Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File Recovery Virus!


  • Please log in to reply
12 replies to this topic

#1 Borky

Borky

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 16 October 2012 - 05:10 AM

Hey,
I've had the file recovery virus for a day now. I've tried using your guide here http://www.bleepingcomputer.com/virus-removal/remove-file-recovery, however I'm still having trouble.The image on that guide of the virus is slightly different to the one on my PC. I'm running Windows 7, I had a message last night saying I needed to update Adobe Flash Player but dismissed it, however it still kept appearing. As I tried to follow the guides you have provided already I have ran RKill which said afterwards that my computer was showing signs of the ZeroAccess Rootkit. Any help'd be much appreciated, thanks guys!

*Hey just a little update, I ran SUPERAntiSpyware and have rebooted in normal mode, no issues so far (apart from needing to seriously clean up my Start menu, etc). I ran RKill again after waiting to see if File Recovery would appear again, which it didn't. RKill log still says there are traces of the folder and of the ZeroAccess Rootkit, so I'm still not 100% sure. I'll keep the topic updated as I know the more information I can give the easier it is to help. Thanks, Borky*

Edited by Borky, 16 October 2012 - 06:28 AM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 16 October 2012 - 09:23 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 16 October 2012 - 05:28 PM

Hey, thanks for a quick reply.
This is the TDSSKiller log.

