Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

bcshbowtd.dll - Malware?


  • This topic is locked This topic is locked
23 replies to this topic

#1 yoitsmosh

yoitsmosh

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 11 August 2013 - 01:52 PM

Hello Bleeping Computer SMEs,

 

I'm helping a relative with her computer woes.  In addition to sluggish computer and internet browsing performance, she receives a message like "Problem starting bcshbowtd.dll. The specified module could not be found." immediately after logging in.  The message appears only on one (limited user) of two accounts.  Below is my DDS log.  I ran it from the limited account (Mama) with admin approval, if that makes any difference.  Let me know if you need Attach.txt.  The instructions vary on whether this should be included with the first post.

 

Any help that you can provide would be very much appreciated.

 

Mosh

 

--DDS

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Dr Who at 13:30:51 on 2013-08-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1457 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\mfevtps.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Mama\AppData\Local\Facebook\Update\FacebookUpdate.exe
C:\Users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\splwow64.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.toshiba.com
uDefault_Page_URL = hxxp://start.toshiba.com
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626150006.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: Interfaces\{A8D9A58C-0D38-49C4-8C6F-1E0B75CB4AA0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A8D9A58C-0D38-49C4-8C6F-1E0B75CB4AA0}\2375942554838343 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A8D9A58C-0D38-49C4-8C6F-1E0B75CB4AA0}\241627F6E6 : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120626150006.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R?2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-1-25 123320]
R0 amd_sata;amd_sata;C:\windows\System32\drivers\amd_sata.sys [2012-1-25 75904]
R0 amd_xata;amd_xata;C:\windows\System32\drivers\amd_xata.sys [2012-1-25 38016]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2012-5-10 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2012-5-10 340216]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-1-25 204288]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-16 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-16 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-16 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-11-16 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-5-10 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-5-10 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2012-5-10 182752]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-1-25 126392]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2012-5-10 70112]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2010-11-11 137512]
R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-1-25 9216]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2012-5-10 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2012-5-10 515968]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-1-25 38096]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-1-25 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-1-25 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-11-16 196440]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2012-5-10 106552]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-1-25 243712]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2011-5-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\windows\System32\drivers\ssadserd.sys [2011-5-13 146920]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-2-19 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-06-12 21:45:32 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 21:45:32 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 23:43:37 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-06-11 23:43:00 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-06-11 23:42:58 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-06-11 23:42:58 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26:20 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-06-11 23:25:16 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-06-11 23:25:13 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-06-11 23:25:13 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-06-11 22:51:45 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50:58 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-06-07 03:22:18 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-07 02:37:52 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-06-05 13:43:51 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
.
============= FINISH: 13:33:22.33 ===============
 

 



BC AdBot (Login to Remove)

 


#2 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 13 August 2013 - 10:28 PM

**In any case where you happen to be busy or unable to give us a reply, we would be grateful if you keep us informed in advance and we will be more than happy to wait. Failure to do so we will have your thread closed in THREE(3) days.

:)


Hello there, yoitsmosh

:welcome:

I'm Conspire, I'll be glad to help you with your computer problems.

Please observe these rules while we work:
  • Read the entire procedure
  • It is important to perform ALL actions in sequence.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with me till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

---------------------------------------------------------------------------------------------------

Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
  • Allow it to update where necessary
  • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
===================================================

Download TDSSKiller.exe and save it to your desktop

Execute TDSSKiller.exe by doubleclicking on it.
Press Start Scan
If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

===================================================

On your next reply please post :
aswMBR log
MBR.dat (attachment)
TDSS Killer log



Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

Good Day!
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#3 yoitsmosh

yoitsmosh
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 17 August 2013 - 12:28 AM

Thank you for taking the time, Conspire.  Attached is the MBR.zip file.  Below is the aswMBR log and the TDSSKiller log.

Mosh

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-17 00:20:26
-----------------------------
00:20:26.173    OS Version: Windows x64 6.1.7601 Service Pack 1
00:20:26.173    Number of processors: 2 586 0x100
00:20:26.188    ComputerName: BLACKPEARL  UserName: Dr Who
00:20:32.194    Initialize success
00:24:50.206    AVAST engine defs: 13081601
00:25:14.479    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000067
00:25:14.494    Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
00:25:15.659    Disk 0 MBR read successfully
00:25:15.659    Disk 0 MBR scan
00:25:16.376    Disk 0 Windows VISTA default MBR code
00:25:16.470    Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS         1500 MB offset 2048
00:25:16.595    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       291226 MB offset 3074048
00:25:16.704    Disk 0 Partition 3 00     17 Hidd HPFS/NTFS NTFS        12517 MB offset 599504896
00:25:17.297    Disk 0 scanning C:\windows\system32\drivers
00:27:40.391    Service scanning
00:30:31.413    Modules scanning
00:30:31.428    Disk 0 trace - called modules:
00:30:31.460    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
00:30:31.991    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800304e420]
00:30:32.007    3 CLASSPNP.SYS[fffff8800105143f] -> nt!IofCallDriver -> [0xfffffa8002027ac0]
00:30:32.022    5 amd_xata.sys[fffff8800111a8b4] -> nt!IofCallDriver -> \Device\00000067[0xfffffa8002ed89c0]
00:30:39.497    AVAST engine scan C:\windows
00:31:53.586    AVAST engine scan C:\windows\system32
00:50:14.827    AVAST engine scan C:\windows\system32\drivers
00:50:46.279    AVAST engine scan C:\Users\Dr Who
00:51:13.906    File: C:\Users\Dr Who\AppData\Local\Temp\av4E6B.tmp **HIDDEN**
00:51:15.373    AVAST engine scan C:\ProgramData
01:00:51.476    Scan finished successfully
01:02:09.546    Disk 0 MBR has been saved successfully to "C:\Users\Public\Documents\Downloads\aswMBR\MBR.dat"
01:02:09.593    The log file has been saved successfully to "C:\Users\Public\Documents\Downloads\aswMBR\aswMBR.txt"

 

