Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System Error. Hard Disk failure detected


  • This topic is locked This topic is locked
31 replies to this topic

#1 dratcliff

dratcliff

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 25 September 2012 - 10:23 AM

Along with a slew of "System message - Write Fault Error" Popups, and a Popup that has a bunch of what I assume is Russian Chars that ends with "DFS has stopped working", the top Popup reads "System Error. Hard Disk failure detected".

I have read the Prep guide and will include the output of DDS below.

Looking forward to getting this crap off of my machine.

Thanks for being here, your expertise is much appreciated.

DDS.txt:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Don at 10:56:55 on 2012-09-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.5233 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt
uStart Page = hxxp://www.foxnews.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514093702.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
uRun: [Google Update] "C:\Users\Don\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun: [SPC1300] C:\Windows\vspc1300.exe
mRun: [HP Component Manager] "C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe"
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
mRun: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [eHQSJjoRNpklu.exe] C:\ProgramData\eHQSJjoRNpklu.exe
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://192.168.1.76/Ctl/WinWebPush.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{564DA4E3-2A83-4C16-BF6E-3876C5A12B8D} : DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{564DA4E3-2A83-4C16-BF6E-3876C5A12B8D}\34963736F64403533313 : DhcpNameServer = 192.168.0.1 68.94.156.1 68.94.157.1
TCP: Interfaces\{564DA4E3-2A83-4C16-BF6E-3876C5A12B8D}\4496A7A797D41676E6F6C69616 : DhcpNameServer = 192.168.0.1 68.94.156.1 68.94.157.1
TCP: Interfaces\{58B012AA-B45C-4329-B318-89C42ED2EA79} : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514093702.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
mRun-x64: [SPC1300] C:\Windows\vspc1300.exe
mRun-x64: [HP Component Manager] "C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe"
mRun-x64: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun-x64: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun-x64: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
mRun-x64: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [BYR_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [eHQSJjoRNpklu.exe] C:\ProgramData\eHQSJjoRNpklu.exe
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-1 355440]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2010-11-1 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-19 116648]
S2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2010-7-19 192512]
S2 HPHNDUSVC;HP Home Network Diagnostic Support Service;C:\Windows\system32\svchost.exe -k HPHNDUService [2009-7-13 20992]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-24 399432]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-18 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2012-8-22 103472]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-1 355440]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-11-1 355440]
S2 McShield;McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2010-11-1 200056]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-8 2255464]
S2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-6-30 1248256]
S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-9-19 116648]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 phaudlwr;Philips Audio Filter;C:\Windows\system32\DRIVERS\phaudlwr.sys --> C:\Windows\system32\DRIVERS\phaudlwr.sys [?]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S3 SPC1300;USB2.0 PC Camera (SPC1300);C:\Windows\system32\DRIVERS\spc1300.sys --> C:\Windows\system32\DRIVERS\spc1300.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-09-25 00:02:33 350720 ----a-w- C:\ProgramData\eHQSJjoRNpklu.exe
2012-09-11 19:42:50 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-09-11 19:42:50 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-09-11 19:42:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-16 15:21:35 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-16 15:21:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2001-11-05 13:30:50 165376 ----a-w- C:\Program Files (x86)\UNWISE.EXE
.
============= FINISH: 10:58:45.26 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 26 September 2012 - 01:34 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 27 September 2012 - 12:17 PM

Thanks Gringo!

I will be running the d/l's and pasting soon. Just wanted to let you know that I have run mbam twice since I posted the initial post. I saved both log files from mbam if you need them.

I am able to boot to normal mode now, and have run a full back-up. That's what took so long in my reply.


Don

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 27 September 2012 - 12:41 PM

no problem and I will be waiting for the reports


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 27 September 2012 - 01:11 PM

Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.3003)
Malwarebytes Anti-Malware version 1.65.0.1400
Java™ 6 Update 29
Java™ 6 Update 7
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Google Chrome 21.0.1180.81
Google Chrome 21.0.1180.83
Google Chrome 22.0.1229.14
Google Chrome 22.0.1229.26
Google Chrome 22.0.1229.36
Google Chrome 22.0.1229.39
Google Chrome 22.0.1229.52
Google Chrome 22.0.1229.56
Google Chrome 22.0.1229.64
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.91
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#6 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 27 September 2012 - 01:23 PM

# AdwCleaner v2.003 - Logfile created 09/27/2012 at 14:13:42
# Updated 23/09/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Don - DON-PC
# Boot Mode : Normal
# Running from : C:\Users\Don\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\vShare
Folder Deleted : C:\Users\Don\AppData\LocalLow\vShare

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-21-86630789-3628600311-2817074039-1001\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Google Chrome v22.0.1229.91

File : C:\Users\Don\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3630 octets] - [27/09/2012 14:13:42]

########## EOF - C:\AdwCleaner[S1].txt - [3690 octets] ##########

#7 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 27 September 2012 - 01:29 PM

Tried to run RogueKiller.exe as admin. Won't run - comes back with RogueKiller.exe is not a valid Win32 Application

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 27 September 2012 - 02:34 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 27 September 2012 - 05:07 PM

The output from ComboFix follows

I was unable to totally disable the Mcafee Suite. When I opened the control panel all the options were grayed-out. I noticed that at one point Mcafee quarantined a utility called "eicar" not sure about the spelling. I can delete Mcafee from the system and re-run Combofix if needed. It is out of date anyway.
Other symptoms are:
Programs in my most of my Start Menu Program folders have reappeared. This is a good thing. They had disappeared in a previous attack. Some had returned but many had not. Now most are back.
I was being redirected from search results. Seems to be fine now.
I have had a recurring problem with my Printer driver not getting loaded at start-up. Seems to be an HP problem, just thought I'd mention it.
I get a pop-up upon boot up that states that dseri.dll could not be found. (might be related to the printer problem).

As of this moment, the computer seems to be running fine. Although I did notice that a few of my desktop icons were rearranged during the run of ComboFix. Not a problem - just noticed it.










ComboFix 12-09-27.03 - Don 09/27/2012 17:09:25.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.4613 [GMT -4:00]
Running from: c:\users\Don\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\INSTALL.LOG
c:\users\Don\AppData\Local\assembly\tmp
c:\windows\SysWow64\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\vspc1300.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-27 to 2012-09-27 )))))))))))))))))))))))))))))))
.
.
2012-09-27 21:20 . 2012-09-27 21:20 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-27 21:20 . 2012-09-27 21:20 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-27 21:20 . 2012-09-27 21:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 20:50 . 2012-09-19 20:51 -------- d-----w- c:\program files (x86)\Google
2012-09-14 07:01 . 2012-09-14 07:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-11 19:42 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:42 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:42 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 07:00 . 2010-08-23 15:29 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 21:04 . 2011-06-15 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 15:21 . 2012-04-11 15:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 15:21 . 2011-11-23 16:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 09:34 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 01:12 . 2012-07-14 01:12 40960 ----a-r- c:\users\Don\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2012-07-04 22:16 . 2012-08-15 09:40 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 09:40 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 09:40 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 09:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2001-11-05 13:30 . 2010-08-26 17:57 165376 ----a-w- c:\program files (x86)\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]
"HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-13 57393]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-13 40960]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2008\QBW32.EXE [2012-4-9 1178984]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
TrayMin1300.lnk - c:\program files (x86)\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2010-7-22 245760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 116648]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 116648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 94992]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Don\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-21 114608]
R3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\DRIVERS\spc1300.sys [2010-01-26 3251968]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-24 1255736]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 75160]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 283744]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-06-15 103472]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 149032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 63056]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 441840]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
HPHNDUService REG_MULTI_SZ HPHNDUSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 20:50]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 20:50]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-86630789-3628600311-2817074039-1000Core.job
- c:\users\Don\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17 17:10]
.
2012-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-86630789-3628600311-2817074039-1000UA.job
- c:\users\Don\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17 17:10]
.
2012-09-23 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 333344]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.foxnews.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://192.168.1.76/Ctl/WinWebPush.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-SPC1300 - c:\windows\vspc1300.exe
Wow6432Node-HKLM-Run-BYR_AGENT - c:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-spc1300 - c:\windows\vspc1300.exe
HKLM-Run-dseri - c:\users\Don\AppData\Local\Temp\dseri.dll
AddRemove-sp44353 - c:\hp\Softpaq\sp44353\sp44353.exe
AddRemove-{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1 - c:\programdata\Hewlett-Packard\HP Easy Backup\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-27 17:28:31
ComboFix-quarantined-files.txt 2012-09-27 21:28
.
Pre-Run: 729,073,795,072 bytes free
Post-Run: 730,790,924,288 bytes free
.
- - End Of File - - 9B086460DEBA439D0A585E9AF6827E11

