 4132 scfilter - ok
13:21:21.0078 4132 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
13:21:21.0109 4132 Schedule - ok
13:21:21.0156 4132 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:21:21.0156 4132 SCPolicySvc - ok
13:21:21.0218 4132 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
13:21:21.0218 4132 sdbus - ok
13:21:21.0265 4132 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
13:21:21.0281 4132 SDRSVC - ok
13:21:21.0374 4132 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:21:21.0390 4132 SeaPort - ok
13:21:21.0421 4132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:21:21.0421 4132 secdrv - ok
13:21:21.0452 4132 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
13:21:21.0452 4132 seclogon - ok
13:21:21.0483 4132 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
13:21:21.0499 4132 SENS - ok
13:21:21.0515 4132 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
13:21:21.0515 4132 SensrSvc - ok
13:21:21.0561 4132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
13:21:21.0561 4132 Serenum - ok
13:21:21.0577 4132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
13:21:21.0577 4132 Serial - ok
13:21:21.0639 4132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
13:21:21.0639 4132 sermouse - ok
13:21:21.0686 4132 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
13:21:21.0702 4132 SessionEnv - ok
13:21:21.0733 4132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:21:21.0733 4132 sffdisk - ok
13:21:21.0749 4132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:21:21.0749 4132 sffp_mmc - ok
13:21:21.0749 4132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:21:21.0749 4132 sffp_sd - ok
13:21:21.0795 4132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
13:21:21.0795 4132 sfloppy - ok
13:21:21.0842 4132 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
13:21:21.0858 4132 SharedAccess - ok
13:21:21.0905 4132 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
13:21:21.0920 4132 ShellHWDetection - ok
13:21:21.0951 4132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:21:21.0951 4132 SiSRaid2 - ok
13:21:21.0983 4132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
13:21:21.0998 4132 SiSRaid4 - ok
13:21:22.0045 4132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:21:22.0045 4132 Smb - ok
13:21:22.0092 4132 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
13:21:22.0092 4132 SNMPTRAP - ok
13:21:22.0123 4132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:21:22.0123 4132 spldr - ok
13:21:22.0201 4132 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
13:21:22.0201 4132 Spooler - ok
13:21:22.0513 4132 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
13:21:22.0544 4132 sppsvc - ok
13:21:22.0653 4132 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
13:21:22.0669 4132 sppuinotify - ok
13:21:22.0747 4132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:21:22.0763 4132 srv - ok
13:21:22.0809 4132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:21:22.0825 4132 srv2 - ok
13:21:22.0872 4132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:21:22.0887 4132 srvnet - ok
13:21:22.0919 4132 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
13:21:22.0934 4132 SSDPSRV - ok
13:21:22.0950 4132 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
13:21:22.0965 4132 SstpSvc - ok
13:21:23.0012 4132 Steam Client Service - ok
13:21:23.0059 4132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
13:21:23.0059 4132 stexstor - ok
13:21:23.0137 4132 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
13:21:23.0153 4132 stisvc - ok
13:21:23.0184 4132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
13:21:23.0184 4132 swenum - ok
13:21:23.0277 4132 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:21:23.0293 4132 SwitchBoard - ok
13:21:23.0355 4132 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
13:21:23.0371 4132 swprv - ok
13:21:23.0418 4132 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
13:21:23.0433 4132 SynTP - ok
13:21:23.0574 4132 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
13:21:23.0605 4132 SysMain - ok
13:21:23.0730 4132 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
13:21:23.0745 4132 TabletInputService - ok
13:21:23.0792 4132 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
13:21:23.0792 4132 TapiSrv - ok
13:21:23.0839 4132 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
13:21:23.0839 4132 TBS - ok
13:21:24.0042 4132 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
13:21:24.0073 4132 Tcpip - ok
13:21:24.0354 4132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
13:21:24.0385 4132 TCPIP6 - ok
13:21:24.0510 4132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:21:24.0510 4132 tcpipreg - ok
13:21:24.0557 4132 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:21:24.0557 4132 tdcmdpst - ok
13:21:24.0588 4132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:21:24.0588 4132 TDPIPE - ok
13:21:24.0635 4132 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
13:21:24.0635 4132 TDTCP - ok
13:21:24.0681 4132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:21:24.0681 4132 tdx - ok
13:21:24.0728 4132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
13:21:24.0728 4132 TermDD - ok
13:21:24.0822 4132 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
13:21:24.0822 4132 TermService - ok
13:21:24.0853 4132 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
13:21:24.0853 4132 Themes - ok
13:21:24.0900 4132 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
13:21:24.0915 4132 Thpdrv - ok
13:21:24.0978 4132 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
13:21:24.0978 4132 Thpevm - ok
13:21:25.0040 4132 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
13:21:25.0056 4132 Thpsrv - ok
13:21:25.0103 4132 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:21:25.0103 4132 THREADORDER - ok
13:21:25.0181 4132 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:21:25.0181 4132 TMachInfo - ok
13:21:25.0212 4132 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
13:21:25.0227 4132 TODDSrv - ok
13:21:25.0305 4132 TosCoSrv (bdbe7a21e1de76d92f566aa80546aa4c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:21:25.0305 4132 TosCoSrv - ok
13:21:25.0383 4132 TOSHIBA eco Utility Service (152da63a2843e7e63eca8ae90d853763) C:\Program Files\TOSHIBA\TECO\TecoService.exe
13:21:25.0383 4132 TOSHIBA eco Utility Service - ok
13:21:25.0461 4132 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:21:25.0461 4132 TOSHIBA HDD SSD Alert Service - ok
13:21:25.0555 4132 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
13:21:25.0555 4132 tos_sps64 - ok
13:21:25.0649 4132 TPCHSrv (6f9e17819bfa53cff67cb1e16669500f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:21:25.0649 4132 TPCHSrv - ok
13:21:25.0773 4132 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
13:21:25.0773 4132 TrkWks - ok
13:21:25.0851 4132 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
13:21:25.0851 4132 TrustedInstaller - ok
13:21:25.0898 4132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:21:25.0898 4132 tssecsrv - ok
13:21:25.0945 4132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:21:25.0945 4132 TsUsbFlt - ok
13:21:26.0007 4132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:21:26.0007 4132 tunnel - ok
13:21:26.0039 4132 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:21:26.0039 4132 TVALZ - ok
13:21:26.0101 4132 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
13:21:26.0101 4132 TVALZFL - ok
13:21:26.0132 4132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
13:21:26.0132 4132 uagp35 - ok
13:21:26.0195 4132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:21:26.0195 4132 udfs - ok
13:21:26.0241 4132 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
13:21:26.0241 4132 UI0Detect - ok
13:21:26.0288 4132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:21:26.0288 4132 uliagpkx - ok
13:21:26.0335 4132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
13:21:26.0351 4132 umbus - ok
13:21:26.0382 4132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
13:21:26.0382 4132 UmPass - ok
13:21:26.0616 4132 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:21:26.0647 4132 UNS - ok
13:21:26.0772 4132 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
13:21:26.0772 4132 upnphost - ok
13:21:26.0819 4132 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:21:26.0834 4132 usbccgp - ok
13:21:26.0881 4132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:21:26.0881 4132 usbcir - ok
13:21:26.0912 4132 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
13:21:26.0912 4132 usbehci - ok
13:21:26.0943 4132 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
13:21:26.0959 4132 usbhub - ok
13:21:26.0990 4132 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:21:26.0990 4132 usbohci - ok
13:21:27.0021 4132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
13:21:27.0021 4132 usbprint - ok
13:21:27.0053 4132 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
13:21:27.0053 4132 usbscan - ok
13:21:27.0115 4132 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:21:27.0115 4132 USBSTOR - ok
13:21:27.0146 4132 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:21:27.0146 4132 usbuhci - ok
13:21:27.0224 4132 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
13:21:27.0224 4132 usbvideo - ok
13:21:27.0255 4132 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
13:21:27.0255 4132 UxSms - ok
13:21:27.0302 4132 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:21:27.0302 4132 VaultSvc - ok
13:21:27.0333 4132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:21:27.0333 4132 vdrvroot - ok
13:21:27.0427 4132 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
13:21:27.0427 4132 vds - ok
13:21:27.0458 4132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:21:27.0458 4132 vga - ok
13:21:27.0489 4132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:21:27.0489 4132 VgaSave - ok
13:21:27.0536 4132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:21:27.0536 4132 vhdmp - ok
13:21:27.0567 4132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:21:27.0567 4132 viaide - ok
13:21:27.0630 4132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:21:27.0630 4132 volmgr - ok
13:21:27.0692 4132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:21:27.0708 4132 volmgrx - ok
13:21:27.0755 4132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
13:21:27.0770 4132 volsnap - ok
13:21:27.0817 4132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
13:21:27.0817 4132 vsmraid - ok
13:21:28.0020 4132 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
13:21:28.0051 4132 VSS - ok
13:21:28.0160 4132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:21:28.0160 4132 vwifibus - ok
13:21:28.0176 4132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:21:28.0176 4132 vwififlt - ok
13:21:28.0223 4132 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:21:28.0223 4132 vwifimp - ok
13:21:28.0285 4132 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
13:21:28.0285 4132 W32Time - ok
13:21:28.0332 4132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
13:21:28.0332 4132 WacomPen - ok
13:21:28.0394 4132 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:21:28.0394 4132 WANARP - ok
13:21:28.0410 4132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:21:28.0410 4132 Wanarpv6 - ok
13:21:28.0535 4132 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
13:21:28.0566 4132 WatAdminSvc - ok
13:21:28.0675 4132 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
13:21:28.0706 4132 wbengine - ok
13:21:28.0831 4132 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
13:21:28.0831 4132 WbioSrvc - ok
13:21:28.0878 4132 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
13:21:28.0893 4132 wcncsvc - ok
13:21:28.0925 4132 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
13:21:28.0925 4132 WcsPlugInService - ok
13:21:28.0971 4132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
13:21:28.0971 4132 Wd - ok
13:21:29.0003 4132 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
13:21:29.0018 4132 WDC_SAM - ok
13:21:29.0081 4132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:21:29.0096 4132 Wdf01000 - ok
13:21:29.0127 4132 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:21:29.0127 4132 WdiServiceHost - ok
13:21:29.0143 4132 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:21:29.0143 4132 WdiSystemHost - ok
13:21:29.0190 4132 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
13:21:29.0190 4132 WebClient - ok
13:21:29.0237 4132 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
13:21:29.0237 4132 Wecsvc - ok
13:21:29.0268 4132 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
13:21:29.0268 4132 wercplsupport - ok
13:21:29.0330 4132 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
13:21:29.0330 4132 WerSvc - ok
13:21:29.0377 4132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:21:29.0377 4132 WfpLwf - ok
13:21:29.0517 4132 WiMAXAppSrv (8686e96e13f41ac9806a79ca8004feee) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
13:21:29.0533 4132 WiMAXAppSrv - ok
13:21:29.0549 4132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:21:29.0549 4132 WIMMount - ok
13:21:29.0580 4132 WinDefend - ok
13:21:29.0595 4132 WinHttpAutoProxySvc - ok
13:21:29.0658 4132 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
13:21:29.0658 4132 Winmgmt - ok
13:21:29.0829 4132 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
13:21:29.0861 4132 WinRM - ok
13:21:30.0032 4132 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
13:21:30.0032 4132 WinUSB - ok
13:21:30.0126 4132 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
13:21:30.0141 4132 Wlansvc - ok