01:06:23.0643 3704  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:06:25.0655 3704  ============================================================
01:06:25.0655 3704  Current date / time: 2013/08/17 01:06:25.0655
01:06:25.0655 3704  SystemInfo:
01:06:25.0655 3704 
01:06:25.0655 3704  OS Version: 6.1.7601 ServicePack: 1.0
01:06:25.0655 3704  Product type: Workstation
01:06:25.0655 3704  ComputerName: BLACKPEARL
01:06:25.0655 3704  UserName: Dr Who
01:06:25.0655 3704  Windows directory: C:\windows
01:06:25.0655 3704  System windows directory: C:\windows
01:06:25.0655 3704  Running under WOW64
01:06:25.0655 3704  Processor architecture: Intel x64
01:06:25.0655 3704  Number of processors: 2
01:06:25.0655 3704  Page size: 0x1000
01:06:25.0655 3704  Boot type: Normal boot
01:06:25.0655 3704  ============================================================
01:06:30.0694 3704  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:06:30.0710 3704  Drive \Device\Harddisk1\DR1 - Size: 0xDA8FFE00 (3.42 Gb), SectorSize: 0x200, Cylinders: 0x1BD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:06:30.0725 3704  ============================================================
01:06:30.0725 3704  \Device\Harddisk0\DR0:
01:06:30.0725 3704  MBR partitions:
01:06:30.0725 3704  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x238CD000
01:06:30.0725 3704  \Device\Harddisk1\DR1:
01:06:30.0725 3704  MBR partitions:
01:06:30.0725 3704  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x6D47C0
01:06:30.0725 3704  ============================================================
01:06:30.0788 3704  C: <-> \Device\Harddisk0\DR0\Partition1
01:06:30.0788 3704  ============================================================
01:06:30.0788 3704  Initialize success
01:06:30.0788 3704  ============================================================
01:06:57.0136 5280  ============================================================
01:06:57.0152 5280  Scan started
01:06:57.0152 5280  Mode: Manual;
01:06:57.0152 5280  ============================================================
01:06:57.0729 5280  ================ Scan system memory ========================
01:06:57.0729 5280  System memory - ok
01:06:57.0729 5280  ================ Scan services =============================
01:06:57.0932 5280  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
01:06:58.0134 5280  1394ohci - ok
01:06:58.0259 5280  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
01:06:58.0462 5280  ACPI - ok
01:06:58.0509 5280  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
01:06:58.0696 5280  AcpiPmi - ok
01:06:58.0821 5280  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:06:59.0039 5280  AdobeARMservice - ok
01:06:59.0211 5280  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
01:06:59.0445 5280  AdobeFlashPlayerUpdateSvc - ok
01:06:59.0538 5280  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
01:06:59.0570 5280  adp94xx - ok
01:06:59.0632 5280  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
01:06:59.0679 5280  adpahci - ok
01:06:59.0741 5280  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
01:06:59.0772 5280  adpu320 - ok
01:06:59.0835 5280  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
01:06:59.0850 5280  AeLookupSvc - ok
01:06:59.0991 5280  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
01:07:00.0209 5280  AFD - ok
01:07:00.0256 5280  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
01:07:00.0272 5280  agp440 - ok
01:07:00.0318 5280  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
01:07:00.0350 5280  ALG - ok
01:07:00.0381 5280  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
01:07:00.0396 5280  aliide - ok
01:07:00.0490 5280  [ 2F2E91FD092811353C3BC968BEC274D8 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
01:07:00.0677 5280  AMD External Events Utility - ok
01:07:00.0740 5280  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
01:07:00.0755 5280  amdide - ok
01:07:00.0786 5280  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
01:07:00.0802 5280  AmdK8 - ok
01:07:01.0348 5280  [ 194D76D2083318A2E7071A988E02ECF4 ] amdkmdag        C:\windows\system32\DRIVERS\atikmdag.sys
01:07:01.0910 5280  amdkmdag - ok
01:07:01.0972 5280  [ 1EEFFCE9A3A65A56A28793EAA3F57026 ] amdkmdap        C:\windows\system32\DRIVERS\atikmpag.sys
01:07:02.0175 5280  amdkmdap - ok
01:07:02.0222 5280  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\DRIVERS\amdppm.sys
01:07:02.0237 5280  AmdPPM - ok
01:07:02.0284 5280  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
01:07:02.0471 5280  amdsata - ok
01:07:02.0534 5280  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
01:07:02.0565 5280  amdsbs - ok
01:07:02.0596 5280  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
01:07:02.0783 5280  amdxata - ok
01:07:02.0814 5280  [ CAEE7C1AFC9F1C9EE8DD11ACD18D22E7 ] amd_sata        C:\windows\system32\DRIVERS\amd_sata.sys
01:07:02.0814 5280  amd_sata - ok
01:07:02.0861 5280  [ 23726116B4FBCC84FC45B95157C08F5F ] amd_xata        C:\windows\system32\DRIVERS\amd_xata.sys
01:07:03.0064 5280  amd_xata - ok
01:07:03.0142 5280  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
01:07:03.0345 5280  AppID - ok
01:07:03.0407 5280  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
01:07:03.0423 5280  AppIDSvc - ok
01:07:03.0501 5280  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
01:07:03.0641 5280  Appinfo - ok
01:07:03.0750 5280  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:07:03.0969 5280  Apple Mobile Device - ok
01:07:04.0031 5280  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
01:07:04.0047 5280  arc - ok
01:07:04.0062 5280  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
01:07:04.0094 5280  arcsas - ok
01:07:04.0234 5280  [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state    C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
01:07:04.0452 5280  aspnet_state - ok
01:07:04.0484 5280  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
01:07:04.0515 5280  AsyncMac - ok
01:07:04.0608 5280  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
01:07:04.0608 5280  atapi - ok
01:07:04.0718 5280  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
01:07:04.0889 5280  AudioEndpointBuilder - ok
01:07:04.0936 5280  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
01:07:04.0952 5280  AudioSrv - ok
01:07:05.0014 5280  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
01:07:05.0154 5280  AxInstSV - ok
01:07:05.0232 5280  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
01:07:05.0264 5280  b06bdrv - ok
01:07:05.0310 5280  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
01:07:05.0326 5280  b57nd60a - ok
01:07:05.0404 5280  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
01:07:05.0420 5280  BDESVC - ok
01:07:05.0466 5280  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
01:07:05.0482 5280  Beep - ok
01:07:05.0560 5280  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
01:07:05.0716 5280  BFE - ok
01:07:05.0825 5280  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
01:07:06.0137 5280  BITS - ok
01:07:06.0168 5280  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys
01:07:06.0200 5280  blbdrive - ok
01:07:06.0309 5280  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:07:06.0512 5280  Bonjour Service - ok
01:07:06.0558 5280  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
01:07:06.0746 5280  bowser - ok
01:07:06.0761 5280  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
01:07:06.0792 5280  BrFiltLo - ok
01:07:06.0824 5280  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
01:07:06.0839 5280  BrFiltUp - ok
01:07:06.0933 5280  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
01:07:07.0089 5280  Browser - ok
01:07:07.0136 5280  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
01:07:07.0151 5280  Brserid - ok
01:07:07.0182 5280  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
01:07:07.0198 5280  BrSerWdm - ok
01:07:07.0245 5280  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
01:07:07.0260 5280  BrUsbMdm - ok
01:07:07.0276 5280  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
01:07:07.0292 5280  BrUsbSer - ok
01:07:07.0323 5280  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
01:07:07.0338 5280  BTHMODEM - ok
01:07:07.0401 5280  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
01:07:07.0416 5280  bthserv - ok
01:07:07.0479 5280  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
01:07:07.0494 5280  cdfs - ok
01:07:07.0557 5280  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
01:07:07.0728 5280  cdrom - ok
01:07:07.0791 5280  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
01:07:07.0931 5280  CertPropSvc - ok
01:07:07.0994 5280  [ D2B3252AD4EB499C935A56467997AA3C ] cfwids          C:\windows\system32\drivers\cfwids.sys
01:07:08.0181 5280  cfwids - ok
01:07:08.0228 5280  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
01:07:08.0243 5280  circlass - ok
01:07:08.0290 5280  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
01:07:08.0321 5280  CLFS - ok
01:07:08.0400 5280  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:07:08.0416 5280  clr_optimization_v2.0.50727_32 - ok
01:07:08.0463 5280  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
01:07:08.0494 5280  clr_optimization_v2.0.50727_64 - ok
01:07:08.0603 5280  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:07:08.0915 5280  clr_optimization_v4.0.30319_32 - ok
01:07:08.0977 5280  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
01:07:09.0289 5280  clr_optimization_v4.0.30319_64 - ok
01:07:09.0336 5280  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys
01:07:09.0352 5280  CmBatt - ok
01:07:09.0399 5280  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
01:07:09.0414 5280  cmdide - ok
01:07:09.0461 5280  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys
01:07:09.0601 5280  CNG - ok
01:07:09.0711 5280  [ 99B1B888B793DE320C5479B3C953781F ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
01:07:09.0898 5280  CnxtHdAudService - ok
01:07:09.0960 5280  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
01:07:09.0976 5280  Compbatt - ok
01:07:10.0007 5280  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys
01:07:10.0210 5280  CompositeBus - ok
01:07:10.0225 5280  COMSysApp - ok
01:07:10.0272 5280  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