21:24:01.0202 5648 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
21:24:01.0655 5648 ============================================================
21:24:01.0655 5648 Current date / time: 2012/10/16 21:24:01.0655
21:24:01.0655 5648 SystemInfo:
21:24:01.0655 5648
21:24:01.0655 5648 OS Version: 6.1.7601 ServicePack: 1.0
21:24:01.0655 5648 Product type: Workstation
21:24:01.0655 5648 ComputerName: C-DAWGCRIDIZZLE
21:24:01.0655 5648 UserName: C-Dawg Cridizzle
21:24:01.0655 5648 Windows directory: C:\Windows
21:24:01.0655 5648 System windows directory: C:\Windows
21:24:01.0655 5648 Running under WOW64
21:24:01.0655 5648 Processor architecture: Intel x64
21:24:01.0655 5648 Number of processors: 2
21:24:01.0655 5648 Page size: 0x1000
21:24:01.0655 5648 Boot type: Normal boot
21:24:01.0655 5648 ============================================================
21:24:04.0665 5648 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:24:04.0681 5648 ============================================================
21:24:04.0681 5648 \Device\Harddisk0\DR0:
21:24:04.0681 5648 MBR partitions:
21:24:04.0681 5648 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
21:24:04.0681 5648 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
21:24:04.0681 5648 ============================================================
21:24:04.0712 5648 C: <-> \Device\Harddisk0\DR0\Partition1
21:24:04.0775 5648 D: <-> \Device\Harddisk0\DR0\Partition2
21:24:04.0775 5648 ============================================================
21:24:04.0775 5648 Initialize success
21:24:04.0775 5648 ============================================================
21:24:23.0697 5804 ============================================================
21:24:23.0697 5804 Scan started
21:24:23.0697 5804 Mode: Manual; TDLFS;
21:24:23.0697 5804 ============================================================
21:24:26.0303 5804 ================ Scan system memory ========================
21:24:26.0303 5804 System memory - ok
21:24:26.0303 5804 ================ Scan services =============================
21:24:26.0537 5804 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
21:24:26.0568 5804 !SASCORE - ok
21:24:26.0724 5804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:24:26.0755 5804 1394ohci - ok
21:24:26.0802 5804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:24:26.0802 5804 ACPI - ok
21:24:26.0833 5804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:24:26.0849 5804 AcpiPmi - ok
21:24:26.0989 5804 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:24:27.0020 5804 AdobeFlashPlayerUpdateSvc - ok
21:24:27.0129 5804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:24:27.0161 5804 adp94xx - ok
21:24:27.0192 5804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:24:27.0223 5804 adpahci - ok
21:24:27.0270 5804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:24:27.0301 5804 adpu320 - ok
21:24:27.0332 5804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:24:27.0348 5804 AeLookupSvc - ok
21:24:27.0395 5804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
21:24:27.0395 5804 AFD - ok
21:24:27.0441 5804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:24:27.0473 5804 agp440 - ok
21:24:27.0504 5804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
21:24:27.0535 5804 ALG - ok
21:24:27.0566 5804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
21:24:27.0597 5804 aliide - ok
21:24:27.0597 5804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
21:24:27.0629 5804 amdide - ok
21:24:27.0660 5804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:24:27.0691 5804 AmdK8 - ok
21:24:27.0707 5804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:24:27.0722 5804 AmdPPM - ok
21:24:27.0769 5804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:24:27.0800 5804 amdsata - ok
21:24:27.0831 5804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:24:27.0863 5804 amdsbs - ok
21:24:27.0894 5804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:24:27.0909 5804 amdxata - ok
21:24:27.0956 5804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
21:24:27.0987 5804 AppID - ok
21:24:28.0034 5804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:24:28.0034 5804 AppIDSvc - ok
21:24:28.0097 5804 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
21:24:28.0097 5804 Appinfo - ok
21:24:28.0237 5804 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:24:28.0253 5804 Apple Mobile Device - ok
21:24:28.0315 5804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
21:24:28.0331 5804 arc - ok
21:24:28.0346 5804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:24:28.0377 5804 arcsas - ok
21:24:28.0424 5804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:24:28.0440 5804 AsyncMac - ok
21:24:28.0487 5804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
21:24:28.0502 5804 atapi - ok
21:24:28.0580 5804 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
21:24:28.0627 5804 athr - ok
21:24:28.0689 5804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:24:28.0705 5804 AudioEndpointBuilder - ok
21:24:28.0721 5804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:24:28.0721 5804 AudioSrv - ok
21:24:28.0783 5804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:24:28.0799 5804 AxInstSV - ok
21:24:28.0845 5804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
21:24:28.0877 5804 b06bdrv - ok
21:24:28.0908 5804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:24:28.0939 5804 b57nd60a - ok
21:24:28.0986 5804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
21:24:29.0001 5804 BDESVC - ok
21:24:29.0033 5804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
21:24:29.0048 5804 Beep - ok
21:24:29.0126 5804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
21:24:29.0142 5804 BITS - ok
21:24:29.0220 5804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:24:29.0235 5804 blbdrive - ok
21:24:29.0298 5804 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:24:29.0329 5804 Bonjour Service - ok
21:24:29.0391 5804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:24:29.0407 5804 bowser - ok
21:24:29.0469 5804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:24:29.0485 5804 BrFiltLo - ok
21:24:29.0516 5804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:24:29.0532 5804 BrFiltUp - ok
21:24:29.0563 5804 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
21:24:29.0579 5804 Browser - ok
21:24:29.0610 5804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:24:29.0641 5804 Brserid - ok
21:24:29.0657 5804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:24:29.0672 5804 BrSerWdm - ok
21:24:29.0703 5804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:24:29.0719 5804 BrUsbMdm - ok
21:24:29.0750 5804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:24:29.0781 5804 BrUsbSer - ok
21:24:29.0797 5804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:24:29.0813 5804 BTHMODEM - ok
21:24:29.0859 5804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
21:24:29.0875 5804 bthserv - ok
21:24:29.0891 5804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:24:29.0922 5804 cdfs - ok
21:24:29.0953 5804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
21:24:29.0984 5804 cdrom - ok
21:24:30.0015 5804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
21:24:30.0031 5804 CertPropSvc - ok
21:24:30.0109 5804 [ 837FF2D497880198C918E6954DBD170C ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
21:24:30.0109 5804 cfWiMAXService - ok
21:24:30.0156 5804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:24:30.0171 5804 circlass - ok
21:24:30.0218 5804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
21:24:30.0218 5804 CLFS - ok
21:24:30.0359 5804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:24:30.0390 5804 clr_optimization_v2.0.50727_32 - ok
21:24:30.0437 5804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:24:30.0468 5804 clr_optimization_v2.0.50727_64 - ok
21:24:30.0577 5804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:24:30.0624 5804 clr_optimization_v4.0.30319_32 - ok
21:24:30.0671 5804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:24:30.0686 5804 clr_optimization_v4.0.30319_64 - ok
21:24:30.0717 5804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:24:30.0733 5804 CmBatt - ok
21:24:30.0780 5804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:24:30.0795 5804 cmdide - ok
21:24:30.0827 5804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
21:24:30.0858 5804 CNG - ok
21:24:30.0905 5804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:24:30.0920 5804 Compbatt - ok
21:24:30.0951 5804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:24:30.0983 5804 CompositeBus - ok
21:24:30.0998 5804 COMSysApp - ok
21:24:31.0029 5804 [ D252C53BCDFC199BBA55EEB10CDB266E ] ConfigFree Gadget Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
21:24:31.0029 5804 ConfigFree Gadget Service - ok
21:24:31.0061 5804 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
21:24:31.0061 5804 ConfigFree Service - ok
21:24:31.0092 5804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:24:31.0107 5804 crcdisk - ok
21:24:31.0139 5804 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:24:31.0154 5804 CryptSvc - ok
21:24:31.0201 5804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:24:31.0217 5804 DcomLaunch - ok
21:24:31.0263 5804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
21:24:31.0279 5804 defragsvc - ok
21:24:31.0326 5804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:24:31.0357 5804 DfsC - ok
21:24:31.0404 5804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
21:24:31.0419 5804 Dhcp - ok
21:24:31.0482 5804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
21:24:31.0482 5804 discache - ok
21:24:31.0513 5804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:24:31.0529 5804 Disk - ok
21:24:31.0638 5804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:24:31.0653 5804 Dnscache - ok
21:24:31.0685 5804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
21:24:31.0700 5804 dot3svc - ok
21:24:31.0731 5804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
21:24:31.0747 5804 DPS - ok
21:24:31.0794 5804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:24:31.0809 5804 drmkaud - ok
21:24:31.0856 5804 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:24:31.0903 5804 DXGKrnl - ok
21:24:31.0934 5804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
21:24:31.0950 5804 EapHost - ok
21:24:32.0059 5804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
21:24:32.0153 5804 ebdrv - ok
21:24:32.0184 5804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
21:24:32.0199 5804 EFS - ok
21:24:32.0262 5804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:24:32.0293 5804 ehRecvr - ok
21:24:32.0324 5804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
21:24:32.0340 5804 ehSched - ok
21:24:32.0402 5804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:24:32.0433 5804 elxstor - ok
21:24:32.0449 5804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:24:32.0480 5804 ErrDev - ok
21:24:32.0527 5804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
21:24:32.0558 5804 EventSystem - ok
21:24:32.0574 5804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
21:24:32.0605 5804 exfat - ok
21:24:32.0636 5804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:24:32.0667 5804 fastfat - ok
21:24:32.0714 5804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
21:24:32.0745 5804 Fax - ok
21:24:32.0761 5804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:24:32.0792 5804 fdc - ok
21:24:32.0823 5804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
21:24:32.0839 5804 fdPHost - ok
21:24:32.0855 5804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
21:24:32.0855 5804 FDResPub - ok
21:24:32.0901 5804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:24:32.0917 5804 FileInfo - ok
21:24:32.0933 5804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:24:32.0948 5804 Filetrace - ok
21:24:32.0964 5804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:24:32.0995 5804 flpydisk - ok
21:24:33.0026 5804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:24:33.0042 5804 FltMgr - ok
21:24:33.0104 5804 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
21:24:33.0151 5804 FontCache - ok
21:24:33.0198 5804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:24:33.0229 5804 FontCache3.0.0.0 - ok
21:24:33.0260 5804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:24:33.0276 5804 FsDepends - ok
21:24:33.0291 5804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:24:33.0323 5804 Fs_Rec - ok
21:24:33.0369 5804 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:24:33.0369 5804 fvevol - ok
21:24:33.0401 5804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:24:33.0416 5804 gagp30kx - ok
21:24:33.0510 5804 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
21:24:33.0557 5804 GameConsoleService - ok
21:24:33.0619 5804 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:24:33.0635 5804 GEARAspiWDM - ok
21:24:33.0713 5804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
21:24:33.0744 5804 gpsvc - ok
21:24:33.0838 5804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:24:33.0838 5804 gupdate - ok
21:24:33.0853 5804 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:24:33.0853 5804 gupdatem - ok
21:24:33.0916 5804 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:24:33.0947 5804 gusvc - ok
21:24:33.0962 5804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:24:33.0994 5804 hcw85cir - ok
21:24:34.0040 5804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:24:34.0072 5804 HdAudAddService - ok
21:24:34.0103 5804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:24:34.0103 5804 HDAudBus - ok
21:24:34.0118 5804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:24:34.0150 5804 HidBatt - ok
21:24:34.0165 5804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:24:34.0196 5804 HidBth - ok
21:24:34.0196 5804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:24:34.0228 5804 HidIr - ok
21:24:34.0243 5804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
21:24:34.0259 5804 hidserv - ok
21:24:34.0306 5804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
21:24:34.0321 5804 HidUsb - ok
21:24:34.0352 5804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:24:34.0368 5804 hkmsvc - ok
21:24:34.0415 5804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:24:34.0430 5804 HomeGroupListener - ok
21:24:34.0477 5804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:24:34.0493 5804 HomeGroupProvider - ok
21:24:34.0540 5804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:24:34.0571 5804 HpSAMD - ok
21:24:34.0618 5804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:24:34.0633 5804 HTTP - ok
21:24:34.0696 5804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:24:34.0696 5804 hwpolicy - ok
21:24:34.0758 5804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:24:34.0774 5804 i8042prt - ok
21:24:34.0820 5804 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:24:34.0820 5804 iaStor - ok
21:24:34.0898 5804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:24:34.0930 5804 iaStorV - ok
21:24:35.0023 5804 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
21:24:35.0054 5804 IDriverT - ok
21:24:35.0101 5804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:24:35.0148 5804 idsvc - ok
21:24:35.0398 5804 [ 3C3F27002ABC69C5AFE29CBE6CF7ADDF ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:24:35.0585 5804 igfx - ok
21:24:35.0632 5804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:24:35.0663 5804 iirsp - ok
21:24:35.0710 5804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
21:24:35.0741 5804 IKEEXT - ok
21:24:35.0819 5804 [ 0C3CF4B3BAE28E121A1689E3538F8712 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
21:24:35.0850 5804 IntcAzAudAddService - ok
21:24:35.0897 5804 [ 88A20FA54C73DED4E8DAC764E9130AE9 ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
21:24:35.0928 5804 IntcHdmiAddService - ok
21:24:35.0959 5804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
21:24:35.0975 5804 intelide - ok
21:24:36.0022 5804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:24:36.0022 5804 intelppm - ok
21:24:36.0053 5804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:24:36.0068 5804 IPBusEnum - ok
21:24:36.0115 5804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:24:36.0146 5804 IpFilterDriver - ok
21:24:36.0178 5804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:24:36.0193 5804 IPMIDRV - ok
21:24:36.0240 5804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:24:36.0256 5804 IPNAT - ok
21:24:36.0318 5804 [ 755E4BA6DCE627A2683BB7640553C8D6 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
21:24:36.0365 5804 iPod Service - ok
21:24:36.0412 5804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:24:36.0427 5804 IRENUM - ok
21:24:36.0443 5804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:24:36.0458 5804 isapnp - ok
21:24:36.0505 5804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:24:36.0536 5804 iScsiPrt - ok
21:24:36.0568 5804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:24:36.0583 5804 kbdclass - ok
21:24:36.0646 5804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:24:36.0677 5804 kbdhid - ok
21:24:36.0692 5804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
21:24:36.0692 5804 KeyIso - ok
21:24:36.0708 5804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:24:36.0724 5804 KSecDD - ok
21:24:36.0739 5804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:24:36.0770 5804 KSecPkg - ok
21:24:36.0802 5804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:24:36.0833 5804 ksthunk - ok
21:24:36.0880 5804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
21:24:36.0895 5804 KtmRm - ok
21:24:36.0973 5804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
21:24:36.0989 5804 LanmanServer - ok
21:24:37.0004 5804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:24:37.0036 5804 LanmanWorkstation - ok
21:24:37.0082 5804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:24:37.0098 5804 lltdio - ok
21:24:37.0145 5804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:24:37.0160 5804 lltdsvc - ok
21:24:37.0192 5804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:24:37.0207 5804 lmhosts - ok
21:24:37.0270 5804 [ 41E122F6D1448C94CC05196BC41D6BFB ] LPCFilter C:\Windows\system32\DRIVERS\LPCFilter.sys
21:24:37.0285 5804 LPCFilter - ok
21:24:37.0332 5804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:24:37.0348 5804 LSI_FC - ok
21:24:37.0379 5804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:24:37.0410 5804 LSI_SAS - ok
21:24:37.0426 5804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:24:37.0457 5804 LSI_SAS2 - ok
21:24:37.0488 5804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:24:37.0519 5804 LSI_SCSI - ok
21:24:37.0535 5804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
21:24:37.0566 5804 luafv - ok
21:24:37.0660 5804 [ B891E3920F24FF1A3BEAD6CD2B42ED99 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
21:24:37.0660 5804 McAfee SiteAdvisor Service - ok
21:24:37.0769 5804 [ 652D2AFB3E0785C7158CD71496811A58 ] mcmscsvc C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
21:24:37.0769 5804 mcmscsvc - ok
21:24:37.0862 5804 [ 2DBD66025339C2540EFECFFBB5EB2380 ] McNASvc c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
21:24:37.0878 5804 McNASvc - ok
21:24:37.0940 5804 [ FE6176D442B03BF465BD6806E801296C ] McODS C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
21:24:37.0987 5804 McODS - ok
21:24:38.0018 5804 [ 447FA93BB3E0AD783B1AD39B60C843E8 ] McProxy c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
21:24:38.0050 5804 McProxy - ok
21:24:38.0096 5804 [ FB237FF34B5018C6E164BF758DA843D9 ] McShield C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
21:24:38.0112 5804 McShield - ok
21:24:38.0174 5804 [ 516116B48BE31AFDEE330F0EF6FAF2F0 ] McSysmon C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
21:24:38.0190 5804 McSysmon - ok
21:24:38.0221 5804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:24:38.0237 5804 Mcx2Svc - ok
21:24:38.0284 5804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:24:38.0299 5804 megasas - ok
21:24:38.0330 5804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:24:38.0362 5804 MegaSR - ok
21:24:38.0393 5804 [ 088620DA20B98578BFC4B97043F24042 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
21:24:38.0424 5804 mfeavfk - ok
21:24:38.0455 5804 [ 239E677E3E9047550C18B30C26C3BA3E ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
21:24:38.0486 5804 mfehidk - ok
21:24:38.0502 5804 [ BA2AAA62628CA6DEA56A62A0E530D014 ] mferkdk C:\Windows\system32\drivers\mferkdk.sys
21:24:38.0533 5804 mferkdk - ok
21:24:38.0564 5804 [ 1F56E31DB436287581CBE9A5C4C70E0E ] mfesmfk C:\Windows\system32\drivers\mfesmfk.sys
21:24:38.0564 5804 mfesmfk - ok
21:24:38.0596 5804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
21:24:38.0611 5804 MMCSS - ok
21:24:38.0642 5804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
21:24:38.0658 5804 Modem - ok
21:24:38.0705 5804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:24:38.0705 5804 monitor - ok
21:24:38.0752 5804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
21:24:38.0767 5804 mouclass - ok
21:24:38.0830 5804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:24:38.0861 5804 mouhid - ok
21:24:38.0892 5804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:24:38.0892 5804 mountmgr - ok
21:24:38.0939 5804 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:24:38.0970 5804 MozillaMaintenance - ok
21:24:39.0032 5804 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
21:24:39.0064 5804 MpFilter - ok
21:24:39.0095 5804 [ AE2E68527013EB4F761ECCC630F7F1A3 ] MPFP C:\Windows\system32\Drivers\Mpfp.sys
21:24:39.0126 5804 MPFP - ok
21:24:39.0188 5804 [ 95AAC73D11DDBA901042953E5F8146F7 ] MpfService C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
21:24:39.0188 5804 MpfService - ok
21:24:39.0235 5804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
21:24:39.0266 5804 mpio - ok
21:24:39.0313 5804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:24:39.0329 5804 mpsdrv - ok
21:24:39.0360 5804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:24:39.0391 5804 MRxDAV - ok
21:24:39.0422 5804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:24:39.0454 5804 mrxsmb - ok
21:24:39.0485 5804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:24:39.0516 5804 mrxsmb10 - ok
21:24:39.0563 5804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:24:39.0578 5804 mrxsmb20 - ok
21:24:39.0641 5804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
21:24:39.0656 5804 msahci - ok
21:24:39.0688 5804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:24:39.0719 5804 msdsm - ok
21:24:39.0750 5804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
21:24:39.0766 5804 MSDTC - ok
21:24:39.0828 5804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:24:39.0844 5804 Msfs - ok
21:24:39.0875 5804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:24:39.0906 5804 mshidkmdf - ok
21:24:39.0906 5804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:24:39.0937 5804 msisadrv - ok
21:24:39.0953 5804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:24:39.0968 5804 MSiSCSI - ok
21:24:39.0984 5804 msiserver - ok
21:24:40.0031 5804 [ C75E30539519B83CD041F8F057269D5C ] MSK80Service C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
21:24:40.0062 5804 MSK80Service - ok
21:24:40.0124 5804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:24:40.0140 5804 MSKSSRV - ok
21:24:40.0234 5804 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:24:40.0249 5804 MsMpSvc - ok
21:24:40.0280 5804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:24:40.0296 5804 MSPCLOCK - ok
21:24:40.0327 5804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:24:40.0343 5804 MSPQM - ok
21:24:40.0390 5804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:24:40.0421 5804 MsRPC - ok
21:24:40.0452 5804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:24:40.0452 5804 mssmbios - ok