13:21:30.0219 4132 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:21:30.0219 4132 wlcrasvc - ok
13:21:30.0438 4132 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:21:30.0469 4132 wlidsvc - ok
13:21:30.0594 4132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
13:21:30.0594 4132 WmiAcpi - ok
13:21:30.0672 4132 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
13:21:30.0687 4132 wmiApSrv - ok
13:21:30.0734 4132 WMPNetworkSvc - ok
13:21:30.0859 4132 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
13:21:30.0875 4132 WMZuneComm - ok
13:21:30.0921 4132 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
13:21:30.0921 4132 WPCSvc - ok
13:21:30.0953 4132 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
13:21:30.0968 4132 WPDBusEnum - ok
13:21:30.0999 4132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:21:30.0999 4132 ws2ifsl - ok
13:21:31.0046 4132 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
13:21:31.0046 4132 wscsvc - ok
13:21:31.0062 4132 WSearch - ok
13:21:31.0265 4132 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
13:21:31.0311 4132 wuauserv - ok
13:21:31.0436 4132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:21:31.0436 4132 WudfPf - ok
13:21:31.0467 4132 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:21:31.0483 4132 WUDFRd - ok
13:21:31.0514 4132 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
13:21:31.0514 4132 wudfsvc - ok
13:21:31.0561 4132 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
13:21:31.0577 4132 WwanSvc - ok
13:21:31.0639 4132 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\windows\system32\DRIVERS\xusb21.sys
13:21:31.0639 4132 xusb21 - ok
13:21:32.0279 4132 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
13:21:32.0466 4132 ZuneNetworkSvc - ok
13:21:32.0622 4132 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:21:32.0622 4132 ZuneWlanCfgSvc - ok
13:21:32.0669 4132 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:21:32.0715 4132 \Device\Harddisk0\DR0 - ok
13:21:32.0747 4132 Boot (0x1200) (e90ad9f250ddf7550ad9cbd10c7001f9) \Device\Harddisk0\DR0\Partition0
13:21:32.0747 4132 \Device\Harddisk0\DR0\Partition0 - ok
13:21:32.0747 4132 ============================================================
13:21:32.0747 4132 Scan finished
13:21:32.0747 4132 ============================================================
13:21:32.0762 6672 Detected object count: 0
13:21:32.0762 6672 Actual detected object count: 0
13:22:56.0034 6528 ============================================================
13:22:56.0034 6528 Scan started
13:22:56.0034 6528 Mode: Manual;
13:22:56.0034 6528 ============================================================
13:22:56.0413 6528 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:22:56.0416 6528 1394ohci - ok
13:22:56.0451 6528 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:22:56.0455 6528 ACPI - ok
13:22:56.0488 6528 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
13:22:56.0488 6528 acpials - ok
13:22:56.0512 6528 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:22:56.0512 6528 AcpiPmi - ok
13:22:56.0649 6528 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:22:56.0651 6528 AdobeFlashPlayerUpdateSvc - ok
13:22:56.0714 6528 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
13:22:56.0720 6528 adp94xx - ok
13:22:56.0756 6528 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
13:22:56.0760 6528 adpahci - ok
13:22:56.0793 6528 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
13:22:56.0796 6528 adpu320 - ok
13:22:56.0836 6528 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
13:22:56.0837 6528 AeLookupSvc - ok
13:22:56.0900 6528 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
13:22:56.0907 6528 AFD - ok
13:22:56.0940 6528 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:22:56.0941 6528 agp440 - ok
13:22:56.0967 6528 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
13:22:56.0969 6528 ALG - ok
13:22:56.0980 6528 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:22:56.0981 6528 aliide - ok
13:22:57.0022 6528 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:22:57.0023 6528 amdide - ok
13:22:57.0051 6528 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
13:22:57.0052 6528 AmdK8 - ok
13:22:57.0067 6528 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
13:22:57.0068 6528 AmdPPM - ok
13:22:57.0107 6528 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:22:57.0108 6528 amdsata - ok
13:22:57.0151 6528 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
13:22:57.0154 6528 amdsbs - ok
13:22:57.0175 6528 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:22:57.0176 6528 amdxata - ok
13:22:57.0210 6528 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:22:57.0211 6528 AppID - ok
13:22:57.0262 6528 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
13:22:57.0263 6528 AppIDSvc - ok
13:22:57.0303 6528 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
13:22:57.0305 6528 Appinfo - ok
13:22:57.0342 6528 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
13:22:57.0344 6528 arc - ok
13:22:57.0368 6528 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
13:22:57.0369 6528 arcsas - ok
13:22:57.0383 6528 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:22:57.0383 6528 AsyncMac - ok
13:22:57.0420 6528 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:22:57.0420 6528 atapi - ok
13:22:57.0501 6528 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:22:57.0509 6528 AudioEndpointBuilder - ok
13:22:57.0521 6528 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:22:57.0529 6528 AudioSrv - ok
13:22:57.0562 6528 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
13:22:57.0563 6528 AxInstSV - ok
13:22:57.0629 6528 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
13:22:57.0635 6528 b06bdrv - ok
13:22:57.0671 6528 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:22:57.0675 6528 b57nd60a - ok
13:22:57.0770 6528 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:22:57.0773 6528 BBSvc - ok
13:22:57.0811 6528 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
13:22:57.0813 6528 BDESVC - ok
13:22:57.0836 6528 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:22:57.0837 6528 Beep - ok
13:22:57.0911 6528 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
13:22:57.0920 6528 BFE - ok
13:22:57.0921 6528 Scan interrupted by user!
13:22:57.0921 6528 Scan interrupted by user!
13:22:57.0921 6528 Scan interrupted by user!
13:22:57.0922 6528 ============================================================
13:22:57.0922 6528 Scan finished
13:22:57.0922 6528 ============================================================
13:22:57.0933 0136 Detected object count: 0
13:22:57.0933 0136 Actual detected object count: 0
13:23:06.0414 4944 ============================================================
13:23:06.0414 4944 Scan started
13:23:06.0414 4944 Mode: Manual;
13:23:06.0414 4944 ============================================================
13:23:06.0558 4944 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
13:23:06.0562 4944 1394ohci - ok
13:23:06.0606 4944 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
13:23:06.0609 4944 ACPI - ok
13:23:06.0632 4944 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys
13:23:06.0633 4944 acpials - ok
13:23:06.0656 4944 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
13:23:06.0657 4944 AcpiPmi - ok
13:23:06.0783 4944 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:23:06.0787 4944 AdobeFlashPlayerUpdateSvc - ok
13:23:06.0845 4944 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
13:23:06.0852 4944 adp94xx - ok
13:23:06.0890 4944 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
13:23:06.0894 4944 adpahci - ok
13:23:06.0925 4944 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
13:23:06.0928 4944 adpu320 - ok
13:23:06.0956 4944 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
13:23:06.0958 4944 AeLookupSvc - ok
13:23:07.0023 4944 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
13:23:07.0029 4944 AFD - ok
13:23:07.0063 4944 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
13:23:07.0064 4944 agp440 - ok
13:23:07.0089 4944 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
13:23:07.0090 4944 ALG - ok
13:23:07.0102 4944 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
13:23:07.0103 4944 aliide - ok
13:23:07.0145 4944 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
13:23:07.0146 4944 amdide - ok
13:23:07.0173 4944 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
13:23:07.0174 4944 AmdK8 - ok
13:23:07.0189 4944 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
13:23:07.0190 4944 AmdPPM - ok
13:23:07.0227 4944 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
13:23:07.0229 4944 amdsata - ok
13:23:07.0272 4944 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
13:23:07.0274 4944 amdsbs - ok
13:23:07.0297 4944 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
13:23:07.0298 4944 amdxata - ok
13:23:07.0331 4944 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
13:23:07.0332 4944 AppID - ok
13:23:07.0350 4944 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
13:23:07.0351 4944 AppIDSvc - ok
13:23:07.0380 4944 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
13:23:07.0382 4944 Appinfo - ok
13:23:07.0420 4944 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
13:23:07.0422 4944 arc - ok
13:23:07.0446 4944 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
13:23:07.0448 4944 arcsas - ok
13:23:07.0460 4944 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
13:23:07.0461 4944 AsyncMac - ok
13:23:07.0498 4944 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
13:23:07.0499 4944 atapi - ok
13:23:07.0578 4944 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:23:07.0586 4944 AudioEndpointBuilder - ok
13:23:07.0597 4944 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
13:23:07.0604 4944 AudioSrv - ok
13:23:07.0641 4944 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
13:23:07.0642 4944 AxInstSV - ok
13:23:07.0707 4944 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
13:23:07.0713 4944 b06bdrv - ok
13:23:07.0751 4944 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
13:23:07.0754 4944 b57nd60a - ok
13:23:07.0848 4944 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
13:23:07.0850 4944 BBSvc - ok
13:23:07.0890 4944 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
13:23:07.0892 4944 BDESVC - ok
13:23:07.0925 4944 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
13:23:07.0926 4944 Beep - ok
13:23:08.0008 4944 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
13:23:08.0017 4944 BFE - ok
13:23:08.0059 4944 BITCOMET_HELPER_SERVICE - ok
13:23:08.0141 4944 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
13:23:08.0148 4944 BITS - ok
13:23:08.0208 4944 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
13:23:08.0209 4944 blbdrive - ok
13:23:08.0261 4944 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
13:23:08.0263 4944 bowser - ok
13:23:08.0296 4944 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\windows\system32\DRIVERS\bpenum.sys
13:23:08.0297 4944 bpenum - ok
13:23:08.0328 4944 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\windows\system32\DRIVERS\bpmp.sys
13:23:08.0330 4944 bpmp - ok
13:23:08.0362 4944 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\windows\system32\Drivers\bpusb.sys
13:23:08.0364 4944 bpusb - ok
13:23:08.0379 4944 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
13:23:08.0380 4944 BrFiltLo - ok
13:23:08.0415 4944 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
13:23:08.0416 4944 BrFiltUp - ok
13:23:08.0432 4944 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
13:23:08.0434 4944 BridgeMP - ok
13:23:08.0465 4944 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
13:23:08.0467 4944 Browser - ok
13:23:08.0516 4944 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\windows\system32\DRIVERS\BrSerIb.sys
13:23:08.0520 4944 BrSerIb - ok
13:23:08.0561 4944 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
13:23:08.0565 4944 Brserid - ok
13:23:08.0579 4944 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
13:23:08.0580 4944 BrSerWdm - ok
13:23:08.0585 4944 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
13:23:08.0586 4944 BrUsbMdm - ok
13:23:08.0592 4944 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
13:23:08.0593 4944 BrUsbSer - ok
13:23:08.0615 4944 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\windows\system32\DRIVERS\BrUsbSIb.sys
13:23:08.0615 4944 BrUsbSIb - ok
13:23:08.0647 4944 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
13:23:08.0647 4944 BTHMODEM - ok
13:23:08.0678 4944 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
13:23:08.0679 4944 bthserv - ok
13:23:08.0682 4944 catchme - ok
13:23:08.0702 4944 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
13:23:08.0703 4944 cdfs - ok
13:23:08.0755 4944 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys
13:23:08.0757 4944 cdrom - ok
13:23:08.0795 4944 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:23:08.0797 4944 CertPropSvc - ok
13:23:08.0830 4944 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
13:23:08.0832 4944 circlass - ok
13:23:08.0877 4944 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
13:23:08.0882 4944 CLFS - ok
13:23:08.0938 4944 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:23:08.0940 4944 clr_optimization_v2.0.50727_32 - ok
13:23:08.0976 4944 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:23:08.0978 4944 clr_optimization_v2.0.50727_64 - ok
13:23:09.0034 4944 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:23:09.0036 4944 clr_optimization_v4.0.30319_32 - ok
13:23:09.0067 4944 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:23:09.0069 4944 clr_optimization_v4.0.30319_64 - ok
13:23:09.0099 4944 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