01:07:10.0272 5280  crcdisk - ok
01:07:10.0350 5280  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\windows\system32\cryptsvc.dll
01:07:10.0491 5280  CryptSvc - ok
01:07:10.0615 5280  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
01:07:10.0631 5280  DcomLaunch - ok
01:07:10.0693 5280  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
01:07:10.0709 5280  defragsvc - ok
01:07:10.0756 5280  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
01:07:10.0943 5280  DfsC - ok
01:07:11.0005 5280  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
01:07:11.0146 5280  Dhcp - ok
01:07:11.0161 5280  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
01:07:11.0177 5280  discache - ok
01:07:11.0239 5280  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
01:07:11.0271 5280  Disk - ok
01:07:11.0302 5280  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
01:07:11.0442 5280  Dnscache - ok
01:07:11.0505 5280  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
01:07:11.0661 5280  dot3svc - ok
01:07:11.0770 5280  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
01:07:11.0910 5280  DPS - ok
01:07:11.0957 5280  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
01:07:11.0988 5280  drmkaud - ok
01:07:12.0051 5280  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
01:07:12.0269 5280  DXGKrnl - ok
01:07:12.0331 5280  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
01:07:12.0347 5280  EapHost - ok
01:07:12.0456 5280  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
01:07:12.0581 5280  ebdrv - ok
01:07:12.0612 5280  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
01:07:12.0815 5280  EFS - ok
01:07:12.0955 5280  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
01:07:13.0189 5280  ehRecvr - ok
01:07:13.0236 5280  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
01:07:13.0252 5280  ehSched - ok
01:07:13.0330 5280  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
01:07:13.0361 5280  elxstor - ok
01:07:13.0392 5280  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
01:07:13.0408 5280  ErrDev - ok
01:07:13.0470 5280  [ 5D82D501D2FEE413B1F45F0302B5802C ] ETD             C:\windows\system32\DRIVERS\ETD.sys
01:07:13.0689 5280  ETD - ok
01:07:13.0813 5280  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
01:07:13.0845 5280  EventSystem - ok
01:07:13.0876 5280  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
01:07:13.0907 5280  exfat - ok
01:07:13.0969 5280  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
01:07:14.0001 5280  fastfat - ok
01:07:14.0125 5280  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
01:07:14.0328 5280  Fax - ok
01:07:14.0437 5280  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
01:07:14.0453 5280  fdc - ok
01:07:14.0500 5280  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
01:07:14.0515 5280  fdPHost - ok
01:07:14.0562 5280  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
01:07:14.0562 5280  FDResPub - ok
01:07:14.0593 5280  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
01:07:14.0609 5280  FileInfo - ok
01:07:14.0640 5280  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
01:07:14.0656 5280  Filetrace - ok
01:07:14.0687 5280  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
01:07:14.0703 5280  flpydisk - ok
01:07:14.0749 5280  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
01:07:14.0905 5280  FltMgr - ok
01:07:14.0983 5280  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
01:07:15.0264 5280  FontCache - ok
01:07:15.0373 5280  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:07:15.0576 5280  FontCache3.0.0.0 - ok
01:07:15.0607 5280  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
01:07:15.0623 5280  FsDepends - ok
01:07:15.0654 5280  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
01:07:15.0841 5280  Fs_Rec - ok
01:07:15.0904 5280  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
01:07:16.0091 5280  fvevol - ok
01:07:16.0138 5280  [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk           C:\windows\system32\DRIVERS\FwLnk.sys
01:07:16.0325 5280  FwLnk - ok
01:07:16.0481 5280  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
01:07:16.0497 5280  gagp30kx - ok
01:07:16.0824 5280  [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
01:07:17.0058 5280  GamesAppService - ok
01:07:17.0152 5280  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
01:07:17.0339 5280  GEARAspiWDM - ok
01:07:17.0401 5280  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
01:07:17.0574 5280  gpsvc - ok
01:07:17.0683 5280  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:07:17.0917 5280  gupdate - ok
01:07:17.0995 5280  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
01:07:17.0995 5280  gupdatem - ok
01:07:18.0089 5280  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
01:07:18.0323 5280  gusvc - ok
01:07:18.0354 5280  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
01:07:18.0354 5280  hcw85cir - ok
01:07:18.0416 5280  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
01:07:18.0604 5280  HdAudAddService - ok
01:07:18.0760 5280  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys
01:07:18.0947 5280  HDAudBus - ok
01:07:18.0978 5280  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
01:07:18.0994 5280  HidBatt - ok
01:07:19.0009 5280  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
01:07:19.0025 5280  HidBth - ok
01:07:19.0056 5280  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
01:07:19.0072 5280  HidIr - ok
01:07:19.0118 5280  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
01:07:19.0134 5280  hidserv - ok
01:07:19.0181 5280  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
01:07:19.0368 5280  HidUsb - ok
01:07:19.0508 5280  [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK      C:\windows\system32\drivers\HipShieldK.sys
01:07:19.0696 5280  HipShieldK - ok
01:07:19.0727 5280  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
01:07:19.0883 5280  hkmsvc - ok
01:07:19.0961 5280  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
01:07:20.0101 5280  HomeGroupListener - ok
01:07:20.0148 5280  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
01:07:20.0304 5280  HomeGroupProvider - ok
01:07:20.0366 5280  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
01:07:20.0554 5280  HpSAMD - ok
01:07:20.0600 5280  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
01:07:20.0803 5280  HTTP - ok
01:07:20.0819 5280  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
01:07:20.0975 5280  hwpolicy - ok
01:07:21.0100 5280  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys
01:07:21.0131 5280  i8042prt - ok
01:07:21.0178 5280  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
01:07:21.0380 5280  iaStorV - ok
01:07:21.0443 5280  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
01:07:21.0677 5280  idsvc - ok
01:07:21.0692 5280  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
01:07:21.0724 5280  iirsp - ok
01:07:21.0770 5280  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
01:07:21.0942 5280  IKEEXT - ok
01:07:21.0973 5280  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
01:07:21.0989 5280  intelide - ok
01:07:22.0020 5280  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\drivers\intelppm.sys
01:07:22.0036 5280  intelppm - ok
01:07:22.0082 5280  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
01:07:22.0098 5280  IPBusEnum - ok
01:07:22.0145 5280  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
01:07:22.0332 5280  IpFilterDriver - ok
01:07:22.0472 5280  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
01:07:22.0628 5280  iphlpsvc - ok
01:07:22.0675 5280  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
01:07:22.0862 5280  IPMIDRV - ok
01:07:22.0894 5280  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
01:07:22.0909 5280  IPNAT - ok
01:07:23.0003 5280  [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
01:07:23.0252 5280  iPod Service - ok
01:07:23.0362 5280  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
01:07:23.0377 5280  IRENUM - ok
01:07:23.0408 5280  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
01:07:23.0408 5280  isapnp - ok
01:07:23.0486 5280  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
01:07:23.0689 5280  iScsiPrt - ok
01:07:23.0736 5280  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys
01:07:23.0752 5280  kbdclass - ok
01:07:23.0798 5280  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
01:07:23.0970 5280  kbdhid - ok
01:07:24.0001 5280  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
01:07:24.0001 5280  KeyIso - ok
01:07:24.0048 5280  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
01:07:24.0188 5280  KSecDD - ok
01:07:24.0220 5280  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
01:07:24.0422 5280  KSecPkg - ok
01:07:24.0454 5280  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
01:07:24.0469 5280  ksthunk - ok
01:07:24.0516 5280  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
01:07:24.0547 5280  KtmRm - ok
01:07:24.0719 5280  [ 655A5D8E80869781CCE23760ADA7E695 ] L1C             C:\windows\system32\DRIVERS\L1C62x64.sys
01:07:24.0922 5280  L1C - ok
01:07:24.0984 5280  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
01:07:25.0124 5280  LanmanServer - ok
01:07:25.0171 5280  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
01:07:25.0312 5280  LanmanWorkstation - ok
01:07:25.0390 5280  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
01:07:25.0405 5280  lltdio - ok
01:07:25.0452 5280  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
01:07:25.0468 5280  lltdsvc - ok
01:07:25.0499 5280  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
01:07:25.0530 5280  lmhosts - ok
01:07:25.0592 5280  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
01:07:25.0608 5280  LSI_FC - ok
01:07:25.0624 5280  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
01:07:25.0639 5280  LSI_SAS - ok
01:07:25.0686 5280  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
01:07:25.0702 5280  LSI_SAS2 - ok
01:07:25.0764 5280  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
01:07:25.0795 5280  LSI_SCSI - ok
01:07:25.0873 5280  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
01:07:25.0873 5280  luafv - ok
01:07:25.0998 5280  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:07:26.0201 5280  McAfee SiteAdvisor Service - ok
