Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

numerous problems


  • This topic is locked This topic is locked
6 replies to this topic

#1 traumarn2

traumarn2

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 13 October 2012 - 02:41 PM

Initially I was hearing commercials even when not on the internet. Google goes where it wants and not where I tell it. friend told me to run combo fix which i did. i have placed the results in this message. however a reponse i recieved back from this forum told me to go to the preparation guide and follow directions. i did and could not get beyond step 6 because now I have a message that tells me that my current security settings do not allow the download. I am totally lost as to what to do.

ComboFix 12-10-09.01 - Dawn 10/09/2012 21:56:52.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1584 [GMT -5:00]
Running from: c:\users\Dawn\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EFIOS5Q2\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\OApps\bhO_project.dll
c:\program files (x86)\Retrogamer_2zEI
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Dawn\AppData\Local\assembly\tmp
c:\users\Dawn\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-10 to 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 03:39 . 2012-10-10 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 02:18 . 2012-10-10 02:18 -------- d-----w- c:\users\Dawn\AppData\Roaming\HPAppData
2012-10-09 05:36 . 2011-01-25 04:30 702464 ----a-w- c:\program files (x86)\Uninstall Retrogamer.dll
2012-10-07 16:17 . 2012-10-09 05:37 -------- d-----w- c:\users\Dawn\AppData\Roaming\Nico Mak Computing
2012-10-07 16:17 . 2012-02-08 15:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-10-06 15:16 . 2012-10-06 15:16 -------- d-----w- c:\users\Dawn\AppData\Roaming\SpeedyPC Software
2012-10-06 15:16 . 2012-10-06 15:16 -------- d-----w- c:\users\Dawn\AppData\Roaming\DriverCure
2012-10-06 15:15 . 2012-10-09 05:36 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-06 15:02 . 2012-10-06 15:02 -------- d-----w- c:\users\Dawn\AppData\Roaming\PC Cleaners
2012-10-06 15:02 . 2012-10-06 15:01 4588344 ----a-w- c:\windows\uninst.exe
2012-10-06 15:01 . 2012-10-09 05:31 -------- d-----w- c:\programdata\PC1Data
2012-10-06 15:01 . 2012-10-06 15:02 -------- d-----w- c:\users\Dawn\AppData\Roaming\PCPro
2012-10-05 23:39 . 2012-10-05 23:39 998536 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-10-05 23:39 . 2012-10-05 23:39 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\ncrypt.dll
2012-10-05 23:39 . 2012-10-05 23:39 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\189F.tmp
2012-10-05 23:39 . 2012-10-05 23:39 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\59A5.tmp
2012-10-05 23:39 . 2012-10-05 23:39 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\5985.tmp
2012-09-28 04:40 . 2012-04-20 21:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-26 00:36 . 2012-09-26 00:36 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\CABF.tmp
2012-09-26 00:36 . 2012-09-26 00:36 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\CABE.tmp
2012-09-25 23:59 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 17:18 . 2012-09-23 17:18 -------- d-----w- c:\users\Dawn\AppData\Roaming\Box Sync
2012-09-23 17:17 . 2012-09-23 17:17 -------- d-----w- c:\users\Dawn\AppData\Roaming\Box Desktop
2012-09-23 15:10 . 2012-09-23 15:10 -------- d-----w- c:\program files\Box Sync
2012-09-23 15:08 . 2012-09-23 15:08 -------- d-----w- c:\users\Dawn\AppData\Local\Box Sync
2012-09-22 03:07 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-18 00:35 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 00:34 . 2012-09-18 00:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-18 00:34 . 2012-09-18 00:35 -------- d-----w- c:\program files\iTunes
2012-09-18 00:34 . 2012-09-18 00:35 -------- d-----w- c:\program files (x86)\iTunes
2012-09-18 00:34 . 2012-09-18 00:34 -------- d-----w- c:\program files\iPod
2012-09-18 00:29 . 2012-09-18 00:29 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-09-18 00:27 . 2012-09-22 21:41 -------- d-----w- c:\program files\Common Files\Apple
2012-09-17 23:29 . 2012-10-09 23:23 -------- d-----r- c:\users\Dawn\Dropbox
2012-09-17 23:25 . 2012-10-09 23:23 -------- d-----w- c:\users\Dawn\AppData\Roaming\Dropbox
2012-09-16 19:29 . 2012-09-16 19:29 -------- d-----w- c:\users\Dawn\AppData\Roaming\Kodak
2012-09-16 19:28 . 2012-09-16 19:28 -------- d-----w- c:\program files\DIFX
2012-09-16 19:28 . 2012-09-16 19:28 -------- d-----w- c:\program files (x86)\Common Files\Kodak
2012-09-16 19:25 . 2012-09-16 19:25 -------- d-----w- c:\programdata\{C3B35EBF-B1F6-4DE1-9682-ED71913E187B}
2012-09-15 07:14 . 2000-03-10 21:24 23552 ----a-w- c:\windows\SysWow64\Stlhook.dll
2012-09-15 07:14 . 2012-09-16 19:28 -------- d-----w- c:\program files (x86)\Kodak
2012-09-15 07:07 . 2012-09-15 07:07 -------- d-----w- c:\program files (x86)\Common Files\SCM
2012-09-15 07:07 . 2000-05-15 02:18 217088 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll
2012-09-15 07:07 . 2000-05-15 02:19 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2012-09-15 07:07 . 2000-05-15 02:14 217088 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-09-15 07:07 . 2000-05-15 02:12 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-09-15 07:07 . 2000-01-04 13:39 212992 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2012-09-15 07:05 . 2012-09-15 07:05 -------- d-----w- C:\KodakUSBCR
2012-09-15 06:48 . 2012-09-15 06:48 -------- d-----w- c:\users\Dawn\AppData\Roaming\Visan
2012-09-15 06:48 . 2012-09-15 06:53 -------- d-----w- c:\programdata\PrintProjects
2012-09-15 06:48 . 2012-09-15 06:48 -------- d-----w- c:\programdata\Visan
2012-09-15 06:48 . 2012-09-15 06:48 -------- d-----w- c:\program files (x86)\PrintProjects
2012-09-12 18:33 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 18:33 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 18:33 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 18:33 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\rndismpx.sys
2012-09-12 18:33 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 18:33 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 18:33 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 18:33 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 02:13 . 2012-06-04 23:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:13 . 2012-06-04 23:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 05:55 . 2010-12-04 01:38 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-21 18:01 . 2010-12-22 05:51 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2010-12-22 05:51 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-18 18:15 . 2012-08-15 00:20 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}]
2010-07-01 15:31 462848 ----a-w- c:\program files (x86)\CAJ Media\Browser Enhancer\adxloader.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe [2012-9-20 8710144]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-9-17 5828952]
Marketsplash Print Software.lnk - c:\program files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 8704pdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [2012-09-21 8704]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-09-17 1251840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-02-12 877088]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 02:13]
.
2012-10-10 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\Communicator.exe [2011-06-20 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}]
2010-07-01 15:31 662016 ----a-w- c:\program files (x86)\CAJ Media\Browser Enhancer\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2012-09-21 393216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzuyCtD0E0ByCzyyEtByB0F0D0CtC0CyCyEtN0D0TzutBtDtCtBtDyCtCtC&cr=1423460815
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: lsuhealthsystem.org\citrixweb.epic
Trusted Zone: selu.edu\moodle
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
BHO-{9194649F-7143-4308-90C1-D6A35B0E354E} - c:\program files (x86)\OApps\bho_project.dll
BHO-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{9D425283-D487-4337-BAB6-AB8354A81457} - c:\program files (x86)\Search Toolbar\SearchToolbar.dll
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-09 23:13:08
ComboFix-quarantined-files.txt 2012-10-10 04:13
.
Pre-Run: 176,685,215,744 bytes free
Post-Run: 180,660,908,032 bytes free
.
- - End Of File - - DE759895F229A6D0A3E43AAAE892E5CA

Edited by Orange Blossom, 13 October 2012 - 02:56 PM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:39 AM

Posted 13 October 2012 - 03:21 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 traumarn2

traumarn2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 16 October 2012 - 07:07 PM