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 28 September 2012 - 12:05 PM

Greetings dratcliff

Which programs are still missing?

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 28 September 2012 - 01:22 PM

Gringo,

I guess that I was mistaken about the missing programs. Looks like the few that I saw were just dead folders that hadn't been removed.
The Start Menu looks fine!

Thanks!




14:14:25.0225 3716 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
14:14:26.0036 3716 ============================================================
14:14:26.0036 3716 Current date / time: 2012/09/28 14:14:26.0036
14:14:26.0036 3716 SystemInfo:
14:14:26.0036 3716
14:14:26.0036 3716 OS Version: 6.1.7601 ServicePack: 1.0
14:14:26.0036 3716 Product type: Workstation
14:14:26.0036 3716 ComputerName: DON-PC
14:14:26.0036 3716 UserName: Don
14:14:26.0036 3716 Windows directory: C:\Windows
14:14:26.0036 3716 System windows directory: C:\Windows
14:14:26.0036 3716 Running under WOW64
14:14:26.0036 3716 Processor architecture: Intel x64
14:14:26.0036 3716 Number of processors: 4
14:14:26.0036 3716 Page size: 0x1000
14:14:26.0036 3716 Boot type: Normal boot
14:14:26.0036 3716 ============================================================
14:14:27.0534 3716 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:14:27.0612 3716 ============================================================
14:14:27.0612 3716 \Device\Harddisk0\DR0:
14:14:27.0612 3716 MBR partitions:
14:14:27.0612 3716 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x72C8C2C2
14:14:27.0612 3716 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x72C8C301, BlocksNum 0x1A796C0
14:14:27.0612 3716 ============================================================
14:14:27.0643 3716 C: <-> \Device\Harddisk0\DR0\Partition1
14:14:27.0690 3716 D: <-> \Device\Harddisk0\DR0\Partition2
14:14:27.0690 3716 ============================================================
14:14:27.0690 3716 Initialize success
14:14:27.0690 3716 ============================================================
14:14:46.0909 3036 ============================================================
14:14:46.0909 3036 Scan started
14:14:46.0909 3036 Mode: Manual;
14:14:46.0909 3036 ============================================================
14:14:48.0484 3036 ================ Scan system memory ========================
14:14:48.0484 3036 System memory - ok
14:14:48.0484 3036 ================ Scan services =============================
14:14:48.0625 3036 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
14:14:48.0640 3036 1394ohci - ok
14:14:48.0656 3036 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
14:14:48.0656 3036 ACPI - ok
14:14:48.0672 3036 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
14:14:48.0672 3036 AcpiPmi - ok
14:14:48.0718 3036 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
14:14:48.0734 3036 adp94xx - ok
14:14:48.0750 3036 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
14:14:48.0765 3036 adpahci - ok
14:14:48.0781 3036 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
14:14:48.0796 3036 adpu320 - ok
14:14:48.0828 3036 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
14:14:48.0828 3036 AeLookupSvc - ok
14:14:48.0874 3036 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
14:14:48.0890 3036 AFD - ok
14:14:48.0906 3036 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
14:14:48.0921 3036 agp440 - ok
14:14:48.0937 3036 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
14:14:48.0937 3036 ALG - ok
14:14:48.0968 3036 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
14:14:48.0968 3036 aliide - ok
14:14:48.0984 3036 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
14:14:48.0984 3036 amdide - ok
14:14:49.0015 3036 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
14:14:49.0030 3036 AmdK8 - ok
14:14:49.0046 3036 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
14:14:49.0046 3036 AmdPPM - ok
14:14:49.0077 3036 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
14:14:49.0077 3036 amdsata - ok
14:14:49.0108 3036 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
14:14:49.0108 3036 amdsbs - ok
14:14:49.0124 3036 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
14:14:49.0124 3036 amdxata - ok
14:14:49.0171 3036 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
14:14:49.0171 3036 AppID - ok
14:14:49.0202 3036 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
14:14:49.0202 3036 AppIDSvc - ok
14:14:49.0233 3036 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
14:14:49.0233 3036 Appinfo - ok
14:14:49.0327 3036 [ D8E18021F91AD79CA8491CB5A5DA22D4 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:14:49.0342 3036 Apple Mobile Device - ok
14:14:49.0389 3036 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
14:14:49.0389 3036 arc - ok
14:14:49.0405 3036 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
14:14:49.0405 3036 arcsas - ok
14:14:49.0420 3036 ASAPIW2k - ok
14:14:49.0452 3036 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
14:14:49.0452 3036 AsyncMac - ok
14:14:49.0467 3036 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
14:14:49.0467 3036 atapi - ok
14:14:49.0530 3036 [ 7D89B0C443F6068E5B27AA3B972069FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
14:14:49.0654 3036 athr - ok
14:14:49.0717 3036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
14:14:49.0717 3036 AudioEndpointBuilder - ok
14:14:49.0732 3036 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
14:14:49.0732 3036 AudioSrv - ok
14:14:49.0748 3036 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
14:14:49.0748 3036 AxInstSV - ok
14:14:49.0779 3036 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
14:14:49.0779 3036 b06bdrv - ok
14:14:49.0795 3036 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
14:14:49.0795 3036 b57nd60a - ok
14:14:49.0810 3036 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
14:14:49.0826 3036 BDESVC - ok
14:14:49.0842 3036 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
14:14:49.0842 3036 Beep - ok
14:14:49.0888 3036 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
14:14:49.0904 3036 BFE - ok
14:14:49.0935 3036 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
14:14:49.0951 3036 BITS - ok
14:14:49.0966 3036 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
14:14:49.0966 3036 blbdrive - ok
14:14:50.0044 3036 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:14:50.0044 3036 Bonjour Service - ok
14:14:50.0076 3036 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
14:14:50.0076 3036 bowser - ok
14:14:50.0107 3036 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:14:50.0107 3036 BrFiltLo - ok
14:14:50.0122 3036 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:14:50.0122 3036 BrFiltUp - ok
14:14:50.0154 3036 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
14:14:50.0154 3036 BridgeMP - ok
14:14:50.0185 3036 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
14:14:50.0185 3036 Browser - ok
14:14:50.0216 3036 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
14:14:50.0232 3036 Brserid - ok
14:14:50.0247 3036 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
14:14:50.0247 3036 BrSerWdm - ok
14:14:50.0278 3036 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
14:14:50.0278 3036 BrUsbMdm - ok
14:14:50.0294 3036 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
14:14:50.0294 3036 BrUsbSer - ok
14:14:50.0325 3036 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
14:14:50.0341 3036 BTHMODEM - ok
14:14:50.0372 3036 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
14:14:50.0372 3036 bthserv - ok
14:14:50.0388 3036 catchme - ok
14:14:50.0419 3036 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
14:14:50.0419 3036 cdfs - ok
14:14:50.0466 3036 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
14:14:50.0466 3036 cdrom - ok
14:14:50.0512 3036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
14:14:50.0512 3036 CertPropSvc - ok
14:14:50.0544 3036 [ 676535B3156FECF7133CF80B4D2F6CF7 ] cfwids C:\Windows\system32\drivers\cfwids.sys
14:14:50.0544 3036 cfwids - ok
14:14:50.0575 3036 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
14:14:50.0575 3036 circlass - ok
14:14:50.0606 3036 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
14:14:50.0606 3036 CLFS - ok
14:14:50.0684 3036 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:14:50.0700 3036 clr_optimization_v2.0.50727_32 - ok
14:14:50.0731 3036 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:14:50.0746 3036 clr_optimization_v2.0.50727_64 - ok
14:14:50.0793 3036 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:14:50.0793 3036 clr_optimization_v4.0.30319_32 - ok