01:07:26.0263 5280  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:07:26.0263 5280  McMPFSvc - ok
01:07:26.0341 5280  [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:07:26.0357 5280  mcmscsvc - ok
01:07:26.0404 5280  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn        C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:07:26.0404 5280  McNaiAnn - ok
01:07:26.0466 5280  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:07:26.0466 5280  McNASvc - ok
01:07:26.0622 5280  [ 1814532DB0404C5FB65AA3EB051B2BE5 ] McODS           C:\Program Files\McAfee\VirusScan\mcods.exe
01:07:26.0856 5280  McODS - ok
01:07:27.0043 5280  [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy         C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
01:07:27.0043 5280  McProxy - ok
01:07:27.0184 5280  [ 21F81090A00932C5E96700EDF2977582 ] McShield        C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
01:07:27.0402 5280  McShield - ok
01:07:27.0449 5280  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
01:07:27.0605 5280  Mcx2Svc - ok
01:07:27.0636 5280  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
01:07:27.0652 5280  megasas - ok
01:07:27.0683 5280  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
01:07:27.0714 5280  MegaSR - ok
01:07:27.0777 5280  [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk         C:\windows\system32\drivers\mfeapfk.sys
01:07:27.0979 5280  mfeapfk - ok
01:07:28.0042 5280  [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk         C:\windows\system32\drivers\mfeavfk.sys
01:07:28.0245 5280  mfeavfk - ok
01:07:28.0307 5280  mfeavfk01 - ok
01:07:28.0401 5280  [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
01:07:28.0588 5280  mfefire - ok
01:07:28.0667 5280  [ CECC9841D036EE008091825272D91331 ] mfefirek        C:\windows\system32\drivers\mfefirek.sys
01:07:28.0870 5280  mfefirek - ok
01:07:28.0963 5280  [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk         C:\windows\system32\drivers\mfehidk.sys
01:07:29.0182 5280  mfehidk - ok
01:07:29.0244 5280  [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet        C:\windows\system32\drivers\mferkdet.sys
01:07:29.0431 5280  mferkdet - ok
01:07:29.0509 5280  [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp          C:\windows\system32\mfevtps.exe
01:07:29.0697 5280  mfevtp - ok
01:07:29.0760 5280  [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk         C:\windows\system32\drivers\mfewfpk.sys
01:07:29.0963 5280  mfewfpk - ok
01:07:30.0009 5280  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
01:07:30.0009 5280  MMCSS - ok
01:07:30.0056 5280  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
01:07:30.0072 5280  Modem - ok
01:07:30.0103 5280  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
01:07:30.0119 5280  monitor - ok
01:07:30.0197 5280  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
01:07:30.0212 5280  mouclass - ok
01:07:30.0259 5280  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
01:07:30.0275 5280  mouhid - ok
01:07:30.0321 5280  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
01:07:30.0509 5280  mountmgr - ok
01:07:30.0571 5280  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
01:07:30.0774 5280  mpio - ok
01:07:30.0805 5280  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
01:07:30.0836 5280  mpsdrv - ok
01:07:30.0883 5280  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
01:07:31.0055 5280  MpsSvc - ok
01:07:31.0086 5280  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
01:07:31.0289 5280  MRxDAV - ok
01:07:31.0351 5280  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
01:07:31.0538 5280  mrxsmb - ok
01:07:31.0585 5280  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
01:07:31.0772 5280  mrxsmb10 - ok
01:07:31.0850 5280  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
01:07:32.0037 5280  mrxsmb20 - ok
01:07:32.0069 5280  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys
01:07:32.0271 5280  msahci - ok
01:07:32.0303 5280  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
01:07:32.0521 5280  msdsm - ok
01:07:32.0552 5280  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
01:07:32.0568 5280  MSDTC - ok
01:07:32.0630 5280  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
01:07:32.0646 5280  Msfs - ok
01:07:32.0693 5280  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
01:07:32.0708 5280  mshidkmdf - ok
01:07:32.0739 5280  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
01:07:32.0739 5280  msisadrv - ok
01:07:32.0802 5280  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
01:07:32.0833 5280  MSiSCSI - ok
01:07:32.0849 5280  msiserver - ok
01:07:32.0880 5280  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
01:07:32.0927 5280  MSKSSRV - ok
01:07:32.0973 5280  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
01:07:33.0005 5280  MSPCLOCK - ok
01:07:33.0067 5280  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
01:07:33.0098 5280  MSPQM - ok
01:07:33.0285 5280  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
01:07:33.0426 5280  MsRPC - ok
01:07:33.0457 5280  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys
01:07:33.0488 5280  mssmbios - ok
01:07:33.0535 5280  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
01:07:33.0551 5280  MSTEE - ok
01:07:33.0566 5280  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
01:07:33.0582 5280  MTConfig - ok
01:07:33.0629 5280  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
01:07:33.0644 5280  Mup - ok
01:07:33.0691 5280  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
01:07:33.0847 5280  napagent - ok
01:07:33.0925 5280  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
01:07:33.0956 5280  NativeWifiP - ok
01:07:34.0034 5280  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
01:07:34.0268 5280  NDIS - ok
01:07:34.0346 5280  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
01:07:34.0362 5280  NdisCap - ok
01:07:34.0409 5280  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
01:07:34.0409 5280  NdisTapi - ok
01:07:34.0471 5280  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
01:07:34.0658 5280  Ndisuio - ok
01:07:34.0689 5280  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
01:07:34.0877 5280  NdisWan - ok
01:07:34.0908 5280  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
01:07:35.0095 5280  NDProxy - ok
01:07:35.0126 5280  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
01:07:35.0142 5280  NetBIOS - ok
01:07:35.0189 5280  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
01:07:35.0376 5280  NetBT - ok
01:07:35.0407 5280  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
01:07:35.0423 5280  Netlogon - ok
01:07:35.0501 5280  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
01:07:35.0532 5280  Netman - ok
01:07:35.0594 5280  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:07:35.0844 5280  NetMsmqActivator - ok
01:07:35.0875 5280  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:07:35.0875 5280  NetPipeActivator - ok
01:07:35.0922 5280  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
01:07:35.0937 5280  netprofm - ok
01:07:35.0953 5280  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:07:35.0953 5280  NetTcpActivator - ok
01:07:35.0969 5280  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:07:35.0984 5280  NetTcpPortSharing - ok
01:07:36.0031 5280  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
01:07:36.0047 5280  nfrd960 - ok
01:07:36.0109 5280  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
01:07:36.0265 5280  NlaSvc - ok
01:07:36.0327 5280  Norton PC Checkup Application Launcher - ok
01:07:36.0359 5280  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
01:07:36.0359 5280  Npfs - ok
01:07:36.0405 5280  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
01:07:36.0421 5280  nsi - ok
01:07:36.0452 5280  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
01:07:36.0468 5280  nsiproxy - ok
01:07:36.0686 5280  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
01:07:36.0890 5280  Ntfs - ok
01:07:36.0921 5280  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
01:07:36.0937 5280  Null - ok
01:07:36.0984 5280  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
01:07:37.0171 5280  nvraid - ok
01:07:37.0202 5280  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
01:07:37.0389 5280  nvstor - ok
01:07:37.0420 5280  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
01:07:37.0452 5280  nv_agp - ok
01:07:37.0498 5280  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
01:07:37.0514 5280  ohci1394 - ok
01:07:37.0623 5280  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:07:37.0670 5280  ose - ok
01:07:37.0810 5280  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
01:07:37.0826 5280  p2pimsvc - ok
01:07:37.0873 5280  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
01:07:37.0904 5280  p2psvc - ok
01:07:37.0951 5280  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
01:07:37.0966 5280  Parport - ok
01:07:38.0013 5280  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
01:07:38.0216 5280  partmgr - ok
01:07:38.0247 5280  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
01:07:38.0278 5280  PcaSvc - ok
01:07:38.0325 5280  [ 2F86BE1818C2D7AC90478E3323EE7FCB ] PCCUJobMgr      C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
01:07:38.0544 5280  PCCUJobMgr - ok
01:07:38.0590 5280  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
01:07:38.0590 5280  pci - ok
01:07:38.0637 5280  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
01:07:38.0653 5280  pciide - ok
01:07:38.0684 5280  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
01:07:38.0700 5280  pcmcia - ok
01:07:38.0731 5280  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
01:07:38.0746 5280  pcw - ok
01:07:38.0871 5280  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
01:07:38.0934 5280  PEAUTH - ok
01:07:39.0027 5280  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
01:07:39.0043 5280  PerfHost - ok
01:07:39.0121 5280  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
01:07:39.0324 5280  PGEffect - ok
01:07:39.0417 5280  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
01:07:39.0589 5280  pla - ok
01:07:39.0651 5280  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
01:07:39.0807 5280  PlugPlay - ok
01:07:39.0838 5280  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