:48:06.0003 9700 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:48:07.0672 9700 ============================================================
18:48:07.0672 9700 Current date / time: 2012/10/16 18:48:07.0672
18:48:07.0672 9700 SystemInfo:
18:48:07.0672 9700
18:48:07.0672 9700 OS Version: 6.1.7601 ServicePack: 1.0
18:48:07.0672 9700 Product type: Workstation
18:48:07.0672 9700 ComputerName: DAWN-PC
18:48:07.0672 9700 UserName: Dawn
18:48:07.0672 9700 Windows directory: C:\windows
18:48:07.0672 9700 System windows directory: C:\windows
18:48:07.0672 9700 Running under WOW64
18:48:07.0672 9700 Processor architecture: Intel x64
18:48:07.0672 9700 Number of processors: 2
18:48:07.0672 9700 Page size: 0x1000
18:48:07.0672 9700 Boot type: Normal boot
18:48:07.0672 9700 ============================================================
18:48:09.0880 9700 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:48:09.0890 9700 Drive \Device\Harddisk1\DR1 - Size: 0x78741000 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:48:09.0900 9700 ============================================================
18:48:09.0900 9700 \Device\Harddisk0\DR0:
18:48:09.0900 9700 MBR partitions:
18:48:09.0900 9700 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D21800
18:48:09.0900 9700 \Device\Harddisk1\DR1:
18:48:09.0900 9700 MBR partitions:
18:48:09.0900 9700 ============================================================
18:48:09.0920 9700 C: <-> \Device\Harddisk0\DR0\Partition1
18:48:09.0920 9700 ============================================================
18:48:09.0920 9700 Initialize success
18:48:09.0920 9700 ============================================================
18:48:36.0143 7544 ============================================================
18:48:36.0143 7544 Scan started
18:48:36.0143 7544 Mode: Manual; TDLFS;
18:48:36.0143 7544 ============================================================
18:48:40.0832 7544 ================ Scan system memory ========================
18:48:40.0832 7544 System memory - ok
18:48:40.0832 7544 ================ Scan services =============================
18:48:41.0076 7544 [ 7D6AD19E856983EA2E18B8F540A75C40 ] #UpdateService C:\Program Files\Box Sync\UpdateService.exe
18:48:41.0159 7544 #UpdateService - ok
18:48:41.0322 7544 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
18:48:41.0417 7544 1394ohci - ok
18:48:41.0446 7544 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
18:48:41.0450 7544 ACPI - ok
18:48:41.0470 7544 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
18:48:41.0524 7544 AcpiPmi - ok
18:48:41.0638 7544 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
18:48:41.0733 7544 AdobeActiveFileMonitor9.0 - ok
18:48:41.0940 7544 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:48:41.0943 7544 AdobeFlashPlayerUpdateSvc - ok
18:48:42.0028 7544 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
18:48:42.0040 7544 adp94xx - ok
18:48:42.0072 7544 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
18:48:42.0086 7544 adpahci - ok
18:48:42.0111 7544 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
18:48:42.0119 7544 adpu320 - ok
18:48:42.0171 7544 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
18:48:42.0172 7544 AeLookupSvc - ok
18:48:42.0209 7544 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
18:48:42.0212 7544 AFD - ok
18:48:42.0237 7544 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
18:48:42.0242 7544 agp440 - ok
18:48:42.0303 7544 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
18:48:42.0308 7544 ALG - ok
18:48:42.0334 7544 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
18:48:42.0339 7544 aliide - ok
18:48:42.0379 7544 [ 57B773D82E8CC3C6D7E02CC8A6632043 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
18:48:42.0438 7544 AMD External Events Utility - ok
18:48:42.0491 7544 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
18:48:42.0494 7544 amdide - ok
18:48:42.0509 7544 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
18:48:42.0515 7544 AmdK8 - ok
18:48:42.0701 7544 [ AEFAF27F1B7E52C705DF4FB6C96732F6 ] amdkmdag C:\windows\system32\DRIVERS\atipmdag.sys
18:48:42.0782 7544 amdkmdag - ok
18:48:42.0864 7544 [ 8149DB73BE27950EC72767A1193153A6 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
18:48:42.0921 7544 amdkmdap - ok
18:48:42.0941 7544 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
18:48:42.0943 7544 AmdPPM - ok
18:48:42.0965 7544 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
18:48:43.0023 7544 amdsata - ok
18:48:43.0044 7544 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
18:48:43.0052 7544 amdsbs - ok
18:48:43.0070 7544 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
18:48:43.0127 7544 amdxata - ok
18:48:43.0171 7544 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
18:48:43.0224 7544 AppID - ok
18:48:43.0276 7544 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
18:48:43.0287 7544 AppIDSvc - ok
18:48:43.0312 7544 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
18:48:43.0383 7544 Appinfo - ok
18:48:43.0596 7544 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
18:48:43.0703 7544 Apple Mobile Device - ok
18:48:43.0782 7544 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
18:48:43.0791 7544 arc - ok
18:48:43.0812 7544 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
18:48:43.0830 7544 arcsas - ok
18:48:43.0864 7544 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
18:48:43.0865 7544 AsyncMac - ok
18:48:43.0882 7544 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
18:48:43.0883 7544 atapi - ok
18:48:43.0948 7544 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
18:48:44.0004 7544 AtiPcie - ok
18:48:44.0083 7544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
18:48:44.0152 7544 AudioEndpointBuilder - ok
18:48:44.0164 7544 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
18:48:44.0169 7544 AudioSrv - ok
18:48:44.0195 7544 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
18:48:44.0238 7544 AxInstSV - ok
18:48:44.0300 7544 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
18:48:44.0324 7544 b06bdrv - ok
18:48:44.0365 7544 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
18:48:44.0377 7544 b57nd60a - ok
18:48:44.0452 7544 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
18:48:44.0459 7544 BDESVC - ok
18:48:44.0476 7544 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
18:48:44.0485 7544 Beep - ok
18:48:44.0532 7544 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
18:48:44.0583 7544 BFE - ok
18:48:44.0661 7544 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
18:48:44.0676 7544 BITS - ok
18:48:44.0740 7544 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
18:48:44.0747 7544 blbdrive - ok
18:48:44.0883 7544 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
18:48:44.0969 7544 Bonjour Service - ok
18:48:44.0994 7544 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
18:48:45.0049 7544 bowser - ok
18:48:45.0068 7544 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
18:48:45.0074 7544 BrFiltLo - ok
18:48:45.0129 7544 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
18:48:45.0145 7544 BrFiltUp - ok
18:48:45.0206 7544 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
18:48:45.0213 7544 BridgeMP - ok
18:48:45.0262 7544 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
18:48:45.0318 7544 Browser - ok
18:48:45.0341 7544 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
18:48:45.0350 7544 Brserid - ok
18:48:45.0374 7544 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
18:48:45.0380 7544 BrSerWdm - ok
18:48:45.0390 7544 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
18:48:45.0394 7544 BrUsbMdm - ok
18:48:45.0399 7544 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
18:48:45.0403 7544 BrUsbSer - ok
18:48:45.0423 7544 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
18:48:45.0466 7544 BTHMODEM - ok
18:48:45.0542 7544 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
18:48:45.0579 7544 bthserv - ok
18:48:45.0634 7544 catchme - ok
18:48:45.0666 7544 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
18:48:45.0675 7544 cdfs - ok
18:48:45.0785 7544 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
18:48:45.0864 7544 cdrom - ok
18:48:46.0014 7544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
18:48:46.0136 7544 CertPropSvc - ok
18:48:46.0189 7544 [ 45B5A89DC41577282E5BF41B1165EA71 ] cfwids C:\windows\system32\drivers\cfwids.sys
18:48:46.0272 7544 cfwids - ok
18:48:46.0304 7544 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
18:48:46.0308 7544 circlass - ok
18:48:46.0333 7544 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
18:48:46.0336 7544 CLFS - ok
18:48:46.0398 7544 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:46.0410 7544 clr_optimization_v2.0.50727_32 - ok
18:48:46.0457 7544 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:46.0476 7544 clr_optimization_v2.0.50727_64 - ok
18:48:46.0582 7544 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:48:46.0695 7544 clr_optimization_v4.0.30319_32 - ok
18:48:46.0753 7544 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:48:46.0817 7544 clr_optimization_v4.0.30319_64 - ok
18:48:46.0886 7544 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
18:48:46.0899 7544 CmBatt - ok
18:48:46.0921 7544 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
18:48:46.0927 7544 cmdide - ok