13:23:09.0100 4944 CmBatt - ok
13:23:09.0129 4944 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
13:23:09.0129 4944 cmdide - ok
13:23:09.0194 4944 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
13:23:09.0200 4944 CNG - ok
13:23:09.0225 4944 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
13:23:09.0226 4944 Compbatt - ok
13:23:09.0261 4944 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
13:23:09.0262 4944 CompositeBus - ok
13:23:09.0267 4944 COMSysApp - ok
13:23:09.0288 4944 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
13:23:09.0289 4944 crcdisk - ok
13:23:09.0339 4944 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
13:23:09.0342 4944 CryptSvc - ok
13:23:09.0412 4944 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:23:09.0421 4944 DcomLaunch - ok
13:23:09.0474 4944 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
13:23:09.0479 4944 defragsvc - ok
13:23:09.0519 4944 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
13:23:09.0521 4944 DfsC - ok
13:23:09.0581 4944 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
13:23:09.0586 4944 Dhcp - ok
13:23:09.0621 4944 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
13:23:09.0622 4944 discache - ok
13:23:09.0647 4944 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
13:23:09.0649 4944 Disk - ok
13:23:09.0737 4944 DMAgent (61458c120cddfe7514e2db125568ca59) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
13:23:09.0743 4944 DMAgent - ok
13:23:09.0786 4944 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
13:23:09.0789 4944 Dnscache - ok
13:23:09.0843 4944 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
13:23:09.0847 4944 dot3svc - ok
13:23:09.0887 4944 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
13:23:09.0890 4944 DPS - ok
13:23:09.0915 4944 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
13:23:09.0915 4944 drmkaud - ok
13:23:10.0047 4944 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
13:23:10.0059 4944 DXGKrnl - ok
13:23:10.0094 4944 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
13:23:10.0096 4944 EapHost - ok
13:23:10.0338 4944 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
13:23:10.0355 4944 ebdrv - ok
13:23:10.0481 4944 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
13:23:10.0483 4944 EFS - ok
13:23:10.0572 4944 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
13:23:10.0577 4944 ehRecvr - ok
13:23:10.0621 4944 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
13:23:10.0623 4944 ehSched - ok
13:23:10.0707 4944 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
13:23:10.0713 4944 elxstor - ok
13:23:10.0744 4944 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
13:23:10.0745 4944 ErrDev - ok
13:23:10.0804 4944 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
13:23:10.0810 4944 EventSystem - ok
13:23:10.0845 4944 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
13:23:10.0848 4944 exfat - ok
13:23:10.0881 4944 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
13:23:10.0883 4944 fastfat - ok
13:23:10.0959 4944 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
13:23:10.0967 4944 Fax - ok
13:23:10.0991 4944 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
13:23:10.0992 4944 fdc - ok
13:23:11.0021 4944 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
13:23:11.0022 4944 fdPHost - ok
13:23:11.0036 4944 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
13:23:11.0038 4944 FDResPub - ok
13:23:11.0076 4944 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
13:23:11.0077 4944 FileInfo - ok
13:23:11.0091 4944 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
13:23:11.0092 4944 Filetrace - ok
13:23:11.0111 4944 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
13:23:11.0112 4944 flpydisk - ok
13:23:11.0171 4944 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
13:23:11.0174 4944 FltMgr - ok
13:23:11.0271 4944 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
13:23:11.0283 4944 FontCache - ok
13:23:11.0370 4944 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:23:11.0371 4944 FontCache3.0.0.0 - ok
13:23:11.0425 4944 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
13:23:11.0426 4944 FsDepends - ok
13:23:11.0462 4944 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\windows\system32\DRIVERS\fssfltr.sys
13:23:11.0463 4944 fssfltr - ok
13:23:11.0661 4944 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
13:23:11.0676 4944 fsssvc - ok
13:23:11.0826 4944 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
13:23:11.0827 4944 Fs_Rec - ok
13:23:11.0877 4944 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
13:23:11.0878 4944 fvevol - ok
13:23:11.0904 4944 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
13:23:11.0905 4944 gagp30kx - ok
13:23:12.0015 4944 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
13:23:12.0025 4944 gpsvc - ok
13:23:12.0076 4944 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:12.0078 4944 gupdate - ok
13:23:12.0081 4944 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:23:12.0082 4944 gupdatem - ok
13:23:12.0103 4944 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:23:12.0104 4944 gusvc - ok
13:23:12.0164 4944 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
13:23:12.0165 4944 hcw85cir - ok
13:23:12.0225 4944 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
13:23:12.0230 4944 HdAudAddService - ok
13:23:12.0248 4944 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
13:23:12.0249 4944 HDAudBus - ok
13:23:12.0290 4944 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys
13:23:12.0290 4944 HECIx64 - ok
13:23:12.0333 4944 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
13:23:12.0334 4944 HidBatt - ok
13:23:12.0355 4944 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
13:23:12.0356 4944 HidBth - ok
13:23:12.0372 4944 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
13:23:12.0372 4944 HidIr - ok
13:23:12.0417 4944 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
13:23:12.0419 4944 hidserv - ok
13:23:12.0466 4944 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
13:23:12.0467 4944 HidUsb - ok
13:23:12.0508 4944 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
13:23:12.0509 4944 hkmsvc - ok
13:23:12.0567 4944 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
13:23:12.0572 4944 HomeGroupListener - ok
13:23:12.0625 4944 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
13:23:12.0628 4944 HomeGroupProvider - ok
13:23:12.0673 4944 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
13:23:12.0674 4944 HpSAMD - ok
13:23:12.0973 4944 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
13:23:12.0983 4944 HTTP - ok
13:23:13.0036 4944 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
13:23:13.0037 4944 hwpolicy - ok
13:23:13.0115 4944 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
13:23:13.0117 4944 i8042prt - ok
13:23:13.0234 4944 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys
13:23:13.0240 4944 iaStor - ok
13:23:13.0293 4944 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
13:23:13.0295 4944 iaStorV - ok
13:23:13.0413 4944 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:23:13.0418 4944 idsvc - ok
13:23:13.0445 4944 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
13:23:13.0446 4944 iirsp - ok
13:23:13.0512 4944 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
13:23:13.0516 4944 IKEEXT - ok
13:23:13.0718 4944 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys
13:23:13.0738 4944 IntcAzAudAddService - ok
13:23:13.0896 4944 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
13:23:13.0896 4944 intelide - ok
13:23:13.0931 4944 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
13:23:13.0931 4944 intelppm - ok
13:23:13.0964 4944 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
13:23:13.0965 4944 IPBusEnum - ok
13:23:13.0994 4944 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
13:23:13.0995 4944 IpFilterDriver - ok
13:23:14.0112 4944 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
13:23:14.0120 4944 iphlpsvc - ok
13:23:14.0161 4944 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
13:23:14.0163 4944 IPMIDRV - ok
13:23:14.0202 4944 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
13:23:14.0204 4944 IPNAT - ok
13:23:14.0227 4944 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
13:23:14.0228 4944 IRENUM - ok
13:23:14.0261 4944 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
13:23:14.0262 4944 isapnp - ok
13:23:14.0311 4944 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
13:23:14.0315 4944 iScsiPrt - ok
13:23:14.0354 4944 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys
13:23:14.0356 4944 JMCR - ok
13:23:14.0376 4944 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
13:23:14.0377 4944 kbdclass - ok
13:23:14.0411 4944 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
13:23:14.0412 4944 kbdhid - ok
13:23:14.0447 4944 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:23:14.0449 4944 KeyIso - ok
13:23:14.0464 4944 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
13:23:14.0465 4944 KSecDD - ok
13:23:14.0491 4944 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
13:23:14.0493 4944 KSecPkg - ok
13:23:14.0516 4944 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
13:23:14.0517 4944 ksthunk - ok
13:23:14.0561 4944 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
13:23:14.0567 4944 KtmRm - ok
13:23:14.0609 4944 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
13:23:14.0615 4944 LanmanServer - ok
13:23:14.0656 4944 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
13:23:14.0661 4944 LanmanWorkstation - ok
13:23:14.0688 4944 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
13:23:14.0690 4944 lltdio - ok
13:23:14.0732 4944 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
13:23:14.0738 4944 lltdsvc - ok
13:23:14.0761 4944 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
13:23:14.0764 4944 lmhosts - ok
13:23:14.0836 4944 LMS (23de5b62b0445a6f874be633c95b483e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
13:23:14.0840 4944 LMS - ok
13:23:14.0870 4944 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys
13:23:14.0872 4944 LPCFilter - ok
13:23:14.0898 4944 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
13:23:14.0900 4944 LSI_FC - ok
13:23:14.0939 4944 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
13:23:14.0941 4944 LSI_SAS - ok
13:23:14.0957 4944 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
13:23:14.0958 4944 LSI_SAS2 - ok
13:23:14.0982 4944 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
13:23:14.0984 4944 LSI_SCSI - ok
13:23:15.0005 4944 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
13:23:15.0007 4944 luafv - ok
13:23:15.0081 4944 McAfeeEngineService (639da8f468552785e15f0f2fd8db44b3) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
13:23:15.0082 4944 McAfeeEngineService - ok
13:23:15.0187 4944 McAfeeFramework (1b963d79740b187795407cd03e2f7b4d) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
13:23:15.0189 4944 McAfeeFramework - ok
13:23:15.0225 4944 McShield (4e09d8c4c861348a7f1c12a5aa9c4de7) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
13:23:15.0228 4944 McShield - ok
13:23:15.0273 4944 McTaskManager (3774aad155f31d58d932861d0a4fd641) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
13:23:15.0275 4944 McTaskManager - ok
13:23:15.0309 4944 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
13:23:15.0312 4944 Mcx2Svc - ok
13:23:15.0342 4944 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
13:23:15.0343 4944 megasas - ok
13:23:15.0380 4944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
13:23:15.0384 4944 MegaSR - ok
13:23:15.0417 4944 mfeapfk (e2d642a38a8dc4722f859092f731b6a3) C:\windows\system32\drivers\mfeapfk.sys
13:23:15.0418 4944 mfeapfk - ok
13:23:15.0445 4944 mfeavfk (ae23ed41216e160f54e5ef1a5ee325f7) C:\windows\system32\drivers\mfeavfk.sys
13:23:15.0448 4944 mfeavfk - ok
13:23:15.0500 4944 mfehidk (bc76bc7129b2206098ac220b656f15b7) C:\windows\system32\drivers\mfehidk.sys
13:23:15.0506 4944 mfehidk - ok
13:23:15.0525 4944 mferkdet (c7c15d125aa697be97087d197c9fad08) C:\windows\system32\drivers\mferkdet.sys
13:23:15.0527 4944 mferkdet - ok
13:23:15.0546 4944 mfetdik (41ca4c4292004486d004d357b9c19718) C:\windows\system32\drivers\mfetdik.sys
13:23:15.0548 4944 mfetdik - ok
13:23:15.0564 4944 mfevtp (c39855495e82ec6b02e6190c34a1b752) C:\windows\system32\mfevtps.exe
13:23:15.0567 4944 mfevtp - ok
13:23:15.0636 4944 Microsoft SharePoint Workspace Audit Service - ok
13:23:15.0680 4944 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:23:15.0683 4944 MMCSS - ok
13:23:15.0720 4944 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
13:23:15.0721 4944 Modem - ok
13:23:15.0737 4944 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
13:23:15.0738 4944 monitor - ok
13:23:15.0782 4944 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
13:23:15.0784 4944 mouclass - ok
13:23:15.0821 4944 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
13:23:15.0822 4944 mouhid - ok
13:23:15.0867 4944 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
13:23:15.0868 4944 mountmgr - ok
13:23:15.0907 4944 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:23:15.0909 4944 MozillaMaintenance - ok
13:23:15.0948 4944 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
13:23:15.0950 4944 mpio - ok
13:23:16.0000 4944 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
13:23:16.0001 4944 mpsdrv - ok
13:23:16.0089 4944 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
13:23:16.0101 4944 MpsSvc - ok
13:23:16.0145 4944 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
13:23:16.0147 4944 MRxDAV - ok
13:23:16.0193 4944 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
