Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help please


  • This topic is locked This topic is locked
16 replies to this topic

#1 amedcalf

amedcalf

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 August 2013 - 06:31 AM

Hi,

 

Not sure what it is called but everytime I start my computer, when it gets to the desktop is disappears and I am greeted with a window that I have been downloading illegal software and has a time limit to pay a fine.

 

I know this is a virus of some sort.

 

Just don't know what it is and how to get rid of it.

 

Please help

 

Thanks in advance



BC AdBot (Login to Remove)

 


#2 amedcalf

amedcalf
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:08:28 AM

Posted 27 August 2013 - 11:59 AM

Just realised I need to advise that I am running Windows 7

 

The main desktop disappears and a page opens stating that I have been caught by the Police.

 

What for? I do not know as I don't download anything I should, All I use my laptop for is music and photoshop.

 

Please help



#3 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:28 AM

Posted 27 August 2013 - 05:17 PM

I'll report this topic to appropriate helpers.

Hold on there....


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:28 AM

Posted 27 August 2013 - 07:12 PM

Hello, amedcalf.
My name is etavares and I will be helping you with this log.
 
Here are some guidelines to ensure we are able to get your machine back under your control.
 
  • Please do not run any unsupervised scans, fixes, etc.  We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so.  Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned.  Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first.  There's no harm in asking questions!
  •  
     
     
    Step 1
     
    Please download Farbar Recovery Scan Tool and save it to a flash drive.
     
    Plug the flashdrive into the infected PC.
     
    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  •  
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  •  
    On the System Recovery Options menu you will get the following options:
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
     
    Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64)  and press Enter 
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #5 amedcalf

    amedcalf
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:08:28 AM

    Posted 28 August 2013 - 06:04 AM

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
    Ran by SYSTEM on 28-08-2013 11:58:06
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 10
    Boot Mode: Recovery

    The current controlset is ControlSet002
    ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
    HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [570680 2009-08-13] (TOSHIBA Corporation)
    HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
    HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
    HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
    HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1050072 2010-02-10] (Toshiba Europe GmbH)
    HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaReminder.exe [136136 2010-02-12] (Toshiba Europe GmbH)
    HKLM\...\Run: [btbb_McciTrayApp] - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2821808 2011-05-26] (Alcatel-Lucent)
    HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
    HKLM-x32\...\Run: [NBAgent] - c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2010-03-08] (Nero AG)
    HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1532992 2013-03-13] (McAfee, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2012-12-18] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
    HKLM-x32\...\Run: [SS_MW] - C:\Program Files (x86)\Radica\Stylin' Studio\SS_MW.exe [524288 2008-04-25] (Radica)
    HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
    HKU\Administrator\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
    HKU\Administrator\...\Policies\system: [LogonHoursAction] 2
    HKU\Administrator\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Allan\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6581488 2013-08-15] (SUPERAntiSpyware)
    HKU\Allan\...\Policies\system: [LogonHoursAction] 2
    HKU\Allan\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Default\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
    HKU\Default User\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
    HKU\Jack\...\Run: [TOSHIBA Online Product Information] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [4581280 2010-03-03] (TOSHIBA)
    HKU\Jack\...\Policies\system: [LogonHoursAction] 2
    HKU\Jack\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
    HKU\Mcx1-ALLAN-TOSH\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
    AppInit_DLLs:   C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll  [343552 2009-07-13] ()
    Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
    ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsgylbqfkosowjqunrr.lnk
    ShortcutTarget: lsgylbqfkosowjqunrr.lnk -> C:\Users\Allan\AppData\Local\Temp\rrnuqjwosokfqblygsl.bfg (No File)
    Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
    Startup: C:\Users\Mcx1-ALLAN-TOSH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
    ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

    ==================== Services (Whitelisted) =================

    S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
    S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-07-14] (Adobe Systems)
    S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [384048 2013-02-25] (McAfee, Inc.)
    S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
    S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
    S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
    S2 mfevtp; C:\Windows\system32\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
    S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467280 2013-02-14] (Alcatel-Lucent)
    S2 SpyroService; C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe [50688 2012-09-20] (FS)
    S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [124368 2010-02-10] (Toshiba Europe GmbH)

    ==================== Drivers (Whitelisted) ====================

    S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
    S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
    S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
    S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
    S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
    S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
    S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
    S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
    S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
    S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2013-06-12] (Printing Communications Assoc., Inc. (PCAUSA))
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
    S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
    S3 mfeavfk01; No ImagePath
    S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
    S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2013-08-27 09:20 - 2013-08-27 09:20 - 00000000 ____D C:\Users\Allan\.MinecraftStructurePlanner
    2013-08-27 09:19 - 2013-08-27 09:20 - 05536064 _____ C:\Users\Allan\Downloads\MinecraftStructurePlanner.exe
    2013-08-27 09:18 - 2013-08-27 09:18 - 05507904 _____ C:\Users\Allan\Desktop\MinecraftStructurePlanner.jar
    2013-08-27 01:44 - 2013-08-27 01:44 - 04170112 _____ C:\Users\Jack\Desktop\minecraftforge-installer-1.6.2-9.10.0.804.jar
    2013-08-27 01:07 - 2013-08-27 09:50 - 00000000 ____D C:\Users\Jack\AppData\Roaming\.minecraft
    2013-08-26 16:12 - 2013-08-26 16:12 - 00000165 _____ C:\ProgramData\lsgylbqfkosowjqunrr.reg
    2013-08-26 16:12 - 2013-08-26 16:12 - 00000070 _____ C:\ProgramData\lsgylbqfkosowjqunrr.bat
    2013-08-24 12:54 - 2013-08-24 12:54 - 00003160 _____ C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
    2013-08-24 12:53 - 2013-08-24 12:53 - 00001153 _____ C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
    2013-08-24 12:53 - 2013-08-24 12:53 - 00001141 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
    2013-08-24 12:53 - 2013-08-24 12:53 - 00000000 ____D C:\ProgramData\IObit
    2013-08-24 12:53 - 2013-08-24 12:53 - 00000000 ____D C:\Program Files (x86)\IObit
    2013-08-24 12:33 - 2013-08-24 12:33 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
    2013-08-24 12:15 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2013-08-24 12:15 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2013-08-24 12:15 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2013-08-22 01:00 - 2013-08-22 01:00 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Allan\Desktop\tdsskiller.exe
    2013-08-15 09:56 - 2013-08-15 09:56 - 02834432 _____ C:\Users\Jack\Desktop\Moonlight Lake.bin
    2013-08-15 09:52 - 2013-08-15 09:52 - 02134016 _____ C:\Users\Jack\Desktop\BUFloatingIslandHungerGames.bin
    2013-08-15 09:50 - 2013-08-15 09:50 - 21323776 _____ C:\Users\Jack\Desktop\Save20130519150214.bin
    2013-08-15 04:50 - 2013-08-15 04:50 - 03633152 _____ C:\Users\Jack\Desktop\The Walls MCmiricle
    2013-08-15 04:47 - 2013-08-15 04:47 - 14229312 _____ C:\Users\Jack\Desktop\MCXBLA The Wall v.1.3 by Eminemjr.zip
    2013-08-15 04:46 - 2013-08-15 04:46 - 05046272 _____ C:\Users\Jack\Desktop\hardcore parkour v1.bin
    2013-08-15 04:43 - 2013-08-15 04:43 - 02473984 _____ C:\Users\Jack\Desktop\Save20130119105756.bin
    2013-08-15 04:42 - 2013-08-15 04:42 - 02473984 _____ C:\Users\Jack\Downloads\Save20130119105756.bin
    2013-08-15 04:38 - 2013-08-15 04:38 - 01990656 _____ C:\Users\Jack\Desktop\Extreme Ant Farm Survival
    2013-08-14 09:01 - 2013-08-14 09:01 - 11399168 _____ C:\Users\Jack\Desktop\NEW BATTLEDOME.bin
    2013-08-14 05:38 - 2013-08-14 05:38 - 00000000 ____D C:\Users\Jack\AppData\Local\Daring_Development_Inc
    2013-08-14 05:37 - 2013-08-14 05:37 - 03837952 _____ C:\Users\Jack\Desktop\jurrasiclightsout.bin
    2013-08-14 00:21 - 2013-07-25 21:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-08-14 00:21 - 2013-07-25 21:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-08-14 00:21 - 2013-07-25 21:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
    2013-08-14 00:21 - 2013-07-25 21:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-08-14 00:21 - 2013-07-25 21:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
    2013-08-14 00:21 - 2013-07-25 19:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-08-14 00:21 - 2013-07-25 19:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-08-14 00:21 - 2013-07-25 19:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2013-08-14 00:21 - 2013-07-25 19:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-08-14 00:21 - 2013-07-25 19:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-08-14 00:21 - 2013-07-25 19:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2013-08-14 00:21 - 2013-07-25 18:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-08-14 00:21 - 2013-07-25 18:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
    2013-08-14 00:21 - 2013-07-25 17:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2013-08-13 23:37 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
    2013-08-13 23:37 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2013-08-13 23:37 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2013-08-13 23:37 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
    2013-08-13 23:37 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2013-08-13 23:37 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2013-08-13 23:37 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2013-08-13 23:37 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2013-08-13 23:37 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2013-08-13 23:37 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2013-08-13 23:37 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2013-08-13 23:37 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2013-08-13 23:36 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2013-08-13 23:36 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2013-08-13 23:36 - 2013-07-08 22:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2013-08-13 23:36 - 2013-07-08 21:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
    2013-08-13 23:36 - 2013-07-08 21:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2013-08-13 23:36 - 2013-07-08 21:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2013-08-13 23:36 - 2013-07-08 21:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2013-08-13 23:36 - 2013-07-08 20:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2013-08-13 23:36 - 2013-07-08 18:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2013-08-13 23:35 - 2013-07-08 20:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2013-08-13 23:35 - 2013-07-08 18:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2013-08-13 23:35 - 2013-07-08 18:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2013-08-13 23:35 - 2013-07-08 18:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2013-08-13 23:35 - 2013-07-05 22:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2013-08-13 23:35 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
    2013-08-12 12:19 - 2013-08-12 12:19 - 00001230 __RSH C:\Users\Jack\ntuser.pol
    2013-08-12 12:19 - 2013-08-12 12:19 - 00000000 ____D C:\Users\Jack\AppData\Local\Google
    2013-08-12 12:18 - 2013-08-12 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Toshiba
    2013-08-12 12:18 - 2013-08-12 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\TOSHIBA_Corporation
    2013-08-12 12:15 - 2013-08-12 12:22 - 00000632 __RSH C:\Users\Allan\ntuser.pol
    2013-08-12 12:15 - 2013-08-12 12:16 - 00000632 __RSH C:\Users\Administrator\ntuser.pol
    2013-08-12 12:14 - 2013-08-12 12:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Motive
    2013-08-12 12:09 - 2013-08-12 12:09 - 00058408 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-08-12 12:08 - 2013-08-12 12:11 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
    2013-08-12 12:08 - 2013-08-12 12:08 - 00002222 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
    2013-08-12 12:08 - 2013-08-12 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Nero
    2013-08-12 12:08 - 2013-08-12 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
    2013-08-12 12:08 - 2013-08-12 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2013-08-12 12:07 - 2013-08-12 12:16 - 00000000 ____D C:\users\Administrator
    2013-08-12 12:07 - 2013-08-12 12:07 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-08-12 12:07 - 2010-04-08 00:44 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
    2013-08-12 06:31 - 2013-08-12 06:31 - 00000000 ____D C:\Users\Jack\AppData\Local\TOSHIBA_Corporation
    2013-08-12 04:55 - 2013-08-12 04:56 - 00000000 ____D C:\Users\Jack\AppData\Local\Microsoft Games
    2013-08-12 04:53 - 2013-08-12 04:53 - 00000000 ____D C:\Users\Jack\AppData\Local\Toshiba
    2013-08-12 02:12 - 2013-08-12 02:12 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Toshiba
    2013-08-12 02:02 - 2013-08-12 02:02 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Motive
    2013-08-12 02:01 - 2013-08-12 02:03 - 00000000 ____D C:\Users\Jack\AppData\Roaming\.technic
    2013-08-12 02:00 - 2013-08-12 02:00 - 03020770 _____ () C:\Users\Jack\Desktop\TechnicLauncher.exe
    2013-08-12 01:59 - 2013-08-12 01:59 - 00675988 _____ C:\Users\Jack\Desktop\Minecraft.exe
    2013-08-12 01:57 - 2013-08-12 01:57 - 00058408 _____ C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-08-12 01:56 - 2013-08-20 01:14 - 00000000 ____D C:\Users\Jack\AppData\Local\LogMeIn Hamachi
    2013-08-12 01:56 - 2013-08-14 05:27 - 00000000 ____D C:\users\Jack
    2013-08-12 01:56 - 2013-08-12 12:19 - 00002226 _____ C:\Users\Jack\Desktop\Google Chrome.lnk
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000020 ___SH C:\Users\Jack\ntuser.ini
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Nero
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Apple Computer
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Adobe
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Local\VirtualStore
    2013-08-12 01:56 - 2010-04-08 00:44 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Macromedia
    2013-08-11 14:21 - 2013-08-11 14:21 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
    2013-08-11 04:48 - 2013-08-11 04:48 - 01507328 _____ C:\Users\Allan\Desktop\World In a jar survival
    2013-08-11 04:46 - 2013-08-11 04:52 - 01212416 _____ C:\Users\Allan\Desktop\The End Hunger Games.bin
    2013-08-11 03:27 - 2013-08-11 03:27 - 00675988 _____ C:\Users\Allan\Desktop\Minecraft.exe.groyp1g.partial
    2013-08-10 14:11 - 2013-08-10 14:11 - 04296704 _____ C:\Users\Allan\Desktop\hamachi.msi
    2013-08-10 14:08 - 2013-08-11 03:44 - 00000000 ____D C:\Users\Allan\Desktop\Hexxit_Server_v1.0.5
    2013-08-10 14:06 - 2013-08-10 14:07 - 39342352 _____ C:\Users\Allan\Desktop\Hexxit_Server_v1.0.5.zip
    2013-08-07 15:00 - 2013-08-07 15:00 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-08-07 15:00 - 2013-08-07 15:00 - 00000000 ____D C:\Users\Allan\AppData\Roaming\TuneUp Software
    2013-08-07 15:00 - 2013-08-07 15:00 - 00000000 ____D C:\ProgramData\TuneUp Software
    2013-08-07 14:59 - 2013-08-24 12:32 - 00000000 ____D C:\Users\Allan\AppData\Roaming\OpenCandy
    2013-08-07 14:59 - 2013-08-07 15:14 - 00000538 _____ C:\Windows\wininit.ini
    2013-08-07 14:59 - 2013-08-07 15:00 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft

    ==================== One Month Modified Files and Folders =======

    2013-08-28 11:57 - 2013-08-28 11:57 - 00000000 ____D C:\FRST
    2013-08-28 02:54 - 2013-02-08 14:18 - 01964820 _____ C:\Windows\WindowsUpdate.log
    2013-08-28 02:45 - 2009-07-13 20:45 - 00016304 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-08-28 02:45 - 2009-07-13 20:45 - 00016304 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-08-28 02:44 - 2009-07-13 21:13 - 00727310 _____ C:\Windows\System32\PerfStringBackup.INI
    2013-08-28 02:43 - 2009-07-13 20:51 - 00078860 _____ C:\Windows\setupact.log
    2013-08-28 02:34 - 2013-06-26 14:23 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-08-28 02:26 - 2013-03-09 07:04 - 00001835 _____ C:\Users\Public\Desktop\BT NetProtect Plus.lnk
    2013-08-28 02:21 - 2013-06-26 14:23 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-08-28 02:21 - 2013-02-08 14:13 - 00046222 _____ C:\Windows\PFRO.log
    2013-08-28 02:21 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2013-08-28 00:02 - 2013-02-08 15:47 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-08-27 09:50 - 2013-08-27 01:07 - 00000000 ____D C:\Users\Jack\AppData\Roaming\.minecraft
    2013-08-27 09:20 - 2013-08-27 09:20 - 00000000 ____D C:\Users\Allan\.MinecraftStructurePlanner
    2013-08-27 09:20 - 2013-08-27 09:19 - 05536064 _____ C:\Users\Allan\Downloads\MinecraftStructurePlanner.exe
    2013-08-27 09:20 - 2013-02-08 15:28 - 00000000 ____D C:\users\Allan
    2013-08-27 09:18 - 2013-08-27 09:18 - 05507904 _____ C:\Users\Allan\Desktop\MinecraftStructurePlanner.jar
    2013-08-27 01:44 - 2013-08-27 01:44 - 04170112 _____ C:\Users\Jack\Desktop\minecraftforge-installer-1.6.2-9.10.0.804.jar
    2013-08-26 16:12 - 2013-08-26 16:12 - 00000165 _____ C:\ProgramData\lsgylbqfkosowjqunrr.reg
    2013-08-26 16:12 - 2013-08-26 16:12 - 00000070 _____ C:\ProgramData\lsgylbqfkosowjqunrr.bat
    2013-08-24 12:54 - 2013-08-24 12:54 - 00003160 _____ C:\Windows\System32\Tasks\Game_Booster_AutoUpdate
    2013-08-24 12:53 - 2013-08-24 12:53 - 00001153 _____ C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
    2013-08-24 12:53 - 2013-08-24 12:53 - 00001141 _____ C:\Users\Public\Desktop\Game Booster 3.lnk
    2013-08-24 12:53 - 2013-08-24 12:53 - 00000000 ____D C:\ProgramData\IObit
    2013-08-24 12:53 - 2013-08-24 12:53 - 00000000 ____D C:\Program Files (x86)\IObit
    2013-08-24 12:49 - 2013-07-17 10:08 - 00000000 ____D C:\Users\Allan\AppData\Local\Unity
    2013-08-24 12:33 - 2013-08-24 12:33 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
    2013-08-24 12:33 - 2013-03-01 08:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2013-08-24 12:32 - 2013-08-07 14:59 - 00000000 ____D C:\Users\Allan\AppData\Roaming\OpenCandy
    2013-08-24 12:15 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
    2013-08-24 12:15 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
    2013-08-24 12:15 - 2013-08-24 12:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
    2013-08-24 12:15 - 2010-04-08 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2013-08-24 11:01 - 2013-06-26 14:22 - 00000000 ____D C:\Users\Allan\AppData\Local\Deployment
    2013-08-23 12:41 - 2013-06-26 12:31 - 00000000 ____D C:\Program Files (x86)\War Thunder
    2013-08-22 01:00 - 2013-08-22 01:00 - 02748256 _____ (Kaspersky Lab ZAO) C:\Users\Allan\Desktop\tdsskiller.exe
    2013-08-22 00:02 - 2013-03-09 07:02 - 00000000 ____D C:\Program Files (x86)\McAfee
    2013-08-20 01:14 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Local\LogMeIn Hamachi
    2013-08-18 01:05 - 2009-07-13 21:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
    2013-08-15 12:01 - 2013-03-04 14:13 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2013-08-15 09:56 - 2013-08-15 09:56 - 02834432 _____ C:\Users\Jack\Desktop\Moonlight Lake.bin
    2013-08-15 09:52 - 2013-08-15 09:52 - 02134016 _____ C:\Users\Jack\Desktop\BUFloatingIslandHungerGames.bin
    2013-08-15 09:50 - 2013-08-15 09:50 - 21323776 _____ C:\Users\Jack\Desktop\Save20130519150214.bin
    2013-08-15 04:50 - 2013-08-15 04:50 - 03633152 _____ C:\Users\Jack\Desktop\The Walls MCmiricle
    2013-08-15 04:47 - 2013-08-15 04:47 - 14229312 _____ C:\Users\Jack\Desktop\MCXBLA The Wall v.1.3 by Eminemjr.zip
    2013-08-15 04:46 - 2013-08-15 04:46 - 05046272 _____ C:\Users\Jack\Desktop\hardcore parkour v1.bin
    2013-08-15 04:43 - 2013-08-15 04:43 - 02473984 _____ C:\Users\Jack\Desktop\Save20130119105756.bin
    2013-08-15 04:42 - 2013-08-15 04:42 - 02473984 _____ C:\Users\Jack\Downloads\Save20130119105756.bin
    2013-08-15 04:38 - 2013-08-15 04:38 - 01990656 _____ C:\Users\Jack\Desktop\Extreme Ant Farm Survival
    2013-08-14 12:16 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-08-14 09:01 - 2013-08-14 09:01 - 11399168 _____ C:\Users\Jack\Desktop\NEW BATTLEDOME.bin
    2013-08-14 05:38 - 2013-08-14 05:38 - 00000000 ____D C:\Users\Jack\AppData\Local\Daring_Development_Inc
    2013-08-14 05:37 - 2013-08-14 05:37 - 03837952 _____ C:\Users\Jack\Desktop\jurrasiclightsout.bin
    2013-08-14 05:27 - 2013-08-12 01:56 - 00000000 ____D C:\users\Jack
    2013-08-14 00:12 - 2013-07-19 14:52 - 00000000 ____D C:\Windows\System32\MRT
    2013-08-14 00:12 - 2013-02-09 05:59 - 78161360 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-08-12 12:22 - 2013-08-12 12:15 - 00000632 __RSH C:\Users\Allan\ntuser.pol
    2013-08-12 12:19 - 2013-08-12 12:19 - 00001230 __RSH C:\Users\Jack\ntuser.pol
    2013-08-12 12:19 - 2013-08-12 12:19 - 00000000 ____D C:\Users\Jack\AppData\Local\Google
    2013-08-12 12:19 - 2013-08-12 01:56 - 00002226 _____ C:\Users\Jack\Desktop\Google Chrome.lnk
    2013-08-12 12:18 - 2013-08-12 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Toshiba
    2013-08-12 12:18 - 2013-08-12 12:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\TOSHIBA_Corporation
    2013-08-12 12:16 - 2013-08-12 12:15 - 00000632 __RSH C:\Users\Administrator\ntuser.pol
    2013-08-12 12:16 - 2013-08-12 12:07 - 00000000 ____D C:\users\Administrator
    2013-08-12 12:14 - 2013-08-12 12:14 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Motive
    2013-08-12 12:11 - 2013-08-12 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
    2013-08-12 12:09 - 2013-08-12 12:09 - 00058408 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-08-12 12:08 - 2013-08-12 12:08 - 00002222 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
    2013-08-12 12:08 - 2013-08-12 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Nero
    2013-08-12 12:08 - 2013-08-12 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
    2013-08-12 12:08 - 2013-08-12 12:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
    2013-08-12 12:07 - 2013-08-12 12:07 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
    2013-08-12 06:31 - 2013-08-12 06:31 - 00000000 ____D C:\Users\Jack\AppData\Local\TOSHIBA_Corporation
    2013-08-12 04:56 - 2013-08-12 04:55 - 00000000 ____D C:\Users\Jack\AppData\Local\Microsoft Games
    2013-08-12 04:53 - 2013-08-12 04:53 - 00000000 ____D C:\Users\Jack\AppData\Local\Toshiba
    2013-08-12 02:12 - 2013-08-12 02:12 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Toshiba
    2013-08-12 02:03 - 2013-08-12 02:01 - 00000000 ____D C:\Users\Jack\AppData\Roaming\.technic
    2013-08-12 02:02 - 2013-08-12 02:02 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Motive
    2013-08-12 02:00 - 2013-08-12 02:00 - 03020770 _____ () C:\Users\Jack\Desktop\TechnicLauncher.exe
    2013-08-12 01:59 - 2013-08-12 01:59 - 00675988 _____ C:\Users\Jack\Desktop\Minecraft.exe
    2013-08-12 01:57 - 2013-08-12 01:57 - 00058408 _____ C:\Users\Jack\AppData\Local\GDIPFONTCACHEV1.DAT
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000020 ___SH C:\Users\Jack\ntuser.ini
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Nero
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Apple Computer
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Roaming\Adobe
    2013-08-12 01:56 - 2013-08-12 01:56 - 00000000 ____D C:\Users\Jack\AppData\Local\VirtualStore
    2013-08-11 14:21 - 2013-08-11 14:21 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
    2013-08-11 14:21 - 2013-06-27 06:11 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
    2013-08-11 14:21 - 2013-06-27 06:11 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
    2013-08-11 14:21 - 2013-06-27 06:11 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
    2013-08-11 14:21 - 2013-06-27 06:11 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
    2013-08-11 14:21 - 2013-06-27 06:10 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
    2013-08-11 14:16 - 2013-04-14 13:20 - 00000000 ____D C:\Users\Allan\Desktop\Scale rc
    2013-08-11 04:52 - 2013-08-11 04:46 - 01212416 _____ C:\Users\Allan\Desktop\The End Hunger Games.bin
    2013-08-11 04:48 - 2013-08-11 04:48 - 01507328 _____ C:\Users\Allan\Desktop\World In a jar survival
    2013-08-11 03:44 - 2013-08-10 14:08 - 00000000 ____D C:\Users\Allan\Desktop\Hexxit_Server_v1.0.5
    2013-08-11 03:32 - 2013-03-01 09:15 - 00000000 ____D C:\Users\Allan\AppData\Roaming\.minecraft
    2013-08-11 03:27 - 2013-08-11 03:27 - 00675988 _____ C:\Users\Allan\Desktop\Minecraft.exe.groyp1g.partial
    2013-08-10 14:11 - 2013-08-10 14:11 - 04296704 _____ C:\Users\Allan\Desktop\hamachi.msi
    2013-08-10 14:07 - 2013-08-10 14:06 - 39342352 _____ C:\Users\Allan\Desktop\Hexxit_Server_v1.0.5.zip
    2013-08-10 12:22 - 2013-03-11 04:58 - 00000000 ____D C:\Users\Allan\AppData\Roaming\.technic
    2013-08-10 02:34 - 2013-02-10 06:33 - 00000000 ____D C:\Users\Allan\AppData\Roaming\SoftGrid Client
    2013-08-08 11:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-08-07 15:14 - 2013-08-07 14:59 - 00000538 _____ C:\Windows\wininit.ini
    2013-08-07 15:13 - 2013-05-26 10:46 - 00000000 ____D C:\Users\Allan\Desktop\MUSIC MP3
    2013-08-07 15:00 - 2013-08-07 15:00 - 00000000 __SHD C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-08-07 15:00 - 2013-08-07 15:00 - 00000000 ____D C:\Users\Allan\AppData\Roaming\TuneUp Software
    2013-08-07 15:00 - 2013-08-07 15:00 - 00000000 ____D C:\ProgramData\TuneUp Software
    2013-08-07 15:00 - 2013-08-07 14:59 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
    2013-08-07 14:59 - 2013-05-26 10:19 - 00000000 ____D C:\Users\Allan\AppData\Roaming\DVDVideoSoft
    2013-08-07 10:07 - 2013-03-09 07:02 - 00000000 ____D C:\Program Files\McAfee