18:48:46.0985 7544 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
18:48:47.0076 7544 CNG - ok
18:48:47.0118 7544 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
18:48:47.0186 7544 CnxtHdAudService - ok
18:48:47.0238 7544 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
18:48:47.0244 7544 Compbatt - ok
18:48:47.0271 7544 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
18:48:47.0330 7544 CompositeBus - ok
18:48:47.0345 7544 COMSysApp - ok
18:48:47.0366 7544 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
18:48:47.0369 7544 crcdisk - ok
18:48:47.0435 7544 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
18:48:47.0504 7544 CryptSvc - ok
18:48:47.0551 7544 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\windows\system32\DRIVERS\ctxusbm.sys
18:48:47.0607 7544 ctxusbm - ok
18:48:47.0678 7544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
18:48:47.0696 7544 DcomLaunch - ok
18:48:47.0763 7544 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
18:48:47.0774 7544 defragsvc - ok
18:48:47.0851 7544 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
18:48:47.0934 7544 DfsC - ok
18:48:47.0963 7544 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
18:48:47.0967 7544 Dhcp - ok
18:48:47.0988 7544 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
18:48:47.0988 7544 discache - ok
18:48:48.0079 7544 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
18:48:48.0095 7544 Disk - ok
18:48:48.0160 7544 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
18:48:48.0240 7544 Dnscache - ok
18:48:48.0302 7544 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
18:48:48.0367 7544 dot3svc - ok
18:48:48.0407 7544 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\windows\system32\DRIVERS\Dot4.sys
18:48:48.0411 7544 Dot4 - ok
18:48:48.0457 7544 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\windows\system32\drivers\Dot4Prt.sys
18:48:48.0511 7544 Dot4Print - ok
18:48:48.0527 7544 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\windows\system32\DRIVERS\dot4usb.sys
18:48:48.0532 7544 dot4usb - ok
18:48:48.0554 7544 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
18:48:48.0557 7544 DPS - ok
18:48:48.0577 7544 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
18:48:48.0584 7544 drmkaud - ok
18:48:48.0662 7544 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
18:48:48.0759 7544 DXGKrnl - ok
18:48:48.0812 7544 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
18:48:48.0824 7544 EapHost - ok
18:48:48.0968 7544 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
18:48:49.0120 7544 ebdrv - ok
18:48:49.0189 7544 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
18:48:49.0245 7544 EFS - ok
18:48:49.0472 7544 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
18:48:49.0664 7544 ehRecvr - ok
18:48:49.0690 7544 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
18:48:49.0708 7544 ehSched - ok
18:48:49.0755 7544 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
18:48:49.0765 7544 elxstor - ok
18:48:49.0863 7544 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
18:48:49.0977 7544 EpsonBidirectionalService - ok
18:48:50.0062 7544 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
18:48:50.0116 7544 EPSON_EB_RPCV4_04 - ok
18:48:50.0164 7544 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
18:48:50.0218 7544 EPSON_PM_RPCV4_04 - ok
18:48:50.0274 7544 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
18:48:50.0279 7544 ErrDev - ok
18:48:50.0365 7544 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
18:48:50.0375 7544 EventSystem - ok
18:48:50.0403 7544 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
18:48:50.0415 7544 exfat - ok
18:48:50.0441 7544 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
18:48:50.0444 7544 fastfat - ok
18:48:50.0477 7544 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
18:48:50.0541 7544 Fax - ok
18:48:50.0560 7544 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
18:48:50.0564 7544 fdc - ok
18:48:50.0613 7544 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
18:48:50.0624 7544 fdPHost - ok
18:48:50.0645 7544 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
18:48:50.0649 7544 FDResPub - ok
18:48:50.0660 7544 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
18:48:50.0663 7544 FileInfo - ok
18:48:50.0718 7544 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
18:48:50.0723 7544 Filetrace - ok
18:48:50.0755 7544 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
18:48:50.0760 7544 flpydisk - ok
18:48:50.0786 7544 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
18:48:50.0836 7544 FltMgr - ok
18:48:50.0914 7544 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
18:48:50.0984 7544 FontCache - ok
18:48:51.0058 7544 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:51.0144 7544 FontCache3.0.0.0 - ok
18:48:51.0193 7544 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
18:48:51.0204 7544 FsDepends - ok
18:48:51.0263 7544 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\windows\system32\DRIVERS\fssfltr.sys
18:48:51.0333 7544 fssfltr - ok
18:48:51.0499 7544 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
18:48:51.0595 7544 fsssvc - ok
18:48:51.0612 7544 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
18:48:51.0671 7544 Fs_Rec - ok
18:48:51.0708 7544 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
18:48:51.0710 7544 fvevol - ok
18:48:51.0772 7544 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
18:48:51.0779 7544 gagp30kx - ok
18:48:51.0855 7544 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
18:48:51.0950 7544 GEARAspiWDM - ok
18:48:52.0006 7544 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
18:48:52.0022 7544 gpsvc - ok
18:48:52.0034 7544 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
18:48:52.0040 7544 hcw85cir - ok
18:48:52.0114 7544 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
18:48:52.0195 7544 HdAudAddService - ok
18:48:52.0216 7544 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
18:48:52.0218 7544 HDAudBus - ok
18:48:52.0235 7544 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
18:48:52.0239 7544 HidBatt - ok
18:48:52.0252 7544 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
18:48:52.0257 7544 HidBth - ok
18:48:52.0276 7544 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
18:48:52.0280 7544 HidIr - ok
18:48:52.0333 7544 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
18:48:52.0346 7544 hidserv - ok
18:48:52.0378 7544 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
18:48:52.0463 7544 HidUsb - ok
18:48:52.0564 7544 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\windows\system32\drivers\HipShieldK.sys
18:48:52.0667 7544 HipShieldK - ok
18:48:52.0682 7544 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
18:48:52.0725 7544 hkmsvc - ok
18:48:52.0778 7544 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
18:48:52.0820 7544 HomeGroupListener - ok
18:48:52.0876 7544 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
18:48:52.0948 7544 HomeGroupProvider - ok
18:48:53.0184 7544 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
18:48:53.0192 7544 hpqcxs08 - ok
18:48:53.0217 7544 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
18:48:53.0268 7544 hpqddsvc - ok
18:48:53.0291 7544 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
18:48:53.0349 7544 HpSAMD - ok
18:48:53.0378 7544 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
18:48:53.0400 7544 HPSLPSVC - ok
18:48:53.0489 7544 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
18:48:53.0502 7544 HTTP - ok
18:48:53.0525 7544 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
18:48:53.0526 7544 hwpolicy - ok
18:48:53.0558 7544 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
18:48:53.0567 7544 i8042prt - ok
18:48:53.0637 7544 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
18:48:53.0724 7544 iaStorV - ok
18:48:53.0816 7544 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
18:48:53.0912 7544 IDriverT - ok
18:48:53.0996 7544 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:54.0090 7544 idsvc - ok
18:48:54.0139 7544 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
18:48:54.0145 7544 iirsp - ok
18:48:54.0219 7544 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
18:48:54.0287 7544 IKEEXT - ok
18:48:54.0312 7544 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
18:48:54.0315 7544 intelide - ok
18:48:54.0333 7544 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
18:48:54.0339 7544 intelppm - ok
18:48:54.0404 7544 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
18:48:54.0422 7544 IPBusEnum - ok
18:48:54.0480 7544 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
18:48:54.0564 7544 IpFilterDriver - ok
18:48:54.0594 7544 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
18:48:54.0600 7544 iphlpsvc - ok
18:48:54.0620 7544 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
18:48:54.0674 7544 IPMIDRV - ok
18:48:54.0693 7544 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
18:48:54.0700 7544 IPNAT - ok
18:48:54.0805 7544 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
18:48:54.0815 7544 iPod Service - ok
18:48:54.0882 7544 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
18:48:54.0886 7544 IRENUM - ok
18:48:54.0897 7544 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
18:48:54.0901 7544 isapnp - ok
18:48:54.0956 7544 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