13:23:16.0195 4944 mrxsmb - ok
13:23:16.0248 4944 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
13:23:16.0251 4944 mrxsmb10 - ok
13:23:16.0291 4944 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
13:23:16.0293 4944 mrxsmb20 - ok
13:23:16.0330 4944 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
13:23:16.0332 4944 msahci - ok
13:23:16.0377 4944 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
13:23:16.0379 4944 msdsm - ok
13:23:16.0416 4944 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
13:23:16.0420 4944 MSDTC - ok
13:23:16.0458 4944 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
13:23:16.0459 4944 Msfs - ok
13:23:16.0470 4944 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
13:23:16.0470 4944 mshidkmdf - ok
13:23:16.0493 4944 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
13:23:16.0494 4944 msisadrv - ok
13:23:16.0531 4944 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
13:23:16.0534 4944 MSiSCSI - ok
13:23:16.0538 4944 msiserver - ok
13:23:16.0570 4944 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
13:23:16.0571 4944 MSKSSRV - ok
13:23:16.0584 4944 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
13:23:16.0584 4944 MSPCLOCK - ok
13:23:16.0598 4944 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
13:23:16.0599 4944 MSPQM - ok
13:23:16.0653 4944 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
13:23:16.0658 4944 MsRPC - ok
13:23:16.0704 4944 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
13:23:16.0705 4944 mssmbios - ok
13:23:16.0726 4944 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
13:23:16.0727 4944 MSTEE - ok
13:23:16.0738 4944 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
13:23:16.0739 4944 MTConfig - ok
13:23:16.0764 4944 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
13:23:16.0765 4944 Mup - ok
13:23:16.0902 4944 NACAgent (4fdde4568415ee067750840ba5ae0657) C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
13:23:16.0915 4944 NACAgent - ok
13:23:16.0977 4944 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
13:23:16.0983 4944 napagent - ok
13:23:17.0048 4944 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
13:23:17.0052 4944 NativeWifiP - ok
13:23:17.0162 4944 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
13:23:17.0173 4944 NDIS - ok
13:23:17.0204 4944 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
13:23:17.0205 4944 NdisCap - ok
13:23:17.0227 4944 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
13:23:17.0228 4944 NdisTapi - ok
13:23:17.0270 4944 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
13:23:17.0271 4944 Ndisuio - ok
13:23:17.0315 4944 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
13:23:17.0317 4944 NdisWan - ok
13:23:17.0348 4944 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
13:23:17.0349 4944 NDProxy - ok
13:23:17.0374 4944 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
13:23:17.0375 4944 NetBIOS - ok
13:23:17.0435 4944 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
13:23:17.0439 4944 NetBT - ok
13:23:17.0492 4944 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:23:17.0494 4944 Netlogon - ok
13:23:17.0546 4944 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
13:23:17.0553 4944 Netman - ok
13:23:17.0604 4944 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
13:23:17.0610 4944 netprofm - ok
13:23:17.0688 4944 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:23:17.0690 4944 NetTcpPortSharing - ok
13:23:18.0186 4944 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\windows\system32\DRIVERS\NETwNs64.sys
13:23:18.0223 4944 NETwNs64 - ok
13:23:18.0351 4944 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
13:23:18.0352 4944 nfrd960 - ok
13:23:18.0414 4944 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
13:23:18.0420 4944 NlaSvc - ok
13:23:18.0435 4944 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
13:23:18.0436 4944 Npfs - ok
13:23:18.0441 4944 npggsvc - ok
13:23:18.0447 4944 NPPTNT2 - ok
13:23:18.0470 4944 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
13:23:18.0472 4944 nsi - ok
13:23:18.0522 4944 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
13:23:18.0523 4944 nsiproxy - ok
13:23:18.0659 4944 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
13:23:18.0668 4944 Ntfs - ok
13:23:18.0772 4944 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
13:23:18.0772 4944 Null - ok
13:23:18.0801 4944 NVHDA (a842341ef3c702ef8208e610be0fd1d9) C:\windows\system32\drivers\nvhda64v.sys
13:23:18.0802 4944 NVHDA - ok
13:23:19.0551 4944 nvlddmkm (56743d7b668a19bd83bcdfb1f2136738) C:\windows\system32\DRIVERS\nvlddmkm.sys
13:23:19.0604 4944 nvlddmkm - ok
13:23:19.0734 4944 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
13:23:19.0736 4944 nvraid - ok
13:23:19.0759 4944 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
13:23:19.0761 4944 nvstor - ok
13:23:19.0812 4944 nvsvc (1d462154c746161683ebb7d95d0c0af1) C:\windows\system32\nvvsvc.exe
13:23:19.0818 4944 nvsvc - ok
13:23:19.0979 4944 nvUpdatusService (18f1906bfe993ead51200e3195b3d6e2) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:23:19.0995 4944 nvUpdatusService - ok
13:23:20.0138 4944 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
13:23:20.0141 4944 nv_agp - ok
13:23:20.0184 4944 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
13:23:20.0186 4944 ohci1394 - ok
13:23:20.0255 4944 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:23:20.0258 4944 ose - ok
13:23:20.0638 4944 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:23:20.0658 4944 osppsvc - ok
13:23:20.0786 4944 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:23:20.0792 4944 p2pimsvc - ok
13:23:20.0839 4944 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
13:23:20.0847 4944 p2psvc - ok
13:23:20.0890 4944 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
13:23:20.0892 4944 Parport - ok
13:23:20.0932 4944 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
13:23:20.0934 4944 partmgr - ok
13:23:20.0972 4944 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
13:23:20.0977 4944 PcaSvc - ok
13:23:21.0021 4944 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
13:23:21.0024 4944 pci - ok
13:23:21.0044 4944 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
13:23:21.0045 4944 pciide - ok
13:23:21.0086 4944 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
13:23:21.0089 4944 pcmcia - ok
13:23:21.0113 4944 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
13:23:21.0114 4944 pcw - ok
13:23:21.0171 4944 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
13:23:21.0179 4944 PEAUTH - ok
13:23:21.0262 4944 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
13:23:21.0264 4944 PerfHost - ok
13:23:21.0388 4944 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
13:23:21.0388 4944 PGEffect - ok
13:23:21.0507 4944 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
13:23:21.0523 4944 pla - ok
13:23:21.0577 4944 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
13:23:21.0584 4944 PlugPlay - ok
13:23:21.0608 4944 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
13:23:21.0610 4944 PNRPAutoReg - ok
13:23:21.0645 4944 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
13:23:21.0649 4944 PNRPsvc - ok
13:23:21.0723 4944 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
13:23:21.0729 4944 PolicyAgent - ok
13:23:21.0775 4944 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
13:23:21.0780 4944 Power - ok
13:23:21.0856 4944 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
13:23:21.0858 4944 PptpMiniport - ok
13:23:21.0891 4944 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
13:23:21.0892 4944 Processor - ok
13:23:21.0936 4944 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
13:23:21.0941 4944 ProfSvc - ok
13:23:21.0992 4944 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:23:21.0994 4944 ProtectedStorage - ok
13:23:22.0033 4944 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
13:23:22.0035 4944 Psched - ok
13:23:22.0063 4944 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
13:23:22.0064 4944 PxHlpa64 - ok
13:23:22.0197 4944 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
13:23:22.0212 4944 ql2300 - ok
13:23:22.0373 4944 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
13:23:22.0375 4944 ql40xx - ok
13:23:22.0419 4944 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
13:23:22.0424 4944 QWAVE - ok
13:23:22.0451 4944 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
13:23:22.0452 4944 QWAVEdrv - ok
13:23:22.0472 4944 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
13:23:22.0472 4944 RasAcd - ok
13:23:22.0501 4944 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
13:23:22.0502 4944 RasAgileVpn - ok
13:23:22.0536 4944 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
13:23:22.0540 4944 RasAuto - ok
13:23:22.0581 4944 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
13:23:22.0583 4944 Rasl2tp - ok
13:23:22.0638 4944 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
13:23:22.0640 4944 RasMan - ok
13:23:22.0668 4944 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
13:23:22.0669 4944 RasPppoe - ok
13:23:22.0679 4944 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
13:23:22.0680 4944 RasSstp - ok
13:23:22.0723 4944 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
13:23:22.0724 4944 rdbss - ok
13:23:22.0751 4944 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
13:23:22.0751 4944 rdpbus - ok
13:23:22.0770 4944 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
13:23:22.0770 4944 RDPCDD - ok
13:23:22.0779 4944 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
13:23:22.0780 4944 RDPENCDD - ok
13:23:22.0789 4944 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
13:23:22.0789 4944 RDPREFMP - ok
13:23:22.0833 4944 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
13:23:22.0836 4944 RDPWD - ok
13:23:22.0899 4944 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
13:23:22.0902 4944 rdyboost - ok
13:23:22.0931 4944 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
13:23:22.0935 4944 RemoteAccess - ok
13:23:22.0980 4944 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
13:23:22.0984 4944 RemoteRegistry - ok
13:23:23.0004 4944 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
13:23:23.0007 4944 RpcEptMapper - ok
13:23:23.0037 4944 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
13:23:23.0039 4944 RpcLocator - ok
13:23:23.0112 4944 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
13:23:23.0120 4944 RpcSs - ok
13:23:23.0151 4944 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
13:23:23.0152 4944 rspndr - ok
13:23:23.0193 4944 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys
13:23:23.0197 4944 RTL8167 - ok
13:23:23.0237 4944 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:23:23.0239 4944 SamSs - ok
13:23:23.0277 4944 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
13:23:23.0279 4944 sbp2port - ok
13:23:23.0322 4944 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
13:23:23.0328 4944 SCardSvr - ok
13:23:23.0366 4944 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
13:23:23.0367 4944 scfilter - ok
13:23:23.0484 4944 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
13:23:23.0500 4944 Schedule - ok
13:23:23.0540 4944 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
13:23:23.0541 4944 SCPolicySvc - ok
13:23:23.0574 4944 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
13:23:23.0576 4944 sdbus - ok
13:23:23.0606 4944 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
13:23:23.0610 4944 SDRSVC - ok
13:23:23.0721 4944 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
13:23:23.0724 4944 SeaPort - ok
13:23:23.0753 4944 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
13:23:23.0754 4944 secdrv - ok
13:23:23.0786 4944 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
13:23:23.0788 4944 seclogon - ok
13:23:23.0807 4944 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
13:23:23.0810 4944 SENS - ok
13:23:23.0823 4944 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
13:23:23.0826 4944 SensrSvc - ok
13:23:23.0853 4944 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
13:23:23.0854 4944 Serenum - ok
13:23:23.0873 4944 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
13:23:23.0875 4944 Serial - ok
13:23:23.0909 4944 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
13:23:23.0910 4944 sermouse - ok
13:23:23.0984 4944 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
13:23:23.0987 4944 SessionEnv - ok
13:23:24.0012 4944 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
13:23:24.0013 4944 sffdisk - ok
13:23:24.0020 4944 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
13:23:24.0021 4944 sffp_mmc - ok
13:23:24.0026 4944 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
13:23:24.0027 4944 sffp_sd - ok
13:23:24.0056 4944 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
13:23:24.0056 4944 sfloppy - ok
13:23:24.0110 4944 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
13:23:24.0115 4944 SharedAccess - ok
13:23:24.0172 4944 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
13:23:24.0178 4944 ShellHWDetection - ok
13:23:24.0199 4944 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
13:23:24.0200 4944 SiSRaid2 - ok
13:23:24.0239 4944 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
13:23:24.0240 4944 SiSRaid4 - ok
13:23:24.0259 4944 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
13:23:24.0261 4944 Smb - ok
13:23:24.0296 4944 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
13:23:24.0299 4944 SNMPTRAP - ok
13:23:24.0326 4944 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
13:23:24.0327 4944 spldr - ok
13:23:24.0404 4944 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
13:23:24.0413 4944 Spooler - ok