    Files to move or delete:
    ====================
    C:\ProgramData\lsgylbqfkosowjqunrr.bat
    C:\ProgramData\lsgylbqfkosowjqunrr.reg
    C:\Users\Allan\AppData\Local\Temp\4hphyzvm.dll
    C:\Users\Allan\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\Allan\AppData\Local\Temp\j3dcore-ogl.dll
    C:\Users\Allan\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll
    C:\Users\Allan\AppData\Local\Temp\KUIU.EXE
    C:\Users\Allan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Allan\AppData\Local\Temp\MSN44AD.exe
    C:\Users\Allan\AppData\Local\Temp\MybabylonTB.exe
    C:\Users\Allan\AppData\Local\Temp\nsb8F6A.exe
    C:\Users\Allan\AppData\Local\Temp\nscFA9.exe
    C:\Users\Allan\AppData\Local\Temp\nsgB8FA.exe
    C:\Users\Allan\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
    C:\Users\Allan\AppData\Local\Temp\propsys.dll
    C:\Users\Allan\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Allan\AppData\Local\Temp\sfextra.dll
    C:\Users\Allan\AppData\Local\Temp\SmartbarExeInstaller.exe
    C:\Users\Allan\AppData\Local\Temp\SPStub.exe
    C:\Users\Allan\AppData\Local\Temp\SS_MW.exe
    C:\Users\Allan\AppData\Local\Temp\tbWise.dll
    C:\Users\Allan\AppData\Local\Temp\TUUUninstallHelper.exe
    C:\Users\Allan\AppData\Local\Temp\uninst1.exe
    C:\Users\Allan\AppData\Local\Temp\Uninstaller-6080.exe
    C:\Users\Allan\AppData\Local\Temp\_TinDel.exe
    C:\Users\Allan\AppData\Local\Temp\SOERedist\DSETUP.dll
    C:\Users\Allan\AppData\Local\Temp\SOERedist\dsetup32.dll
    C:\Users\Allan\AppData\Local\Temp\SOERedist\DXSETUP.exe
    C:\Users\Allan\AppData\Local\Temp\SOERedist\dxwebsetup.exe
    C:\Users\Allan\AppData\Local\Temp\SDIAG_ecc1b8d4-1ba4-4035-9ce9-3707e5287a44\DiagPackage.dll
    C:\Users\Allan\AppData\Local\Temp\rmi\download-instsf449.exe
    C:\Users\Allan\AppData\Local\Temp\rmi\rmp.exe
    C:\Users\Allan\AppData\Local\Temp\RarSFX0\Binaries\IExploreInstaller.exe
    C:\Users\Allan\AppData\Local\Temp\nsw45BD.tmp\Time.dll
    C:\Users\Allan\AppData\Local\Temp\nsg4C61.tmp\Time.dll
    C:\Users\Allan\AppData\Local\Temp\nsg4B77.tmp\Time.dll
    C:\Users\Allan\AppData\Local\Temp\is-DHRK8.tmp\gbinit.exe
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\BUSolForMontiera.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\BUSolution.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\ccp.exe
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\MntrDLLInstall.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\NTRedirect.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\BUSolForMontiera.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\BUSolution.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\ccp.exe
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\enhancedNT.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\MntrDLLInstall.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\BUSolution.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\BUSUninstall.exe
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\sqlite3.dll
    C:\Users\Jack\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

    ==================== Known DLLs (Whitelisted) ================

    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points  =========================

    Restore point made on: 2013-08-21 12:42:49
    Restore point made on: 2013-08-24 12:15:04
    Restore point made on: 2013-08-24 12:50:05

    ==================== Memory info ===========================

    Percentage of memory in use: 18%
    Total physical RAM: 2939.98 MB
    Available physical RAM: 2406.1 MB
    Total Pagefile: 2938.13 MB
    Available Pagefile: 2400.67 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ==================== Drives ================================

    Drive c: (WINDOWS) (Fixed) (Total:116.21 GB) (Free:45.34 GB) NTFS
    Drive d: (Data) (Fixed) (Total:116.28 GB) (Free:109.22 GB) NTFS
    Drive e: (SYSTEM) (Fixed) (Total:0.39 GB) (Free:0.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive h: (ALLAN'S) (Removable) (Total:0.03 GB) (Free:0.03 GB) FAT
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 420C2042)
    Partition 1: (Active) - (Size=400 MB) - (Type=27)
    Partition 2: (Not Active) - (Size=116 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=116 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (Size: 31 MB) (Disk ID: 00000000)
    Partition 1: (Active) - (Size=31 MB) - (Type=04)

    LastRegBack: 2013-08-22 08:46

    ==================== End Of Log ============================



    #6 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:28 AM

    Posted 28 August 2013 - 07:12 PM

    Hi,

     

    Save the attached fixlist.txt to the FRST flash drive.  Boot into FRST as before but press Fix instead of Scan.  It will create a file called fixlog.txt...copy/paste the contents of that file in your reply.  Then, try to boot into WIndows on the infected computer.  Were you able to boot into Windows?  You are not clean of malware if it boots, but we will move on to the next phase of removal.

     

    -etavares

    Attached Files



    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #7 amedcalf

    amedcalf
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:08:28 AM

    Posted 29 August 2013 - 03:33 PM

    Hi etavares

     

    Details below, I was able to log into windows after I had run the fix.

     

     

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-08-2013
    Ran by SYSTEM at 2013-08-29 21:27:23 Run:1
    Running from H:\
    Boot Mode: Recovery
    ==============================================

    Content of fixlist:
    *****************
    AppInit_DLLs:   C:\PROGRA~2\SEARCH~1\Datamngr\x64\mgrldr.dll  [343552 2009-07-13] ()
    Startup: C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsgylbqfkosowjqunrr.lnk
    ShortcutTarget: lsgylbqfkosowjqunrr.lnk -> C:\Users\Allan\AppData\Local\Temp\rrnuqjwosokfqblygsl.bfg (No File)
    2013-08-26 16:12 - 2013-08-26 16:12 - 00000165 _____ C:\ProgramData\lsgylbqfkosowjqunrr.reg
    2013-08-26 16:12 - 2013-08-26 16:12 - 00000070 _____ C:\ProgramData\lsgylbqfkosowjqunrr.bat
    2013-08-24 12:53 - 2013-08-24 12:53 - 00000000 ____D C:\ProgramData\IObit
    2013-08-24 12:53 - 2013-08-24 12:53 - 00000000 ____D C:\Program Files (x86)\IObit
    C:\ProgramData\lsgylbqfkosowjqunrr.bat
    C:\ProgramData\lsgylbqfkosowjqunrr.reg
    C:\Users\Allan\AppData\Local\Temp\4hphyzvm.dll
    C:\Users\Allan\AppData\Local\Temp\BundleSweetIMSetup.exe
    C:\Users\Allan\AppData\Local\Temp\j3dcore-ogl.dll
    C:\Users\Allan\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll
    C:\Users\Allan\AppData\Local\Temp\KUIU.EXE
    C:\Users\Allan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
    C:\Users\Allan\AppData\Local\Temp\MSN44AD.exe
    C:\Users\Allan\AppData\Local\Temp\MybabylonTB.exe
    C:\Users\Allan\AppData\Local\Temp\nsb8F6A.exe
    C:\Users\Allan\AppData\Local\Temp\nscFA9.exe
    C:\Users\Allan\AppData\Local\Temp\nsgB8FA.exe
    C:\Users\Allan\AppData\Local\Temp\pcDesktopAlertNotifierX.dll
    C:\Users\Allan\AppData\Local\Temp\propsys.dll
    C:\Users\Allan\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Allan\AppData\Local\Temp\sfextra.dll
    C:\Users\Allan\AppData\Local\Temp\SmartbarExeInstaller.exe
    C:\Users\Allan\AppData\Local\Temp\SPStub.exe
    C:\Users\Allan\AppData\Local\Temp\SS_MW.exe
    C:\Users\Allan\AppData\Local\Temp\tbWise.dll
    C:\Users\Allan\AppData\Local\Temp\TUUUninstallHelper.exe
    C:\Users\Allan\AppData\Local\Temp\uninst1.exe
    C:\Users\Allan\AppData\Local\Temp\Uninstaller-6080.exe
    C:\Users\Allan\AppData\Local\Temp\_TinDel.exe
    C:\Users\Allan\AppData\Local\Temp\SOERedist\DSETUP.dll
    C:\Users\Allan\AppData\Local\Temp\SOERedist\dsetup32.dll
    C:\Users\Allan\AppData\Local\Temp\SOERedist\DXSETUP.exe
    C:\Users\Allan\AppData\Local\Temp\SOERedist\dxwebsetup.exe
    C:\Users\Allan\AppData\Local\Temp\SDIAG_ecc1b8d4-1ba4-4035-9ce9-3707e5287a44\DiagPackage.dll
    C:\Users\Allan\AppData\Local\Temp\rmi\download-instsf449.exe
    C:\Users\Allan\AppData\Local\Temp\rmi\rmp.exe
    C:\Users\Allan\AppData\Local\Temp\RarSFX0\Binaries\IExploreInstaller.exe
    C:\Users\Allan\AppData\Local\Temp\nsw45BD.tmp\Time.dll
    C:\Users\Allan\AppData\Local\Temp\nsg4C61.tmp\Time.dll
    C:\Users\Allan\AppData\Local\Temp\nsg4B77.tmp\Time.dll
    C:\Users\Allan\AppData\Local\Temp\is-DHRK8.tmp\gbinit.exe
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\BUSolForMontiera.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\BUSolution.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\ccp.exe
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\MntrDLLInstall.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\NTRedirect.dll
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\BUSolForMontiera.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\BUSolution.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\ccp.exe
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\enhancedNT.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\MntrDLLInstall.dll
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\BUSolution.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\BUSUninstall.exe
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\sqlite3.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\ChromeToolbarSetup.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\CrxInstaller.dll
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\GUninstaller.exe
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\sqlite3.dll
    C:\Users\Jack\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