18:48:55.0067 7544 iScsiPrt - ok
18:48:55.0115 7544 [ BD5BF20EC242E003A2F570B8754A56D1 ] ivusb C:\windows\system32\DRIVERS\ivusb.sys
18:48:55.0170 7544 ivusb - ok
18:48:55.0202 7544 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
18:48:55.0208 7544 kbdclass - ok
18:48:55.0239 7544 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
18:48:55.0293 7544 kbdhid - ok
18:48:55.0311 7544 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
18:48:55.0312 7544 KeyIso - ok
18:48:55.0369 7544 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
18:48:55.0413 7544 KSecDD - ok
18:48:55.0467 7544 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
18:48:55.0550 7544 KSecPkg - ok
18:48:55.0565 7544 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
18:48:55.0570 7544 ksthunk - ok
18:48:55.0603 7544 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
18:48:55.0616 7544 KtmRm - ok
18:48:55.0667 7544 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
18:48:55.0724 7544 L1C - ok
18:48:55.0859 7544 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
18:48:55.0926 7544 LanmanServer - ok
18:48:55.0988 7544 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
18:48:56.0073 7544 LanmanWorkstation - ok
18:48:56.0115 7544 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
18:48:56.0156 7544 lltdio - ok
18:48:56.0224 7544 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
18:48:56.0342 7544 lltdsvc - ok
18:48:56.0427 7544 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
18:48:56.0444 7544 lmhosts - ok
18:48:56.0485 7544 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
18:48:56.0491 7544 LSI_FC - ok
18:48:56.0508 7544 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
18:48:56.0513 7544 LSI_SAS - ok
18:48:56.0557 7544 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
18:48:56.0561 7544 LSI_SAS2 - ok
18:48:56.0584 7544 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
18:48:56.0590 7544 LSI_SCSI - ok
18:48:56.0624 7544 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
18:48:56.0628 7544 luafv - ok
18:48:56.0729 7544 [ C121367D21599367F2ADB9C11B7BABAA ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:48:56.0733 7544 McAfee SiteAdvisor Service - ok
18:48:56.0753 7544 [ C121367D21599367F2ADB9C11B7BABAA ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:48:56.0758 7544 McMPFSvc - ok
18:48:56.0770 7544 [ C121367D21599367F2ADB9C11B7BABAA ] mcmscsvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:48:56.0772 7544 mcmscsvc - ok
18:48:56.0796 7544 [ C121367D21599367F2ADB9C11B7BABAA ] McNaiAnn C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:48:56.0798 7544 McNaiAnn - ok
18:48:56.0839 7544 [ C121367D21599367F2ADB9C11B7BABAA ] McNASvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:48:56.0841 7544 McNASvc - ok
18:48:56.0981 7544 [ BE7C8C3F8FE52D8F7826E14CF11DE949 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
18:48:56.0991 7544 McODS - ok
18:48:57.0016 7544 [ C121367D21599367F2ADB9C11B7BABAA ] McProxy C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:48:57.0019 7544 McProxy - ok
18:48:57.0075 7544 [ 4DEC9B5BEDAA97B1FF6A3923E1C4F58A ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:48:57.0079 7544 McShield - ok
18:48:57.0116 7544 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
18:48:57.0161 7544 Mcx2Svc - ok
18:48:57.0179 7544 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
18:48:57.0186 7544 megasas - ok
18:48:57.0243 7544 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
18:48:57.0264 7544 MegaSR - ok
18:48:57.0315 7544 [ B574522827D94126C03975FD53F0B26B ] mfeapfk C:\windows\system32\drivers\mfeapfk.sys
18:48:57.0387 7544 mfeapfk - ok
18:48:57.0429 7544 [ B393753ECE9A9E2307CB1984ACF3DA9D ] mfeavfk C:\windows\system32\drivers\mfeavfk.sys
18:48:57.0492 7544 mfeavfk - ok
18:48:57.0548 7544 mfeavfk01 - ok
18:48:57.0613 7544 [ 97C398750C8E80A48EB63999546F796E ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:48:57.0692 7544 mfefire - ok
18:48:57.0769 7544 [ C52A1ABF03DD219375EA0F6A8BE941C3 ] mfefirek C:\windows\system32\drivers\mfefirek.sys
18:48:57.0834 7544 mfefirek - ok
18:48:57.0912 7544 [ 7092A6C6158FC4F5AA39EBEB9D5AF03D ] mfehidk C:\windows\system32\drivers\mfehidk.sys
18:48:57.0999 7544 mfehidk - ok
18:48:58.0082 7544 [ D2A941C82A0A9227CD6F47AD40A40F69 ] mferkdet C:\windows\system32\drivers\mferkdet.sys
18:48:58.0158 7544 mferkdet - ok
18:48:58.0204 7544 [ 04D48692EFF181DA46DD8EA8BE9FFB2B ] mfevtp C:\windows\system32\mfevtps.exe
18:48:58.0262 7544 mfevtp - ok
18:48:58.0330 7544 [ 1631E2DA6C4B47D97ECA94842836592E ] mfewfpk C:\windows\system32\drivers\mfewfpk.sys
18:48:58.0392 7544 mfewfpk - ok
18:48:58.0464 7544 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
18:48:58.0469 7544 MMCSS - ok
18:48:58.0609 7544 [ 8CC001C65C31633171991FA72A551D43 ] MOBKbackup C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe
18:48:58.0700 7544 MOBKbackup - ok
18:48:58.0765 7544 [ 3800C23D0D90C59AAFCDEFDC82B5C4AF ] MOBKFilter C:\windows\system32\DRIVERS\MOBK.sys
18:48:58.0822 7544 MOBKFilter - ok
18:48:58.0837 7544 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
18:48:58.0841 7544 Modem - ok
18:48:58.0867 7544 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
18:48:58.0868 7544 monitor - ok
18:48:58.0889 7544 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
18:48:58.0896 7544 mouclass - ok
18:48:58.0913 7544 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
18:48:58.0919 7544 mouhid - ok
18:48:58.0928 7544 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
18:48:58.0929 7544 mountmgr - ok
18:48:58.0986 7544 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
18:48:59.0068 7544 mpio - ok
18:48:59.0086 7544 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
18:48:59.0093 7544 mpsdrv - ok
18:48:59.0168 7544 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
18:48:59.0189 7544 MpsSvc - ok
18:48:59.0214 7544 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
18:48:59.0277 7544 MRxDAV - ok
18:48:59.0328 7544 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
18:48:59.0383 7544 mrxsmb - ok
18:48:59.0405 7544 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
18:48:59.0461 7544 mrxsmb10 - ok
18:48:59.0482 7544 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
18:48:59.0537 7544 mrxsmb20 - ok
18:48:59.0547 7544 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
18:48:59.0608 7544 msahci - ok
18:48:59.0627 7544 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
18:48:59.0693 7544 msdsm - ok
18:48:59.0732 7544 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
18:48:59.0740 7544 MSDTC - ok
18:48:59.0765 7544 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
18:48:59.0770 7544 Msfs - ok
18:48:59.0796 7544 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
18:48:59.0802 7544 mshidkmdf - ok
18:48:59.0816 7544 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
18:48:59.0820 7544 msisadrv - ok
18:48:59.0862 7544 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
18:48:59.0869 7544 MSiSCSI - ok
18:48:59.0873 7544 msiserver - ok
18:48:59.0941 7544 [ C121367D21599367F2ADB9C11B7BABAA ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
18:48:59.0946 7544 MSK80Service - ok
18:48:59.0989 7544 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
18:49:00.0005 7544 MSKSSRV - ok
18:49:00.0028 7544 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
18:49:00.0036 7544 MSPCLOCK - ok
18:49:00.0047 7544 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
18:49:00.0050 7544 MSPQM - ok
18:49:00.0102 7544 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
18:49:00.0168 7544 MsRPC - ok
18:49:00.0188 7544 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
18:49:00.0189 7544 mssmbios - ok
18:49:00.0201 7544 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
18:49:00.0205 7544 MSTEE - ok
18:49:00.0221 7544 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
18:49:00.0226 7544 MTConfig - ok
18:49:00.0244 7544 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
18:49:00.0250 7544 Mup - ok
18:49:00.0268 7544 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
18:49:00.0318 7544 napagent - ok
18:49:00.0392 7544 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
18:49:00.0416 7544 NativeWifiP - ok
18:49:00.0510 7544 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
18:49:00.0529 7544 NDIS - ok
18:49:00.0591 7544 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
18:49:00.0600 7544 NdisCap - ok
18:49:00.0627 7544 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
18:49:00.0634 7544 NdisTapi - ok
18:49:00.0659 7544 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
18:49:00.0723 7544 Ndisuio - ok
18:49:00.0739 7544 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
18:49:00.0794 7544 NdisWan - ok
18:49:00.0804 7544 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
18:49:00.0857 7544 NDProxy - ok
18:49:00.0931 7544 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:49:00.0976 7544 Net Driver HPZ12 - ok
18:49:01.0002 7544 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
18:49:01.0008 7544 NetBIOS - ok
18:49:01.0060 7544 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
18:49:01.0066 7544 NetBT - ok
18:49:01.0089 7544 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
18:49:01.0092 7544 Netlogon - ok
18:49:01.0170 7544 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