14:14:50.0824 3036 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:14:50.0824 3036 clr_optimization_v4.0.30319_64 - ok
14:14:50.0840 3036 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
14:14:50.0856 3036 CmBatt - ok
14:14:50.0871 3036 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
14:14:50.0887 3036 cmdide - ok
14:14:50.0918 3036 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
14:14:50.0934 3036 CNG - ok
14:14:50.0949 3036 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
14:14:50.0965 3036 Compbatt - ok
14:14:50.0980 3036 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
14:14:50.0980 3036 CompositeBus - ok
14:14:50.0996 3036 COMSysApp - ok
14:14:51.0027 3036 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
14:14:51.0027 3036 crcdisk - ok
14:14:51.0074 3036 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
14:14:51.0090 3036 CryptSvc - ok
14:14:51.0152 3036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
14:14:51.0168 3036 DcomLaunch - ok
14:14:51.0199 3036 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
14:14:51.0199 3036 defragsvc - ok
14:14:51.0246 3036 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
14:14:51.0246 3036 DfsC - ok
14:14:51.0292 3036 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
14:14:51.0292 3036 Dhcp - ok
14:14:51.0324 3036 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
14:14:51.0324 3036 discache - ok
14:14:51.0339 3036 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
14:14:51.0355 3036 Disk - ok
14:14:51.0386 3036 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
14:14:51.0402 3036 Dnscache - ok
14:14:51.0433 3036 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
14:14:51.0433 3036 dot3svc - ok
14:14:51.0464 3036 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
14:14:51.0480 3036 Dot4 - ok
14:14:51.0511 3036 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
14:14:51.0526 3036 Dot4Print - ok
14:14:51.0542 3036 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
14:14:51.0542 3036 dot4usb - ok
14:14:51.0573 3036 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
14:14:51.0589 3036 DPS - ok
14:14:51.0620 3036 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
14:14:51.0620 3036 drmkaud - ok
14:14:51.0667 3036 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
14:14:51.0682 3036 DXGKrnl - ok
14:14:51.0698 3036 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
14:14:51.0698 3036 EapHost - ok
14:14:51.0792 3036 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
14:14:51.0854 3036 ebdrv - ok
14:14:51.0885 3036 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
14:14:51.0885 3036 EFS - ok
14:14:51.0948 3036 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
14:14:51.0963 3036 ehRecvr - ok
14:14:51.0994 3036 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
14:14:51.0994 3036 ehSched - ok
14:14:52.0026 3036 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
14:14:52.0041 3036 elxstor - ok
14:14:52.0057 3036 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
14:14:52.0057 3036 ErrDev - ok
14:14:52.0088 3036 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
14:14:52.0104 3036 EventSystem - ok
14:14:52.0119 3036 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
14:14:52.0135 3036 exfat - ok
14:14:52.0166 3036 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
14:14:52.0166 3036 fastfat - ok
14:14:52.0213 3036 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
14:14:52.0228 3036 Fax - ok
14:14:52.0244 3036 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
14:14:52.0244 3036 fdc - ok
14:14:52.0260 3036 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
14:14:52.0275 3036 fdPHost - ok
14:14:52.0275 3036 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
14:14:52.0275 3036 FDResPub - ok
14:14:52.0291 3036 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
14:14:52.0291 3036 FileInfo - ok
14:14:52.0306 3036 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
14:14:52.0306 3036 Filetrace - ok
14:14:52.0338 3036 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
14:14:52.0338 3036 flpydisk - ok
14:14:52.0369 3036 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
14:14:52.0369 3036 FltMgr - ok
14:14:52.0431 3036 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
14:14:52.0462 3036 FontCache - ok
14:14:52.0509 3036 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:14:52.0509 3036 FontCache3.0.0.0 - ok
14:14:52.0525 3036 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
14:14:52.0525 3036 FsDepends - ok
14:14:52.0556 3036 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
14:14:52.0556 3036 Fs_Rec - ok
14:14:52.0603 3036 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
14:14:52.0603 3036 fvevol - ok
14:14:52.0634 3036 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
14:14:52.0634 3036 gagp30kx - ok
14:14:52.0712 3036 [ 617DC2877015270914CA3C03873560D5 ] GameConsoleService C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
14:14:52.0712 3036 GameConsoleService - ok
14:14:52.0743 3036 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
14:14:52.0743 3036 GEARAspiWDM - ok
14:14:52.0774 3036 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
14:14:52.0790 3036 gpsvc - ok
14:14:52.0868 3036 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:14:52.0884 3036 gupdate - ok
14:14:52.0884 3036 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
14:14:52.0884 3036 gupdatem - ok
14:14:52.0915 3036 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
14:14:52.0915 3036 hcw85cir - ok
14:14:52.0946 3036 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
14:14:52.0946 3036 HDAudBus - ok
14:14:52.0962 3036 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
14:14:52.0962 3036 HidBatt - ok
14:14:52.0977 3036 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
14:14:52.0977 3036 HidBth - ok
14:14:53.0008 3036 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
14:14:53.0008 3036 HidIr - ok
14:14:53.0040 3036 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
14:14:53.0040 3036 hidserv - ok
14:14:53.0086 3036 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
14:14:53.0086 3036 HidUsb - ok
14:14:53.0118 3036 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
14:14:53.0118 3036 hkmsvc - ok
14:14:53.0164 3036 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
14:14:53.0164 3036 HomeGroupListener - ok
14:14:53.0211 3036 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
14:14:53.0211 3036 HomeGroupProvider - ok
14:14:53.0274 3036 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
14:14:53.0289 3036 HP Health Check Service - ok
14:14:53.0320 3036 [ DEAB3BF5AEFBDC3F9AC0E020926EC81D ] HPBtnSrv C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
14:14:53.0320 3036 HPBtnSrv - ok
14:14:53.0430 3036 HPHNDUSVC - ok
14:14:53.0539 3036 [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
14:14:53.0539 3036 hpqcxs08 - ok
14:14:53.0554 3036 [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
14:14:53.0570 3036 hpqddsvc - ok
14:14:53.0601 3036 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
14:14:53.0601 3036 HpSAMD - ok
14:14:53.0695 3036 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
14:14:53.0710 3036 HPSLPSVC - ok
14:14:53.0742 3036 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
14:14:53.0757 3036 HTTP - ok
14:14:53.0788 3036 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
14:14:53.0788 3036 hwpolicy - ok
14:14:53.0820 3036 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
14:14:53.0820 3036 i8042prt - ok
14:14:53.0851 3036 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
14:14:53.0866 3036 iaStorV - ok
14:14:53.0944 3036 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
14:14:53.0944 3036 IDriverT - ok
14:14:54.0007 3036 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:14:54.0022 3036 idsvc - ok
14:14:54.0054 3036 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
14:14:54.0054 3036 iirsp - ok
14:14:54.0100 3036 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
14:14:54.0116 3036 IKEEXT - ok
14:14:54.0194 3036 [ BFBABCB231628A4551DBB10D0EA25D62 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
14:14:54.0241 3036 IntcAzAudAddService - ok
14:14:54.0256 3036 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
14:14:54.0272 3036 intelide - ok
14:14:54.0288 3036 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
14:14:54.0288 3036 intelppm - ok
14:14:54.0334 3036 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
14:14:54.0334 3036 IPBusEnum - ok
14:14:54.0366 3036 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:14:54.0366 3036 IpFilterDriver - ok