    *****************

    HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
    C:\Users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lsgylbqfkosowjqunrr.lnk => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\rrnuqjwosokfqblygsl.bfg not found.
    C:\ProgramData\lsgylbqfkosowjqunrr.reg => Moved successfully.
    C:\ProgramData\lsgylbqfkosowjqunrr.bat => Moved successfully.
    C:\ProgramData\IObit => Moved successfully.
    C:\Program Files (x86)\IObit => Moved successfully.
    "C:\ProgramData\lsgylbqfkosowjqunrr.bat" => File/Directory not found.
    "C:\ProgramData\lsgylbqfkosowjqunrr.reg" => File/Directory not found.
    C:\Users\Allan\AppData\Local\Temp\4hphyzvm.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\j3dcore-ogl.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\jansi-32-git-Bukkit-jenkins-CraftBukkit-173.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\KUIU.EXE => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\MSN44AD.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\MybabylonTB.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\nsb8F6A.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\nscFA9.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\nsgB8FA.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\pcDesktopAlertNotifierX.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\propsys.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\sfamcc00001.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\sfextra.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SmartbarExeInstaller.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SPStub.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SS_MW.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\tbWise.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\TUUUninstallHelper.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\uninst1.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\Uninstaller-6080.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\_TinDel.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SOERedist\DSETUP.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SOERedist\dsetup32.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SOERedist\DXSETUP.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SOERedist\dxwebsetup.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\SDIAG_ecc1b8d4-1ba4-4035-9ce9-3707e5287a44\DiagPackage.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\rmi\download-instsf449.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\rmi\rmp.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\RarSFX0\Binaries\IExploreInstaller.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\nsw45BD.tmp\Time.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\nsg4C61.tmp\Time.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\nsg4B77.tmp\Time.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\is-DHRK8.tmp\gbinit.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\BUSolForMontiera.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\BUSolution.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\ccp.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\ChromeToolbarSetup.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\CrxInstaller.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\GUninstaller.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\MntrDLLInstall.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\NTRedirect.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\E2F44C72-BAB0-7891-85FC-1F94BAB99D47\Latest\sqlite3.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\BUSolForMontiera.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\BUSolution.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\ccp.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\ChromeToolbarSetup.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\CrxInstaller.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\enhancedNT.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\GUninstaller.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\MntrDLLInstall.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\66A7A9EF-BAB0-7891-AE02-5BC4911FA959\Latest\sqlite3.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\BUSolution.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\BUSUninstall.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\ChromeToolbarSetup.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\CrxInstaller.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\GUninstaller.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\41284E33-BAB0-7891-9836-47B7C316C6E8\Latest\sqlite3.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\sqlite3.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\ChromeToolbarSetup.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\CrxInstaller.dll => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\GUninstaller.exe => Moved successfully.
    C:\Users\Allan\AppData\Local\Temp\17D11C4E-BAB0-7891-BB59-7BF2C0746DDF\Latest\sqlite3.dll => Moved successfully.
    C:\Users\Jack\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.

    ==== End of Fixlog ====



    #8 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:28 AM

    Posted 29 August 2013 - 08:17 PM

    Hello, amedcalf.
     
     
    Step 1
     
  • Download TDSSKiller.exe  and save it to your desktop.  
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
  • for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply
  •  
     
     
    Step 2
     
     
     
    Next, please download ComboFix from one of these locations:
    * IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
       
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  •    
  • Double click on etavaresCF.exe & follow the prompts.
  •    
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  •    
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
     
     
    RcAuto1.gif
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
     
    whatnext.png
     
    Click on Yes, to continue scanning for malware.
     
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.
     
    Note:  After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion."  If you receive this error, please reboot and it should disappear.
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #9 amedcalf

    amedcalf
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:08:28 AM

    Posted 30 August 2013 - 01:08 PM

    TDSS Killer report as below.   Found nothing it needed to remove.

     

    19:05:45.0201 0x10e8 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:29

    19:05:46.0059 0x10e8 ============================================================

    19:05:46.0059 0x10e8 Current date / time: 2013/08/30 19:05:46.0059

    19:05:46.0059 0x10e8 SystemInfo:

    19:05:46.0059 0x10e8

    19:05:46.0059 0x10e8 OS Version: 6.1.7601 ServicePack: 1.0

    19:05:46.0059 0x10e8 Product type: Workstation

    19:05:46.0059 0x10e8 ComputerName: ALLAN-TOSH

    19:05:46.0059 0x10e8 UserName: Allan

    19:05:46.0059 0x10e8 Windows directory: C:\Windows

    19:05:46.0059 0x10e8 System windows directory: C:\Windows

    19:05:46.0059 0x10e8 Running under WOW64

    19:05:46.0059 0x10e8 Processor architecture: Intel x64

    19:05:46.0059 0x10e8 Number of processors: 2

    19:05:46.0059 0x10e8 Page size: 0x1000

    19:05:46.0059 0x10e8 Boot type: Normal boot

    19:05:46.0059 0x10e8 ============================================================

    19:05:47.0182 0x10e8 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

    19:05:47.0198 0x10e8 ============================================================

    19:05:47.0198 0x10e8 \Device\Harddisk0\DR0:

    19:05:47.0198 0x10e8 MBR partitions:

    19:05:47.0198 0x10e8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE86C800

    19:05:47.0198 0x10e8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE935000, BlocksNum 0xE890170

    19:05:47.0198 0x10e8 ============================================================

    19:05:47.0214 0x10e8 C: <-> \Device\Harddisk0\DR0\Partition1

    19:05:47.0260 0x10e8 D: <-> \Device\Harddisk0\DR0\Partition2

    19:05:47.0260 0x10e8 ============================================================

    19:05:47.0260 0x10e8 Initialize success

    19:05:47.0260 0x10e8 ============================================================

    19:05:58.0369 0x13d8 ============================================================

    19:05:58.0369 0x13d8 Scan started

    19:05:58.0369 0x13d8 Mode: Manual;

    19:05:58.0369 0x13d8 ============================================================

    19:06:01.0738 0x13d8 ================ Scan system memory ========================

    19:06:01.0738 0x13d8 System memory - ok

    19:06:01.0738 0x13d8 ================ Scan services =============================

    19:06:02.0175 0x13d8 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

    19:06:02.0191 0x13d8 !SASCORE - ok

    19:06:05.0295 0x13d8 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

    19:06:05.0311 0x13d8 1394ohci - ok

    19:06:05.0482 0x13d8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

    19:06:05.0482 0x13d8 ACPI - ok

    19:06:05.0529 0x13d8 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

    19:06:05.0545 0x13d8 AcpiPmi - ok

    19:06:05.0794 0x13d8 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

    19:06:05.0810 0x13d8 Adobe LM Service - ok

    19:06:06.0044 0x13d8 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    19:06:06.0059 0x13d8 AdobeARMservice - ok

    19:06:07.0963 0x13d8 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    19:06:07.0963 0x13d8 AdobeFlashPlayerUpdateSvc - ok

    19:06:08.0103 0x13d8 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

    19:06:08.0181 0x13d8 adp94xx - ok

    19:06:08.0259 0x13d8 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

    19:06:08.0337 0x13d8 adpahci - ok

    19:06:08.0384 0x13d8 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

    19:06:08.0462 0x13d8 adpu320 - ok

    19:06:08.0524 0x13d8 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

    19:06:08.0540 0x13d8 AeLookupSvc - ok

    19:06:08.0680 0x13d8 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

    19:06:08.0696 0x13d8 AFD - ok

    19:06:08.0727 0x13d8 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

    19:06:08.0727 0x13d8 agp440 - ok

    19:06:08.0758 0x13d8 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

    19:06:08.0774 0x13d8 ALG - ok

    19:06:08.0836 0x13d8 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

    19:06:08.0836 0x13d8 aliide - ok

    19:06:08.0867 0x13d8 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

    19:06:08.0867 0x13d8 amdide - ok

    19:06:08.0899 0x13d8 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

    19:06:08.0914 0x13d8 AmdK8 - ok

    19:06:08.0930 0x13d8 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

    19:06:08.0945 0x13d8 AmdPPM - ok

    19:06:08.0961 0x13d8 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

    19:06:08.0977 0x13d8 amdsata - ok

    19:06:09.0008 0x13d8 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

    19:06:09.0023 0x13d8 amdsbs - ok

    19:06:09.0101 0x13d8 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

    19:06:09.0117 0x13d8 amdxata - ok

    19:06:09.0164 0x13d8 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

    19:06:09.0179 0x13d8 AppID - ok

    19:06:09.0226 0x13d8 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

    19:06:09.0242 0x13d8 AppIDSvc - ok

    19:06:09.0257 0x13d8 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

    19:06:09.0273 0x13d8 Appinfo - ok

    19:06:09.0523 0x13d8 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    19:06:09.0725 0x13d8 Apple Mobile Device - ok

    19:06:09.0772 0x13d8 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

    19:06:09.0772 0x13d8 arc - ok

    19:06:09.0803 0x13d8 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

    19:06:09.0819 0x13d8 arcsas - ok

    19:06:09.0850 0x13d8 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

    19:06:09.0850 0x13d8 AsyncMac - ok

    19:06:09.0913 0x13d8 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

    19:06:09.0913 0x13d8 atapi - ok

    19:06:10.0131 0x13d8 [ D6CAD7E5B05055BB8226BDCB1644DA27 ] athr C:\Windows\system32\DRIVERS\athrx.sys