01:07:39.0854 5280  PNRPAutoReg - ok
01:07:39.0979 5280  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
01:07:39.0994 5280  PNRPsvc - ok
01:07:40.0041 5280  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
01:07:40.0182 5280  PolicyAgent - ok
01:07:40.0244 5280  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
01:07:40.0275 5280  Power - ok
01:07:40.0338 5280  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
01:07:40.0525 5280  PptpMiniport - ok
01:07:40.0556 5280  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
01:07:40.0572 5280  Processor - ok
01:07:40.0665 5280  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
01:07:40.0806 5280  ProfSvc - ok
01:07:40.0837 5280  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
01:07:40.0837 5280  ProtectedStorage - ok
01:07:40.0884 5280  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
01:07:41.0071 5280  Psched - ok
01:07:41.0227 5280  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
01:07:41.0289 5280  ql2300 - ok
01:07:41.0336 5280  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
01:07:41.0352 5280  ql40xx - ok
01:07:41.0398 5280  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
01:07:41.0430 5280  QWAVE - ok
01:07:41.0461 5280  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
01:07:41.0476 5280  QWAVEdrv - ok
01:07:41.0523 5280  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
01:07:41.0539 5280  RasAcd - ok
01:07:41.0601 5280  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
01:07:41.0601 5280  RasAgileVpn - ok
01:07:41.0648 5280  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
01:07:41.0679 5280  RasAuto - ok
01:07:41.0726 5280  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
01:07:41.0898 5280  Rasl2tp - ok
01:07:41.0944 5280  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
01:07:42.0100 5280  RasMan - ok
01:07:42.0147 5280  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
01:07:42.0178 5280  RasPppoe - ok
01:07:42.0241 5280  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
01:07:42.0241 5280  RasSstp - ok
01:07:42.0319 5280  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
01:07:42.0506 5280  rdbss - ok
01:07:42.0537 5280  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
01:07:42.0553 5280  rdpbus - ok
01:07:42.0584 5280  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
01:07:42.0600 5280  RDPCDD - ok
01:07:42.0631 5280  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
01:07:42.0646 5280  RDPENCDD - ok
01:07:42.0693 5280  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
01:07:42.0693 5280  RDPREFMP - ok
01:07:42.0756 5280  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
01:07:42.0927 5280  RDPWD - ok
01:07:42.0974 5280  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
01:07:43.0177 5280  rdyboost - ok
01:07:43.0208 5280  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
01:07:43.0224 5280  RemoteAccess - ok
01:07:43.0270 5280  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
01:07:43.0270 5280  RemoteRegistry - ok
01:07:43.0380 5280  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
01:07:43.0411 5280  RpcEptMapper - ok
01:07:43.0458 5280  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
01:07:43.0473 5280  RpcLocator - ok
01:07:43.0551 5280  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
01:07:43.0567 5280  RpcSs - ok
01:07:43.0629 5280  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
01:07:43.0629 5280  rspndr - ok
01:07:43.0723 5280  [ 0E3DCF76F11DC431B088A2DFD7265CDA ] RSUSBSTOR       C:\windows\system32\Drivers\RtsUStor.sys
01:07:43.0910 5280  RSUSBSTOR - ok
01:07:43.0988 5280  [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce       C:\windows\system32\DRIVERS\rtl8192Ce.sys
01:07:44.0191 5280  RTL8192Ce - ok
01:07:44.0222 5280  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
01:07:44.0222 5280  SamSs - ok
01:07:44.0269 5280  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
01:07:44.0472 5280  sbp2port - ok
01:07:44.0550 5280  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
01:07:44.0581 5280  SCardSvr - ok
01:07:44.0612 5280  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
01:07:44.0815 5280  scfilter - ok
01:07:44.0877 5280  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
01:07:45.0049 5280  Schedule - ok
01:07:45.0080 5280  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
01:07:45.0080 5280  SCPolicySvc - ok
01:07:45.0127 5280  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
01:07:45.0283 5280  SDRSVC - ok
01:07:45.0330 5280  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
01:07:45.0330 5280  secdrv - ok
01:07:45.0376 5280  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
01:07:45.0517 5280  seclogon - ok
01:07:45.0579 5280  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
01:07:45.0595 5280  SENS - ok
01:07:45.0704 5280  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
01:07:45.0720 5280  SensrSvc - ok
01:07:45.0829 5280  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
01:07:45.0844 5280  Serenum - ok
01:07:45.0876 5280  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
01:07:45.0876 5280  Serial - ok
01:07:45.0907 5280  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
01:07:45.0922 5280  sermouse - ok
01:07:45.0985 5280  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
01:07:46.0141 5280  SessionEnv - ok
01:07:46.0156 5280  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
01:07:46.0188 5280  sffdisk - ok
01:07:46.0203 5280  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
01:07:46.0234 5280  sffp_mmc - ok
01:07:46.0250 5280  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
01:07:46.0437 5280  sffp_sd - ok
01:07:46.0468 5280  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
01:07:46.0484 5280  sfloppy - ok
01:07:46.0531 5280  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
01:07:46.0562 5280  SharedAccess - ok
01:07:46.0609 5280  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
01:07:46.0765 5280  ShellHWDetection - ok
01:07:46.0827 5280  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
01:07:46.0843 5280  SiSRaid2 - ok
01:07:46.0905 5280  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
01:07:46.0921 5280  SiSRaid4 - ok
01:07:47.0186 5280  [ AE40D1BC6FB02A5625516AD74CA9A309 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
01:07:47.0514 5280  Skype C2C Service - ok
01:07:47.0638 5280  [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
01:08:06.0803 5280  SkypeUpdate - ok
01:08:06.0866 5280  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
01:08:06.0881 5280  Smb - ok
01:08:06.0975 5280  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
01:08:07.0006 5280  SNMPTRAP - ok
01:08:07.0053 5280  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
01:08:07.0084 5280  spldr - ok
01:08:07.0131 5280  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
01:08:07.0334 5280  Spooler - ok
01:08:07.0505 5280  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
01:08:08.0192 5280  sppsvc - ok
01:08:08.0223 5280  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
01:08:08.0254 5280  sppuinotify - ok
01:08:08.0301 5280  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
01:08:08.0504 5280  srv - ok
01:08:08.0519 5280  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
01:08:08.0722 5280  srv2 - ok
01:08:08.0769 5280  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
01:08:08.0972 5280  srvnet - ok
01:08:09.0081 5280  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus         C:\windows\system32\DRIVERS\ssadbus.sys
01:08:09.0268 5280  ssadbus - ok
01:08:09.0362 5280  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\windows\system32\DRIVERS\ssadmdfl.sys
01:08:09.0549 5280  ssadmdfl - ok
01:08:09.0580 5280  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm         C:\windows\system32\DRIVERS\ssadmdm.sys
01:08:09.0767 5280  ssadmdm - ok
01:08:09.0830 5280  [ D33D1BD3EC0E766211A234F56A12726D ] ssadserd        C:\windows\system32\DRIVERS\ssadserd.sys
01:08:10.0017 5280  ssadserd - ok
01:08:10.0079 5280  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
01:08:10.0095 5280  SSDPSRV - ok
01:08:10.0126 5280  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
01:08:10.0142 5280  SstpSvc - ok
01:08:10.0188 5280  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
01:08:10.0188 5280  stexstor - ok
01:08:10.0266 5280  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
01:08:10.0422 5280  stisvc - ok
01:08:10.0469 5280  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys
01:08:10.0485 5280  swenum - ok
01:08:10.0547 5280  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
01:08:10.0594 5280  swprv - ok
01:08:10.0656 5280  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
01:08:10.0812 5280  SysMain - ok
01:08:10.0875 5280  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
01:08:11.0015 5280  TabletInputService - ok
01:08:11.0046 5280  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
01:08:11.0202 5280  TapiSrv - ok
01:08:11.0249 5280  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
01:08:11.0265 5280  TBS - ok
01:08:11.0406 5280  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\windows\system32\drivers\tcpip.sys
01:08:11.0671 5280  Tcpip - ok
01:08:11.0999 5280  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
01:08:12.0030 5280  TCPIP6 - ok
01:08:12.0093 5280  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
01:08:12.0280 5280  tcpipreg - ok
01:08:12.0327 5280  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
01:08:12.0514 5280  tdcmdpst - ok
01:08:12.0545 5280  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
01:08:12.0576 5280  TDPIPE - ok
01:08:12.0607 5280  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
01:08:12.0795 5280  TDTCP - ok
01:08:12.0873 5280  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
01:08:13.0075 5280  tdx - ok
01:08:13.0122 5280  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys
01:08:13.0278 5280  TermDD - ok
01:08:13.0356 5280  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
01:08:13.0512 5280  TermService - ok
01:08:13.0559 5280  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
01:08:13.0575 5280  Themes - ok
01:08:13.0621 5280  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