14:14:54.0397 3036 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
14:14:54.0412 3036 iphlpsvc - ok
14:14:54.0444 3036 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
14:14:54.0444 3036 IPMIDRV - ok
14:14:54.0475 3036 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
14:14:54.0475 3036 IPNAT - ok
14:14:54.0522 3036 [ 3C0D4B3E80FC4854CA325DD123CC4DED ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:14:54.0537 3036 iPod Service - ok
14:14:54.0553 3036 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
14:14:54.0568 3036 IRENUM - ok
14:14:54.0568 3036 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
14:14:54.0568 3036 isapnp - ok
14:14:54.0600 3036 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
14:14:54.0600 3036 iScsiPrt - ok
14:14:54.0631 3036 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
14:14:54.0631 3036 kbdclass - ok
14:14:54.0646 3036 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
14:14:54.0646 3036 kbdhid - ok
14:14:54.0662 3036 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
14:14:54.0662 3036 KeyIso - ok
14:14:54.0693 3036 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
14:14:54.0693 3036 KSecDD - ok
14:14:54.0709 3036 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
14:14:54.0709 3036 KSecPkg - ok
14:14:54.0724 3036 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
14:14:54.0724 3036 ksthunk - ok
14:14:54.0756 3036 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
14:14:54.0756 3036 KtmRm - ok
14:14:54.0787 3036 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
14:14:54.0787 3036 LanmanServer - ok
14:14:54.0834 3036 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
14:14:54.0834 3036 LanmanWorkstation - ok
14:14:54.0912 3036 [ E75ADCFAFDEF3F4C3AF3332928D59926 ] LightScribeService c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:14:54.0912 3036 LightScribeService - ok
14:14:54.0943 3036 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
14:14:54.0943 3036 lltdio - ok
14:14:54.0958 3036 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
14:14:54.0974 3036 lltdsvc - ok
14:14:54.0990 3036 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
14:14:54.0990 3036 lmhosts - ok
14:14:55.0021 3036 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
14:14:55.0036 3036 LSI_FC - ok
14:14:55.0052 3036 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
14:14:55.0052 3036 LSI_SAS - ok
14:14:55.0083 3036 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:14:55.0083 3036 LSI_SAS2 - ok
14:14:55.0114 3036 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:14:55.0114 3036 LSI_SCSI - ok
14:14:55.0146 3036 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
14:14:55.0146 3036 luafv - ok
14:14:55.0177 3036 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
14:14:55.0177 3036 MBAMProtector - ok
14:14:55.0239 3036 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
14:14:55.0255 3036 MBAMScheduler - ok
14:14:55.0286 3036 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:14:55.0302 3036 MBAMService - ok
14:14:55.0348 3036 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
14:14:55.0348 3036 McAfee SiteAdvisor Service - ok
14:14:55.0411 3036 [ 458A013DF72EAAB91877FA03533E2C8B ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:14:55.0426 3036 McMPFSvc - ok
14:14:55.0426 3036 [ 458A013DF72EAAB91877FA03533E2C8B ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:14:55.0442 3036 mcmscsvc - ok
14:14:55.0442 3036 [ 458A013DF72EAAB91877FA03533E2C8B ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:14:55.0458 3036 McNaiAnn - ok
14:14:55.0473 3036 [ 458A013DF72EAAB91877FA03533E2C8B ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:14:55.0473 3036 McNASvc - ok
14:14:55.0520 3036 [ 3809B77EB1734CD5FB317425F188ABC1 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
14:14:55.0520 3036 McODS - ok
14:14:55.0536 3036 [ 458A013DF72EAAB91877FA03533E2C8B ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
14:14:55.0551 3036 McProxy - ok
14:14:55.0582 3036 [ 87CC32F90123313A3FEBE6A71FC62DAD ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
14:14:55.0582 3036 McShield - ok
14:14:55.0614 3036 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
14:14:55.0629 3036 Mcx2Svc - ok
14:14:55.0645 3036 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
14:14:55.0645 3036 megasas - ok
14:14:55.0676 3036 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
14:14:55.0676 3036 MegaSR - ok
14:14:55.0707 3036 [ 31338E489314AE2A29534FBAA7AD2F1B ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
14:14:55.0707 3036 mfeapfk - ok
14:14:55.0738 3036 [ 5822E70233218BCF22A65FCEA74D012D ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
14:14:55.0738 3036 mfeavfk - ok
14:14:55.0754 3036 mfeavfk01 - ok
14:14:55.0785 3036 [ AD2B622B46B78F212EB82330073B79E0 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
14:14:55.0785 3036 mfefire - ok
14:14:55.0816 3036 [ 5A24E7C834576313D8C5EAF0825DA844 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
14:14:55.0832 3036 mfefirek - ok
14:14:55.0848 3036 [ A2607740BB18D631DA01E01DCB81843B ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
14:14:55.0863 3036 mfehidk - ok
14:14:55.0879 3036 [ 50C3A9D7465D385061C0601DEEFB5A8E ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
14:14:55.0879 3036 mfenlfk - ok
14:14:55.0894 3036 [ EDF5EE799A0B3ED6DCE8BB16A51F3D1F ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
14:14:55.0910 3036 mferkdet - ok
14:14:55.0941 3036 [ 39E1DFB1700294E6C829465BD39E58B2 ] mfevtp C:\Windows\system32\mfevtps.exe
14:14:55.0941 3036 mfevtp - ok
14:14:55.0972 3036 [ 9182FAF9ADDD5EA6308D155CEB502C6F ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
14:14:55.0988 3036 mfewfpk - ok
14:14:56.0019 3036 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
14:14:56.0035 3036 MMCSS - ok
14:14:56.0050 3036 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
14:14:56.0050 3036 Modem - ok
14:14:56.0082 3036 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
14:14:56.0082 3036 monitor - ok
14:14:56.0128 3036 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
14:14:56.0128 3036 mouclass - ok
14:14:56.0175 3036 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
14:14:56.0175 3036 mouhid - ok
14:14:56.0206 3036 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
14:14:56.0222 3036 mountmgr - ok
14:14:56.0238 3036 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
14:14:56.0238 3036 mpio - ok
14:14:56.0269 3036 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
14:14:56.0269 3036 mpsdrv - ok
14:14:56.0316 3036 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
14:14:56.0331 3036 MpsSvc - ok
14:14:56.0362 3036 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
14:14:56.0362 3036 MRxDAV - ok
14:14:56.0409 3036 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
14:14:56.0409 3036 mrxsmb - ok
14:14:56.0440 3036 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:14:56.0440 3036 mrxsmb10 - ok
14:14:56.0472 3036 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:14:56.0472 3036 mrxsmb20 - ok
14:14:56.0503 3036 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
14:14:56.0503 3036 msahci - ok
14:14:56.0534 3036 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
14:14:56.0534 3036 msdsm - ok
14:14:56.0550 3036 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
14:14:56.0565 3036 MSDTC - ok
14:14:56.0596 3036 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
14:14:56.0596 3036 Msfs - ok
14:14:56.0612 3036 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
14:14:56.0612 3036 mshidkmdf - ok
14:14:56.0628 3036 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
14:14:56.0628 3036 msisadrv - ok
14:14:56.0659 3036 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
14:14:56.0659 3036 MSiSCSI - ok
14:14:56.0674 3036 msiserver - ok
14:14:56.0706 3036 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
14:14:56.0706 3036 MSKSSRV - ok
14:14:56.0721 3036 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
14:14:56.0721 3036 MSPCLOCK - ok
14:14:56.0737 3036 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
14:14:56.0737 3036 MSPQM - ok
14:14:56.0784 3036 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
14:14:56.0784 3036 MsRPC - ok
14:14:56.0815 3036 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
14:14:56.0815 3036 mssmbios - ok
14:14:56.0830 3036 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
14:14:56.0830 3036 MSTEE - ok
14:14:56.0846 3036 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
14:14:56.0862 3036 MTConfig - ok
14:14:56.0877 3036 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