21:24:40.0514 5804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:24:40.0546 5804 MSTEE - ok
21:24:40.0561 5804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:24:40.0577 5804 MTConfig - ok
21:24:40.0639 5804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
21:24:40.0670 5804 Mup - ok
21:24:40.0717 5804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
21:24:40.0733 5804 napagent - ok
21:24:40.0811 5804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:24:40.0842 5804 NativeWifiP - ok
21:24:40.0904 5804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:24:40.0904 5804 NDIS - ok
21:24:40.0951 5804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:24:40.0982 5804 NdisCap - ok
21:24:41.0014 5804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:24:41.0029 5804 NdisTapi - ok
21:24:41.0060 5804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:24:41.0092 5804 Ndisuio - ok
21:24:41.0123 5804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:24:41.0138 5804 NdisWan - ok
21:24:41.0170 5804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:24:41.0201 5804 NDProxy - ok
21:24:41.0263 5804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:24:41.0279 5804 NetBIOS - ok
21:24:41.0326 5804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:24:41.0326 5804 NetBT - ok
21:24:41.0341 5804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
21:24:41.0341 5804 Netlogon - ok
21:24:41.0388 5804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
21:24:41.0435 5804 Netman - ok
21:24:41.0450 5804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
21:24:41.0482 5804 netprofm - ok
21:24:41.0513 5804 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:24:41.0544 5804 NetTcpPortSharing - ok
21:24:41.0606 5804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:24:41.0638 5804 nfrd960 - ok
21:24:41.0684 5804 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:24:41.0700 5804 NisDrv - ok
21:24:41.0762 5804 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv C:\Program Files\Microsoft Security Client\NisSrv.exe
21:24:41.0794 5804 NisSrv - ok
21:24:41.0856 5804 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:24:41.0872 5804 NlaSvc - ok
21:24:41.0887 5804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:24:41.0903 5804 Npfs - ok
21:24:41.0934 5804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
21:24:41.0950 5804 nsi - ok
21:24:41.0996 5804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:24:42.0012 5804 nsiproxy - ok
21:24:42.0059 5804 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:24:42.0106 5804 Ntfs - ok
21:24:42.0152 5804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
21:24:42.0168 5804 Null - ok
21:24:42.0199 5804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:24:42.0230 5804 nvraid - ok
21:24:42.0262 5804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:24:42.0293 5804 nvstor - ok
21:24:42.0308 5804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:24:42.0340 5804 nv_agp - ok
21:24:42.0402 5804 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:24:42.0433 5804 odserv - ok
21:24:42.0464 5804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:24:42.0480 5804 ohci1394 - ok
21:24:42.0542 5804 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:24:42.0558 5804 ose - ok
21:24:42.0605 5804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:24:42.0605 5804 p2pimsvc - ok
21:24:42.0667 5804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
21:24:42.0683 5804 p2psvc - ok
21:24:42.0745 5804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:24:42.0761 5804 Parport - ok
21:24:42.0792 5804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:24:42.0823 5804 partmgr - ok
21:24:42.0854 5804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:24:42.0870 5804 PcaSvc - ok
21:24:42.0901 5804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
21:24:42.0932 5804 pci - ok
21:24:42.0948 5804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
21:24:42.0979 5804 pciide - ok
21:24:43.0026 5804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:24:43.0057 5804 pcmcia - ok
21:24:43.0088 5804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
21:24:43.0104 5804 pcw - ok
21:24:43.0135 5804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:24:43.0166 5804 PEAUTH - ok
21:24:43.0244 5804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:24:43.0276 5804 PerfHost - ok
21:24:43.0338 5804 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
21:24:43.0354 5804 PGEffect - ok
21:24:43.0416 5804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
21:24:43.0447 5804 pla - ok
21:24:43.0494 5804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:24:43.0510 5804 PlugPlay - ok
21:24:43.0541 5804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:24:43.0556 5804 PNRPAutoReg - ok
21:24:43.0588 5804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:24:43.0588 5804 PNRPsvc - ok
21:24:43.0619 5804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:24:43.0650 5804 PolicyAgent - ok
21:24:43.0681 5804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
21:24:43.0712 5804 Power - ok
21:24:43.0744 5804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:24:43.0775 5804 PptpMiniport - ok
21:24:43.0822 5804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:24:43.0853 5804 Processor - ok
21:24:43.0900 5804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
21:24:43.0915 5804 ProfSvc - ok
21:24:43.0931 5804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:24:43.0931 5804 ProtectedStorage - ok
21:24:43.0978 5804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:24:43.0978 5804 Psched - ok
21:24:44.0056 5804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:24:44.0102 5804 ql2300 - ok
21:24:44.0118 5804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:24:44.0149 5804 ql40xx - ok
21:24:44.0180 5804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
21:24:44.0196 5804 QWAVE - ok
21:24:44.0227 5804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:24:44.0243 5804 QWAVEdrv - ok
21:24:44.0258 5804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:24:44.0290 5804 RasAcd - ok
21:24:44.0321 5804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:24:44.0352 5804 RasAgileVpn - ok
21:24:44.0399 5804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
21:24:44.0414 5804 RasAuto - ok
21:24:44.0477 5804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:24:44.0508 5804 Rasl2tp - ok
21:24:44.0539 5804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
21:24:44.0555 5804 RasMan - ok
21:24:44.0602 5804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:24:44.0617 5804 RasPppoe - ok
21:24:44.0648 5804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:24:44.0680 5804 RasSstp - ok
21:24:44.0711 5804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:24:44.0742 5804 rdbss - ok
21:24:44.0758 5804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:24:44.0789 5804 rdpbus - ok
21:24:44.0804 5804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:24:44.0804 5804 RDPCDD - ok
21:24:44.0836 5804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:24:44.0836 5804 RDPENCDD - ok
21:24:44.0882 5804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:24:44.0882 5804 RDPREFMP - ok
21:24:44.0945 5804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:24:44.0976 5804 RDPWD - ok
21:24:45.0038 5804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:24:45.0070 5804 rdyboost - ok
21:24:45.0116 5804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:24:45.0132 5804 RemoteAccess - ok
21:24:45.0179 5804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:24:45.0194 5804 RemoteRegistry - ok
21:24:45.0241 5804 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
21:24:45.0272 5804 RMCAST - ok
21:24:45.0319 5804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:24:45.0335 5804 RpcEptMapper - ok
21:24:45.0382 5804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
21:24:45.0397 5804 RpcLocator - ok
21:24:45.0428 5804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
21:24:45.0428 5804 RpcSs - ok
21:24:45.0460 5804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:24:45.0491 5804 rspndr - ok
21:24:45.0538 5804 [ 8C22F21C924413D4E109995F748E18BB ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:24:45.0553 5804 RSUSBSTOR - ok
21:24:45.0600 5804 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
21:24:45.0616 5804 RTL8167 - ok
21:24:45.0694 5804 [ A36805E60282B1753C28001269D725E7 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
21:24:45.0725 5804 RTL8187B - ok
21:24:45.0725 5804 RtsUIR - ok
21:24:45.0756 5804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
21:24:45.0756 5804 SamSs - ok
21:24:45.0818 5804 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:24:45.0850 5804 SASDIFSV - ok
21:24:45.0865 5804 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:24:45.0865 5804 SASKUTIL - ok
21:24:45.0912 5804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:24:45.0943 5804 sbp2port - ok
21:24:45.0990 5804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:24:46.0006 5804 SCardSvr - ok
21:24:46.0037 5804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:24:46.0068 5804 scfilter - ok
21:24:46.0115 5804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
21:24:46.0146 5804 Schedule - ok
21:24:46.0177 5804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:24:46.0193 5804 SCPolicySvc - ok
21:24:46.0224 5804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:24:46.0240 5804 SDRSVC - ok
21:24:46.0271 5804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:24:46.0286 5804 secdrv - ok
21:24:46.0333 5804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
21:24:46.0349 5804 seclogon - ok
21:24:46.0380 5804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
21:24:46.0396 5804 SENS - ok
21:24:46.0411 5804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:24:46.0427 5804 SensrSvc - ok
21:24:46.0442 5804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:24:46.0474 5804 Serenum - ok
21:24:46.0505 5804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:24:46.0536 5804 Serial - ok
21:24:46.0552 5804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:24:46.0567 5804 sermouse - ok
21:24:46.0645 5804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
21:24:46.0661 5804 SessionEnv - ok
21:24:46.0708 5804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:24:46.0723 5804 sffdisk - ok
21:24:46.0754 5804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:24:46.0770 5804 sffp_mmc - ok
21:24:46.0786 5804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:24:46.0817 5804 sffp_sd - ok
21:24:46.0848 5804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:24:46.0864 5804 sfloppy - ok
21:24:46.0910 5804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:24:46.0926 5804 ShellHWDetection - ok
21:24:46.0973 5804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:24:47.0004 5804 SiSRaid2 - ok
21:24:47.0035 5804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:24:47.0066 5804 SiSRaid4 - ok
21:24:47.0113 5804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:24:47.0144 5804 Smb - ok
21:24:47.0191 5804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:24:47.0222 5804 SNMPTRAP - ok
21:24:47.0238 5804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
21:24:47.0254 5804 spldr - ok
21:24:47.0300 5804 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
21:24:47.0347 5804 Spooler - ok
21:24:47.0441 5804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
21:24:47.0472 5804 sppsvc - ok
21:24:47.0503 5804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:24:47.0519 5804 sppuinotify - ok
21:24:47.0566 5804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
21:24:47.0597 5804 srv - ok
21:24:47.0628 5804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:24:47.0644 5804 srv2 - ok
21:24:47.0675 5804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:24:47.0706 5804 srvnet - ok
21:24:47.0753 5804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:24:47.0768 5804 SSDPSRV - ok
21:24:47.0784 5804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:24:47.0800 5804 SstpSvc - ok
21:24:47.0846 5804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:24:47.0862 5804 stexstor - ok
21:24:47.0909 5804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
21:24:47.0940 5804 stisvc - ok
21:24:47.0956 5804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
21:24:47.0987 5804 swenum - ok
21:24:48.0065 5804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
21:24:48.0080 5804 swprv - ok
21:24:48.0127 5804 [ BE7311DA9D6833FA69ED04B744A1C8F8 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:24:48.0158 5804 SynTP - ok
21:24:48.0221 5804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
21:24:48.0268 5804 SysMain - ok
21:24:48.0299 5804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:24:48.0314 5804 TabletInputService - ok
21:24:48.0330 5804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
21:24:48.0361 5804 TapiSrv - ok
21:24:48.0408 5804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
21:24:48.0424 5804 TBS - ok
21:24:48.0502 5804 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:24:48.0533 5804 Tcpip - ok
21:24:48.0611 5804 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:24:48.0626 5804 TCPIP6 - ok
21:24:48.0673 5804 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:24:48.0689 5804 tcpipreg - ok
21:24:48.0736 5804 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys
21:24:48.0767 5804 tdcmdpst - ok
21:24:48.0798 5804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:24:48.0814 5804 TDPIPE - ok
21:24:48.0845 5804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:24:48.0860 5804 TDTCP - ok
21:24:48.0892 5804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:24:48.0923 5804 tdx - ok
21:24:48.0985 5804 [ 63B4F544664DC5154FDA4213E2AF09D0 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
21:24:49.0016 5804 TemproMonitoringService - ok
21:24:49.0032 5804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:24:49.0048 5804 TermDD - ok
21:24:49.0079 5804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
21:24:49.0110 5804 TermService - ok
21:24:49.0141 5804 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
21:24:49.0157 5804 Themes - ok
21:24:49.0188 5804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
21:24:49.0188 5804 THREADORDER - ok
21:24:49.0266 5804 [ 32577B987AE5401038451BB392CB8D89 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
21:24:49.0266 5804 TMachInfo - ok
21:24:49.0313 5804 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe
21:24:49.0344 5804 TODDSrv - ok
21:24:49.0453 5804 [ 4DB8C79BCEA76063B83B13410366A1F7 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
21:24:49.0484 5804 TosCoSrv - ok
21:24:49.0547 5804 [ 707800855AFBD7648375EFB1519B8D6D ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
21:24:49.0562 5804 TOSHIBA eco Utility Service - ok
21:24:49.0640 5804 [ DD58E1250F604CBBADDA04575E5E2376 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
21:24:49.0640 5804 TOSHIBA HDD SSD Alert Service - ok
21:24:49.0703 5804 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
21:24:49.0734 5804 tos_sps64 - ok
21:24:49.0781 5804 [ DE64C52BD0671165CF2EEBF2A728A3E2 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
21:24:49.0828 5804 TPCHSrv - ok
21:24:49.0859 5804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
21:24:49.0859 5804 TrkWks - ok
21:24:49.0921 5804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:24:49.0921 5804 TrustedInstaller - ok
21:24:49.0952 5804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:24:49.0984 5804 tssecsrv - ok
21:24:50.0015 5804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:24:50.0046 5804 TsUsbFlt - ok
21:24:50.0077 5804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:24:50.0108 5804 tunnel - ok
21:24:50.0140 5804 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
21:24:50.0171 5804 TVALZ - ok
21:24:50.0202 5804 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys
21:24:50.0233 5804 TVALZFL - ok
21:24:50.0264 5804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:24:50.0296 5804 uagp35 - ok
21:24:50.0327 5804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:24:50.0358 5804 udfs - ok
21:24:50.0405 5804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:24:50.0420 5804 UI0Detect - ok
21:24:50.0452 5804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:24:50.0467 5804 uliagpkx - ok
21:24:50.0530 5804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
21:24:50.0545 5804 umbus - ok
21:24:50.0592 5804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:24:50.0608 5804 UmPass - ok
21:24:50.0670 5804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
21:24:50.0701 5804 upnphost - ok
21:24:50.0732 5804 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
21:24:50.0748 5804 USBAAPL64 - ok
21:24:50.0795 5804 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:24:50.0810 5804 usbccgp - ok
21:24:50.0810 5804 USBCCID - ok
21:24:50.0857 5804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:24:50.0873 5804 usbcir - ok
21:24:50.0904 5804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:24:50.0920 5804 usbehci - ok
21:24:50.0966 5804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:24:50.0998 5804 usbhub - ok
21:24:51.0029 5804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:24:51.0044 5804 usbohci - ok
21:24:51.0076 5804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:24:51.0091 5804 usbprint - ok
21:24:51.0122 5804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:24:51.0138 5804 USBSTOR - ok
21:24:51.0185 5804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:24:51.0200 5804 usbuhci - ok
21:24:51.0247 5804 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:24:51.0278 5804 usbvideo - ok
21:24:51.0310 5804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
21:24:51.0325 5804 UxSms - ok
21:24:51.0341 5804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
21:24:51.0341 5804 VaultSvc - ok
21:24:51.0403 5804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:24:51.0419 5804 vdrvroot - ok
21:24:51.0450 5804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
21:24:51.0497 5804 vds - ok
21:24:51.0544 5804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:24:51.0559 5804 vga - ok
21:24:51.0575 5804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
21:24:51.0590 5804 VgaSave - ok
21:24:51.0653 5804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:24:51.0668 5804 vhdmp - ok
21:24:51.0700 5804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
21:24:51.0715 5804 viaide - ok
21:24:51.0731 5804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:24:51.0762 5804 volmgr - ok
21:24:51.0809 5804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:24:51.0809 5804 volmgrx - ok
21:24:51.0840 5804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:24:51.0871 5804 volsnap - ok
21:24:51.0918 5804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:24:51.0949 5804 vsmraid - ok
21:24:52.0012 5804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
21:24:52.0043 5804 VSS - ok
21:24:52.0058 5804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:24:52.0090 5804 vwifibus - ok
21:24:52.0121 5804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:24:52.0152 5804 vwififlt - ok
21:24:52.0183 5804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
21:24:52.0214 5804 W32Time - ok
21:24:52.0230 5804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:24:52.0261 5804 WacomPen - ok
21:24:52.0292 5804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:24:52.0324 5804 WANARP - ok
21:24:52.0324 5804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:24:52.0324 5804 Wanarpv6 - ok
21:24:52.0417 5804 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:24:52.0448 5804 WatAdminSvc - ok
21:24:52.0526 5804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
21:24:52.0573 5804 wbengine - ok
21:24:52.0604 5804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:24:52.0636 5804 WbioSrvc - ok
21:24:52.0698 5804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:24:52.0714 5804 wcncsvc - ok
21:24:52.0760 5804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:24:52.0776 5804 WcsPlugInService - ok
21:24:52.0792 5804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:24:52.0823 5804 Wd - ok
21:24:52.0854 5804 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:24:52.0885 5804 Wdf01000 - ok
21:24:52.0916 5804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:24:52.0932 5804 WdiServiceHost - ok
21:24:52.0948 5804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:24:52.0948 5804 WdiSystemHost - ok
21:24:52.0994 5804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
21:24:53.0010 5804 WebClient - ok
21:24:53.0041 5804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:24:53.0057 5804 Wecsvc - ok
21:24:53.0088 5804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:24:53.0104 5804 wercplsupport - ok
21:24:53.0135 5804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
21:24:53.0150 5804 WerSvc - ok
21:24:53.0182 5804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:24:53.0197 5804 WfpLwf - ok
21:24:53.0228 5804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:24:53.0244 5804 WIMMount - ok
21:24:53.0260 5804 WinHttpAutoProxySvc - ok
21:24:53.0322 5804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:24:53.0322 5804 Winmgmt - ok
21:24:53.0400 5804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
21:24:53.0431 5804 WinRM - ok
21:24:53.0540 5804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
21:24:53.0572 5804 Wlansvc - ok
21:24:53.0634 5804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:24:53.0650 5804 WmiAcpi - ok
21:24:53.0696 5804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:24:53.0712 5804 wmiApSrv - ok
21:24:53.0743 5804 WMPNetworkSvc - ok
21:24:53.0806 5804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:24:53.0821 5804 WPCSvc - ok
21:24:53.0852 5804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:24:53.0868 5804 WPDBusEnum - ok
21:24:53.0899 5804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:24:53.0930 5804 ws2ifsl - ok
21:24:53.0930 5804 WSearch - ok
21:24:54.0008 5804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
21:24:54.0040 5804 wuauserv - ok
21:24:54.0055 5804 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:24:54.0086 5804 WudfPf - ok
21:24:54.0133 5804 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:24:54.0164 5804 WUDFRd - ok
21:24:54.0211 5804 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:24:54.0227 5804 wudfsvc - ok
21:24:54.0258 5804 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
21:24:54.0274 5804 WwanSvc - ok
21:24:54.0305 5804 ================ Scan global ===============================
21:24:54.0320 5804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
21:24:54.0367 5804 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:24:54.0398 5804 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
21:24:54.0430 5804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
21:24:54.0476 5804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
21:24:54.0492 5804 [Global] - ok
21:24:54.0508 5804 ================ Scan MBR ==================================
21:24:54.0508 5804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:24:55.0272 5804 \Device\Harddisk0\DR0 - ok
21:24:55.0272 5804 ================ Scan VBR ==================================
21:24:55.0350 5804 [ 6F77C90E2CF90012E0042DD128E191EE ] \Device\Harddisk0\DR0\Partition1
21:24:55.0350 5804 \Device\Harddisk0\DR0\Partition1 - ok
21:24:55.0381 5804 [ E827F42990911602504E5327F86D5FCE ] \Device\Harddisk0\DR0\Partition2
21:24:55.0381 5804 \Device\Harddisk0\DR0\Partition2 - ok
21:24:55.0381 5804 ============================================================
21:24:55.0381 5804 Scan finished
21:24:55.0381 5804 ============================================================
21:24:55.0397 2952 Detected object count: 0
21:24:55.0397 2952 Actual detected object count: 0