    19:06:10.0178 0x13d8 athr - ok

    19:06:10.0256 0x13d8 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

    19:06:10.0349 0x13d8 AudioEndpointBuilder - ok

    19:06:10.0396 0x13d8 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

    19:06:10.0396 0x13d8 AudioSrv - ok

    19:06:10.0427 0x13d8 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

    19:06:10.0474 0x13d8 AxInstSV - ok

    19:06:10.0599 0x13d8 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

    19:06:10.0677 0x13d8 b06bdrv - ok

    19:06:10.0708 0x13d8 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

    19:06:10.0724 0x13d8 b57nd60a - ok

    19:06:10.0771 0x13d8 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

    19:06:10.0771 0x13d8 BDESVC - ok

    19:06:10.0911 0x13d8 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

    19:06:10.0911 0x13d8 Beep - ok

    19:06:11.0083 0x13d8 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

    19:06:11.0223 0x13d8 BFE - ok

    19:06:11.0363 0x13d8 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

    19:06:11.0551 0x13d8 BITS - ok

    19:06:11.0582 0x13d8 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

    19:06:11.0582 0x13d8 blbdrive - ok

    19:06:11.0894 0x13d8 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

    19:06:11.0956 0x13d8 Bonjour Service - ok

    19:06:12.0175 0x13d8 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

    19:06:12.0221 0x13d8 bowser - ok

    19:06:12.0268 0x13d8 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

    19:06:12.0284 0x13d8 BrFiltLo - ok

    19:06:12.0284 0x13d8 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

    19:06:12.0299 0x13d8 BrFiltUp - ok

    19:06:12.0331 0x13d8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

    19:06:12.0362 0x13d8 Browser - ok

    19:06:12.0471 0x13d8 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

    19:06:12.0502 0x13d8 Brserid - ok

    19:06:12.0533 0x13d8 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

    19:06:12.0533 0x13d8 BrSerWdm - ok

    19:06:12.0549 0x13d8 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

    19:06:12.0549 0x13d8 BrUsbMdm - ok

    19:06:12.0549 0x13d8 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

    19:06:12.0565 0x13d8 BrUsbSer - ok

    19:06:12.0565 0x13d8 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

    19:06:12.0580 0x13d8 BTHMODEM - ok

    19:06:12.0596 0x13d8 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

    19:06:12.0611 0x13d8 bthserv - ok

    19:06:12.0721 0x13d8 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

    19:06:12.0736 0x13d8 cdfs - ok

    19:06:12.0814 0x13d8 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

    19:06:12.0861 0x13d8 cdrom - ok

    19:06:12.0923 0x13d8 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

    19:06:12.0970 0x13d8 CertPropSvc - ok

    19:06:13.0095 0x13d8 [ D2B3252AD4EB499C935A56467997AA3C ] cfwids C:\Windows\system32\drivers\cfwids.sys

    19:06:13.0142 0x13d8 cfwids - ok

    19:06:13.0329 0x13d8 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

    19:06:13.0391 0x13d8 cfWiMAXService - ok

    19:06:13.0438 0x13d8 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

    19:06:13.0438 0x13d8 circlass - ok

    19:06:13.0594 0x13d8 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

    19:06:13.0672 0x13d8 CLFS - ok

    19:06:14.0031 0x13d8 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    19:06:14.0031 0x13d8 clr_optimization_v2.0.50727_32 - ok

    19:06:14.0249 0x13d8 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

    19:06:14.0265 0x13d8 clr_optimization_v2.0.50727_64 - ok

    19:06:14.0811 0x13d8 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

    19:06:14.0889 0x13d8 clr_optimization_v4.0.30319_32 - ok

    19:06:15.0326 0x13d8 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

    19:06:15.0575 0x13d8 clr_optimization_v4.0.30319_64 - ok

    19:06:15.0700 0x13d8 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

    19:06:15.0716 0x13d8 CmBatt - ok

    19:06:15.0825 0x13d8 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

    19:06:15.0825 0x13d8 cmdide - ok

    19:06:15.0950 0x13d8 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys

    19:06:15.0997 0x13d8 CNG - ok

    19:06:16.0277 0x13d8 [ 7247A4D0875F5F28919E0787E11B7B57 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys

    19:06:16.0340 0x13d8 CnxtHdAudService - ok

    19:06:16.0402 0x13d8 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

    19:06:16.0418 0x13d8 Compbatt - ok

    19:06:16.0527 0x13d8 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

    19:06:16.0589 0x13d8 CompositeBus - ok

    19:06:16.0636 0x13d8 COMSysApp - ok

    19:06:16.0714 0x13d8 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

    19:06:16.0777 0x13d8 ConfigFree Service - ok

    19:06:16.0839 0x13d8 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

    19:06:16.0855 0x13d8 crcdisk - ok

    19:06:16.0995 0x13d8 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll

    19:06:17.0057 0x13d8 CryptSvc - ok

    19:06:17.0463 0x13d8 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

    19:06:17.0525 0x13d8 cvhsvc - ok

    19:06:17.0697 0x13d8 [ C6E1C081C0849E08FECEC18DF73B10C4 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

    19:06:17.0744 0x13d8 dc3d - ok

    19:06:17.0884 0x13d8 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

    19:06:17.0978 0x13d8 DcomLaunch - ok

    19:06:18.0196 0x13d8 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

    19:06:18.0305 0x13d8 defragsvc - ok

    19:06:18.0446 0x13d8 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

    19:06:18.0493 0x13d8 DfsC - ok

    19:06:18.0633 0x13d8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

    19:06:18.0727 0x13d8 Dhcp - ok

    19:06:18.0836 0x13d8 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

    19:06:18.0836 0x13d8 discache - ok

    19:06:18.0883 0x13d8 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

    19:06:18.0898 0x13d8 Disk - ok

    19:06:19.0054 0x13d8 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

    19:06:19.0101 0x13d8 Dnscache - ok

    19:06:19.0148 0x13d8 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

    19:06:19.0179 0x13d8 dot3svc - ok

    19:06:19.0226 0x13d8 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

    19:06:19.0226 0x13d8 DPS - ok

    19:06:19.0335 0x13d8 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

    19:06:19.0351 0x13d8 drmkaud - ok

    19:06:19.0585 0x13d8 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

    19:06:19.0647 0x13d8 DXGKrnl - ok

    19:06:19.0834 0x13d8 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

    19:06:19.0850 0x13d8 EapHost - ok

    19:06:20.0817 0x13d8 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

    19:06:21.0363 0x13d8 ebdrv - ok

    19:06:21.0457 0x13d8 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

    19:06:21.0503 0x13d8 EFS - ok

    19:06:21.0893 0x13d8 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

    19:06:22.0065 0x13d8 ehRecvr - ok

    19:06:22.0221 0x13d8 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

    19:06:22.0221 0x13d8 ehSched - ok

    19:06:22.0361 0x13d8 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

    19:06:22.0424 0x13d8 elxstor - ok

    19:06:22.0502 0x13d8 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

    19:06:22.0517 0x13d8 ErrDev - ok

    19:06:22.0642 0x13d8 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

    19:06:22.0658 0x13d8 EventSystem - ok

    19:06:22.0767 0x13d8 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

    19:06:22.0814 0x13d8 exfat - ok

    19:06:22.0985 0x13d8 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

    19:06:22.0985 0x13d8 fastfat - ok

    19:06:23.0297 0x13d8 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

    19:06:23.0407 0x13d8 Fax - ok

    19:06:23.0485 0x13d8 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

    19:06:23.0485 0x13d8 fdc - ok

    19:06:23.0609 0x13d8 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

    19:06:23.0625 0x13d8 fdPHost - ok

    19:06:23.0656 0x13d8 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

    19:06:23.0656 0x13d8 FDResPub - ok

    19:06:23.0906 0x13d8 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

    19:06:23.0906 0x13d8 FileInfo - ok

    19:06:23.0968 0x13d8 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

    19:06:23.0968 0x13d8 Filetrace - ok

    19:06:24.0046 0x13d8 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

    19:06:24.0062 0x13d8 flpydisk - ok

    19:06:24.0109 0x13d8 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

    19:06:24.0218 0x13d8 FltMgr - ok

    19:06:24.0436 0x13d8 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

    19:06:24.0779 0x13d8 FontCache - ok

    19:06:24.0951 0x13d8 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

    19:06:25.0013 0x13d8 FontCache3.0.0.0 - ok

    19:06:25.0091 0x13d8 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

    19:06:25.0107 0x13d8 FsDepends - ok

    19:06:25.0232 0x13d8 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

    19:06:25.0279 0x13d8 Fs_Rec - ok

    19:06:25.0466 0x13d8 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

    19:06:25.0513 0x13d8 fvevol - ok

    19:06:25.0622 0x13d8 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys

    19:06:25.0669 0x13d8 FwLnk - ok

    19:06:25.0731 0x13d8 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

    19:06:25.0747 0x13d8 gagp30kx - ok

    19:06:26.0246 0x13d8 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

    19:06:26.0308 0x13d8 GamesAppService - ok

    19:06:26.0527 0x13d8 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

    19:06:26.0573 0x13d8 GEARAspiWDM - ok

    19:06:27.0057 0x13d8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

    19:06:27.0135 0x13d8 gpsvc - ok

    19:06:27.0432 0x13d8 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    19:06:27.0432 0x13d8 gupdate - ok

    19:06:27.0478 0x13d8 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    19:06:27.0478 0x13d8 gupdatem - ok

    19:06:27.0681 0x13d8 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

    19:06:27.0744 0x13d8 hamachi - ok

    19:06:27.0790 0x13d8 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

    19:06:27.0790 0x13d8 hcw85cir - ok

    19:06:27.0978 0x13d8 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

    19:06:28.0102 0x13d8 HdAudAddService - ok

    19:06:28.0180 0x13d8 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

    19:06:28.0180 0x13d8 HDAudBus - ok

    19:06:28.0227 0x13d8 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

    19:06:28.0243 0x13d8 HidBatt - ok

    19:06:28.0274 0x13d8 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

    19:06:28.0274 0x13d8 HidBth - ok

    19:06:28.0321 0x13d8 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

    19:06:28.0336 0x13d8 HidIr - ok

    19:06:28.0477 0x13d8 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

    19:06:28.0492 0x13d8 hidserv - ok

    19:06:28.0570 0x13d8 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

    19:06:28.0570 0x13d8 HidUsb - ok

    19:06:28.0664 0x13d8 [ A894FB2CAE6A29F5D9C8EDA47B074623 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys

    19:06:28.0726 0x13d8 HipShieldK - ok

    19:06:28.0836 0x13d8 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

    19:06:28.0882 0x13d8 hkmsvc - ok

    19:06:28.0945 0x13d8 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

    19:06:28.0976 0x13d8 HomeGroupListener - ok

    19:06:29.0038 0x13d8 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

    19:06:29.0038 0x13d8 HomeGroupProvider - ok

    19:06:29.0085 0x13d8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

    19:06:29.0148 0x13d8 HpSAMD - ok

    19:06:29.0335 0x13d8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

    19:06:29.0382 0x13d8 HTTP - ok

    19:06:29.0475 0x13d8 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

    19:06:29.0506 0x13d8 hwpolicy - ok

    19:06:29.0553 0x13d8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

    19:06:29.0553 0x13d8 i8042prt - ok

    19:06:29.0662 0x13d8 [ BBB3B6DF1ABB0FE35802EDE85CC1C011 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

    19:06:29.0709 0x13d8 iaStor - ok

    19:06:29.0803 0x13d8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

    19:06:29.0959 0x13d8 iaStorV - ok

    19:06:30.0162 0x13d8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

    19:06:30.0349 0x13d8 idsvc - ok

    19:06:32.0268 0x13d8 [ 898AB5BFED7040D7AB07AF01885EB944 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