14:14:56.0877 3036 Mup - ok
14:14:56.0908 3036 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
14:14:56.0908 3036 napagent - ok
14:14:56.0924 3036 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
14:14:56.0940 3036 NativeWifiP - ok
14:14:56.0971 3036 NAVENG - ok
14:14:56.0986 3036 NAVEX15 - ok
14:14:57.0018 3036 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
14:14:57.0033 3036 NDIS - ok
14:14:57.0049 3036 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
14:14:57.0064 3036 NdisCap - ok
14:14:57.0080 3036 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
14:14:57.0080 3036 NdisTapi - ok
14:14:57.0111 3036 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
14:14:57.0111 3036 Ndisuio - ok
14:14:57.0158 3036 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
14:14:57.0158 3036 NdisWan - ok
14:14:57.0189 3036 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
14:14:57.0189 3036 NDProxy - ok
14:14:57.0252 3036 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
14:14:57.0252 3036 Net Driver HPZ12 - ok
14:14:57.0267 3036 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
14:14:57.0267 3036 NetBIOS - ok
14:14:57.0283 3036 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
14:14:57.0283 3036 NetBT - ok
14:14:57.0298 3036 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
14:14:57.0298 3036 Netlogon - ok
14:14:57.0345 3036 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
14:14:57.0345 3036 Netman - ok
14:14:57.0376 3036 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
14:14:57.0376 3036 netprofm - ok
14:14:57.0423 3036 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:14:57.0423 3036 NetTcpPortSharing - ok
14:14:57.0454 3036 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
14:14:57.0454 3036 nfrd960 - ok
14:14:57.0470 3036 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
14:14:57.0486 3036 NlaSvc - ok
14:14:57.0486 3036 Norton Internet Security - ok
14:14:57.0517 3036 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
14:14:57.0517 3036 Npfs - ok
14:14:57.0532 3036 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
14:14:57.0532 3036 nsi - ok
14:14:57.0548 3036 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
14:14:57.0548 3036 nsiproxy - ok
14:14:57.0610 3036 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
14:14:57.0657 3036 Ntfs - ok
14:14:57.0688 3036 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
14:14:57.0688 3036 Null - ok
14:14:57.0751 3036 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
14:14:57.0751 3036 NVENETFD - ok
14:14:57.0798 3036 NVIDIAHWAccess - ok
14:14:58.0063 3036 [ CC1EFEA1F0AB17E59BD4B5BAFF3E5CB0 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
14:14:58.0266 3036 nvlddmkm - ok
14:14:58.0312 3036 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
14:14:58.0312 3036 NVNET - ok
14:14:58.0344 3036 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
14:14:58.0344 3036 nvraid - ok
14:14:58.0359 3036 [ 78B96EC0352C6BB4788EBC200A2CADBF ] nvrd64 C:\Windows\system32\DRIVERS\nvrd64.sys
14:14:58.0359 3036 nvrd64 - ok
14:14:58.0375 3036 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
14:14:58.0375 3036 nvsmu - ok
14:14:58.0406 3036 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
14:14:58.0406 3036 nvstor - ok
14:14:58.0437 3036 [ 4D9ABA962D7ECE81866F96D5F69FB2B8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
14:14:58.0437 3036 nvstor64 - ok
14:14:58.0484 3036 [ 39F933CA2798156B0B7A19D104B73B9A ] nvsvc C:\Windows\system32\nvvsvc.exe
14:14:58.0500 3036 nvsvc - ok
14:14:58.0609 3036 [ 4E5C5D88EB0A8D21824D5A3EB7327E69 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
14:14:58.0640 3036 nvUpdatusService - ok
14:14:58.0656 3036 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
14:14:58.0671 3036 nv_agp - ok
14:14:58.0687 3036 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
14:14:58.0687 3036 ohci1394 - ok
14:14:58.0718 3036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
14:14:58.0734 3036 p2pimsvc - ok
14:14:58.0765 3036 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
14:14:58.0780 3036 p2psvc - ok
14:14:58.0812 3036 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
14:14:58.0827 3036 Parport - ok
14:14:58.0858 3036 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
14:14:58.0858 3036 partmgr - ok
14:14:58.0874 3036 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
14:14:58.0890 3036 PcaSvc - ok
14:14:58.0905 3036 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
14:14:58.0905 3036 pci - ok
14:14:58.0936 3036 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
14:14:58.0936 3036 pciide - ok
14:14:58.0952 3036 PCLEPCI - ok
14:14:58.0983 3036 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
14:14:58.0983 3036 pcmcia - ok
14:14:59.0014 3036 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
14:14:59.0014 3036 pcw - ok
14:14:59.0046 3036 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
14:14:59.0061 3036 PEAUTH - ok
14:14:59.0155 3036 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
14:14:59.0155 3036 PerfHost - ok
14:14:59.0217 3036 [ FE8AF03EFEC0387FBBFCFD32E328DB9A ] phaudlwr C:\Windows\system32\DRIVERS\phaudlwr.sys
14:14:59.0217 3036 phaudlwr - ok
14:14:59.0280 3036 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
14:14:59.0311 3036 pla - ok
14:14:59.0342 3036 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
14:14:59.0358 3036 PlugPlay - ok
14:14:59.0389 3036 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
14:14:59.0389 3036 Pml Driver HPZ12 - ok
14:14:59.0404 3036 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
14:14:59.0420 3036 PNRPAutoReg - ok
14:14:59.0436 3036 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
14:14:59.0451 3036 PNRPsvc - ok
14:14:59.0467 3036 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
14:14:59.0482 3036 PolicyAgent - ok
14:14:59.0514 3036 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
14:14:59.0514 3036 Power - ok
14:14:59.0545 3036 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
14:14:59.0545 3036 PptpMiniport - ok
14:14:59.0560 3036 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
14:14:59.0560 3036 Processor - ok
14:14:59.0592 3036 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
14:14:59.0592 3036 ProfSvc - ok
14:14:59.0607 3036 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
14:14:59.0607 3036 ProtectedStorage - ok
14:14:59.0638 3036 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
14:14:59.0654 3036 Psched - ok
14:14:59.0716 3036 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
14:14:59.0716 3036 PSI - ok
14:14:59.0779 3036 [ 5FA5863E603426B0B52762492A032DEE ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
14:14:59.0779 3036 QBCFMonitorService - ok
14:14:59.0810 3036 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
14:14:59.0810 3036 QBFCService - ok
14:14:59.0888 3036 [ 78AFB70DBE365BD6140E6740792AC3EA ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
14:14:59.0904 3036 QBVSS - ok
14:14:59.0966 3036 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
14:14:59.0997 3036 ql2300 - ok
14:15:00.0013 3036 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
14:15:00.0013 3036 ql40xx - ok
14:15:00.0060 3036 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
14:15:00.0060 3036 QWAVE - ok
14:15:00.0091 3036 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
14:15:00.0091 3036 QWAVEdrv - ok
14:15:00.0106 3036 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
14:15:00.0106 3036 RasAcd - ok
14:15:00.0138 3036 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
14:15:00.0138 3036 RasAgileVpn - ok
14:15:00.0153 3036 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
14:15:00.0169 3036 RasAuto - ok
14:15:00.0200 3036 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
14:15:00.0200 3036 Rasl2tp - ok
14:15:00.0231 3036 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
14:15:00.0231 3036 RasMan - ok
14:15:00.0262 3036 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
14:15:00.0262 3036 RasPppoe - ok
14:15:00.0278 3036 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
14:15:00.0278 3036 RasSstp - ok
14:15:00.0309 3036 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
14:15:00.0309 3036 rdbss - ok
14:15:00.0325 3036 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
14:15:00.0325 3036 rdpbus - ok
14:15:00.0356 3036 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
14:15:00.0356 3036 RDPCDD - ok
14:15:00.0387 3036 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
14:15:00.0387 3036 RDPENCDD - ok
14:15:00.0403 3036 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