This is the aswMBR log.
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-16 21:28:06
-----------------------------
21:28:06.472 OS Version: Windows x64 6.1.7601 Service Pack 1
21:28:06.472 Number of processors: 2 586 0x170A
21:28:06.472 ComputerName: C-DAWGCRIDIZZLE UserName:
21:28:07.408 Initialize success
21:33:05.848 AVAST engine defs: 12101600
21:33:47.047 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:33:47.047 Disk 0 Vendor: TOSHIBA_ FG02 Size: 305245MB BusType: 3
21:33:47.063 Disk 0 MBR read successfully
21:33:47.079 Disk 0 MBR scan
21:33:47.172 Disk 0 Windows 7 default MBR code
21:33:47.172 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
21:33:47.235 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152622 MB offset 821248
21:33:47.281 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 152222 MB offset 313391104
21:33:47.375 Disk 0 scanning C:\Windows\system32\drivers
21:34:11.867 Service scanning
21:35:15.032 Modules scanning
21:35:15.032 Disk 0 trace - called modules:
21:35:15.078 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:35:15.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b70420]
21:35:15.593 3 CLASSPNP.SYS[fffff8800193943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004706050]
21:35:16.404 AVAST engine scan C:\Windows
21:35:21.568 AVAST engine scan C:\Windows\system32
21:42:22.958 AVAST engine scan C:\Windows\system32\drivers
21:42:51.054 AVAST engine scan C:\Users\C-Dawg Cridizzle
21:44:51.425 Disk 0 MBR has been saved successfully to "C:\Users\C-Dawg Cridizzle\Documents\MBR.dat"
21:44:51.550 The log file has been saved successfully to "C:\Users\C-Dawg Cridizzle\Documents\aswMBR.txt"