13:23:24.0675 4944 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
13:23:24.0703 4944 sppsvc - ok
13:23:24.0799 4944 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
13:23:24.0803 4944 sppuinotify - ok
13:23:24.0898 4944 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
13:23:24.0903 4944 srv - ok
13:23:24.0943 4944 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
13:23:24.0948 4944 srv2 - ok
13:23:24.0996 4944 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
13:23:24.0998 4944 srvnet - ok
13:23:25.0032 4944 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
13:23:25.0037 4944 SSDPSRV - ok
13:23:25.0051 4944 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
13:23:25.0055 4944 SstpSvc - ok
13:23:25.0100 4944 Steam Client Service - ok
13:23:25.0137 4944 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
13:23:25.0138 4944 stexstor - ok
13:23:25.0213 4944 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
13:23:25.0223 4944 stisvc - ok
13:23:25.0251 4944 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
13:23:25.0252 4944 swenum - ok
13:23:25.0336 4944 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:23:25.0343 4944 SwitchBoard - ok
13:23:25.0404 4944 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
13:23:25.0414 4944 swprv - ok
13:23:25.0463 4944 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys
13:23:25.0467 4944 SynTP - ok
13:23:25.0615 4944 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
13:23:25.0635 4944 SysMain - ok
13:23:25.0764 4944 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
13:23:25.0768 4944 TabletInputService - ok
13:23:25.0807 4944 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
13:23:25.0814 4944 TapiSrv - ok
13:23:25.0845 4944 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
13:23:25.0849 4944 TBS - ok
13:23:26.0054 4944 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
13:23:26.0068 4944 Tcpip - ok
13:23:26.0316 4944 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
13:23:26.0336 4944 TCPIP6 - ok
13:23:26.0465 4944 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
13:23:26.0466 4944 tcpipreg - ok
13:23:26.0500 4944 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
13:23:26.0501 4944 tdcmdpst - ok
13:23:26.0533 4944 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
13:23:26.0534 4944 TDPIPE - ok
13:23:26.0572 4944 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
13:23:26.0573 4944 TDTCP - ok
13:23:26.0617 4944 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
13:23:26.0619 4944 tdx - ok
13:23:26.0657 4944 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
13:23:26.0658 4944 TermDD - ok
13:23:26.0715 4944 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
13:23:26.0725 4944 TermService - ok
13:23:26.0748 4944 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
13:23:26.0751 4944 Themes - ok
13:23:26.0780 4944 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
13:23:26.0781 4944 Thpdrv - ok
13:23:26.0834 4944 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
13:23:26.0835 4944 Thpevm - ok
13:23:26.0900 4944 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
13:23:26.0910 4944 Thpsrv - ok
13:23:26.0947 4944 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
13:23:26.0950 4944 THREADORDER - ok
13:23:27.0019 4944 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
13:23:27.0020 4944 TMachInfo - ok
13:23:27.0049 4944 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
13:23:27.0054 4944 TODDSrv - ok
13:23:27.0140 4944 TosCoSrv (bdbe7a21e1de76d92f566aa80546aa4c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
13:23:27.0146 4944 TosCoSrv - ok
13:23:27.0208 4944 TOSHIBA eco Utility Service (152da63a2843e7e63eca8ae90d853763) C:\Program Files\TOSHIBA\TECO\TecoService.exe
13:23:27.0212 4944 TOSHIBA eco Utility Service - ok
13:23:27.0268 4944 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
13:23:27.0271 4944 TOSHIBA HDD SSD Alert Service - ok
13:23:27.0366 4944 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
13:23:27.0372 4944 tos_sps64 - ok
13:23:27.0459 4944 TPCHSrv (6f9e17819bfa53cff67cb1e16669500f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
13:23:27.0469 4944 TPCHSrv - ok
13:23:27.0589 4944 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
13:23:27.0594 4944 TrkWks - ok
13:23:27.0667 4944 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
13:23:27.0670 4944 TrustedInstaller - ok
13:23:27.0715 4944 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
13:23:27.0717 4944 tssecsrv - ok
13:23:27.0753 4944 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
13:23:27.0754 4944 TsUsbFlt - ok
13:23:27.0804 4944 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
13:23:27.0806 4944 tunnel - ok
13:23:27.0828 4944 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
13:23:27.0829 4944 TVALZ - ok
13:23:27.0859 4944 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
13:23:27.0860 4944 TVALZFL - ok
13:23:27.0891 4944 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
13:23:27.0892 4944 uagp35 - ok
13:23:27.0960 4944 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
13:23:27.0965 4944 udfs - ok
13:23:28.0013 4944 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
13:23:28.0017 4944 UI0Detect - ok
13:23:28.0057 4944 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
13:23:28.0058 4944 uliagpkx - ok
13:23:28.0105 4944 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
13:23:28.0106 4944 umbus - ok
13:23:28.0133 4944 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
13:23:28.0134 4944 UmPass - ok
13:23:28.0366 4944 UNS (cc3775100aba633984f73dfae1f55cae) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
13:23:28.0381 4944 UNS - ok
13:23:28.0512 4944 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
13:23:28.0519 4944 upnphost - ok
13:23:28.0580 4944 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
13:23:28.0582 4944 usbccgp - ok
13:23:28.0628 4944 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
13:23:28.0629 4944 usbcir - ok
13:23:28.0652 4944 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
13:23:28.0653 4944 usbehci - ok
13:23:28.0690 4944 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
13:23:28.0694 4944 usbhub - ok
13:23:28.0730 4944 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
13:23:28.0731 4944 usbohci - ok
13:23:28.0766 4944 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
13:23:28.0767 4944 usbprint - ok
13:23:28.0799 4944 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
13:23:28.0800 4944 usbscan - ok
13:23:28.0850 4944 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
13:23:28.0852 4944 USBSTOR - ok
13:23:28.0874 4944 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
13:23:28.0875 4944 usbuhci - ok
13:23:28.0926 4944 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
13:23:28.0929 4944 usbvideo - ok
13:23:28.0952 4944 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
13:23:28.0956 4944 UxSms - ok
13:23:28.0993 4944 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
13:23:28.0995 4944 VaultSvc - ok
13:23:29.0035 4944 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
13:23:29.0037 4944 vdrvroot - ok
13:23:29.0112 4944 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
13:23:29.0122 4944 vds - ok
13:23:29.0158 4944 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
13:23:29.0159 4944 vga - ok
13:23:29.0173 4944 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
13:23:29.0174 4944 VgaSave - ok
13:23:29.0223 4944 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
13:23:29.0227 4944 vhdmp - ok
13:23:29.0243 4944 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
13:23:29.0244 4944 viaide - ok
13:23:29.0264 4944 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
13:23:29.0265 4944 volmgr - ok
13:23:29.0326 4944 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
13:23:29.0331 4944 volmgrx - ok
13:23:29.0388 4944 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
13:23:29.0391 4944 volsnap - ok
13:23:29.0438 4944 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
13:23:29.0441 4944 vsmraid - ok
13:23:29.0583 4944 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
13:23:29.0604 4944 VSS - ok
13:23:29.0724 4944 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
13:23:29.0725 4944 vwifibus - ok
13:23:29.0740 4944 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
13:23:29.0741 4944 vwififlt - ok
13:23:29.0758 4944 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
13:23:29.0759 4944 vwifimp - ok
13:23:29.0811 4944 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
13:23:29.0817 4944 W32Time - ok
13:23:29.0859 4944 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
13:23:29.0861 4944 WacomPen - ok
13:23:29.0897 4944 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:23:29.0899 4944 WANARP - ok
13:23:29.0904 4944 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
13:23:29.0905 4944 Wanarpv6 - ok
13:23:30.0038 4944 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
13:23:30.0054 4944 WatAdminSvc - ok
13:23:30.0164 4944 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
13:23:30.0177 4944 wbengine - ok
13:23:30.0299 4944 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
13:23:30.0305 4944 WbioSrvc - ok
13:23:30.0356 4944 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
13:23:30.0362 4944 wcncsvc - ok
13:23:30.0383 4944 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
13:23:30.0386 4944 WcsPlugInService - ok
13:23:30.0429 4944 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
13:23:30.0430 4944 Wd - ok
13:23:30.0463 4944 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
13:23:30.0464 4944 WDC_SAM - ok
13:23:30.0525 4944 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
13:23:30.0533 4944 Wdf01000 - ok
13:23:30.0570 4944 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:23:30.0574 4944 WdiServiceHost - ok
13:23:30.0580 4944 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
13:23:30.0584 4944 WdiSystemHost - ok
13:23:30.0636 4944 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
13:23:30.0639 4944 WebClient - ok
13:23:30.0674 4944 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
13:23:30.0678 4944 Wecsvc - ok
13:23:30.0695 4944 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
13:23:30.0698 4944 wercplsupport - ok
13:23:30.0719 4944 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
13:23:30.0722 4944 WerSvc - ok
13:23:30.0767 4944 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
13:23:30.0768 4944 WfpLwf - ok
13:23:30.0881 4944 WiMAXAppSrv (8686e96e13f41ac9806a79ca8004feee) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
13:23:30.0891 4944 WiMAXAppSrv - ok
13:23:30.0906 4944 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
13:23:30.0906 4944 WIMMount - ok
13:23:30.0933 4944 WinDefend - ok
13:23:30.0937 4944 WinHttpAutoProxySvc - ok
13:23:30.0980 4944 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
13:23:30.0981 4944 Winmgmt - ok
13:23:31.0143 4944 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
13:23:31.0159 4944 WinRM - ok
13:23:31.0307 4944 WinUSB (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUSB.sys
13:23:31.0308 4944 WinUSB - ok
13:23:31.0381 4944 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
13:23:31.0389 4944 Wlansvc - ok
13:23:31.0446 4944 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:23:31.0447 4944 wlcrasvc - ok
13:23:31.0653 4944 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:23:31.0668 4944 wlidsvc - ok
13:23:31.0793 4944 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
13:23:31.0795 4944 WmiAcpi - ok
13:23:31.0847 4944 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
13:23:31.0848 4944 wmiApSrv - ok
13:23:31.0889 4944 WMPNetworkSvc - ok
13:23:31.0990 4944 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe
13:23:31.0992 4944 WMZuneComm - ok
13:23:32.0022 4944 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
13:23:32.0025 4944 WPCSvc - ok
13:23:32.0069 4944 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
13:23:32.0074 4944 WPDBusEnum - ok
13:23:32.0101 4944 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
13:23:32.0102 4944 ws2ifsl - ok
13:23:32.0144 4944 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
13:23:32.0148 4944 wscsvc - ok
13:23:32.0153 4944 WSearch - ok
13:23:32.0384 4944 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
13:23:32.0401 4944 wuauserv - ok
13:23:32.0537 4944 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
13:23:32.0539 4944 WudfPf - ok
13:23:32.0569 4944 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
13:23:32.0571 4944 WUDFRd - ok
13:23:32.0611 4944 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
13:23:32.0616 4944 wudfsvc - ok
13:23:32.0659 4944 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
13:23:32.0663 4944 WwanSvc - ok
13:23:32.0701 4944 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\windows\system32\DRIVERS\xusb21.sys
13:23:32.0703 4944 xusb21 - ok
13:23:33.0283 4944 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe
13:23:33.0319 4944 ZuneNetworkSvc - ok
13:23:33.0430 4944 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe
13:23:33.0437 4944 ZuneWlanCfgSvc - ok
13:23:33.0469 4944 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
13:23:33.0505 4944 \Device\Harddisk0\DR0 - ok
13:23:33.0539 4944 Boot (0x1200) (e90ad9f250ddf7550ad9cbd10c7001f9) \Device\Harddisk0\DR0\Partition0
13:23:33.0542 4944 \Device\Harddisk0\DR0\Partition0 - ok
13:23:33.0543 4944 ============================================================
13:23:33.0543 4944 Scan finished
13:23:33.0543 4944 ============================================================
13:23:33.0560 5800 Detected object count: 0
13:23:33.0560 5800 Actual detected object count: 0