14:15:00.0403 3036 RDPREFMP - ok
14:15:00.0434 3036 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
14:15:00.0434 3036 RDPWD - ok
14:15:00.0481 3036 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
14:15:00.0481 3036 rdyboost - ok
14:15:00.0496 3036 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
14:15:00.0512 3036 RemoteAccess - ok
14:15:00.0528 3036 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
14:15:00.0543 3036 RemoteRegistry - ok
14:15:00.0574 3036 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
14:15:00.0574 3036 RpcEptMapper - ok
14:15:00.0590 3036 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
14:15:00.0606 3036 RpcLocator - ok
14:15:00.0637 3036 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
14:15:00.0637 3036 RpcSs - ok
14:15:00.0668 3036 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
14:15:00.0668 3036 rspndr - ok
14:15:00.0668 3036 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
14:15:00.0668 3036 SamSs - ok
14:15:00.0699 3036 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
14:15:00.0699 3036 sbp2port - ok
14:15:00.0730 3036 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
14:15:00.0730 3036 SCardSvr - ok
14:15:00.0762 3036 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
14:15:00.0762 3036 scfilter - ok
14:15:00.0808 3036 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
14:15:00.0840 3036 Schedule - ok
14:15:00.0855 3036 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
14:15:00.0855 3036 SCPolicySvc - ok
14:15:00.0871 3036 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
14:15:00.0871 3036 SDRSVC - ok
14:15:00.0918 3036 [ D358E077A0A05D9B12DA22D137EE8464 ] SeaPort C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
14:15:00.0918 3036 SeaPort - ok
14:15:00.0933 3036 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
14:15:00.0949 3036 secdrv - ok
14:15:00.0964 3036 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
14:15:00.0980 3036 seclogon - ok
14:15:01.0027 3036 [ 2D0599DD0124764FC939C59985C860DE ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
14:15:01.0042 3036 Secunia PSI Agent - ok
14:15:01.0089 3036 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
14:15:01.0089 3036 SENS - ok
14:15:01.0105 3036 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
14:15:01.0120 3036 SensrSvc - ok
14:15:01.0136 3036 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
14:15:01.0136 3036 Serenum - ok
14:15:01.0152 3036 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
14:15:01.0167 3036 Serial - ok
14:15:01.0183 3036 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
14:15:01.0183 3036 sermouse - ok
14:15:01.0214 3036 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
14:15:01.0230 3036 SessionEnv - ok
14:15:01.0261 3036 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
14:15:01.0261 3036 sffdisk - ok
14:15:01.0276 3036 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
14:15:01.0276 3036 sffp_mmc - ok
14:15:01.0292 3036 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
14:15:01.0292 3036 sffp_sd - ok
14:15:01.0308 3036 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
14:15:01.0308 3036 sfloppy - ok
14:15:01.0339 3036 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
14:15:01.0354 3036 SharedAccess - ok
14:15:01.0386 3036 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
14:15:01.0401 3036 ShellHWDetection - ok
14:15:01.0432 3036 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:15:01.0432 3036 SiSRaid2 - ok
14:15:01.0448 3036 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
14:15:01.0464 3036 SiSRaid4 - ok
14:15:01.0495 3036 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
14:15:01.0495 3036 SkypeUpdate - ok
14:15:01.0526 3036 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
14:15:01.0542 3036 Smb - ok
14:15:01.0573 3036 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
14:15:01.0573 3036 SNMPTRAP - ok
14:15:01.0666 3036 [ 4E4E6A08E05A51E02ACDFB2BC7909CB0 ] SPC1300 C:\Windows\system32\DRIVERS\spc1300.sys
14:15:01.0744 3036 SPC1300 - ok
14:15:01.0760 3036 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
14:15:01.0760 3036 spldr - ok
14:15:01.0807 3036 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
14:15:01.0822 3036 Spooler - ok
14:15:01.0916 3036 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
14:15:01.0963 3036 sppsvc - ok
14:15:01.0978 3036 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
14:15:01.0978 3036 sppuinotify - ok
14:15:01.0994 3036 SRTSP - ok
14:15:01.0994 3036 SRTSPX - ok
14:15:02.0041 3036 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
14:15:02.0056 3036 srv - ok
14:15:02.0103 3036 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
14:15:02.0103 3036 srv2 - ok
14:15:02.0119 3036 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
14:15:02.0134 3036 srvnet - ok
14:15:02.0166 3036 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
14:15:02.0181 3036 SSDPSRV - ok
14:15:02.0181 3036 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
14:15:02.0197 3036 SstpSvc - ok
14:15:02.0244 3036 [ 9BF7E58D9113CE15CF4F1E1B18CEFF83 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
14:15:02.0259 3036 Stereo Service - ok
14:15:02.0275 3036 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
14:15:02.0290 3036 stexstor - ok
14:15:02.0322 3036 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
14:15:02.0322 3036 StillCam - ok
14:15:02.0368 3036 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
14:15:02.0384 3036 stisvc - ok
14:15:02.0415 3036 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
14:15:02.0415 3036 swenum - ok
14:15:02.0446 3036 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
14:15:02.0462 3036 swprv - ok
14:15:02.0524 3036 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
14:15:02.0556 3036 SysMain - ok
14:15:02.0587 3036 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
14:15:02.0602 3036 TabletInputService - ok
14:15:02.0618 3036 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
14:15:02.0618 3036 TapiSrv - ok
14:15:02.0634 3036 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
14:15:02.0634 3036 TBS - ok
14:15:02.0696 3036 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
14:15:02.0743 3036 Tcpip - ok
14:15:02.0790 3036 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
14:15:02.0790 3036 TCPIP6 - ok
14:15:02.0836 3036 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
14:15:02.0836 3036 tcpipreg - ok
14:15:02.0868 3036 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
14:15:02.0868 3036 TDPIPE - ok
14:15:02.0899 3036 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
14:15:02.0899 3036 TDTCP - ok
14:15:02.0930 3036 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
14:15:02.0930 3036 tdx - ok
14:15:02.0946 3036 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
14:15:02.0946 3036 TermDD - ok
14:15:02.0977 3036 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
14:15:02.0992 3036 TermService - ok
14:15:03.0008 3036 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
14:15:03.0008 3036 Themes - ok
14:15:03.0039 3036 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
14:15:03.0039 3036 THREADORDER - ok
14:15:03.0055 3036 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
14:15:03.0055 3036 TrkWks - ok
14:15:03.0117 3036 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
14:15:03.0117 3036 TrustedInstaller - ok
14:15:03.0164 3036 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
14:15:03.0164 3036 tssecsrv - ok
14:15:03.0211 3036 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
14:15:03.0211 3036 TsUsbFlt - ok
14:15:03.0258 3036 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
14:15:03.0258 3036 tunnel - ok
14:15:03.0289 3036 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
14:15:03.0289 3036 uagp35 - ok
14:15:03.0336 3036 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
14:15:03.0336 3036 udfs - ok
14:15:03.0382 3036 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
14:15:03.0382 3036 UI0Detect - ok
14:15:03.0414 3036 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
14:15:03.0414 3036 uliagpkx - ok
14:15:03.0445 3036 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
14:15:03.0445 3036 umbus - ok
14:15:03.0460 3036 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
14:15:03.0460 3036 UmPass - ok
14:15:03.0523 3036 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
14:15:03.0523 3036 upnphost - ok
14:15:03.0570 3036 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
14:15:03.0570 3036 USBAAPL64 - ok
14:15:03.0601 3036 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