18:49:01.0182 7544 Netman - ok
18:49:01.0203 7544 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
18:49:01.0209 7544 netprofm - ok
18:49:01.0230 7544 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:49:01.0235 7544 NetTcpPortSharing - ok
18:49:01.0262 7544 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
18:49:01.0266 7544 nfrd960 - ok
18:49:01.0345 7544 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\windows\System32\nlasvc.dll
18:49:01.0419 7544 NlaSvc - ok
18:49:01.0467 7544 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
18:49:01.0472 7544 Npfs - ok
18:49:01.0490 7544 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
18:49:01.0501 7544 nsi - ok
18:49:01.0510 7544 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
18:49:01.0511 7544 nsiproxy - ok
18:49:01.0614 7544 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
18:49:01.0691 7544 Ntfs - ok
18:49:01.0774 7544 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
18:49:01.0790 7544 Null - ok
18:49:01.0858 7544 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
18:49:01.0941 7544 nvraid - ok
18:49:01.0955 7544 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
18:49:02.0014 7544 nvstor - ok
18:49:02.0040 7544 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
18:49:02.0047 7544 nv_agp - ok
18:49:02.0068 7544 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
18:49:02.0075 7544 ohci1394 - ok
18:49:02.0160 7544 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:49:02.0251 7544 ose - ok
18:49:02.0468 7544 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:49:02.0657 7544 osppsvc - ok
18:49:02.0745 7544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
18:49:02.0754 7544 p2pimsvc - ok
18:49:02.0781 7544 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
18:49:02.0797 7544 p2psvc - ok
18:49:02.0857 7544 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
18:49:02.0870 7544 Parport - ok
18:49:02.0919 7544 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
18:49:02.0984 7544 partmgr - ok
18:49:03.0048 7544 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
18:49:03.0068 7544 PcaSvc - ok
18:49:03.0093 7544 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
18:49:03.0096 7544 pci - ok
18:49:03.0114 7544 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
18:49:03.0121 7544 pciide - ok
18:49:03.0146 7544 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
18:49:03.0154 7544 pcmcia - ok
18:49:03.0168 7544 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
18:49:03.0173 7544 pcw - ok
18:49:03.0243 7544 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
18:49:03.0272 7544 PEAUTH - ok
18:49:03.0366 7544 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
18:49:03.0397 7544 PerfHost - ok
18:49:03.0442 7544 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
18:49:03.0507 7544 PGEffect - ok
18:49:03.0600 7544 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
18:49:03.0657 7544 pla - ok
18:49:03.0729 7544 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
18:49:03.0742 7544 PlugPlay - ok
18:49:03.0884 7544 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:49:03.0931 7544 Pml Driver HPZ12 - ok
18:49:03.0995 7544 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
18:49:04.0012 7544 PNRPAutoReg - ok
18:49:04.0065 7544 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
18:49:04.0069 7544 PNRPsvc - ok
18:49:04.0092 7544 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
18:49:04.0144 7544 PolicyAgent - ok
18:49:04.0195 7544 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
18:49:04.0198 7544 Power - ok
18:49:04.0262 7544 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
18:49:04.0339 7544 PptpMiniport - ok
18:49:04.0354 7544 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
18:49:04.0358 7544 Processor - ok
18:49:04.0431 7544 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
18:49:04.0439 7544 ProfSvc - ok
18:49:04.0456 7544 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
18:49:04.0460 7544 ProtectedStorage - ok
18:49:04.0499 7544 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
18:49:04.0502 7544 Psched - ok
18:49:04.0573 7544 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
18:49:04.0648 7544 PxHlpa64 - ok
18:49:04.0765 7544 [ 56A6210ACA051227EAFEEFA628BB5A9B ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
18:49:04.0865 7544 QBCFMonitorService - ok
18:49:04.0929 7544 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
18:49:05.0014 7544 QBFCService - ok
18:49:05.0170 7544 [ D4FF4102640685C69BDC63F1674CE724 ] QBVSS C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
18:49:05.0248 7544 QBVSS - ok
18:49:05.0271 7544 [ C8FCB4899F8B70CC34E0D9876A80963C ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
18:49:05.0326 7544 QIOMem - ok
18:49:05.0384 7544 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
18:49:05.0408 7544 ql2300 - ok
18:49:05.0437 7544 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
18:49:05.0441 7544 ql40xx - ok
18:49:05.0500 7544 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
18:49:05.0519 7544 QWAVE - ok
18:49:05.0570 7544 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
18:49:05.0585 7544 QWAVEdrv - ok
18:49:05.0605 7544 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
18:49:05.0613 7544 RasAcd - ok
18:49:05.0684 7544 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
18:49:05.0703 7544 RasAgileVpn - ok
18:49:05.0728 7544 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
18:49:05.0738 7544 RasAuto - ok
18:49:05.0759 7544 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
18:49:05.0813 7544 Rasl2tp - ok
18:49:05.0905 7544 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
18:49:05.0976 7544 RasMan - ok
18:49:06.0001 7544 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
18:49:06.0009 7544 RasPppoe - ok
18:49:06.0043 7544 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
18:49:06.0047 7544 RasSstp - ok
18:49:06.0213 7544 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
18:49:06.0374 7544 rdbss - ok
18:49:06.0416 7544 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
18:49:06.0480 7544 rdpbus - ok
18:49:06.0496 7544 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
18:49:06.0499 7544 RDPCDD - ok
18:49:06.0528 7544 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
18:49:06.0529 7544 RDPENCDD - ok
18:49:06.0546 7544 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
18:49:06.0547 7544 RDPREFMP - ok
18:49:06.0603 7544 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
18:49:06.0683 7544 RDPWD - ok
18:49:06.0735 7544 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
18:49:06.0794 7544 rdyboost - ok
18:49:06.0807 7544 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
18:49:06.0813 7544 RemoteAccess - ok
18:49:06.0862 7544 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
18:49:06.0867 7544 RemoteRegistry - ok
18:49:06.0926 7544 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\windows\system32\Drivers\RimUsb_AMD64.sys
18:49:07.0010 7544 RimUsb - ok
18:49:07.0034 7544 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
18:49:07.0041 7544 RpcEptMapper - ok
18:49:07.0095 7544 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
18:49:07.0112 7544 RpcLocator - ok
18:49:07.0141 7544 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
18:49:07.0147 7544 RpcSs - ok
18:49:07.0165 7544 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
18:49:07.0170 7544 rspndr - ok
18:49:07.0238 7544 [ 3CEEE53BBF8BA284FF44585CEC0162FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
18:49:07.0245 7544 RSUSBSTOR - ok
18:49:07.0302 7544 [ B89C0601A05E1140AC96FA965D94C340 ] rtl8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
18:49:07.0384 7544 rtl8192Ce - ok
18:49:07.0400 7544 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
18:49:07.0402 7544 SamSs - ok
18:49:07.0416 7544 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
18:49:07.0475 7544 sbp2port - ok
18:49:07.0534 7544 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
18:49:07.0553 7544 SCardSvr - ok
18:49:07.0575 7544 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
18:49:07.0649 7544 scfilter - ok
18:49:07.0685 7544 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
18:49:07.0765 7544 Schedule - ok
18:49:07.0825 7544 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
18:49:07.0828 7544 SCPolicySvc - ok
18:49:07.0898 7544 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
18:49:07.0905 7544 SDRSVC - ok
18:49:07.0934 7544 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
18:49:07.0938 7544 secdrv - ok
18:49:07.0990 7544 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
18:49:08.0035 7544 seclogon - ok
18:49:08.0068 7544 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
18:49:08.0071 7544 SENS - ok
18:49:08.0133 7544 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
18:49:08.0141 7544 SensrSvc - ok
18:49:08.0207 7544 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
18:49:08.0213 7544 Serenum - ok
18:49:08.0233 7544 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
18:49:08.0237 7544 Serial - ok
18:49:08.0253 7544 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
18:49:08.0259 7544 sermouse - ok
18:49:08.0287 7544 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
18:49:08.0331 7544 SessionEnv - ok
18:49:08.0344 7544 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