    19:06:32.0361 0x13d8 igfx - ok

    19:06:32.0408 0x13d8 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

    19:06:32.0424 0x13d8 iirsp - ok

    19:06:32.0626 0x13d8 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

    19:06:32.0938 0x13d8 IKEEXT - ok

    19:06:33.0001 0x13d8 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

    19:06:33.0016 0x13d8 intelide - ok

    19:06:33.0048 0x13d8 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

    19:06:33.0048 0x13d8 intelppm - ok

    19:06:33.0172 0x13d8 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

    19:06:33.0172 0x13d8 IPBusEnum - ok

    19:06:33.0235 0x13d8 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

    19:06:33.0282 0x13d8 IpFilterDriver - ok

    19:06:33.0360 0x13d8 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

    19:06:33.0438 0x13d8 iphlpsvc - ok

    19:06:33.0469 0x13d8 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

    19:06:33.0516 0x13d8 IPMIDRV - ok

    19:06:33.0562 0x13d8 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

    19:06:33.0578 0x13d8 IPNAT - ok

    19:06:33.0640 0x13d8 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

    19:06:33.0718 0x13d8 iPod Service - ok

    19:06:33.0734 0x13d8 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

    19:06:33.0734 0x13d8 IRENUM - ok

    19:06:33.0781 0x13d8 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

    19:06:33.0796 0x13d8 isapnp - ok

    19:06:33.0828 0x13d8 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

    19:06:33.0890 0x13d8 iScsiPrt - ok

    19:06:33.0952 0x13d8 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

    19:06:33.0952 0x13d8 kbdclass - ok

    19:06:33.0968 0x13d8 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

    19:06:34.0030 0x13d8 kbdhid - ok

    19:06:34.0046 0x13d8 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

    19:06:34.0046 0x13d8 KeyIso - ok

    19:06:34.0077 0x13d8 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

    19:06:34.0124 0x13d8 KSecDD - ok

    19:06:34.0155 0x13d8 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

    19:06:34.0202 0x13d8 KSecPkg - ok

    19:06:34.0249 0x13d8 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

    19:06:34.0249 0x13d8 ksthunk - ok

    19:06:34.0467 0x13d8 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

    19:06:34.0576 0x13d8 KtmRm - ok

    19:06:34.0639 0x13d8 [ 655A5D8E80869781CCE23760ADA7E695 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

    19:06:34.0686 0x13d8 L1C - ok

    19:06:34.0779 0x13d8 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

    19:06:34.0826 0x13d8 LanmanServer - ok

    19:06:34.0873 0x13d8 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

    19:06:34.0904 0x13d8 LanmanWorkstation - ok

    19:06:34.0982 0x13d8 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

    19:06:34.0982 0x13d8 lltdio - ok

    19:06:35.0076 0x13d8 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

    19:06:35.0107 0x13d8 lltdsvc - ok

    19:06:35.0154 0x13d8 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

    19:06:35.0154 0x13d8 lmhosts - ok

    19:06:35.0200 0x13d8 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

    19:06:35.0216 0x13d8 LSI_FC - ok

    19:06:35.0216 0x13d8 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

    19:06:35.0232 0x13d8 LSI_SAS - ok

    19:06:35.0232 0x13d8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

    19:06:35.0247 0x13d8 LSI_SAS2 - ok

    19:06:35.0263 0x13d8 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

    19:06:35.0278 0x13d8 LSI_SCSI - ok

    19:06:35.0341 0x13d8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

    19:06:35.0341 0x13d8 luafv - ok

    19:06:35.0497 0x13d8 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    19:06:35.0497 0x13d8 McAfee SiteAdvisor Service - ok

    19:06:35.0512 0x13d8 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

    19:06:35.0528 0x13d8 McMPFSvc - ok

    19:06:35.0590 0x13d8 [ F928E5E72BBA15DD0CE9A26E0413D236 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    19:06:35.0590 0x13d8 mcmscsvc - ok

    19:06:35.0590 0x13d8 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    19:06:35.0590 0x13d8 McNaiAnn - ok

    19:06:35.0606 0x13d8 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    19:06:35.0606 0x13d8 McNASvc - ok

    19:06:35.0715 0x13d8 [ 5D57D4B57CCC07450F97C4E929D0483F ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe

    19:06:35.0731 0x13d8 McODS - ok

    19:06:35.0778 0x13d8 [ F928E5E72BBA15DD0CE9A26E0413D236 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

    19:06:35.0778 0x13d8 McProxy - ok

    19:06:35.0902 0x13d8 [ 21F81090A00932C5E96700EDF2977582 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

    19:06:35.0965 0x13d8 McShield - ok

    19:06:36.0043 0x13d8 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

    19:06:36.0074 0x13d8 Mcx2Svc - ok

    19:06:36.0105 0x13d8 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

    19:06:36.0121 0x13d8 megasas - ok

    19:06:36.0152 0x13d8 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

    19:06:36.0168 0x13d8 MegaSR - ok

    19:06:36.0183 0x13d8 [ B1720E97FABBDF7D30B36DAF19C3DEE8 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

    19:06:36.0246 0x13d8 mfeapfk - ok

    19:06:36.0292 0x13d8 [ 113F1534B80D65DFDCA660F19967A3B7 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

    19:06:36.0355 0x13d8 mfeavfk - ok

    19:06:36.0402 0x13d8 mfeavfk01 - ok

    19:06:36.0448 0x13d8 [ C4F521310E40327BBC8E8E71DA344F48 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    19:06:36.0511 0x13d8 mfefire - ok

    19:06:36.0558 0x13d8 [ CECC9841D036EE008091825272D91331 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys

    19:06:36.0620 0x13d8 mfefirek - ok

    19:06:36.0667 0x13d8 [ EF0F85EDBDF6C0AB467E88E0CEE2B346 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

    19:06:36.0776 0x13d8 mfehidk - ok

    19:06:36.0854 0x13d8 [ 6E3A46BF6CBB80450CC24F80FE03ED5A ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

    19:06:36.0901 0x13d8 mferkdet - ok

    19:06:36.0963 0x13d8 [ 341BFCAA3A55C08E8C9ECB1654ACA905 ] mfevtp C:\Windows\system32\mfevtps.exe

    19:06:37.0010 0x13d8 mfevtp - ok

    19:06:37.0041 0x13d8 [ 2802D09F1B6ED502237539563F3C4992 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

    19:06:37.0104 0x13d8 mfewfpk - ok

    19:06:37.0135 0x13d8 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

    19:06:37.0150 0x13d8 MMCSS - ok

    19:06:37.0166 0x13d8 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

    19:06:37.0182 0x13d8 Modem - ok

    19:06:37.0213 0x13d8 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

    19:06:37.0213 0x13d8 monitor - ok

    19:06:37.0228 0x13d8 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

    19:06:37.0228 0x13d8 mouclass - ok

    19:06:37.0260 0x13d8 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

    19:06:37.0260 0x13d8 mouhid - ok

    19:06:37.0306 0x13d8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

    19:06:37.0353 0x13d8 mountmgr - ok

    19:06:37.0384 0x13d8 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

    19:06:37.0431 0x13d8 mpio - ok

    19:06:37.0462 0x13d8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

    19:06:37.0478 0x13d8 mpsdrv - ok

    19:06:37.0525 0x13d8 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

    19:06:37.0556 0x13d8 MpsSvc - ok

    19:06:37.0650 0x13d8 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

    19:06:37.0696 0x13d8 MREMP50 - ok

    19:06:37.0728 0x13d8 [ C2758DF79C83A0D12A5599A040CA1818 ] MREMP50a64 C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

    19:06:37.0774 0x13d8 MREMP50a64 - ok

    19:06:37.0806 0x13d8 MREMPR5 - ok

    19:06:37.0821 0x13d8 MRENDIS5 - ok

    19:06:37.0837 0x13d8 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

    19:06:37.0899 0x13d8 MRESP50 - ok

    19:06:37.0915 0x13d8 [ 38BD5B32E0722752BE8465D2A6DA43D9 ] MRESP50a64 C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

    19:06:37.0915 0x13d8 MRESP50a64 - ok

    19:06:37.0962 0x13d8 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

    19:06:38.0024 0x13d8 MRxDAV - ok

    19:06:38.0071 0x13d8 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

    19:06:38.0118 0x13d8 mrxsmb - ok

    19:06:38.0164 0x13d8 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

    19:06:38.0211 0x13d8 mrxsmb10 - ok

    19:06:38.0227 0x13d8 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

    19:06:38.0274 0x13d8 mrxsmb20 - ok

    19:06:38.0305 0x13d8 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

    19:06:38.0352 0x13d8 msahci - ok

    19:06:38.0398 0x13d8 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

    19:06:38.0461 0x13d8 msdsm - ok

    19:06:38.0492 0x13d8 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

    19:06:38.0492 0x13d8 MSDTC - ok

    19:06:38.0570 0x13d8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

    19:06:38.0570 0x13d8 Msfs - ok

    19:06:38.0601 0x13d8 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

    19:06:38.0617 0x13d8 mshidkmdf - ok

    19:06:38.0632 0x13d8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

    19:06:38.0632 0x13d8 msisadrv - ok

    19:06:38.0679 0x13d8 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

    19:06:38.0695 0x13d8 MSiSCSI - ok

    19:06:38.0695 0x13d8 msiserver - ok

    19:06:38.0726 0x13d8 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

    19:06:38.0726 0x13d8 MSKSSRV - ok

    19:06:38.0773 0x13d8 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

    19:06:38.0788 0x13d8 MSPCLOCK - ok

    19:06:38.0788 0x13d8 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

    19:06:38.0788 0x13d8 MSPQM - ok

    19:06:38.0851 0x13d8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

    19:06:38.0898 0x13d8 MsRPC - ok

    19:06:38.0929 0x13d8 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

    19:06:38.0929 0x13d8 mssmbios - ok

    19:06:38.0976 0x13d8 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

    19:06:38.0991 0x13d8 MSTEE - ok

    19:06:39.0007 0x13d8 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

    19:06:39.0022 0x13d8 MTConfig - ok

    19:06:39.0038 0x13d8 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

    19:06:39.0054 0x13d8 Mup - ok

    19:06:39.0132 0x13d8 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

    19:06:39.0147 0x13d8 napagent - ok

    19:06:39.0194 0x13d8 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

    19:06:39.0210 0x13d8 NativeWifiP - ok

    19:06:39.0241 0x13d8 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

    19:06:39.0272 0x13d8 NDIS - ok

    19:06:39.0303 0x13d8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

    19:06:39.0303 0x13d8 NdisCap - ok

    19:06:39.0319 0x13d8 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

    19:06:39.0334 0x13d8 NdisTapi - ok

    19:06:39.0397 0x13d8 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

    19:06:39.0444 0x13d8 Ndisuio - ok

    19:06:39.0459 0x13d8 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

    19:06:39.0522 0x13d8 NdisWan - ok

    19:06:39.0553 0x13d8 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

    19:06:39.0600 0x13d8 NDProxy - ok

    19:06:39.0678 0x13d8 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

    19:06:39.0818 0x13d8 Nero BackItUp Scheduler 4.0 - ok

    19:06:39.0849 0x13d8 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

    19:06:39.0865 0x13d8 NetBIOS - ok

    19:06:39.0896 0x13d8 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

    19:06:39.0896 0x13d8 NetBT - ok

    19:06:39.0912 0x13d8 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

    19:06:39.0927 0x13d8 Netlogon - ok

    19:06:39.0974 0x13d8 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

    19:06:39.0974 0x13d8 Netman - ok

    19:06:40.0005 0x13d8 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

    19:06:40.0005 0x13d8 netprofm - ok

    19:06:40.0036 0x13d8 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

    19:06:40.0036 0x13d8 NetTcpPortSharing - ok

    19:06:40.0068 0x13d8 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

    19:06:40.0083 0x13d8 nfrd960 - ok

    19:06:40.0099 0x13d8 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

    19:06:40.0192 0x13d8 NlaSvc - ok

    19:06:40.0239 0x13d8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

    19:06:40.0239 0x13d8 Npfs - ok

    19:06:40.0286 0x13d8 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

    19:06:40.0286 0x13d8 nsi - ok

    19:06:40.0302 0x13d8 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

    19:06:40.0302 0x13d8 nsiproxy - ok

    19:06:40.0348 0x13d8 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

    19:06:40.0504 0x13d8 Ntfs - ok

    19:06:40.0520 0x13d8 [ 189B73C24B70641C0E7ECBB866E0B1E5 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys

    19:06:40.0536 0x13d8 NuidFltr - ok

    19:06:40.0551 0x13d8 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

    19:06:40.0567 0x13d8 Null - ok

    19:06:40.0582 0x13d8 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

    19:06:40.0645 0x13d8 nvraid - ok

    19:06:40.0676 0x13d8 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

    19:06:40.0723 0x13d8 nvstor - ok

    19:06:40.0754 0x13d8 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

    19:06:40.0770 0x13d8 nv_agp - ok

    19:06:40.0801 0x13d8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

    19:06:40.0801 0x13d8 ohci1394 - ok

    19:06:40.0848 0x13d8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    19:06:40.0910 0x13d8 ose - ok

    19:06:41.0082 0x13d8 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    19:06:41.0674 0x13d8 osppsvc - ok

    19:06:41.0721 0x13d8 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

    19:06:41.0737 0x13d8 p2pimsvc - ok

    19:06:41.0784 0x13d8 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

    19:06:41.0799 0x13d8 p2psvc - ok

    19:06:41.0830 0x13d8 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

    19:06:41.0830 0x13d8 Parport - ok

    19:06:41.0877 0x13d8 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

    19:06:41.0924 0x13d8 partmgr - ok

    19:06:41.0955 0x13d8 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

    19:06:41.0955 0x13d8 PcaSvc - ok

    19:06:41.0986 0x13d8 [ C3939493F09A9CD4814B9DE6215312F0 ] pcCMService C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

    19:06:42.0002 0x13d8 pcCMService - ok

    19:06:42.0049 0x13d8 [ 7CB438975CE703672B9A50D5A52022DE ] pcCMService64 C:\Program Files\Common Files\Motive\pcCMService.exe

    19:06:42.0049 0x13d8 pcCMService64 - ok

    19:06:42.0064 0x13d8 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

    19:06:42.0127 0x13d8 pci - ok

    19:06:42.0142 0x13d8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

    19:06:42.0142 0x13d8 pciide - ok

    19:06:42.0174 0x13d8 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

    19:06:42.0174 0x13d8 pcmcia - ok

    19:06:42.0220 0x13d8 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

    19:06:42.0220 0x13d8 pcw - ok

    19:06:42.0283 0x13d8 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

    19:06:42.0283 0x13d8 PEAUTH - ok

    19:06:42.0626 0x13d8 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

    19:06:42.0688 0x13d8 PerfHost - ok

    19:06:42.0766 0x13d8 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

    19:06:42.0860 0x13d8 pla - ok

    19:06:42.0907 0x13d8 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

    19:06:42.0922 0x13d8 PlugPlay - ok

    19:06:42.0938 0x13d8 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

    19:06:42.0954 0x13d8 PNRPAutoReg - ok

    19:06:42.0969 0x13d8 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

    19:06:42.0969 0x13d8 PNRPsvc - ok

    19:06:43.0000 0x13d8 [ 520D48ECB54A33821C95EE496A4235AF ] Point64 C:\Windows\system32\DRIVERS\point64.sys

    19:06:43.0047 0x13d8 Point64 - ok

    19:06:43.0141 0x13d8 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

    19:06:43.0188 0x13d8 PolicyAgent - ok

    19:06:43.0219 0x13d8 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

    19:06:43.0234 0x13d8 Power - ok

    19:06:43.0250 0x13d8 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

    19:06:43.0312 0x13d8 PptpMiniport - ok

    19:06:43.0344 0x13d8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

    19:06:43.0344 0x13d8 Processor - ok

    19:06:43.0390 0x13d8 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

    19:06:43.0406 0x13d8 ProfSvc - ok

    19:06:43.0437 0x13d8 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

    19:06:43.0437 0x13d8 ProtectedStorage - ok

    19:06:43.0453 0x13d8 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

    19:06:43.0453 0x13d8 Psched - ok

    19:06:43.0500 0x13d8 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

    19:06:43.0562 0x13d8 ql2300 - ok

    19:06:43.0578 0x13d8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

    19:06:43.0578 0x13d8 ql40xx - ok

    19:06:43.0609 0x13d8 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

    19:06:43.0624 0x13d8 QWAVE - ok

    19:06:43.0656 0x13d8 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

    19:06:43.0656 0x13d8 QWAVEdrv - ok

    19:06:43.0687 0x13d8 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

    19:06:43.0687 0x13d8 RasAcd - ok

    19:06:43.0749 0x13d8 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

    19:06:43.0749 0x13d8 RasAgileVpn - ok

    19:06:43.0796 0x13d8 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

    19:06:43.0796 0x13d8 RasAuto - ok

    19:06:43.0827 0x13d8 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

    19:06:43.0890 0x13d8 Rasl2tp - ok

    19:06:43.0936 0x13d8 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

    19:06:43.0983 0x13d8 RasMan - ok

    19:06:43.0999 0x13d8 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

    19:06:44.0014 0x13d8 RasPppoe - ok

    19:06:44.0030 0x13d8 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

    19:06:44.0030 0x13d8 RasSstp - ok

    19:06:44.0077 0x13d8 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

    19:06:44.0139 0x13d8 rdbss - ok

    19:06:44.0155 0x13d8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

    19:06:44.0155 0x13d8 rdpbus - ok

    19:06:44.0170 0x13d8 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

    19:06:44.0170 0x13d8 RDPCDD - ok

    19:06:44.0186 0x13d8 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

    19:06:44.0186 0x13d8 RDPENCDD - ok

    19:06:44.0217 0x13d8 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

    19:06:44.0217 0x13d8 RDPREFMP - ok

    19:06:44.0264 0x13d8 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

    19:06:44.0311 0x13d8 RdpVideoMiniport - ok

    19:06:44.0358 0x13d8 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

    19:06:44.0404 0x13d8 RDPWD - ok

    19:06:44.0436 0x13d8 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

    19:06:44.0498 0x13d8 rdyboost - ok

    19:06:44.0529 0x13d8 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

    19:06:44.0545 0x13d8 RemoteAccess - ok

    19:06:44.0576 0x13d8 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

    19:06:44.0576 0x13d8 RemoteRegistry - ok

    19:06:44.0592 0x13d8 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

    19:06:44.0607 0x13d8 RpcEptMapper - ok

    19:06:44.0638 0x13d8 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

    19:06:44.0654 0x13d8 RpcLocator - ok

    19:06:44.0701 0x13d8 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

    19:06:44.0701 0x13d8 RpcSs - ok

    19:06:44.0732 0x13d8 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

    19:06:44.0748 0x13d8 rspndr - ok

    19:06:44.0794 0x13d8 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

    19:06:44.0841 0x13d8 RSUSBSTOR - ok

    19:06:44.0888 0x13d8 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

    19:06:44.0888 0x13d8 SamSs - ok

    19:06:44.0935 0x13d8 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

    19:06:44.0935 0x13d8 SASDIFSV - ok

    19:06:44.0950 0x13d8 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

    19:06:44.0950 0x13d8 SASKUTIL - ok

    19:06:44.0982 0x13d8 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

    19:06:45.0044 0x13d8 sbp2port - ok

    19:06:45.0060 0x13d8 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

    19:06:45.0075 0x13d8 SCardSvr - ok

    19:06:45.0106 0x13d8 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

    19:06:45.0153 0x13d8 scfilter - ok

    19:06:45.0200 0x13d8 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

    19:06:45.0278 0x13d8 Schedule - ok

    19:06:45.0325 0x13d8 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

    19:06:45.0325 0x13d8 SCPolicySvc - ok

    19:06:45.0372 0x13d8 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

    19:06:45.0418 0x13d8 SDRSVC - ok

    19:06:45.0450 0x13d8 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

    19:06:45.0450 0x13d8 secdrv - ok

    19:06:45.0481 0x13d8 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

    19:06:45.0512 0x13d8 seclogon - ok

    19:06:45.0543 0x13d8 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

    19:06:45.0543 0x13d8 SENS - ok

    19:06:45.0590 0x13d8 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

    19:06:45.0590 0x13d8 SensrSvc - ok

    19:06:45.0621 0x13d8 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

    19:06:45.0637 0x13d8 Serenum - ok

    19:06:45.0637 0x13d8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

    19:06:45.0637 0x13d8 Serial - ok

    19:06:45.0668 0x13d8 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

    19:06:45.0684 0x13d8 sermouse - ok

    19:06:45.0730 0x13d8 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

    19:06:45.0777 0x13d8 SessionEnv - ok

    19:06:45.0793 0x13d8 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

    19:06:45.0793 0x13d8 sffdisk - ok

    19:06:45.0808 0x13d8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

    19:06:45.0824 0x13d8 sffp_mmc - ok

    19:06:45.0855 0x13d8 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

    19:06:45.0902 0x13d8 sffp_sd - ok

    19:06:45.0949 0x13d8 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

    19:06:45.0949 0x13d8 sfloppy - ok

    19:06:46.0011 0x13d8 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys

    19:06:46.0090 0x13d8 Sftfs - ok

    19:06:46.0168 0x13d8 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

    19:06:46.0246 0x13d8 sftlist - ok

    19:06:46.0293 0x13d8 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys

    19:06:46.0355 0x13d8 Sftplay - ok

    19:06:46.0418 0x13d8 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys

    19:06:46.0465 0x13d8 Sftredir - ok

    19:06:46.0496 0x13d8 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys

    19:06:46.0558 0x13d8 Sftvol - ok

    19:06:46.0605 0x13d8 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

    19:06:46.0667 0x13d8 sftvsa - ok

    19:06:46.0730 0x13d8 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

    19:06:46.0745 0x13d8 SharedAccess - ok

    19:06:46.0823 0x13d8 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

    19:06:46.0855 0x13d8 ShellHWDetection - ok

    19:06:46.0886 0x13d8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

    19:06:46.0886 0x13d8 SiSRaid2 - ok

    19:06:46.0901 0x13d8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

    19:06:46.0917 0x13d8 SiSRaid4 - ok

    19:06:46.0964 0x13d8 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

    19:06:53.0969 0x13d8 SkypeUpdate - ok

    19:06:54.0000 0x13d8 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

    19:06:54.0000 0x13d8 Smb - ok

    19:06:54.0063 0x13d8 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

    19:06:54.0063 0x13d8 SNMPTRAP - ok

    19:06:54.0094 0x13d8 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

    19:06:54.0094 0x13d8 spldr - ok

    19:06:54.0250 0x13d8 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

    19:06:54.0375 0x13d8 Spooler - ok

    19:06:54.0624 0x13d8 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

    19:06:54.0718 0x13d8 sppsvc - ok

    19:06:54.0765 0x13d8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

    19:06:54.0780 0x13d8 sppuinotify - ok

    19:06:54.0827 0x13d8 [ 6FBEB99A5AB20BC6AD390BE2AA12CDF9 ] SpyroService C:\Program Files (x86)\FS\Spyro Portal\FlashPortal.exe