14:15:03.0601 3036 usbaudio - ok
14:15:03.0648 3036 [ C85B8247FADD432FA54FE11667C8D97D ] usbbus C:\Windows\system32\DRIVERS\lgx64bus.sys
14:15:03.0648 3036 usbbus - ok
14:15:03.0663 3036 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
14:15:03.0663 3036 usbccgp - ok
14:15:03.0694 3036 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
14:15:03.0710 3036 usbcir - ok
14:15:03.0726 3036 [ D8CDC12F5429878F23DDB3785A0FDF95 ] UsbDiag C:\Windows\system32\DRIVERS\lgx64diag.sys
14:15:03.0726 3036 UsbDiag - ok
14:15:03.0741 3036 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
14:15:03.0741 3036 usbehci - ok
14:15:03.0772 3036 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\drivers\usbhub.sys
14:15:03.0772 3036 usbhub - ok
14:15:03.0788 3036 [ 79FA7A22B0F6F0082F640CBC82A00FCE ] USBModem C:\Windows\system32\DRIVERS\lgx64modem.sys
14:15:03.0788 3036 USBModem - ok
14:15:03.0804 3036 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
14:15:03.0819 3036 usbohci - ok
14:15:03.0819 3036 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
14:15:03.0819 3036 usbprint - ok
14:15:03.0850 3036 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
14:15:03.0866 3036 usbscan - ok
14:15:03.0882 3036 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:15:03.0882 3036 USBSTOR - ok
14:15:03.0897 3036 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
14:15:03.0897 3036 usbuhci - ok
14:15:03.0913 3036 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
14:15:03.0913 3036 usbvideo - ok
14:15:03.0928 3036 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
14:15:03.0928 3036 UxSms - ok
14:15:03.0944 3036 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
14:15:03.0944 3036 VaultSvc - ok
14:15:03.0960 3036 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
14:15:03.0960 3036 vdrvroot - ok
14:15:04.0006 3036 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
14:15:04.0006 3036 vds - ok
14:15:04.0038 3036 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
14:15:04.0038 3036 vga - ok
14:15:04.0053 3036 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
14:15:04.0053 3036 VgaSave - ok
14:15:04.0084 3036 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
14:15:04.0084 3036 vhdmp - ok
14:15:04.0116 3036 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
14:15:04.0116 3036 viaide - ok
14:15:04.0147 3036 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
14:15:04.0147 3036 volmgr - ok
14:15:04.0194 3036 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
14:15:04.0194 3036 volmgrx - ok
14:15:04.0225 3036 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
14:15:04.0225 3036 volsnap - ok
14:15:04.0256 3036 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
14:15:04.0256 3036 vsmraid - ok
14:15:04.0334 3036 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
14:15:04.0365 3036 VSS - ok
14:15:04.0396 3036 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
14:15:04.0396 3036 vwifibus - ok
14:15:04.0396 3036 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
14:15:04.0412 3036 vwififlt - ok
14:15:04.0428 3036 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
14:15:04.0428 3036 vwifimp - ok
14:15:04.0459 3036 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
14:15:04.0459 3036 W32Time - ok
14:15:04.0490 3036 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
14:15:04.0490 3036 WacomPen - ok
14:15:04.0506 3036 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
14:15:04.0506 3036 WANARP - ok
14:15:04.0521 3036 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
14:15:04.0521 3036 Wanarpv6 - ok
14:15:04.0568 3036 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
14:15:04.0584 3036 WatAdminSvc - ok
14:15:04.0630 3036 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
14:15:04.0662 3036 wbengine - ok
14:15:04.0693 3036 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
14:15:04.0693 3036 WbioSrvc - ok
14:15:04.0724 3036 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
14:15:04.0724 3036 wcncsvc - ok
14:15:04.0740 3036 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
14:15:04.0740 3036 WcsPlugInService - ok
14:15:04.0755 3036 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
14:15:04.0771 3036 Wd - ok
14:15:04.0786 3036 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
14:15:04.0802 3036 Wdf01000 - ok
14:15:04.0818 3036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
14:15:04.0818 3036 WdiServiceHost - ok
14:15:04.0833 3036 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
14:15:04.0833 3036 WdiSystemHost - ok
14:15:04.0849 3036 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
14:15:04.0864 3036 WebClient - ok
14:15:04.0880 3036 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
14:15:04.0880 3036 Wecsvc - ok
14:15:04.0896 3036 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
14:15:04.0896 3036 wercplsupport - ok
14:15:04.0927 3036 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
14:15:04.0927 3036 WerSvc - ok
14:15:04.0942 3036 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
14:15:04.0942 3036 WfpLwf - ok
14:15:04.0958 3036 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
14:15:04.0958 3036 WIMMount - ok
14:15:04.0974 3036 WinDefend - ok
14:15:04.0989 3036 WinHttpAutoProxySvc - ok
14:15:05.0052 3036 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
14:15:05.0052 3036 Winmgmt - ok
14:15:05.0098 3036 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
14:15:05.0161 3036 WinRM - ok
14:15:05.0208 3036 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
14:15:05.0208 3036 WinUsb - ok
14:15:05.0239 3036 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
14:15:05.0254 3036 Wlansvc - ok
14:15:05.0270 3036 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
14:15:05.0270 3036 WmiAcpi - ok
14:15:05.0301 3036 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
14:15:05.0301 3036 wmiApSrv - ok
14:15:05.0317 3036 WMPNetworkSvc - ok
14:15:05.0332 3036 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
14:15:05.0332 3036 WPCSvc - ok
14:15:05.0364 3036 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
14:15:05.0364 3036 WPDBusEnum - ok
14:15:05.0379 3036 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
14:15:05.0379 3036 ws2ifsl - ok
14:15:05.0395 3036 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
14:15:05.0410 3036 wscsvc - ok
14:15:05.0426 3036 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
14:15:05.0442 3036 WSDPrintDevice - ok
14:15:05.0442 3036 WSearch - ok
14:15:05.0535 3036 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
14:15:05.0582 3036 wuauserv - ok
14:15:05.0629 3036 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
14:15:05.0629 3036 WudfPf - ok
14:15:05.0644 3036 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
14:15:05.0644 3036 WUDFRd - ok
14:15:05.0676 3036 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
14:15:05.0676 3036 wudfsvc - ok
14:15:05.0691 3036 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
14:15:05.0707 3036 WwanSvc - ok
14:15:05.0769 3036 [ 15CC7077D2DC28776CD430ECABBFFD66 ] {55662437-DA8C-40c0-AADA-2C816A897A49} c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
14:15:05.0769 3036 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
14:15:05.0800 3036 ================ Scan global ===============================
14:15:05.0832 3036 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
14:15:05.0847 3036 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:15:05.0863 3036 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
14:15:05.0894 3036 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
14:15:05.0925 3036 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
14:15:05.0925 3036 [Global] - ok
14:15:05.0925 3036 ================ Scan MBR ==================================
14:15:05.0941 3036 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
14:15:06.0159 3036 \Device\Harddisk0\DR0 - ok
14:15:06.0159 3036 ================ Scan VBR ==================================
14:15:06.0159 3036 [ 98E59BD52A96725F558F4D1C3C9C64EB ] \Device\Harddisk0\DR0\Partition1
14:15:06.0159 3036 \Device\Harddisk0\DR0\Partition1 - ok
14:15:06.0190 3036 [ 98377AE58A06EB36987BE5CB69F9B45B ] \Device\Harddisk0\DR0\Partition2
14:15:06.0206 3036 \Device\Harddisk0\DR0\Partition2 - ok
14:15:06.0206 3036 ============================================================
14:15:06.0206 3036 Scan finished
14:15:06.0206 3036 ============================================================
14:15:06.0206 2516 Detected object count: 0
14:15:06.0206 2516 Actual detected object count: 0
14:15:38.0451 4168 Deinitialize success