This is ESET log
C:\Users\C-Dawg Cridizzle\AppData\Roaming\Microsoft\Windows\unicode2.nls a variant of Win32/Delf.OHO trojan cleaned by deleting - quarantined
C:\Users\C-Dawg Cridizzle\Downloads\cnet2_flstudio_10_0_9c_exe(1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Users\C-Dawg Cridizzle\Downloads\cnet2_flstudio_10_0_9c_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantin

Hope This all helps.

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 16 October 2012 - 08:43 PM

Reboot to normal mode

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#5 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 October 2012 - 07:12 AM

Alrighty,
This is the Malwarebytes Log
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.10.15.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
C-Dawg Cridizzle :: C-DAWGCRIDIZZLE [administrator]

17/10/2012 10:59:08
mbam-log-2012-10-17 (10-59-08).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 356741
Time elapsed: 1 hour(s), 6 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

This the Mini log
MiniToolBox by Farbar Version: 23-07-2012
Ran by C-Dawg Cridizzle (administrator) on 17-10-2012 at 12:41:57
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : C-DawgCridizzle
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter
Physical Address. . . . . . . . . : 70-1A-04-1A-BD-EF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a9e5:f15e:54ce:317d%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.93(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 17 October 2012 10:57:46
Lease Expires . . . . . . . . . . : 18 October 2012 12:38:23
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 326113796
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-03-AE-47-00-26-22-43-3B-B2
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : internal.lgi.de
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-22-43-3B-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{4FAD9879-0EBE-4A98-8206-C0CFC2D23076}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.internal.lgi.de:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: Livebox-3F80
Address: 192.168.1.1

Name: google.com
Addresses: 2a00:1450:4009:806::1002
173.194.41.66
173.194.41.71
173.194.41.64
173.194.41.72
173.194.41.73
173.194.41.69
173.194.41.70
173.194.41.65
173.194.41.68
173.194.41.67
173.194.41.78


Pinging google.com [173.194.41.78] with 32 bytes of data:
Reply from 173.194.41.78: bytes=32 time=31ms TTL=54
Reply from 173.194.41.78: bytes=32 time=29ms TTL=54

Ping statistics for 173.194.41.78:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 29ms, Maximum = 31ms, Average = 30ms
Server: Livebox-3F80
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.138.253.109
98.139.183.24
72.30.38.140


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Request timed out.
Reply from 72.30.38.140: bytes=32 time=302ms TTL=44

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 302ms, Maximum = 302ms, Average = 302ms
Server: Livebox-3F80
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...70 1a 04 1a bd ef ......Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter
10...00 26 22 43 3b b2 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.93 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.93 281
192.168.1.93 255.255.255.255 On-link 192.168.1.93 281
192.168.1.255 255.255.255.255 On-link 192.168.1.93 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.93 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.93 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
12 281 fe80::/64 On-link
12 281 fe80::a9e5:f15e:54ce:317d/128
On-link
1 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/17/2012 11:40:07 AM) (Source: Application Error) (User: )
Description: Faulting application name: mcshield.exe, version: 14.0.0.430, time stamp: 0x4a035029
Faulting module name: mscan64a.dll, version: 5.300.0.2777, time stamp: 0x486bbc99
Exception code: 0xc0000005
Fault offset: 0x0000000000166de9
Faulting process id: 0x220
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3

Error: (10/17/2012 11:40:05 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.14.0.0.430
Exception Code : 0X00000000C0000005
Exception Address : 0X0000000012166DE9
Exception Parameters : 2
Param 1 = 0000000000000000
Param 2 = 0X0000000000000001

More information :
ScanRequest : NTName is \Device\HarddiskVolume2\Windows\SysWOW64\DivX.dll.