aswMBR Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-29 13:29:02
-----------------------------
13:29:02.360 OS Version: Windows x64 6.1.7601 Service Pack 1
13:29:02.360 Number of processors: 8 586 0x1E05
13:29:02.360 ComputerName: OWNER-PC UserName: Owner
13:29:04.107 Initialize success
13:30:23.496 AVAST engine defs: 12042900
13:30:56.506 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:30:56.506 Disk 0 Vendor: TOSHIBA_ GJ00 Size: 610480MB BusType: 3
13:30:56.521 Disk 0 MBR read successfully
13:30:56.537 Disk 0 MBR scan
13:30:56.537 Disk 0 Windows VISTA default MBR code
13:30:56.553 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:30:56.584 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 597107 MB offset 3074048
13:30:56.615 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 11872 MB offset 1225949184
13:30:56.662 Disk 0 scanning C:\windows\system32\drivers
13:31:08.206 Service scanning
13:31:57.065 Modules scanning
13:31:57.081 Disk 0 trace - called modules:
13:31:57.128 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
13:31:57.143 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ec0060]
13:31:57.143 3 CLASSPNP.SYS[fffff8800139143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004e20710]
13:31:57.159 5 thpdrv.sys[fffff88001be2cc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004baa050]
13:31:58.875 AVAST engine scan C:\windows
13:32:02.712 AVAST engine scan C:\windows\system32
13:34:59.024 AVAST engine scan C:\windows\system32\drivers
13:35:13.906 AVAST engine scan C:\Users\Owner
13:46:21.759 File: C:\Users\Owner\AppData\Roaming\WinRAR\WinRAR\hqsysrld.dll **INFECTED** Win32:Trojan-gen
13:47:10.915 AVAST engine scan C:\ProgramData
13:50:17.007 Scan finished successfully
13:51:41.513 Disk 0 MBR has been saved successfully to "C:\Users\Owner\Desktop\MBR.dat"
13:51:41.513 The log file has been saved successfully to "C:\Users\Owner\Desktop\aswMBR.txt"