18:49:08.0349 7544 sffdisk - ok
18:49:08.0364 7544 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
18:49:08.0370 7544 sffp_mmc - ok
18:49:08.0383 7544 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
18:49:08.0437 7544 sffp_sd - ok
18:49:08.0455 7544 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
18:49:08.0460 7544 sfloppy - ok
18:49:08.0499 7544 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
18:49:08.0509 7544 SharedAccess - ok
18:49:08.0567 7544 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
18:49:08.0645 7544 ShellHWDetection - ok
18:49:08.0703 7544 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
18:49:08.0717 7544 SiSRaid2 - ok
18:49:08.0741 7544 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
18:49:08.0749 7544 SiSRaid4 - ok
18:49:08.0787 7544 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
18:49:08.0795 7544 Smb - ok
18:49:08.0873 7544 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
18:49:08.0883 7544 SNMPTRAP - ok
18:49:08.0898 7544 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
18:49:08.0904 7544 spldr - ok
18:49:08.0958 7544 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
18:49:09.0049 7544 Spooler - ok
18:49:09.0187 7544 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
18:49:09.0302 7544 sppsvc - ok
18:49:09.0351 7544 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
18:49:09.0358 7544 sppuinotify - ok
18:49:09.0427 7544 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
18:49:09.0503 7544 srv - ok
18:49:09.0526 7544 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
18:49:09.0584 7544 srv2 - ok
18:49:09.0622 7544 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
18:49:09.0630 7544 SrvHsfHDA - ok
18:49:09.0710 7544 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
18:49:09.0739 7544 SrvHsfV92 - ok
18:49:09.0816 7544 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
18:49:09.0848 7544 SrvHsfWinac - ok
18:49:09.0875 7544 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
18:49:09.0937 7544 srvnet - ok
18:49:09.0995 7544 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
18:49:10.0013 7544 SSDPSRV - ok
18:49:10.0034 7544 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
18:49:10.0043 7544 SstpSvc - ok
18:49:10.0128 7544 [ 773940B8D50439391FFA619B3EEF01A3 ] StatusAgent4 C:\windows\SysWOW64\SAgent4.exe
18:49:10.0208 7544 StatusAgent4 - ok
18:49:10.0227 7544 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
18:49:10.0231 7544 stexstor - ok
18:49:10.0247 7544 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
18:49:10.0250 7544 StillCam - ok
18:49:10.0331 7544 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
18:49:10.0411 7544 stisvc - ok
18:49:10.0451 7544 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
18:49:10.0451 7544 swenum - ok
18:49:10.0511 7544 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
18:49:10.0541 7544 swprv - ok
18:49:10.0601 7544 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
18:49:10.0671 7544 SynTP - ok
18:49:10.0781 7544 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
18:49:10.0811 7544 SysMain - ok
18:49:10.0831 7544 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
18:49:10.0871 7544 TabletInputService - ok
18:49:10.0931 7544 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
18:49:10.0971 7544 TapiSrv - ok
18:49:10.0981 7544 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
18:49:10.0991 7544 TBS - ok
18:49:11.0101 7544 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\windows\system32\drivers\tcpip.sys
18:49:11.0401 7544 Tcpip - ok
18:49:11.0441 7544 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
18:49:11.0451 7544 TCPIP6 - ok
18:49:11.0501 7544 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
18:49:11.0571 7544 tcpipreg - ok
18:49:11.0601 7544 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
18:49:11.0661 7544 tdcmdpst - ok
18:49:11.0721 7544 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
18:49:11.0731 7544 TDPIPE - ok
18:49:11.0851 7544 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
18:49:11.0971 7544 TDTCP - ok
18:49:12.0081 7544 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
18:49:12.0191 7544 tdx - ok
18:49:12.0201 7544 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
18:49:12.0251 7544 TermDD - ok
18:49:12.0321 7544 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
18:49:12.0401 7544 TermService - ok
18:49:12.0401 7544 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
18:49:12.0411 7544 Themes - ok
18:49:12.0421 7544 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
18:49:12.0431 7544 THREADORDER - ok
18:49:12.0492 7544 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
18:49:12.0582 7544 TMachInfo - ok
18:49:12.0612 7544 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
18:49:12.0672 7544 TODDSrv - ok
18:49:12.0802 7544 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
18:49:12.0892 7544 TosCoSrv - ok
18:49:12.0982 7544 [ BAE96AD126F4EED4D361B092BA2E61FE ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
18:49:13.0062 7544 TOSHIBA eco Utility Service - ok
18:49:13.0102 7544 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
18:49:13.0102 7544 TOSHIBA HDD SSD Alert Service - ok
18:49:13.0202 7544 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
18:49:13.0212 7544 TPCHSrv - ok
18:49:13.0272 7544 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
18:49:13.0292 7544 TrkWks - ok
18:49:13.0392 7544 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
18:49:13.0392 7544 TrustedInstaller - ok
18:49:13.0462 7544 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
18:49:13.0562 7544 tssecsrv - ok
18:49:13.0582 7544 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
18:49:13.0642 7544 TsUsbFlt - ok
18:49:13.0672 7544 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
18:49:13.0732 7544 tunnel - ok
18:49:13.0772 7544 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
18:49:13.0852 7544 TVALZ - ok
18:49:13.0862 7544 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
18:49:13.0922 7544 TVALZFL - ok
18:49:13.0942 7544 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
18:49:13.0942 7544 uagp35 - ok
18:49:14.0002 7544 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
18:49:14.0092 7544 udfs - ok
18:49:14.0132 7544 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
18:49:14.0152 7544 UI0Detect - ok
18:49:14.0172 7544 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
18:49:14.0182 7544 uliagpkx - ok
18:49:14.0182 7544 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
18:49:14.0252 7544 umbus - ok
18:49:14.0272 7544 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
18:49:14.0272 7544 UmPass - ok
18:49:14.0282 7544 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
18:49:14.0292 7544 upnphost - ok
18:49:14.0362 7544 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
18:49:14.0362 7544 USBAAPL64 - ok
18:49:14.0412 7544 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
18:49:14.0502 7544 usbccgp - ok
18:49:14.0532 7544 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
18:49:14.0532 7544 usbcir - ok
18:49:14.0552 7544 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
18:49:14.0602 7544 usbehci - ok
18:49:14.0632 7544 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
18:49:14.0682 7544 usbhub - ok
18:49:14.0752 7544 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
18:49:14.0752 7544 usbohci - ok
18:49:14.0782 7544 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
18:49:14.0802 7544 usbprint - ok
18:49:14.0832 7544 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
18:49:14.0842 7544 usbscan - ok
18:49:14.0892 7544 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
18:49:14.0902 7544 USBSTOR - ok
18:49:14.0922 7544 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
18:49:15.0012 7544 usbuhci - ok
18:49:15.0052 7544 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
18:49:15.0102 7544 usbvideo - ok
18:49:15.0122 7544 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
18:49:15.0132 7544 usb_rndisx - ok
18:49:15.0152 7544 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
18:49:15.0152 7544 UxSms - ok
18:49:15.0162 7544 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
18:49:15.0162 7544 VaultSvc - ok
18:49:15.0182 7544 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
18:49:15.0192 7544 vdrvroot - ok
18:49:15.0262 7544 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
18:49:15.0352 7544 vds - ok
18:49:15.0362 7544 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
18:49:15.0362 7544 vga - ok
18:49:15.0382 7544 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
18:49:15.0392 7544 VgaSave - ok
18:49:15.0442 7544 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
18:49:15.0522 7544 vhdmp - ok
18:49:15.0542 7544 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
18:49:15.0552 7544 viaide - ok
18:49:15.0562 7544 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
18:49:15.0622 7544 volmgr - ok
18:49:15.0642 7544 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
18:49:15.0642 7544 volmgrx - ok
18:49:15.0662 7544 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\drivers\volsnap.sys
18:49:15.0722 7544 volsnap - ok
18:49:15.0812 7544 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
18:49:15.0832 7544 vsmraid - ok