Error: (10/17/2012 11:24:30 AM) (Source: Application Error) (User: )
Description: Faulting application name: mcshield.exe, version: 14.0.0.430, time stamp: 0x4a035029
Faulting module name: mscan64a.dll, version: 5.300.0.2777, time stamp: 0x486bbc99
Exception code: 0xc0000005
Fault offset: 0x0000000000166de9
Faulting process id: 0x45c
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3

Error: (10/17/2012 11:24:27 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.14.0.0.430
Exception Code : 0X00000000C0000005
Exception Address : 0X0000000012166DE9
Exception Parameters : 2
Param 1 = 0000000000000000
Param 2 = 0X0000000000000001

More information :
ScanRequest : NTName is \Device\HarddiskVolume2\Users\C-Dawg Cridizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGUM6IVT\Firefox%20Setup%2011.0[1].exe.

Error: (10/17/2012 11:05:44 AM) (Source: Application Error) (User: )
Description: Faulting application name: mcshield.exe, version: 14.0.0.430, time stamp: 0x4a035029
Faulting module name: mscan64a.dll, version: 5.300.0.2777, time stamp: 0x486bbc99
Exception code: 0xc0000005
Fault offset: 0x0000000000166de9
Faulting process id: 0x7d4
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3

Error: (10/17/2012 11:05:41 AM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.14.0.0.430
Exception Code : 0X00000000C0000005
Exception Address : 0X0000000012166DE9
Exception Parameters : 2
Param 1 = 0000000000000000
Param 2 = 0X0000000000000001

More information :
ScanRequest : NTName is \Device\HarddiskVolume2\Program Files (x86)\DivX\DivX Plus DirectShow Filters\DivXDecH264.ax.

Error: (10/16/2012 10:29:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: mcshield.exe, version: 14.0.0.430, time stamp: 0x4a035029
Faulting module name: mscan64a.dll, version: 5.300.0.2777, time stamp: 0x486bbc99
Exception code: 0xc0000005
Fault offset: 0x0000000000166de9
Faulting process id: 0xec8
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3

Error: (10/16/2012 10:29:45 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.14.0.0.430
Exception Code : 0X00000000C0000005
Exception Address : 0X0000000012166DE9
Exception Parameters : 2
Param 1 = 0000000000000000
Param 2 = 0X0000000000000001

More information :
ScanRequest : NTName is \Device\HarddiskVolume2\Users\C-Dawg Cridizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MZ1O5CL6\Firefox Setup 13.0.exe.

Error: (10/16/2012 10:28:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: mcshield.exe, version: 14.0.0.430, time stamp: 0x4a035029
Faulting module name: mscan64a.dll, version: 5.300.0.2777, time stamp: 0x486bbc99
Exception code: 0xc0000005
Fault offset: 0x0000000000166de9
Faulting process id: 0x3ec
Faulting application start time: 0xmcshield.exe0
Faulting application path: mcshield.exe1
Faulting module path: mcshield.exe2
Report Id: mcshield.exe3

Error: (10/16/2012 10:28:21 PM) (Source: McLogEvent) (User: NT AUTHORITY)NT AUTHORITY
Description: Exception in McShield.Exe!

Exception details follow :

VSCORE.14.0.0.430
Exception Code : 0X00000000C0000005
Exception Address : 0X0000000012166DE9
Exception Parameters : 2
Param 1 = 0000000000000000
Param 2 = 0X0000000000000001

More information :
ScanRequest : NTName is \Device\HarddiskVolume2\Users\C-Dawg Cridizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DGUM6IVT\Firefox%20Setup%2011.0[1].exe.


System errors:
=============
Error: (10/17/2012 00:41:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (10/17/2012 00:41:20 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (10/17/2012 00:38:33 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (10/17/2012 00:38:27 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (10/17/2012 00:38:27 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (10/17/2012 00:38:24 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (10/17/2012 00:38:24 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (10/17/2012 00:11:26 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (10/17/2012 00:08:23 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

Error: (10/17/2012 00:05:19 PM) (Source: Service Control Manager) (User: )
Description: The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.


Microsoft Office Sessions:
=========================
Error: (08/09/2012 01:56:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2235 seconds with 2040 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
ACID Pro 7.0 (Version: 7.0.713)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 1.5.2.8870)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.287)
Adobe Flash Player 11 Plugin (Version: 11.4.402.287)
Adobe Reader 9.1 (Version: 9.1.0)
Age of Empires III (Version: 1.00.0000)
Age of Mythology
Amazon MP3 Downloader 1.0.9
Amazon.co.uk
Apple Application Support (Version: 2.1.7)
Apple Mobile Device Support (Version: 5.1.1.4)
Apple Software Update (Version: 2.1.3.127)
Blender (Version: 2.63-release)
Bonjour (Version: 3.0.0.10)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DivX Setup (Version: 2.6.1.9)
eBay (Version: 1.0.4)
ESET Online Scanner v3
Google Chrome (Version: 22.0.1229.94)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1883)
Intel® Matrix Storage Manager
iTunes (Version: 10.6.0.40)
Java™ 6 Update 14 (Version: 6.0.140)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
McAfee SecurityCenter
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.1.0522.0)
Microsoft Security Essentials (Version: 4.1.522.0)
Microsoft Silverlight (Version: 5.1.10411.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MS Access 97 SP2
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML4 Parser (Version: 1.0.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5904)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30101)
Realtek WLAN Driver (Version: 2.00.0006)
Shockwave
SimCity 3000 UK Edition
Sky Go Desktop
Skype™ Launcher
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 5.6.1010)
Synaptics Pointing Device Driver (Version: 13.2.6.1)
Toshiba Assist (Version: 3.00.09)
TOSHIBA Bulletin Board (Version: 1.0.04.64)
TOSHIBA ConfigFree (Version: 8.0.21)
TOSHIBA Disc Creator (Version: 2.1.0.1 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.0.07-A)
TOSHIBA eco Utility (Version: 1.1.10.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.1.64)
TOSHIBA Flash Cards Support Utility (Version: 1.63.0.4C)
TOSHIBA Hardware Setup (Version: 1.63.0.11C)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.0)
Toshiba Manuals (Version: 10.00)
Toshiba Online Product Information (Version: 2.08.0001)
TOSHIBA PC Health Monitor (Version: 1.4.1.64)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0-663)
Toshiba Photo Service - powered by myphotobook (Version: 1.0.0)
TOSHIBA Recovery Media Creator (Version: 2.1.0.2 for x64)
TOSHIBA Recovery Media Creator Reminder (Version: 1.00.0019)
TOSHIBA ReelTime (Version: 1.0.04.64)
TOSHIBA SD Memory Utilities (Version: 1.9.1.12)
TOSHIBA Service Station (Version: 2.1.33)
TOSHIBA Supervisor Password (Version: 1.63.0.7C)
Toshiba TEMPRO (Version: 3.05)
TOSHIBA Value Added Package (Version: 1.2.25.64)
TOSHIBA Web Camera Application (Version: 1.1.1.4)
TRORMCLauncher (Version: )
TRORMCLauncher (Version: 1.0.0.7)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974631)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver (Version: 1.0.50.27C)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VirtualDJ Home FREE (Version: 7.0.5)
WildTangent Games (Version: 1.0.0.71)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 3932.87 MB
Available physical RAM: 2150.52 MB
Total Pagefile: 7863.93 MB
Available Pagefile: 5759.01 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.22 MB

========================= Partitions: =====================================

1 Drive c: (WINDOWS) (Fixed) (Total:149.04 GB) (Free:77.56 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:148.65 GB) (Free:141.8 GB) NTFS

========================= Users: ========================================

User accounts for \\C-DAWGCRIDIZZLE

Administrator C-Dawg Cridizzle Guest

========================= Restore Points ==================================

17-09-2012 16:56:42 Windows Update
21-09-2012 10:34:49 Windows Update
22-09-2012 22:54:47 Windows Update
27-09-2012 23:10:24 Windows Update
02-10-2012 07:06:42 Windows Update
05-10-2012 17:53:29 Windows Update
10-10-2012 16:25:15 Windows Update
11-10-2012 17:34:03 Windows Update
15-10-2012 21:25:13 Windows Update