01:08:13.0621 5280  THREADORDER - ok
01:08:13.0731 5280  [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
01:08:13.0949 5280  TMachInfo - ok
01:08:13.0980 5280  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\windows\system32\TODDSrv.exe
01:08:14.0230 5280  TODDSrv - ok
01:08:14.0464 5280  [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
01:08:14.0682 5280  TosCoSrv - ok
01:08:14.0807 5280  [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
01:08:15.0025 5280  TOSHIBA HDD SSD Alert Service - ok
01:08:15.0088 5280  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
01:08:15.0103 5280  TrkWks - ok
01:08:15.0181 5280  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
01:08:15.0369 5280  TrustedInstaller - ok
01:08:15.0415 5280  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
01:08:15.0618 5280  tssecsrv - ok
01:08:15.0665 5280  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
01:08:15.0852 5280  TsUsbFlt - ok
01:08:15.0946 5280  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
01:08:16.0149 5280  TsUsbGD - ok
01:08:16.0211 5280  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
01:08:16.0398 5280  tunnel - ok
01:08:16.0461 5280  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
01:08:16.0648 5280  TVALZ - ok
01:08:16.0773 5280  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
01:08:16.0788 5280  uagp35 - ok
01:08:16.0835 5280  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
01:08:17.0038 5280  udfs - ok
01:08:17.0116 5280  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
01:08:17.0147 5280  UI0Detect - ok
01:08:17.0178 5280  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
01:08:17.0194 5280  uliagpkx - ok
01:08:17.0287 5280  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
01:08:17.0490 5280  umbus - ok
01:08:17.0599 5280  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
01:08:17.0615 5280  UmPass - ok
01:08:17.0662 5280  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
01:08:17.0693 5280  upnphost - ok
01:08:17.0755 5280  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
01:08:17.0943 5280  USBAAPL64 - ok
01:08:17.0989 5280  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
01:08:18.0192 5280  usbccgp - ok
01:08:18.0255 5280  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
01:08:18.0270 5280  usbcir - ok
01:08:18.0301 5280  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
01:08:18.0489 5280  usbehci - ok
01:08:18.0535 5280  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
01:08:18.0738 5280  usbhub - ok
01:08:18.0754 5280  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\DRIVERS\usbohci.sys
01:08:18.0941 5280  usbohci - ok
01:08:19.0035 5280  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\drivers\usbprint.sys
01:08:19.0035 5280  usbprint - ok
01:08:19.0066 5280  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
01:08:19.0253 5280  USBSTOR - ok
01:08:19.0378 5280  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
01:08:19.0581 5280  usbuhci - ok
01:08:19.0612 5280  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
01:08:19.0830 5280  usbvideo - ok
01:08:19.0861 5280  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
01:08:19.0877 5280  UxSms - ok
01:08:19.0908 5280  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
01:08:19.0924 5280  VaultSvc - ok
01:08:19.0971 5280  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
01:08:20.0002 5280  vdrvroot - ok
01:08:20.0064 5280  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
01:08:20.0267 5280  vds - ok
01:08:20.0329 5280  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
01:08:20.0329 5280  vga - ok
01:08:20.0361 5280  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
01:08:20.0392 5280  VgaSave - ok
01:08:20.0407 5280  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
01:08:20.0610 5280  vhdmp - ok
01:08:20.0751 5280  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
01:08:20.0766 5280  viaide - ok
01:08:20.0876 5280  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
01:08:21.0126 5280  volmgr - ok
01:08:21.0157 5280  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
01:08:21.0376 5280  volmgrx - ok
01:08:21.0438 5280  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
01:08:21.0641 5280  volsnap - ok
01:08:21.0719 5280  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
01:08:21.0734 5280  vsmraid - ok
01:08:21.0890 5280  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
01:08:22.0202 5280  VSS - ok
01:08:22.0296 5280  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
01:08:22.0296 5280  vwifibus - ok
01:08:22.0343 5280  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
01:08:22.0374 5280  vwififlt - ok
01:08:22.0436 5280  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
01:08:22.0452 5280  vwifimp - ok
01:08:22.0514 5280  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
01:08:22.0546 5280  W32Time - ok
01:08:22.0608 5280  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
01:08:22.0639 5280  WacomPen - ok
01:08:22.0733 5280  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
01:08:22.0920 5280  WANARP - ok
01:08:22.0967 5280  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
01:08:22.0967 5280  Wanarpv6 - ok
01:08:23.0154 5280  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
01:08:23.0513 5280  WatAdminSvc - ok
01:08:23.0591 5280  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
01:08:23.0809 5280  wbengine - ok
01:08:23.0840 5280  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
01:08:23.0872 5280  WbioSrvc - ok
01:08:23.0918 5280  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
01:08:23.0934 5280  wcncsvc - ok
01:08:24.0012 5280  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
01:08:24.0012 5280  WcsPlugInService - ok
01:08:24.0137 5280  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
01:08:24.0168 5280  Wd - ok
01:08:24.0215 5280  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
01:08:24.0449 5280  Wdf01000 - ok
01:08:24.0542 5280  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
01:08:24.0574 5280  WdiServiceHost - ok
01:08:24.0589 5280  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
01:08:24.0589 5280  WdiSystemHost - ok
01:08:24.0652 5280  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
01:08:24.0808 5280  WebClient - ok
01:08:24.0823 5280  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
01:08:24.0854 5280  Wecsvc - ok
01:08:24.0918 5280  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
01:08:24.0933 5280  wercplsupport - ok
01:08:24.0965 5280  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
01:08:24.0980 5280  WerSvc - ok
01:08:25.0027 5280  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
01:08:25.0043 5280  WfpLwf - ok
01:08:25.0074 5280  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
01:08:25.0074 5280  WIMMount - ok
01:08:25.0152 5280  WinDefend - ok
01:08:25.0261 5280  WinHttpAutoProxySvc - ok
01:08:25.0542 5280  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
01:08:25.0557 5280  Winmgmt - ok
01:08:25.0854 5280  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
01:08:26.0416 5280  WinRM - ok
01:08:26.0494 5280  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
01:08:26.0697 5280  WinUsb - ok
01:08:26.0853 5280  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
01:08:26.0900 5280  Wlansvc - ok
01:08:27.0040 5280  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
01:08:27.0274 5280  wlcrasvc - ok
01:08:27.0602 5280  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
01:08:27.0914 5280  wlidsvc - ok
01:08:27.0961 5280  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
01:08:27.0976 5280  WmiAcpi - ok
01:08:28.0039 5280  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
01:08:28.0054 5280  wmiApSrv - ok
01:08:28.0179 5280  WMPNetworkSvc - ok
01:08:28.0242 5280  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
01:08:28.0257 5280  WPCSvc - ok
01:08:28.0304 5280  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
01:08:28.0460 5280  WPDBusEnum - ok
01:08:28.0507 5280  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
01:08:28.0522 5280  ws2ifsl - ok
01:08:28.0569 5280  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
01:08:28.0585 5280  wscsvc - ok
01:08:28.0600 5280  WSearch - ok
01:08:28.0881 5280  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
01:08:29.0209 5280  wuauserv - ok
01:08:29.0256 5280  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
01:08:29.0474 5280  WudfPf - ok
01:08:29.0490 5280  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
01:08:29.0692 5280  WUDFRd - ok
01:08:29.0770 5280  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
01:08:29.0911 5280  wudfsvc - ok
01:08:29.0973 5280  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
01:08:30.0129 5280  WwanSvc - ok
01:08:30.0176 5280  ================ Scan global ===============================
01:08:30.0207 5280  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
01:08:30.0301 5280  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
01:08:30.0582 5280  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
01:08:30.0660 5280  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
01:08:30.0738 5280  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
01:08:30.0769 5280  [Global] - ok
01:08:30.0769 5280  ================ Scan MBR ==================================
01:08:30.0800 5280  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
01:08:31.0440 5280  \Device\Harddisk0\DR0 - ok
01:08:31.0455 5280  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk1\DR1
01:08:45.0776 5280  \Device\Harddisk1\DR1 - ok
01:08:45.0776 5280  ================ Scan VBR ==================================
01:08:45.0838 5280  [ B791075EED36419BD37264506A922AF3 ] \Device\Harddisk0\DR0\Partition1
01:08:45.0948 5280  \Device\Harddisk0\DR0\Partition1 - ok
01:08:45.0948 5280  [ 735415C2495F97B925AE983CEEDAE130 ] \Device\Harddisk1\DR1\Partition1
01:08:45.0963 5280  \Device\Harddisk1\DR1\Partition1 - ok
01:08:45.0963 5280  ============================================================
01:08:45.0963 5280  Scan finished
01:08:45.0963 5280  ============================================================
01:08:45.0994 1272  Detected object count: 0
01:08:45.0994 1272  Actual detected object count: 0
01:09:47.0128 6532  Deinitialize success