18:49:15.0942 7544 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
18:49:16.0012 7544 VSS - ok
18:49:16.0072 7544 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
18:49:16.0072 7544 vwifibus - ok
18:49:16.0092 7544 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
18:49:16.0092 7544 vwififlt - ok
18:49:16.0162 7544 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
18:49:16.0172 7544 vwifimp - ok
18:49:16.0242 7544 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
18:49:16.0262 7544 W32Time - ok
18:49:16.0282 7544 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
18:49:16.0292 7544 WacomPen - ok
18:49:16.0322 7544 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
18:49:16.0452 7544 WANARP - ok
18:49:16.0452 7544 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
18:49:16.0452 7544 Wanarpv6 - ok
18:49:16.0532 7544 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
18:49:16.0613 7544 WatAdminSvc - ok
18:49:16.0713 7544 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
18:49:16.0783 7544 wbengine - ok
18:49:16.0813 7544 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
18:49:16.0823 7544 WbioSrvc - ok
18:49:16.0833 7544 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
18:49:16.0883 7544 wcncsvc - ok
18:49:16.0943 7544 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
18:49:16.0953 7544 WcsPlugInService - ok
18:49:16.0963 7544 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
18:49:16.0983 7544 Wd - ok
18:49:17.0053 7544 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
18:49:17.0093 7544 Wdf01000 - ok
18:49:17.0113 7544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
18:49:17.0123 7544 WdiServiceHost - ok
18:49:17.0123 7544 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
18:49:17.0133 7544 WdiSystemHost - ok
18:49:17.0193 7544 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
18:49:17.0263 7544 WebClient - ok
18:49:17.0273 7544 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
18:49:17.0283 7544 Wecsvc - ok
18:49:17.0303 7544 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
18:49:17.0303 7544 wercplsupport - ok
18:49:17.0333 7544 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
18:49:17.0333 7544 WerSvc - ok
18:49:17.0353 7544 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
18:49:17.0353 7544 WfpLwf - ok
18:49:17.0363 7544 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
18:49:17.0373 7544 WIMMount - ok
18:49:17.0383 7544 WinDefend - ok
18:49:17.0383 7544 WinHttpAutoProxySvc - ok
18:49:17.0473 7544 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
18:49:17.0493 7544 Winmgmt - ok
18:49:17.0563 7544 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
18:49:17.0633 7544 WinRM - ok
18:49:17.0713 7544 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
18:49:17.0813 7544 WinUSB - ok
18:49:17.0893 7544 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
18:49:17.0933 7544 Wlansvc - ok
18:49:18.0053 7544 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
18:49:18.0133 7544 wlcrasvc - ok
18:49:18.0243 7544 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
18:49:18.0333 7544 wlidsvc - ok
18:49:18.0363 7544 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
18:49:18.0363 7544 WmiAcpi - ok
18:49:18.0413 7544 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
18:49:18.0423 7544 wmiApSrv - ok
18:49:18.0453 7544 WMPNetworkSvc - ok
18:49:18.0583 7544 [ 58540037A4A3EEEEFA47C84100E1694F ] WMZuneComm C:\Program Files\Zune\WMZuneComm.exe
18:49:18.0683 7544 WMZuneComm - ok
18:49:18.0733 7544 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
18:49:18.0753 7544 WPCSvc - ok
18:49:18.0803 7544 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
18:49:18.0813 7544 WPDBusEnum - ok
18:49:18.0823 7544 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
18:49:18.0833 7544 ws2ifsl - ok
18:49:18.0853 7544 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
18:49:18.0863 7544 wscsvc - ok
18:49:18.0923 7544 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys
18:49:18.0933 7544 WSDPrintDevice - ok
18:49:18.0963 7544 [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan C:\windows\system32\DRIVERS\WSDScan.sys
18:49:18.0963 7544 WSDScan - ok
18:49:18.0973 7544 WSearch - ok
18:49:19.0083 7544 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
18:49:19.0133 7544 wuauserv - ok
18:49:19.0153 7544 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\windows\system32\drivers\WudfPf.sys
18:49:19.0213 7544 WudfPf - ok
18:49:19.0283 7544 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
18:49:19.0293 7544 WUDFRd - ok
18:49:19.0343 7544 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\windows\System32\WUDFSvc.dll
18:49:19.0413 7544 wudfsvc - ok
18:49:19.0443 7544 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
18:49:19.0453 7544 WwanSvc - ok
18:49:19.0683 7544 [ D6EF205269C2A584AF6B56B9F95010F8 ] ZuneNetworkSvc C:\Program Files\Zune\ZuneNss.exe
18:49:20.0343 7544 ZuneNetworkSvc - ok
18:49:20.0405 7544 [ 7A565AFE58F3822A9E622868E5CC0E5C ] ZuneWlanCfgSvc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
18:49:20.0514 7544 ZuneWlanCfgSvc - ok
18:49:20.0546 7544 ================ Scan global ===============================
18:49:20.0577 7544 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
18:49:20.0639 7544 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
18:49:20.0655 7544 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\windows\system32\winsrv.dll
18:49:20.0702 7544 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
18:49:20.0795 7544 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
18:49:20.0795 7544 [Global] - ok
18:49:20.0795 7544 ================ Scan MBR ==================================
18:49:20.0811 7544 [ BF01F2FC02D43916D6D0656AA208631C ] \Device\Harddisk0\DR0
18:49:20.0811 7544 Suspicious mbr (Forged): \Device\Harddisk0\DR0
18:49:20.0842 7544 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - infected
18:49:20.0842 7544 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
18:49:20.0920 7544 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
18:49:20.0920 7544 \Device\Harddisk0\DR0 - detected TDSS File System (1)
18:49:20.0920 7544 [ E298962D4D14F6ED48290A7131607586 ] \Device\Harddisk1\DR1
18:50:24.0872 7544 \Device\Harddisk1\DR1 - ok
18:50:24.0872 7544 ================ Scan VBR ==================================
18:50:24.0902 7544 [ 25EB2A569C7AE4F61F11CFB3DDB42D88 ] \Device\Harddisk0\DR0\Partition1
18:50:24.0902 7544 \Device\Harddisk0\DR0\Partition1 - ok
18:50:24.0902 7544 ============================================================
18:50:24.0902 7544 Scan finished
18:50:24.0902 7544 ============================================================
18:50:24.0932 7528 Detected object count: 2
18:50:24.0932 7528 Actual detected object count: 2
18:51:02.0261 7528 \Device\Harddisk0\DR0\# - copied to quarantine
18:51:02.0261 7528 \Device\Harddisk0\DR0 - copied to quarantine
18:51:02.0291 7528 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine
18:51:02.0291 7528 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine
18:51:02.0301 7528 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine
18:51:02.0301 7528 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine
18:51:02.0301 7528 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine
18:51:02.0301 7528 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine
18:51:02.0301 7528 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine
18:51:02.0301 7528 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine
18:51:02.0317 7528 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine
18:51:02.0317 7528 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
18:51:02.0348 7528 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
18:51:02.0348 7528 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
18:51:02.0364 7528 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
18:51:02.0364 7528 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine
18:51:02.0379 7528 \Device\Harddisk0\DR0\TDLFS\tdi32 - copied to quarantine
18:51:02.0395 7528 \Device\Harddisk0\DR0\TDLFS\tdi64 - copied to quarantine
18:51:02.0405 7528 \Device\Harddisk0\DR0\TDLFS\main1 - copied to quarantine
18:51:02.0405 7528 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine
18:51:02.0415 7528 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine
18:51:02.0415 7528 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine
18:51:02.0495 7528 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine
18:51:02.0525 7528 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine
18:51:02.0565 7528 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine
18:51:02.0895 7528 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine
18:51:02.0955 7528 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine
18:51:02.0975 7528 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine
18:51:02.0985 7528 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine
18:51:03.0025 7528 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - will be cured on reboot
18:51:03.0045 7528 \Device\Harddisk0\DR0 - ok
18:51:03.0455 7528 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.a ) - User select action: Cure
18:51:03.0455 7528 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
18:51:03.0455 7528 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
18:51:22.0413 6992 Deinitialize success