**** End of log ****

This is the FSS log
Farbar Service Scanner Version: 07-10-2012
Ran by C-Dawg Cridizzle (administrator) on 17-10-2012 at 12:46:44
Running from "C:\Users\C-Dawg Cridizzle\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 17:28] - [2012-06-02 06:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

This the Adware log
# AdwCleaner v2.005 - Logfile created 10/17/2012 at 12:49:37
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : C-Dawg Cridizzle - C-DAWGCRIDIZZLE
# Boot Mode : Normal
# Running from : C:\Users\C-Dawg Cridizzle\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\incredibar.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\incredibar.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default
File : C:\Users\C-Dawg Cridizzle\AppData\Roaming\Mozilla\Firefox\Profiles\t5w7yg1m.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.94

File : C:\Users\C-Dawg Cridizzle\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1624 octets] - [17/10/2012 12:49:37]

########## EOF - C:\AdwCleaner[S1].txt - [1684 octets] ##########

This is the JRT log

Junkware Removal Tool (JRT) by Thisisu
Version: 1.7.1 (10.17.2012)
OS: Windows 7 Home Premium x64
Ran by C-Dawg Cridizzle on 17/10/2012 at 12:54:56.42
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys:

Successfully deleted: [KEY] hkey_classes_root\clsid\{8769adce-dba5-48e9-afb5-67b12cdf2e61}



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired

Successfully deleted: [search.xml] from "C:\Program Files (x86)\mozilla firefox\searchplugins"


*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on 17/10/2012 at 13:11:14.25
End of Report

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 17 October 2012 - 07:37 AM

Run the services repair tool

http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe

Run Farbar service scanner again and post the new log


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#7 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 October 2012 - 08:57 AM

This is the second FSS log
Farbar Service Scanner Version: 07-10-2012
Ran by C-Dawg Cridizzle (administrator) on 17-10-2012 at 14:51:29
Running from "C:\Users\C-Dawg Cridizzle\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 17:28] - [2012-06-02 06:41] - 0184320 ____A (Microsoft Corporation) 9C01375BE382E834CC26D1B7EAF2C4FE

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

RKill log
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/17/2012 02:52:39 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\C-Dawg Cridizzle\Downloads\FSS.exe (PID: 820) [UP-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

* ALERT: ZEROACCESS rootkit symptoms found!

* HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 [ZA Reg Hijack]
* HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 [ZA Reg Hijack]
* C:\$Recycle.Bin\S-1-5-18\$1a991c325f691677732deb4ba4b71995\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$1a991c325f691677732deb4ba4b71995\L\ [ZA Dir]
* C:\$Recycle.Bin\S-1-5-18\$1a991c325f691677732deb4ba4b71995\U\ [ZA Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/17/2012 02:53:05 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)