 

Attached Files

  • Attached File  MBR.zip   567bytes   0 downloads


#4 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 17 August 2013 - 03:17 AM

Please read through these instructions to familiarize yourself with what to expect when this tool runs

Refer to the ComboFix User's Guide


Download ComboFix from one of these locations:

Link 1
Link 2



* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


====================================================


Double click on combofix.exe & follow the prompts.


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#5 yoitsmosh

yoitsmosh
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 18 August 2013 - 02:55 PM

Conspire, Windows is wanting to install updates.  Should I allow it at this time?

 

 

 

ComboFix 13-08-18.01 - Dr Who 08/18/2013  10:56:47.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.2663.1263 [GMT -4:00]
Running from: c:\users\Public\Documents\Downloads\ComboFix\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-18 to 2013-08-18  )))))))))))))))))))))))))))))))
.
.
2013-08-18 17:42 . 2013-08-18 17:42 -------- d-----w- c:\users\Mama\AppData\Local\temp
2013-08-18 17:42 . 2013-08-18 17:42 -------- d-----w- c:\users\Default\AppData\Local\temp
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 21:45 . 2012-04-14 03:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-12 21:45 . 2011-07-22 01:55 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 23:43 . 2013-07-15 00:15 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-11 23:43 . 2013-07-15 00:15 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-06-11 23:42 . 2013-07-15 00:16 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-06-11 23:42 . 2013-07-15 00:16 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-06-11 23:26 . 2013-07-15 00:16 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-11 23:26 . 2013-07-15 00:15 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-11 23:26 . 2013-07-15 00:15 1365504 ----a-w- c:\windows\system32\urlmon.dll
2013-06-11 23:25 . 2013-07-15 00:15 19238912 ----a-w- c:\windows\system32\mshtml.dll
2013-06-11 23:25 . 2013-07-15 00:15 603136 ----a-w- c:\windows\system32\msfeeds.dll
2013-06-11 23:25 . 2013-07-15 00:15 855552 ----a-w- c:\windows\system32\jscript.dll
2013-06-11 23:25 . 2013-07-15 00:15 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-11 23:25 . 2013-07-15 00:15 53248 ----a-w- c:\windows\system32\jsproxy.dll
2013-06-11 23:25 . 2013-07-15 00:16 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-11 23:25 . 2013-07-15 00:16 67072 ----a-w- c:\windows\system32\iesetup.dll
2013-06-11 23:25 . 2013-07-15 00:16 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-06-11 23:25 . 2013-07-15 00:16 136704 ----a-w- c:\windows\system32\iesysprep.dll
2013-06-11 23:25 . 2013-07-15 00:16 2648576 ----a-w- c:\windows\system32\iertutil.dll
2013-06-11 23:25 . 2013-07-15 00:15 15404032 ----a-w- c:\windows\system32\ieframe.dll
2013-06-11 22:51 . 2013-07-15 00:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-06-11 22:50 . 2013-07-15 00:16 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-06-07 03:22 . 2013-07-15 00:16 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-07 02:37 . 2013-07-15 00:16 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 13:47 . 2013-06-05 13:47 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-05 13:47 . 2013-06-05 13:47 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-06-05 13:47 . 2013-06-05 13:47 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-06-05 13:47 . 2013-06-05 13:47 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-06-05 13:47 . 2013-06-05 13:47 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-06-05 13:47 . 2013-06-05 13:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-06-05 13:47 . 2013-06-05 13:47 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-06-05 13:47 . 2013-06-05 13:47 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-06-05 13:47 . 2013-06-05 13:47 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-06-05 13:47 . 2013-06-05 13:47 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-06-05 13:47 . 2013-06-05 13:47 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-06-05 13:47 . 2013-06-05 13:47 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-06-05 13:47 . 2013-06-05 13:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-06-05 13:47 . 2013-06-05 13:47 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-06-05 13:47 . 2013-06-05 13:47 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-06-05 13:47 . 2013-06-05 13:47 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-06-05 13:47 . 2013-06-05 13:47 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-06-05 13:47 . 2013-06-05 13:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-06-05 13:47 . 2013-06-05 13:47 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-06-05 13:47 . 2013-06-05 13:47 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-05 13:47 . 2013-06-05 13:47 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-05 13:47 . 2013-06-05 13:47 81408 ----a-w- c:\windows\system32\icardie.dll
2013-06-05 13:47 . 2013-06-05 13:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-06-05 13:47 . 2013-06-05 13:47 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-06-05 13:47 . 2013-06-05 13:47 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-06-05 13:47 . 2013-06-05 13:47 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-06-05 13:47 . 2013-06-05 13:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-06-05 13:47 . 2013-06-05 13:47 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-06-05 13:47 . 2013-06-05 13:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-05 13:47 . 2013-06-05 13:47 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-06-05 13:47 . 2013-06-05 13:47 441856 ----a-w- c:\windows\system32\html.iec
2013-06-05 13:47 . 2013-06-05 13:47 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-06-05 13:47 . 2013-06-05 13:47 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-05 13:47 . 2013-06-05 13:47 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-06-05 13:47 . 2013-06-05 13:47 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-06-05 13:47 . 2013-06-05 13:47 235008 ----a-w- c:\windows\system32\url.dll
2013-06-05 13:47 . 2013-06-05 13:47 216064 ----a-w- c:\windows\system32\msls31.dll
2013-06-05 13:47 . 2013-06-05 13:47 197120 ----a-w- c:\windows\system32\msrating.dll
2013-06-05 13:47 . 2013-06-05 13:47 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-05 13:47 . 2013-06-05 13:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-06-05 13:47 . 2013-06-05 13:47 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-05 13:47 . 2013-06-05 13:47 149504 ----a-w- c:\windows\system32\occache.dll
2013-06-05 13:47 . 2013-06-05 13:47 144896 ----a-w- c:\windows\system32\wextract.exe
2013-06-05 13:47 . 2013-06-05 13:47 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-06-05 13:47 . 2013-06-05 13:47 13824 ----a-w- c:\windows\system32\mshta.exe
2013-06-05 13:47 . 2013-06-05 13:47 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-06-05 13:47 . 2013-06-05 13:47 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-05 13:47 . 2013-06-05 13:47 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-06-05 13:47 . 2013-06-05 13:47 102912 ----a-w- c:\windows\system32\inseng.dll
2013-06-05 13:43 . 2013-06-05 13:43 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-05 13:43 . 2013-06-05 13:43 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-06-05 13:43 . 2013-06-05 13:43 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-05 13:43 . 2013-06-05 13:43 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-05 13:43 . 2013-06-05 13:43 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-06-05 13:43 . 2013-06-05 13:43 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-06-05 13:43 . 2013-06-05 13:43 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-06-05 13:43 . 2013-06-05 13:43 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-06-05 13:43 . 2013-06-05 13:43 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-06-05 13:43 . 2013-06-05 13:43 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-05 13:43 . 2013-06-05 13:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-05 13:43 . 2013-06-05 13:43 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-05 13:43 . 2013-06-05 13:43 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-06-05 13:43 . 2013-06-05 13:43 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-25 39408]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-08 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 958576]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2012-04-03 1273448]
"IJNetworkScannerSelectorEX"="c:\program files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe" [2012-03-26 449168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-17 04:24 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 21:45]
.
2013-07-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003Core.job
- c:\users\Mama\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26 20:43]
.
2013-08-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003UA.job
- c:\users\Mama\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-26 20:43]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 22:11]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-25 22:11]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003Core.job
- c:\users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-05 01:20]
.
2013-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003UA.job
- c:\users\Mama\AppData\Local\Google\Update\GoogleUpdate.exe [2013-06-05 01:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-18  15:24:15
ComboFix-quarantined-files.txt  2013-08-18 19:24
.
Pre-Run: 55,200,137,216 bytes free
Post-Run: 57,428,447,232 bytes free
.
- - End Of File - - D36351CD84D00DBABB40F2070D6C22EC
5B5E648D12FCADC244C1EC30318E1EB9
 



#6 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 18 August 2013 - 10:09 PM

Yes you can allow it to update. The log doesn't show anything alarming. Are you still receiving the error?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#7 yoitsmosh

yoitsmosh
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 19 August 2013 - 10:13 AM

Yes, only with the user "Mama."  Could it be an an orphaned entry in the Registry or in an .INI file?  If so, which tool do you recommend as a cleaner? I could not find any info at all on the web for "bcshbowtd.dll."