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 PM

Posted 29 April 2012 - 01:42 PM

Hello


I want you to uninstall firefox and chrome - if asked about user data or settings then remove those also

If you want to keep your bookmarks that would be ok but everything else needs to go

reinstall them and check for redirects


:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\program files (x86)\Freecorder

File::
C:\Users\Owner\AppData\Roaming\WinRAR\WinRAR\hqsysrld.dll

DDS::
uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;

Firefox::
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\s3kuuvkl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 MANGOMASTER

MANGOMASTER
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 29 April 2012 - 10:46 PM

Hey,

I uninstalled Firefox and Google Chrome and reinstalled them. Only Firefox asked me to remove user data settings.
After reinstalling, Firefox did not redirect me to Happili anymore, but Google Chrome did redirect me to Happili.

I completed CFScript with no interruption. However, I am still receiving the "Web camera instalization failed. Please check your camera device and restart application or computer" after every reboot" message after every reboot. Besides the camera, the computer is running normally.

Combofix Log:

ComboFix 12-04-29.02 - Owner 04/29/2012 18:18:44.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4027.2224 [GMT -4:00]
Running from: c:\users\Owner\Downloads\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Owner\AppData\Roaming\WinRAR\WinRAR\hqsysrld.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Freecorder
c:\program files (x86)\Freecorder\Applian_Audio_Plugin.dll
c:\program files (x86)\Freecorder\audgopher.dll
c:\program files (x86)\Freecorder\audhook.dll
c:\program files (x86)\Freecorder\FCAudio.exe
c:\program files (x86)\Freecorder\FCConv.exe
c:\program files (x86)\Freecorder\FCSettings.exe
c:\program files (x86)\Freecorder\FCVideo.exe
c:\program files (x86)\Freecorder\ffmpeg.exe
c:\program files (x86)\Freecorder\FLVPlayer.exe
c:\program files (x86)\Freecorder\FLVSrvc.exe
c:\program files (x86)\Freecorder\freecorder.exe
c:\program files (x86)\Freecorder\Freecorder.xpi
c:\program files (x86)\Freecorder\lame_enc.dll
c:\program files (x86)\Freecorder\sdl.dll
c:\program files (x86)\Freecorder\Uninstall\IRIMG1.JPG
c:\program files (x86)\Freecorder\Uninstall\IRIMG2.JPG
c:\program files (x86)\Freecorder\Uninstall\uninstall.dat
c:\program files (x86)\Freecorder\Uninstall\uninstall.xml
c:\program files (x86)\Freecorder\VistaAudioLib.dll
c:\users\Owner\AppData\Roaming\WinRAR\WinRAR\hqsysrld.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-29 )))))))))))))))))))))))))))))))
.
.
2012-04-29 22:31 . 2012-04-29 22:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-04-29 22:31 . 2012-04-29 22:31 -------- d-----w- c:\users\Mcx1-OWNER-PC\AppData\Local\temp
2012-04-29 22:31 . 2012-04-29 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-29 22:06 . 2012-04-29 22:06 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-29 22:06 . 2012-04-21 01:19 97208 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-04-29 01:30 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E8A72E1E-7FE7-4D32-99D3-407957DCEA12}\mpengine.dll
2012-04-29 01:19 . 2012-04-29 01:19 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-04-24 18:34 . 2012-04-29 00:39 -------- d--h--w- c:\users\Owner\AppData\Roaming\8DF05298
2012-04-19 02:48 . 2012-04-19 02:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-18 22:40 . 2012-04-18 22:40 16200 ----a-w- c:\windows\stinger.sys
2012-04-18 22:39 . 2012-04-18 22:46 -------- d-----w- c:\program files (x86)\stinger
2012-04-14 01:41 . 2012-04-14 01:41 -------- d-----w- c:\windows\en
2012-04-14 01:37 . 2012-03-08 22:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-14 01:31 . 2012-04-14 01:31 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\467a29931cd19de02\MeshBetaRemover.exe
2012-04-14 01:31 . 2012-04-14 01:31 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\DSETUP.dll
2012-04-14 01:31 . 2012-04-14 01:31 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\DXSETUP.exe
2012-04-14 01:31 . 2012-04-14 01:31 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\461af2881cd19de01\dsetup32.dll
2012-04-12 06:31 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 06:31 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 06:31 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 06:28 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 06:28 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 06:28 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 06:28 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 06:28 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 06:28 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 06:28 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-08 15:18 . 2012-04-13 22:18 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-08 14:51 . 2012-04-13 22:18 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-08 14:51 . 2012-04-08 14:51 -------- d-----w- c:\windows\system32\Macromed
2012-04-05 17:58 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-05 17:58 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-05 17:24 . 2012-04-05 17:24 -------- d-----w- c:\windows\system32\ms-MY
2012-04-05 17:10 . 2012-04-05 17:10 -------- d-----w- c:\windows\system32\SPReview
2012-04-05 17:09 . 2012-04-05 17:09 -------- d-----w- c:\windows\system32\EventProviders
2012-04-05 16:45 . 2012-04-27 15:35 -------- d-----w- C:\QUARANTINE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-13 22:18 . 2011-05-16 16:32 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-05 17:23 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-04-05 17:23 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-08 22:50 . 2012-03-08 22:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 22:37 . 2012-03-08 22:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-02-23 14:18 . 2011-01-27 20:32 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-23 04:45 . 2012-02-23 04:45 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-23 04:45 . 2012-02-23 04:45 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-23 04:45 . 2012-02-23 04:45 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-23 04:45 . 2012-02-23 04:45 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-23 04:45 . 2012-02-23 04:45 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-23 04:45 . 2012-02-23 04:45 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-23 04:45 . 2012-02-23 04:45 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-23 04:45 . 2012-02-23 04:45 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-23 04:45 . 2012-02-23 04:45 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-23 04:45 . 2012-02-23 04:45 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-23 04:45 . 2012-02-23 04:45 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-23 04:45 . 2012-02-23 04:45 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-23 04:45 . 2012-02-23 04:45 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-23 04:45 . 2012-02-23 04:45 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-23 04:45 . 2012-02-23 04:45 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-23 04:45 . 2012-02-23 04:45 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-23 04:45 . 2012-02-23 04:45 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 04:45 . 2012-02-23 04:45 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-23 04:45 . 2012-02-23 04:45 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-23 04:45 . 2012-02-23 04:45 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-23 04:45 . 2012-02-23 04:45 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-23 04:45 . 2012-02-23 04:45 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-23 04:45 . 2012-02-23 04:45 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-23 04:45 . 2012-02-23 04:45 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-23 04:45 . 2012-02-23 04:45 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-23 04:45 . 2012-02-23 04:45 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-23 04:45 . 2012-02-23 04:45 448512 ----a-w- c:\windows\system32\html.iec
2012-02-23 04:45 . 2012-02-23 04:45 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-23 04:45 . 2012-02-23 04:45 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-23 04:45 . 2012-02-23 04:45 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-23 04:45 . 2012-02-23 04:45 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-23 04:45 . 2012-02-23 04:45 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-23 04:45 . 2012-02-23 04:45 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-23 04:45 . 2012-02-23 04:45 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-17 06:38 . 2012-03-14 14:34 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 14:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 14:34 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 14:34 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-14 16:09 . 2012-02-14 16:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 06:36 . 2012-03-14 17:39 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:39 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 17:39 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-29_01.01.22 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-25 18:04 . 2012-04-29 22:35 63434 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-04-29 01:02 48106 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-29 22:35 48106 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-27 18:51 . 2012-04-29 22:35 13548 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3883306894-3449574430-328466408-1001_UserData.bin
- 2010-11-25 18:24 . 2012-04-29 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-25 18:24 . 2012-04-29 22:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-25 18:24 . 2012-04-29 22:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-25 18:24 . 2012-04-29 01:01 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-29 22:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-29 01:01 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-04-29 15:03 91888 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-04-29 01:19 . 2012-04-29 01:19 32768 c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
+ 2011-03-14 03:32 . 2012-04-29 01:19 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-04-29 01:00 . 2012-04-29 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-29 22:33 . 2012-04-29 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-29 01:00 . 2012-04-29 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-29 22:33 . 2012-04-29 22:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-04-29 00:12 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-29 15:00 624412 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-29 15:00 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-29 00:12 106756 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-29 00:59 474132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-29 22:32 474132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2008-09-30 20:43 . 2008-09-30 20:43 1286152 c:\windows\SysWOW64\msxml4.dll
- 2009-07-14 04:45 . 2012-04-28 02:54 7112306 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-04-29 01:32 7112306 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-05-09 06:19 . 2012-04-29 22:32 8362700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3883306894-3449574430-328466408-1001-8192.dat
- 2011-09-01 17:41 . 2012-04-28 23:55 1419124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3883306894-3449574430-328466408-1001-12288.dat
+ 2011-09-01 17:41 . 2012-04-29 22:32 1419124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3883306894-3449574430-328466408-1001-12288.dat
+ 2008-10-01 01:07 . 2008-10-01 01:07 6042112 c:\windows\Installer\114f1e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Owner\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-30 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-05 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-02 2454840]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"McAfeeUpdaterUI"="c:\program files (x86)\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]
"ShStatEXE"="c:\program files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [x]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 136176]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-07-23 822192]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
S2 McAfeeEngineService;McAfee Engine Service;c:\program files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [2009-10-23 19720]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2011-03-09 1104608]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-05-05 1604200]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-07-28 267192]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 22:18]
.
2012-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001Core.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 22:09]
.
2012-04-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001UA.job
- c:\users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-02 22:09]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-30 04:44]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001Core.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 01:04]
.
2012-04-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3883306894-3449574430-328466408-1001UA.job
- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-18 01:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 0.0.0.0
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\0zcwnk0a.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3883306894-3449574430-328466408-1001\Software\SecuROM\License information*]
"datasecu"=hex:00,3f,50,af,17,02,08,55,7d,89,a9,ee,9a,af,f6,09,1e,84,35,09,5a,
c2,59,4a,aa,23,35,a7,76,5b,04,38,cf,34,87,0d,58,10,19,19,9d,6a,86,0f,b4,85,\
"rkeysecu"=hex:fa,98,a9,e8,45,96,5c,0b,64,d7,f4,6c,04,ee,0d,4a
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\McAfee\Common Framework\FrameworkService.exe
c:\program files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files (x86)\McAfee\Common Framework\naPrdMgr.exe
c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Completion time: 2012-04-29 18:50:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-29 22:50
ComboFix2.txt 2012-04-29 01:17
ComboFix3.txt 2012-04-18 23:46
.
Pre-Run: 522,865,631,232 bytes free
Post-Run: 522,741,215,232 bytes free
.
- - End Of File - - 30AB47C77633F330DC9E566232E67EC0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 PM