Thank you!!!

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:39 AM

Posted 16 October 2012 - 09:10 PM

please re-run ComboFix but delete the copy that you have on your desktop and download a fresh copy

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

make sure your security programs are updated when you run it

post the resulting log

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 traumarn2

traumarn2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:39 AM

Posted 17 October 2012 - 07:41 PM

ComboFix 12-10-17.05 - Dawn 10/17/2012 19:15:27.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2811.1608 [GMT -5:00]
Running from: E:\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\DRM\189F.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-09-18 to 2012-10-18 )))))))))))))))))))))))))))))))
.
.
2012-10-18 00:31 . 2012-10-18 00:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-16 23:51 . 2012-10-16 23:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-10-10 06:59 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-10 06:58 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-10 06:58 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-10 06:58 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-10 06:56 . 2012-08-20 15:38 2048 ----a-w- c:\windows\SysWow64\user.exe
2012-10-10 06:55 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-10 06:55 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-10 06:55 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll
2012-10-10 06:55 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-10-10 06:54 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-10-10 06:54 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-10-10 06:53 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-10 06:53 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-10 06:53 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-10 06:53 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-10 06:53 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-10 06:53 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-07 16:17 . 2012-10-09 05:37 -------- d-----w- c:\users\Dawn\AppData\Roaming\Nico Mak Computing
2012-10-07 16:17 . 2012-02-08 15:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2012-10-06 15:16 . 2012-10-06 15:16 -------- d-----w- c:\users\Dawn\AppData\Roaming\SpeedyPC Software
2012-10-06 15:16 . 2012-10-06 15:16 -------- d-----w- c:\users\Dawn\AppData\Roaming\DriverCure
2012-10-06 15:15 . 2012-10-09 05:36 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-06 15:02 . 2012-10-06 15:02 -------- d-----w- c:\users\Dawn\AppData\Roaming\PC Cleaners
2012-10-06 15:02 . 2012-10-06 15:01 4588344 ----a-w- c:\windows\uninst.exe
2012-10-06 15:01 . 2012-10-09 05:31 -------- d-----w- c:\programdata\PC1Data
2012-10-06 15:01 . 2012-10-06 15:02 -------- d-----w- c:\users\Dawn\AppData\Roaming\PCPro
2012-10-05 23:39 . 2012-10-05 23:39 998536 ----a-w- c:\programdata\Microsoft\Windows\DRM\install_flashplayer.exe
2012-10-05 23:39 . 2012-10-05 23:39 124416 ----a-w- c:\programdata\Microsoft\Windows\DRM\ncrypt.dll
2012-09-28 04:40 . 2012-04-20 21:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2012-09-25 23:59 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-23 17:18 . 2012-09-23 17:18 -------- d-----w- c:\users\Dawn\AppData\Roaming\Box Sync
2012-09-23 17:17 . 2012-09-23 17:17 -------- d-----w- c:\users\Dawn\AppData\Roaming\Box Desktop
2012-09-23 15:10 . 2012-09-23 15:10 -------- d-----w- c:\program files\Box Sync
2012-09-23 15:08 . 2012-09-23 15:08 -------- d-----w- c:\users\Dawn\AppData\Local\Box Sync
2012-09-22 03:07 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-18 00:35 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-18 00:34 . 2012-09-18 00:35 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-18 00:34 . 2012-09-18 00:35 -------- d-----w- c:\program files\iTunes
2012-09-18 00:34 . 2012-09-18 00:35 -------- d-----w- c:\program files (x86)\iTunes
2012-09-18 00:34 . 2012-09-18 00:34 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-09 02:13 . 2012-06-04 23:58 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 02:13 . 2012-06-04 23:58 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-13 05:55 . 2010-12-04 01:38 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-08-22 18:12 . 2012-09-12 18:33 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 18:33 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 18:33 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 18:33 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 18:01 . 2010-12-22 05:51 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2010-12-22 05:51 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-08-20 17:38 . 2012-10-10 06:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 18:33 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 18:33 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}]
2010-07-01 15:31 462848 ----a-w- c:\program files (x86)\CAJ Media\Browser Enhancer\adxloader.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9194649F-7143-4308-90C1-D6A35B0E354E}]
c:\program files (x86)\OApps\bho_project.dll [BU]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]
c:\program files (x86)\Search Toolbar\SearchToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{9D425283-D487-4337-BAB6-AB8354A81457}"= "c:\program files (x86)\Search Toolbar\SearchToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{9d425283-d487-4337-bab6-ab8354a81457}]
[HKEY_CLASSES_ROOT\SearchToolbarLib.CSearchToolbarImpl.1]
[HKEY_CLASSES_ROOT\TypeLib\{E43AD97A-5248-46A7-BB03-35574058224C}]
[HKEY_CLASSES_ROOT\SearchToolbarLib.CSearchToolbarImpl]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KGShareApp"="c:\program files (x86)\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-06-26 394752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-15 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1535112]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-18 976832]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
.
c:\users\Dawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dawn\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-26 26924984]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe [2012-9-20 8710144]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe [2010-9-17 5828952]
Marketsplash Print Software.lnk - c:\program files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-6-24 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-09 239136]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-04 1255736]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-07-14 87600]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-14 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 8704pdateService;Box Sync Auto-updater;c:\program files\Box Sync\UpdateService.exe [2012-09-21 8704]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-15 202752]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144]
S2 MOBKbackup;McAfee Online Backup;c:\program files (x86)\McAfee Online Backup\MOBKbackup.exe [2010-04-14 231224]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2010-09-17 1251840]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-02-26 252928]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2010-03-15 6403072]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-03-15 188928]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-23 75304]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-02-12 877088]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 02:13]
.
2012-10-18 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\Communicator.exe [2011-06-20 09:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86ef8bd1-47f3-4322-923f-f29cdf477eb0}]
2010-07-01 15:31 662016 ----a-w- c:\program files (x86)\CAJ Media\Browser Enhancer\adxloader64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
@="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
[HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
@="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
[HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
@="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
[HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
@="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
[HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
@="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
[HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
2010-11-05 01:57 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\Dawn\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2012-09-21 393216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzutAtN2Y1L1QzuyCtD0E0ByCzyyEtByB0F0D0CtC0CyCyEtN0D0TzutBtDtCtBtDyCtCtC&cr=1423460815
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
Trusted Zone: lsuhealthsystem.org\citrixweb.epic
Trusted Zone: selu.edu\moodle
TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-47802970.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-17 19:36:57
ComboFix-quarantined-files.txt 2012-10-18 00:36
ComboFix2.txt 2012-10-10 04:13
.
Pre-Run: 174,563,979,264 bytes free
Post-Run: 177,222,791,168 bytes free
.
- - End Of File - - 3D74D86DB502CD2F89BD7A66CEF90E07


Thank you.

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:39 AM

Posted 17 October 2012 - 09:19 PM

Please run the following:

Download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, allow the reboot
  • On reboot a log will be produced, please attach the content of the log to your next reply


NEXT


Please download Malwarebytes Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:02:39 AM

Posted 26 October 2012 - 05:48 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users