Autoruns log
"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "00TCrdMain" "TOSHIBA Flash Cards" "TOSHIBA Corporation" "c:\program files\toshiba\flashcards\tcrdmain.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\program files\realtek\audio\hda\ravcpl64.exe"
+ "SmartFaceVWatcher" "SmartFaceVWatcher" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevwatcher.exe"
+ "SmoothView" "SmoothView" "TOSHIBA Corporation" "c:\program files\toshiba\smoothview\smoothview.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics Incorporated" "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Teco" "TOSHIBA eco Utility" "TOSHIBA Corporation" "c:\program files\toshiba\teco\teco.exe"
+ "Toshiba Registration" "Toshiba Notebook Registration Reminder" "Toshiba Europe GmbH" "c:\program files\toshiba\registration\toshibareminder.exe"
+ "Toshiba TEMPRO" "Toshiba TEMPRO" "Toshiba Europe GmbH" "c:\program files (x86)\toshiba tempro\temprotray.exe"
+ "TosNC" "Message Center" "TOSHIBA Corporation" "c:\program files\toshiba\bulletinboard\tosnccore.exe"
+ "TosReelTimeMonitor" "Monitor of TOSHIBA ReelTime" "TOSHIBA Corporation" "c:\program files\toshiba\reeltime\tosreeltimemonitor.exe"
+ "TosSENotify" "" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\toswaitsrv.exe"
+ "TosWaitSrv" "" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\toswaitsrv.exe"
+ "TPwrMain" "TOSHIBA Power Saver" "TOSHIBA Corporation" "c:\program files\toshiba\power saver\tpwrmain.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files (x86)\adobe\reader 9.0\reader\reader_sl.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "DivXUpdate" "DivX Update" "" "c:\program files (x86)\divx\divx update\divxupdate.exe"
+ "HWSetup" "HWSetup" "TOSHIBA Electronics, Inc." "c:\program files\toshiba\utilities\hwsetup.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "KeNotify" "KeNotify MFC Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\kenotify.exe"
+ "mcagent_exe" "McAfee Integrated Security Platform" "McAfee, Inc." "c:\program files (x86)\mcafee.com\agent\mcagent.exe"
+ "SVPWUTIL" "SVPWUTIL Application" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\utilities\svpwutil.exe"
+ "ToshibaServiceStation" "TOSHIBA Service Station" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\toshibaservicestation.exe"
+ "TWebCamera" "" "TOSHIBA CORPORATION." "c:\program files (x86)\toshiba\toshiba web camera application\twebcamera.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Google Update" "Google Installer" "Google Inc." "c:\users\c-dawg cridizzle\appdata\local\google\update\googleupdate.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "SUPERAntiSpyware" "SUPERAntiSpyware Application" "SUPERAntiSpyware.com" "c:\program files\superantispyware\superantispyware.exe"
+ "TOSHIBA Online Product Information" "TOSHIBA Online Product Information" "TOSHIBA" "c:\program files (x86)\toshiba\toshiba online product information\topi.exe"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "dssrequest" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "sacore" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcctxmnu.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files (x86)\mcafee\virusscan\mcctxmnu.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn64.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcctxmnu.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "McCtxMenu" "McAfee VirusScan - Context Menu" "McAfee, Inc." "c:\program files (x86)\mcafee\virusscan\mcctxmnu.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "McAfee Phishing Filter" "" "" "c:\program files (x86)\mcafee\msk\mskapbho64.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\scriptsn.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "DivX Plus Web Player HTML5 <video>" "DivX Plus Web Player HTML5 <video> version 2.1.2.145" "DivX, LLC" "c:\program files (x86)\divx\divx plus web player\ie\divxhtml5\divxhtml5.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files (x86)\java\jre6\bin\jp2ssv.dll"
+ "McAfee Phishing Filter" "" "" "c:\program files (x86)\mcafee\msk\mskapbho.dll"
+ "McAfee SiteAdvisor BHO" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
+ "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files (x86)\mcafee\virusscan\scriptsn.dll"
+ "Windows Live Sign-in Helper" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\x64\mcieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "McAfee SiteAdvisor" "SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcieplg.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "&Blog This in Windows Live Writer" "Windows Live Writer Blog This Extension" "Microsoft Corporation" "c:\program files (x86)\windows live\writer\writerbrowserextension.dll"
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files (x86)\microsoft office\office12\onbttnie.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files (x86)\apple software update\softwareupdate.exe"
+ "\ConfigFree Startup Programs" "ConfigFree Task Tray Menu" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\ndstray.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-271172118-1054600290-3035946180-1000Core" "Google Installer" "Google Inc." "c:\users\c-dawg cridizzle\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-271172118-1054600290-3035946180-1000UA" "Google Installer" "Google Inc." "c:\users\c-dawg cridizzle\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore64.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "cfWiMAXService" "This is WiMAX Control Service of ConfigFree. Please do not stop this servce when you are using ConfigFree with Intel WiMAX device." "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\cfiwmxsvcs64.exe"
+ "ConfigFree Gadget Service" "It's called by ConfigFree Gadget (x64)" "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\cfprocsrvc.exe"
+ "ConfigFree Service" "You can't stop this service, if you want to keep ConfigFree functionality fine." "TOSHIBA CORPORATION" "c:\program files (x86)\toshiba\configfree\cfsvcs.exe"
+ "GameConsoleService" "GameConsole management services" "WildTangent, Inc." "c:\program files (x86)\toshiba games\toshiba game console\gameconsoleservice.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files (x86)\common files\installshield\driver\11\intel 32\idrivert.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "McAfee SiteAdvisor Service" "Provides low-level support for McAfee SiteAdvisor" "McAfee, Inc." "c:\program files (x86)\mcafee\siteadvisor\mcsacore.exe"
+ "mcmscsvc" "McAfee Services" "McAfee, Inc." "c:\program files (x86)\mcafee\msc\mcmscsvc.exe"
+ "McNASvc" "Allows McAfee applications to communicate securely on the local network." "McAfee, Inc." "c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe"
+ "McODS" "McAfee Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan\mcods.exe"
+ "McProxy" "McAfee Proxy Service" "McAfee, Inc." "c:\program files (x86)\common files\mcafee\mcproxy\mcproxy.exe"
+ "McShield" "Scans files for viruses and other threats when they are accessed by this computer." "McAfee, Inc." "c:\program files\mcafee\virusscan\mcshield.exe"
+ "McSysmon" "Monitors potentially unauthorized changes to this computer." "McAfee, Inc." "c:\program files (x86)\mcafee\virusscan\mcsysmon.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "MpfService" "Helps protect your computer from intrusion and let's you manage your computer's trusted programs." "McAfee, Inc." "c:\program files (x86)\mcafee\mpf\mpfsrv.exe"
+ "MSK80Service" "This service filters e-mail messages on your computer" "McAfee, Inc." "c:\program files (x86)\mcafee\msk\msksrver.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"
+ "TemproMonitoringService" "Toshiba Notebook Performance Tuning Service" "Toshiba Europe GmbH" "c:\program files (x86)\toshiba tempro\temprosvc.exe"
+ "TMachInfo" "TOSHIBA Machine Information Service" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe"
+ "TODDSrv" "TDCSrv Application" "TOSHIBA Corporation" "c:\windows\system32\toddsrv.exe"
+ "TosCoSrv" "TOSHIBA Power Saver manages power saving settings supported by TOSHIBA. These settings will not work if the service has stopped." "TOSHIBA Corporation" "c:\program files\toshiba\power saver\toscosrv.exe"
+ "TOSHIBA eco Utility Service" "TOSHIBA eco Utility Service" "TOSHIBA Corporation" "c:\program files\toshiba\teco\tecoservice.exe"
+ "TOSHIBA HDD SSD Alert Service" "TOSHIBA HDD SSD Alert" "TOSHIBA Corporation" "c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe"
+ "TPCHSrv" "TOSHIBA PC Health Monitor" "TOSHIBA Corporation" "c:\program files\toshiba\tphm\tpchsrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "athr" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrx.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "IntcAzAudAddService" "Realtek® High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhd64.sys"
+ "IntcHdmiAddService" "Intel® High Definition Audio HDMI" "Intel® Corporation" "c:\windows\system32\drivers\intchdmi.sys"
+ "LPCFilter" "LPCFilter" "COMPAL ELECTRONIC INC." "c:\windows\system32\drivers\lpcfilter.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
+ "mfehidk" "Host Intrusion Detection Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
+ "mferkdk" "VSCore Code Analysis Driver" "McAfee, Inc." "c:\windows\system32\drivers\mferkdk.sys"
+ "mfesmfk" "System Monitor Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfesmfk.sys"
+ "MPFP" "McAfee Personal Firewall Plus Driver" "McAfee, Inc." "c:\windows\system32\drivers\mpfp.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "PGEffect" "TOSHIBA Universal Camera Filter Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\pgeffect.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "RSUSBSTOR" "Realtek USB Mass Storage Driver for 2K/XP/Vista/Win7" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtsustor.sys"
+ "RTL8167" "Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver " "Realtek " "c:\windows\system32\drivers\rt64win7.sys"
+ "RTL8187B" "Realtek RTL8187B NDIS Driver" "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtl8187b.sys"
+ "RtsUIR" "" "" "File not found: system32\DRIVERS\Rts516xIR.sys"
+ "SASDIFSV" "SASDIFSV64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv64.sys"
+ "SASKUTIL" "SASKUTIL64.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil64.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics Incorporated" "c:\windows\system32\drivers\syntp.sys"
+ "tdcmdpst" "TOSHIBA ODD Writing Driver for x64." "TOSHIBA Corporation." "c:\windows\system32\drivers\tdcmdpst.sys"
+ "tos_sps64" "tos_sps64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tos_sps64.sys"
+ "TVALZ" "TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalz_o.sys"
+ "TVALZFL" "TOSHIBA TVALZ Filter Driver for x64" "TOSHIBA Corporation" "c:\windows\system32\drivers\tvalzfl.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "USBCCID" "" "" "File not found: system32\DRIVERS\RtsUCcid.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "msacm.vorbis" "Ogg Vorbis CODEC for MSACM" "HMS http://hp.vector.co.jp/authors/VA012897/" "c:\windows\syswow64\vorbis.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\syswow64\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Sony Amplitude Modulation" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Chorus" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Distortion" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Dither" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Flange/Wah-wah" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Gapper/Snipper" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Graphic Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Graphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Multi-Band Dynamics" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Multi-Tap Delay" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Noise Gate" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Paragraphic EQ" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Parametric EQ" "Sony XFX 2 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack2.dll"
+ "Sony Pitch Shift" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Resonant Filter" "Sony Resonant Filter" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfresfilter.dll"
+ "Sony Reverb" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Simple Delay" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Smooth/Enhance" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack3.dll"
+ "Sony Time Stretch" "Sony XFX 1 Plug-In Pack " "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack1.dll"
+ "Sony Track Compressor" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Track EQ" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Track Noise Gate" "Sony TrackFX 1" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sftrkfx1.dll"
+ "Sony Vibrato" "Sony XFX 3 Plug-In Pack" "Sony Creative Software Inc." "c:\program files (x86)\sony\shared plug-ins\audio\sfppack3.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "MS PR Source Filter" "PlayReady DirectShow Source Filter DLL" "Microsoft Corporation" "c:\program files\playready\prsource.dll"
+ "PlayReady DMO Wrapper" "PlayReady DirectShow DMO Wrapper Filter DLL" "Microsoft Corporation" "c:\program files\playready\prdmowrapper.dll"
+ "SFVCaptureFilter" "SmartFaceVCapt" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcapt.dll"
"HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx codec\divxdec.ax"
+ "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\directshowdemuxfilter.dll"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files (x86)\divx\divx plus directshow filters\divxdech264.ax"
+ "Image Effects" "TimeStam Dynamic Link Library" "" "c:\program files (x86)\toshiba\toshiba web camera application\pgtimefilter.dll"
+ "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "TOSHIBA Audio Back Switcher" "" "" "c:\program files (x86)\toshiba\toshiba dvd player\tosaudiobackswitcher.ax"
+ "TOSHIBA Audio Decoder DVD" "TOSHIBA Audio Decoder DVD" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tosauddecl.ax"
+ "TOSHIBA Audio Front Switcher" "" "" "c:\program files (x86)\toshiba\toshiba dvd player\tosaudiofrontswitcher.ax"
+ "TOSHIBA Audio Rate Converter" "TOSHIBA Audio Rate Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tosarc.ax"
+ "TOSHIBA DualMono" "TOSHIBA DualMono" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tosdualmono.ax"
+ "TOSHIBA DVD Navigator" "TOSHIBA DVD Navigator" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tdvdnavi.ax"
+ "TOSHIBA DVD VR Navigator" "TOSHIBA DVD Player" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba dvd player\tvrnavi.ax"
+ "TOSHIBA Progress Monitor" "TOSHIBA Progress Monitor" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\tprogmon.ax"
+ "TOSHIBA WAV Converter" "TOSHIBA Wav Converter" "TOSHIBA Corporation" "c:\program files (x86)\toshiba\toshiba disc creator\twavconv.ax"
+ "Video Memory Render Filter" "" "" "File not found: C:\Program Files (x86)\Image-Line\FL Studio 10\Plugins\Fruity\Effects\ZGameEditor Visualizer\VideoMemoryRenderFilter.ax"
+ "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
+ "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files (x86)\windows live\photo gallery\wlxvafilt.dll"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "SmartFaceVCP" "SmartFaceVCP" "TOSHIBA Corporation" "c:\program files\toshiba\smartfacev\smartfacevcp.dll"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "LIDIL hpzlllhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzlllhn.dll"
"C:\Users\C-Dawg Cridizzle\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Calendar" "Browse the days of the calendar." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-us\Gadget.xml"

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 17 October 2012 - 10:15 AM

Run RKILL given in previous instructions and post the new log

Edited by narenxp, 17 October 2012 - 04:42 PM.


#9 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 October 2012 - 11:32 AM

Here's the RKill log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/17/2012 05:30:50 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/17/2012 05:31:00 PM
Execution time: 0 hours(s), 0 minute(s), and 9 seconds(s)

When the Recycle Bin is clicked it still produces a message saying it's corrupted.

Edited by Borky, 17 October 2012 - 11:34 AM.


#10 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 17 October 2012 - 11:49 AM

**This was a double post and the delete button isn't there, apologies**

Edited by Borky, 17 October 2012 - 11:56 AM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 17 October 2012 - 04:43 PM

Run the UNHIDE tool

http://www.bleepingcomputer.com/download/unhide/

This should restore the hidden files

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode


Create a new restore point

Follow this guide to turn off and turn on your restore points

XP- http://support.microsoft.com/kb/310405

Vista & windows 7- http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Turn off your system restore-It deletes old infected restore points

Turn on system restore and create a new restore point

Update JAVA and Flash player

Uninstall old version of java from control panel-Add or remove programs.Download the latest version from here

http://java.com/en/

Update your flash player

Antivirus recommendations

Update your antivirus frequently.Two free antivirus that i would suggest are

Microsoft security essentials or Avast.You can select either one of them.

If you have a paid one,make sure to update it frequently.Do not use multiple security softwares.

Informative guides that could prevent you from being infected again

How did I get infected?

http://www.bleepingcomputer.com/forums/topic2520.html

Best Practices for Safe Computing - Prevention of Malware Infection

http://www.bleepingcomputer.com/forums/topic407147.html

Simple and easy ways to keep your computer safe and secure on the Internet

http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

Safe surfing :)

#12 Borky

Borky
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 18 October 2012 - 10:52 AM

Thank you for all your help, I'm just reading through the guides now.
Cheers! :thumbsup:

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:04:26 PM

Posted 18 October 2012 - 04:09 PM

You're welcome :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users