Posted 30 April 2012 - 04:25 AM

Hello

chrome is built on top of IE so I want you to go here and press the fixit button and let me know if chrome still redirects


http://support.microsoft.com/kb/923737



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 MANGOMASTER

MANGOMASTER
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 30 April 2012 - 02:11 PM

Hello,

After I ran fixit, Google Chrome still redirected me. I repeated the previous process, uninstalling Chrome then reinstalling it and it does not redirect anymore. Forgive me if I got ahead of myself. Is the problem fixed now? Thank you so much for your instruction and attention.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 PM

Posted 30 April 2012 - 03:15 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader 9.5.1
Bing Bar
BitComet 1.26
Freecorder
Java™ 6 Update 26
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 MANGOMASTER

MANGOMASTER
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 01 May 2012 - 11:24 AM

Hello,

Besides the camera the computer is running normal. Google Search links are not redirecting me to Happili or any sites similar to that.

I ran Revo with intial confusion.

"Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next"

Adobe Reader did not have show Bolded Items, but it did have folders. I was confused and unsure which step it was, since they were not bolded I let them be.
Bing Bar uninstalled without leftovers.
Bitcomet was the first time I saw what the Bolded Items looked like which I deleted, but it slipped my mind to delete the folders because I was still thinking about Adobe Reader.
Freecorder uninstalled, but I received this message "Invalid uninstall control file: C:\Program Files (x86)\Freecorder\Uninstall\uninstall.xml". I removed the Bolded Items as well as the files/folders this time.
Java 6 Update 26 removed without leftovers.

Is there any way I can go back and delete the remaining files for Adobe Reader and Bitcomet? Sorry for the trouble.

Adobe Reader 10 installed successfully.
CCleaner ran successfully.
Malwarebytes' Anti-Malware and HijackThis ran without interruption or difficulty.

MBAM Log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-PC [administrator]

Protection: Enabled

4/30/2012 8:40:14 PM
mbam-log-2012-04-30 (20-40-14).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243177
Time elapsed: 2 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Owner\Downloads\SoftonicDownloader_for_open-workbench.exe (PUP.OfferBundler.ST) -> Quarantined and deleted successfully.

(end)


HijackThis Log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:21:56 PM, on 4/30/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgentUI.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-21-3883306894-3449574430-328466408-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3883306894-3449574430-328466408-1000\..\Run: [] (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3883306894-3449574430-328466408-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Cisco NAC Agent (NACAgent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12279 bytes

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 PM

Posted 01 May 2012 - 09:21 PM

Hello

I ran Revo with intial confusion.

"Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next


when Revo scans for any left over it checks the registry and it checks for folders

the first part that comes up is the registry section (if leftovers are found) this is the section that you only put a check mark next to the Bolded items

the next part is the folders - these all can be removed



These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Owner\AppData\Local\Akamai\netsession_win.exe"
      O4 - HKUS\S-1-5-21-3883306894-3449574430-328466408-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3883306894-3449574430-328466408-1000\..\Run: [] (User 'UpdatusUser')
      O4 - HKUS\S-1-5-21-3883306894-3449574430-328466408-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
      O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 MANGOMASTER

MANGOMASTER
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 03 May 2012 - 12:45 AM

Hi,

I ran HijackThis successfully. I kept "O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun".
I used "Fix Checked" on the rest.

ESET Online ran successfully and produced the following logs:

C:\Qoobox\Quarantine\C\Users\Owner\AppData\Roaming\WinRAR\WinRAR\hqsysrld.dll.vir Win32/Boaxxe.C trojan
C:\Users\Owner\Downloads\FCTBSetup.exe Win32/OpenCandy application
C:\Users\Owner\Downloads\winzip155.exe Win32/OpenCandy application
C:\Users\Owner\Downloads\winzip160.exe Win32/OpenCandy application

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:26 PM

Posted 03 May 2012 - 01:06 AM

Hello

There are some minor things in your online scan that should be removed.


delete files

  • Copy all text in the quote box (below)...to Notepad.

    @echo off
    del /f /s /q "C:\Users\Owner\Downloads\FCTBSetup.exe"
    del /f /s /q "C:\Users\Owner\Downloads\winzip155.exe"
    del /f /s /q "C:\Users\Owner\Downloads\winzip160.exe"
    del %0

  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: Posted Image<--XPPosted Image<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.


The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.




Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


:Why we need to remove some of our tools:

Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK.
Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)


    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety

Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum

COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 MANGOMASTER

MANGOMASTER
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 04 May 2012 - 12:12 AM

Hello,

I ran the delfile.bat, re-enabled the CD emulation, uninstalled Combofix, and ran OTCleanlt successfuly.

I am still receiving "Web cam initialization failed. Please check your camera device and start application or computer." It is a built in webcam and the message has been appearing since I ran Combofix. Could it be that it may have been accidentally deleted?

Thank you for all your help. I truly appreciate you not only removing the virus, but helping me clean the computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users