#8 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 19 August 2013 - 11:31 AM

It could very well be an orphaned entry. You said only the Mama account got the error and you ran DDS from that account, but the log shows it's Dr.Who?
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#9 yoitsmosh

yoitsmosh
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 19 August 2013 - 04:54 PM

I'm confused, the log (which log) shows it's (what are referring to in "it's") Dr. Who?  The only app that I ran by logging into Dr. Who was ComboFix and that was because I was forced to by McAfee in order to disable real time scanning.  The other apps were run from Mama using Run as Administrator.



#10 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 19 August 2013 - 10:30 PM

I was referring to DDS log which showed me it was running from the account Dr.Who. That's odd. :huh:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16635
Run by Dr Who at 13:30:51 on 2013-08-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2663.1457 [GMT -4:00]

 

Never mind about that first. I'd like you to run OTL for me using Mama account and see if I could find anything related to that error and remove it. Right click and select Run As Admin if you have to.

 

 

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

 

 


Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#11 yoitsmosh

yoitsmosh
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 20 August 2013 - 07:03 PM

Logged on to Mama, I double-clicked on OTL, it asked me to enter Dr Who's password.  OTL did not create an "Extras.txt" file.  I have attached a screen shot of the error. HTH, Mosh

 

OTH.txt

------------

OTL logfile created on: 8/20/2013 12:34:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Public\Documents\Downloads\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.60 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 45.98% Memory free
5.20 Gb Paging File | 3.32 Gb Available in Paging File | 63.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.40 Gb Total Space | 52.75 Gb Free Space | 18.55% Space Free | Partition Type: NTFS
 
Computer Name: BLACKPEARL | User Name: Dr Who | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Public\Documents\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
PRC - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\10054f798f1a896d5176581777ca7406\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\56a1feb800860a3bc5d8a45ee92a77ec\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\001aeb860d7f2ba416e0fedc606fee98\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1a3b614a84244ea5fa4147b5cf007333\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b3ed31a444f444325ddb64b290ed2f1e\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\c25ede0d0127774c504c4fc41d4de273\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\df40dab689e9d8febfb943599ba79f8d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV:64bit: - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.)
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (HipShieldK) -- C:\Windows\SysNative\drivers\HipShieldK.sys (McAfee, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {F85F934F-E77C-4B88-B9ED-5AC1361C4BF8}
IE:64bit: - HKLM\..\SearchScopes\{F85F934F-E77C-4B88-B9ED-5AC1361C4BF8}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {F85F934F-E77C-4B88-B9ED-5AC1361C4BF8}
IE - HKLM\..\SearchScopes\{F85F934F-E77C-4B88-B9ED-5AC1361C4BF8}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
IE - HKCU\..\SearchScopes,DefaultScope = {4BA1D0F7-3961-4100-9D5B-C854070A8085}
IE - HKCU\..\SearchScopes\{4BA1D0F7-3961-4100-9D5B-C854070A8085}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS471
IE - HKCU\..\SearchScopes\{F85F934F-E77C-4B88-B9ED-5AC1361C4BF8}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/28 11:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/04/15 02:02:12 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120626150006.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120626150006.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61E8E43E-3801-43D5-8AB3-2DC1AEF4CE55}: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A8D9A58C-0D38-49C4-8C6F-1E0B75CB4AA0}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/20 11:16:59 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/20 11:16:58 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/20 11:16:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/20 11:16:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/20 11:16:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/20 11:16:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/20 11:16:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/20 11:16:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/20 11:16:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/20 11:16:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/20 11:16:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/20 11:16:49 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/20 11:16:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/20 11:16:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/20 11:16:46 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/18 15:24:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/18 15:24:20 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/08/18 10:49:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/08/18 10:49:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/08/18 10:49:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/08/18 10:44:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/08/18 10:34:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/18 10:33:49 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/08/17 00:46:27 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\crypt32.dll
[2013/08/17 00:46:25 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2013/08/17 00:46:19 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptnet.dll
[2013/08/17 00:44:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/08/17 00:44:40 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/08/17 00:42:16 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2013/08/10 10:02:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Downloads
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/20 12:31:03 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/20 12:31:03 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/20 12:31:03 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/20 12:27:18 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/20 12:26:46 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/20 12:16:11 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/20 12:16:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003UA.job
[2013/08/20 11:48:45 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/20 11:48:45 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/20 11:45:10 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/20 11:40:03 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/20 11:12:34 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003UA.job
[2013/08/18 15:48:00 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003Core.job
[2013/08/18 13:15:00 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2982457156-540616489-2010051618-1003Core.job
[2013/07/26 01:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/07/26 01:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/07/26 01:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/07/26 01:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/07/26 01:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/07/26 01:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/07/26 01:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/07/26 01:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/07/25 23:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/07/25 23:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/07/25 23:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/07/25 23:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/07/25 23:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/07/25 22:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/07/25 21:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 05:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/25 04:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/18 10:49:28 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/08/18 10:49:28 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/08/18 10:49:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/08/18 10:49:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/08/18 10:49:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/05/06 22:45:20 | 000,007,602 | ---- | C] () -- C:\Users\Dr Who\AppData\Local\Resmon.ResmonCfg
[2012/03/18 23:24:03 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/02/15 08:30:05 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2012/01/25 17:10:53 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/01/25 17:00:30 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2012/01/25 16:55:42 | 000,003,929 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/03/18 23:28:12 | 000,000,000 | ---D | M] -- C:\Users\Dr Who\AppData\Roaming\Book Place
[2013/04/30 11:38:06 | 000,000,000 | ---D | M] -- C:\Users\Dr Who\AppData\Roaming\canon
[2012/02/14 20:35:22 | 000,000,000 | ---D | M] -- C:\Users\Dr Who\AppData\Roaming\Toshiba
[2012/02/14 20:31:12 | 000,000,000 | ---D | M] -- C:\Users\Dr Who\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >

 

Attached Files



#12 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 20 August 2013 - 11:18 PM

Please download Rkill by Grinler and save it to your desktop.
  • Link 1
  • Link 2
    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista, right-click on it and Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • If the tool does not run from any of the links provided, please let me know.
Close it and please post the log in your next reply and tell me if you're still seeing the error after rebooting. You should be able to find the log on your desktop.
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#13 yoitsmosh

yoitsmosh
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 21 August 2013 - 12:39 AM

Logged in as user Mama. The app in Link 1 ran fine (UAC asked for admin pw) though I had to run the app a second time because I could not find Rkill.txt on the desktop. When I ran it the second time I explicitly saved the file to the desktop and still could not find it.  Then it occurred to me and I found it on Dr Who's desktop.  The error message box (above) popped-up after the reboot.

 

Rkill.txt

-----------

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/21/2013 01:05:03 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 08/21/2013 01:05:59 AM
Execution time: 0 hours(s), 0 minute(s), and 55 seconds(s)



#14 Conspire

Conspire

  • Malware Response Team
  • 1,155 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 PM

Posted 21 August 2013 - 03:31 AM

Rkill doesn't give me the result as I would have expected.

Please download SystemLook from one of the links below and save it to your Desktop.
Download
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *bcshbowtd*
    
    :regfind
    bcshbowtd.dll
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
Proud Graduate of the WTT Classroom
Member of UNITE
The help you receive here is always free. If you wish to show your appreciation, then you may btn_donate_SM.gif

#15 yoitsmosh

yoitsmosh
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Georgia (Newberry)
  • Local time:07:27 AM

Posted 21 August 2013 - 11:46 AM

Hey, you found it!

 

SystemLook.txt

----------------------

SystemLook 30.07.11 by jpshortstuff
Log created at 12:34 on 21/08/2013 by Dr Who
Administrator - Elevation successful

========== filefind ==========

Searching for "*bcshbowtd*"
No files found.

========== regfind ==========

Searching for "bcshbowtd.dll"
[HKEY_USERS\S-1-5-21-2982457156-540616489-2010051618-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"CrashDumps"="rundll32.exe "C:\Users\Mama\AppData\Local\Google\CrashDumps\bcshbowtd.dll",FLAC__stream_encoder_newW"

-= EOF =-






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users