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 28 September 2012 - 01:38 PM

Greetings dratcliff

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 28 September 2012 - 03:06 PM

output from aswMBR follows:

all seems to be running well. noticed a reduced time for web pages to display. IExplorer seems much faster. will be running ComboFix w/ the ClearJavaCache option next.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-28 14:22:26
-----------------------------
14:22:26.487 OS Version: Windows x64 6.1.7601 Service Pack 1
14:22:26.487 Number of processors: 4 586 0x203
14:22:26.487 ComputerName: DON-PC UserName: Don
14:22:30.793 Initialize success
14:25:59.116 AVAST engine defs: 12092800
14:26:13.998 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
14:26:13.998 Disk 0 Vendor: ST310003 HP22 Size: 953869MB BusType: 8
14:26:14.014 Disk 0 MBR read successfully
14:26:14.014 Disk 0 MBR scan
14:26:14.029 Disk 0 Windows 7 default MBR code
14:26:14.029 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 940312 MB offset 63
14:26:14.060 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13554 MB offset 1925759745
14:26:14.107 Disk 0 scanning C:\Windows\system32\drivers
14:26:28.787 Service scanning
14:26:53.669 Modules scanning
14:26:53.669 Disk 0 trace - called modules:
14:26:53.731 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
14:26:53.747 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005b9a060]
14:26:53.747 3 CLASSPNP.SYS[fffff8800104c43f] -> nt!IofCallDriver -> [0xfffffa8004fb4e40]
14:26:53.762 5 ACPI.sys[fffff88000ed57a1] -> nt!IofCallDriver -> \Device\00000068[0xfffffa8005000060]
14:26:56.555 AVAST engine scan C:\Windows
14:27:01.360 AVAST engine scan C:\Windows\system32
14:34:09.424 AVAST engine scan C:\Windows\system32\drivers
14:34:27.254 AVAST engine scan C:\Users\Don
15:32:39.530 AVAST engine scan C:\ProgramData
15:59:03.518 Scan finished successfully
15:59:44.983 Disk 0 MBR has been saved successfully to "C:\Users\Don\Desktop\MBR.dat"
15:59:44.999 The log file has been saved successfully to "C:\Users\Don\Desktop\aswMBR.txt"

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:14 PM

Posted 28 September 2012 - 03:25 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 dratcliff

dratcliff
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:06:14 PM

Posted 28 September 2012 - 03:42 PM

System is running well. McAfee quarantined "EICAR test file" again. I will be removing McAfee from the computer ASAP. Care to lean one way or the other as far as AVG or AVast?

Thanks!




ComboFix 12-09-27.03 - Don 09/28/2012 16:14:48.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3920 [GMT -4:00]
Running from: c:\users\Don\Desktop\ComboFix.exe
Command switches used :: c:\users\Don\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-28 )))))))))))))))))))))))))))))))
.
.
2012-09-28 20:25 . 2012-09-28 20:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-09-28 20:25 . 2012-09-28 20:25 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-28 20:25 . 2012-09-28 20:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-19 20:50 . 2012-09-19 20:51 -------- d-----w- c:\program files (x86)\Google
2012-09-14 07:01 . 2012-09-14 07:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-09-11 19:42 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 19:42 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 19:42 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 07:00 . 2010-08-23 15:29 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-07 21:04 . 2011-06-15 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 15:21 . 2012-04-11 15:24 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-16 15:21 . 2011-11-23 16:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 09:34 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-14 01:12 . 2012-07-14 01:12 40960 ----a-r- c:\users\Don\AppData\Roaming\Microsoft\Installer\{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}\WinDlg.exe_0AB76F69E7614CFAB9B0A1906B4E9E4B_3.exe
2012-07-04 22:16 . 2012-08-15 09:40 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 09:40 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 09:40 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 09:40 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2001-11-05 13:30 . 2010-08-26 17:57 165376 ----a-w- c:\program files (x86)\UNWISE.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe" [2007-02-15 119296]
"HP Component Manager"="c:\program files (x86)\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2004-03-13 57393]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2004-03-13 40960]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-04-05 1486392]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-09-30 2215768]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HP Software Update"="c:\program files (x86)\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2012-3-9 5969752]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-4-9 1156968]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2008\QBW32.EXE [2012-4-9 1178984]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
TrayMin1300.lnk - c:\program files (x86)\Philips\Philips SPC1300NC Webcam\TrayMin1300.exe [2010-7-22 245760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 116648]
R2 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R2 HPHNDUSVC;HP Home Network Diagnostic Support Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 116648]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-04-14 94992]
R3 NVIDIAHWAccess;NVIDIAHWAccess;c:\users\Don\AppData\Roaming\NVIDIA\HWAccess.sys [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [2009-10-21 114608]
R3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\DRIVERS\spc1300.sys [2010-01-26 3251968]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-24 1255736]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2011-04-14 75160]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2011-04-14 283744]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-06-15 103472]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-04-14 149032]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-06-30 1248256]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-04-14 63056]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-04-14 441840]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 63197268
*NewlyCreated* - ASWMBR
*NewlyCreated* - WS2IFSL
*Deregistered* - 63197268
*Deregistered* - aswMBR
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
HPHNDUService REG_MULTI_SZ HPHNDUSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 20:50]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-19 20:50]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-86630789-3628600311-2817074039-1000Core.job
- c:\users\Don\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17 17:10]
.
2012-09-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-86630789-3628600311-2817074039-1000UA.job
- c:\users\Don\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-17 17:10]
.
2012-09-23 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 18:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 333344]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"spc1300"="c:\windows\vspc1300.exe" [BU]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"dseri"="c:\users\Don\AppData\Local\Temp\dseri.dll" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor for Windows\RunProfiler.exe" [2009-06-26 136176]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.foxnews.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
DPF: {7876E4A5-78B7-4020-B08F-C960A1ED54C9} - hxxp://192.168.1.76/Ctl/WinWebPush.cab
DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-sp44353 - c:\hp\Softpaq\sp44353\sp44353.exe
AddRemove-{67431FA8-4B89-42DD-A68E-30D77F6C8D99}_is1 - c:\programdata\Hewlett-Packard\HP Easy Backup\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-09-28 16:29:56
ComboFix-quarantined-files.txt 2012-09-28 20:29
ComboFix2.txt 2012-09-27 21:28
.
Pre-Run: 730,402,115,584 bytes free
Post-Run: 730,145,341,440 bytes free
.
- - End Of File - - C7A254D7477633E52230F1CD9020D6FC




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users