    19:06:54.0890 0x13d8 SpyroService - ok

    19:06:54.0936 0x13d8 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

    19:06:54.0999 0x13d8 srv - ok

    19:06:55.0094 0x13d8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

    19:06:55.0162 0x13d8 srv2 - ok

    19:06:55.0229 0x13d8 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

    19:06:55.0276 0x13d8 srvnet - ok

    19:06:55.0338 0x13d8 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

    19:06:55.0354 0x13d8 SSDPSRV - ok

    19:06:55.0401 0x13d8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

    19:06:55.0401 0x13d8 SstpSvc - ok

    19:06:55.0432 0x13d8 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

    19:06:55.0432 0x13d8 stexstor - ok

    19:06:55.0479 0x13d8 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

    19:06:55.0526 0x13d8 stisvc - ok

    19:06:55.0557 0x13d8 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

    19:06:55.0557 0x13d8 swenum - ok

    19:06:55.0619 0x13d8 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

    19:06:55.0635 0x13d8 swprv - ok

    19:06:55.0682 0x13d8 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

    19:06:55.0744 0x13d8 SynTP - ok

    19:06:55.0822 0x13d8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

    19:06:55.0869 0x13d8 SysMain - ok

    19:06:55.0900 0x13d8 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

    19:06:55.0947 0x13d8 TabletInputService - ok

    19:06:55.0994 0x13d8 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

    19:06:56.0040 0x13d8 TapiSrv - ok

    19:06:56.0072 0x13d8 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

    19:06:56.0072 0x13d8 TBS - ok

    19:06:56.0150 0x13d8 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

    19:06:56.0306 0x13d8 Tcpip - ok

    19:06:56.0368 0x13d8 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

    19:06:56.0384 0x13d8 TCPIP6 - ok

    19:06:56.0446 0x13d8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

    19:06:56.0493 0x13d8 tcpipreg - ok

    19:06:56.0571 0x13d8 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys

    19:06:56.0618 0x13d8 tdcmdpst - ok

    19:06:56.0649 0x13d8 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

    19:06:56.0664 0x13d8 TDPIPE - ok

    19:06:56.0727 0x13d8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

    19:06:56.0774 0x13d8 TDTCP - ok

    19:06:56.0836 0x13d8 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

    19:06:56.0883 0x13d8 tdx - ok

    19:06:57.0200 0x13d8 [ 1B43FDBFE5A98F6B3D90595C6B2E5277 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

    19:06:57.0262 0x13d8 TemproMonitoringService - ok

    19:06:57.0293 0x13d8 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

    19:06:57.0340 0x13d8 TermDD - ok

    19:06:57.0387 0x13d8 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

    19:06:57.0449 0x13d8 TermService - ok

    19:06:57.0496 0x13d8 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

    19:06:57.0496 0x13d8 Themes - ok

    19:06:57.0527 0x13d8 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

    19:06:57.0543 0x13d8 THREADORDER - ok

    19:06:57.0590 0x13d8 [ 28644B0523D64EFF2FC7312A2EE74B0A ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

    19:06:57.0652 0x13d8 TMachInfo - ok

    19:06:57.0699 0x13d8 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe

    19:06:57.0761 0x13d8 TODDSrv - ok

    19:06:57.0855 0x13d8 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

    19:06:57.0949 0x13d8 TosCoSrv - ok

    19:06:57.0995 0x13d8 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

    19:06:58.0011 0x13d8 TOSHIBA HDD SSD Alert Service - ok

    19:06:58.0027 0x13d8 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

    19:06:58.0042 0x13d8 TrkWks - ok

    19:06:58.0089 0x13d8 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

    19:06:58.0105 0x13d8 TrustedInstaller - ok

    19:06:58.0136 0x13d8 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

    19:06:58.0136 0x13d8 tssecsrv - ok

    19:06:58.0167 0x13d8 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

    19:06:58.0229 0x13d8 TsUsbFlt - ok

    19:06:58.0276 0x13d8 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

    19:06:58.0323 0x13d8 tunnel - ok

    19:06:58.0370 0x13d8 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS

    19:06:58.0417 0x13d8 TVALZ - ok

    19:06:58.0463 0x13d8 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

    19:06:58.0479 0x13d8 uagp35 - ok

    19:06:58.0510 0x13d8 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

    19:06:58.0573 0x13d8 udfs - ok

    19:06:58.0604 0x13d8 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

    19:06:58.0619 0x13d8 UI0Detect - ok

    19:06:58.0635 0x13d8 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

    19:06:58.0635 0x13d8 uliagpkx - ok

    19:06:58.0682 0x13d8 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

    19:06:58.0744 0x13d8 umbus - ok

    19:06:58.0775 0x13d8 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

    19:06:58.0775 0x13d8 UmPass - ok

    19:06:58.0822 0x13d8 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

    19:06:58.0838 0x13d8 upnphost - ok

    19:06:58.0885 0x13d8 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

    19:06:58.0931 0x13d8 USBAAPL64 - ok

    19:06:58.0978 0x13d8 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

    19:06:59.0025 0x13d8 usbaudio - ok

    19:06:59.0066 0x13d8 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

    19:06:59.0113 0x13d8 usbccgp - ok

    19:06:59.0144 0x13d8 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

    19:06:59.0144 0x13d8 usbcir - ok

    19:06:59.0175 0x13d8 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

    19:06:59.0222 0x13d8 usbehci - ok

    19:06:59.0253 0x13d8 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

    19:06:59.0316 0x13d8 usbhub - ok

    19:06:59.0331 0x13d8 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

    19:06:59.0378 0x13d8 usbohci - ok

    19:06:59.0409 0x13d8 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

    19:06:59.0409 0x13d8 usbprint - ok

    19:06:59.0425 0x13d8 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

    19:06:59.0425 0x13d8 USBSTOR - ok

    19:06:59.0487 0x13d8 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

    19:06:59.0550 0x13d8 usbuhci - ok

    19:06:59.0565 0x13d8 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

    19:06:59.0628 0x13d8 usbvideo - ok

    19:06:59.0643 0x13d8 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

    19:06:59.0675 0x13d8 UxSms - ok

    19:06:59.0690 0x13d8 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

    19:06:59.0690 0x13d8 VaultSvc - ok

    19:06:59.0784 0x13d8 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

    19:06:59.0799 0x13d8 vdrvroot - ok

    19:06:59.0831 0x13d8 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

    19:06:59.0909 0x13d8 vds - ok

    19:06:59.0955 0x13d8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

    19:06:59.0955 0x13d8 vga - ok

    19:06:59.0971 0x13d8 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

    19:06:59.0987 0x13d8 VgaSave - ok

    19:07:00.0049 0x13d8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

    19:07:00.0111 0x13d8 vhdmp - ok

    19:07:00.0127 0x13d8 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

    19:07:00.0127 0x13d8 viaide - ok

    19:07:00.0158 0x13d8 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

    19:07:00.0221 0x13d8 volmgr - ok

    19:07:00.0299 0x13d8 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

    19:07:00.0314 0x13d8 volmgrx - ok

    19:07:00.0377 0x13d8 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

    19:07:00.0377 0x13d8 volsnap - ok

    19:07:00.0455 0x13d8 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

    19:07:00.0455 0x13d8 vsmraid - ok

    19:07:01.0193 0x13d8 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

    19:07:01.0364 0x13d8 VSS - ok

    19:07:01.0411 0x13d8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

    19:07:01.0411 0x13d8 vwifibus - ok

    19:07:01.0442 0x13d8 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

    19:07:01.0442 0x13d8 vwififlt - ok

    19:07:01.0474 0x13d8 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

    19:07:01.0505 0x13d8 W32Time - ok

    19:07:01.0520 0x13d8 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

    19:07:01.0536 0x13d8 WacomPen - ok

    19:07:01.0567 0x13d8 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

    19:07:01.0645 0x13d8 WANARP - ok

    19:07:01.0661 0x13d8 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

    19:07:01.0661 0x13d8 Wanarpv6 - ok

    19:07:01.0801 0x13d8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

    19:07:01.0973 0x13d8 WatAdminSvc - ok

    19:07:02.0035 0x13d8 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

    19:07:02.0129 0x13d8 wbengine - ok

    19:07:02.0176 0x13d8 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

    19:07:02.0191 0x13d8 WbioSrvc - ok

    19:07:02.0222 0x13d8 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

    19:07:02.0363 0x13d8 wcncsvc - ok

    19:07:02.0441 0x13d8 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

    19:07:02.0441 0x13d8 WcsPlugInService - ok

    19:07:02.0488 0x13d8 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

    19:07:02.0503 0x13d8 Wd - ok

    19:07:02.0597 0x13d8 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

    19:07:02.0722 0x13d8 Wdf01000 - ok

    19:07:02.0800 0x13d8 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

    19:07:02.0815 0x13d8 WdiServiceHost - ok

    19:07:02.0815 0x13d8 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

    19:07:02.0815 0x13d8 WdiSystemHost - ok

    19:07:02.0846 0x13d8 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

    19:07:02.0893 0x13d8 WebClient - ok

    19:07:02.0924 0x13d8 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

    19:07:02.0940 0x13d8 Wecsvc - ok

    19:07:02.0971 0x13d8 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

    19:07:02.0971 0x13d8 wercplsupport - ok

    19:07:03.0002 0x13d8 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

    19:07:03.0002 0x13d8 WerSvc - ok

    19:07:03.0049 0x13d8 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

    19:07:03.0049 0x13d8 WfpLwf - ok

    19:07:03.0085 0x13d8 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

    19:07:03.0085 0x13d8 WIMMount - ok

    19:07:03.0132 0x13d8 WinDefend - ok

    19:07:03.0132 0x13d8 WinHttpAutoProxySvc - ok

    19:07:03.0195 0x13d8 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

    19:07:03.0210 0x13d8 Winmgmt - ok

    19:07:03.0475 0x13d8 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

    19:07:03.0569 0x13d8 WinRM - ok

    19:07:03.0647 0x13d8 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

    19:07:03.0694 0x13d8 WinUsb - ok

    19:07:03.0787 0x13d8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

    19:07:03.0819 0x13d8 Wlansvc - ok

    19:07:03.0928 0x13d8 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

    19:07:04.0099 0x13d8 wlidsvc - ok

    19:07:04.0146 0x13d8 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

    19:07:04.0162 0x13d8 WmiAcpi - ok

    19:07:04.0209 0x13d8 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

    19:07:04.0224 0x13d8 wmiApSrv - ok

    19:07:04.0240 0x13d8 WMPNetworkSvc - ok

    19:07:04.0255 0x13d8 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

    19:07:04.0271 0x13d8 WPCSvc - ok

    19:07:04.0318 0x13d8 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

    19:07:04.0318 0x13d8 WPDBusEnum - ok

    19:07:04.0349 0x13d8 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

    19:07:04.0349 0x13d8 ws2ifsl - ok

    19:07:04.0365 0x13d8 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

    19:07:04.0380 0x13d8 wscsvc - ok

    19:07:04.0380 0x13d8 WSearch - ok

    19:07:04.0474 0x13d8 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

    19:07:04.0521 0x13d8 wuauserv - ok

    19:07:04.0567 0x13d8 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

    19:07:04.0567 0x13d8 WudfPf - ok

    19:07:04.0599 0x13d8 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

    19:07:04.0614 0x13d8 WUDFRd - ok

    19:07:04.0661 0x13d8 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

    19:07:04.0677 0x13d8 wudfsvc - ok

    19:07:04.0692 0x13d8 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

    19:07:04.0739 0x13d8 WwanSvc - ok

    19:07:04.0801 0x13d8 ================ Scan global ===============================

    19:07:04.0833 0x13d8 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

    19:07:04.0879 0x13d8 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

    19:07:04.0895 0x13d8 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

    19:07:04.0942 0x13d8 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

    19:07:05.0082 0x13d8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

    19:07:05.0098 0x13d8 [Global] - ok

    19:07:05.0098 0x13d8 ================ Scan MBR ==================================

    19:07:05.0129 0x13d8 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

    19:07:05.0535 0x13d8 \Device\Harddisk0\DR0 - ok

    19:07:05.0535 0x13d8 ================ Scan VBR ==================================

    19:07:05.0566 0x13d8 [ 172BF3F1C1BD4CDF14EEF3ABFCEA5E84 ] \Device\Harddisk0\DR0\Partition1

    19:07:05.0566 0x13d8 \Device\Harddisk0\DR0\Partition1 - ok

    19:07:05.0597 0x13d8 [ 68940DA91F4F91D95BE816D03B3032C6 ] \Device\Harddisk0\DR0\Partition2

    19:07:05.0597 0x13d8 \Device\Harddisk0\DR0\Partition2 - ok

    19:07:05.0597 0x13d8 ============================================================

    19:07:05.0597 0x13d8 Scan finished

    19:07:05.0597 0x13d8 ============================================================

    19:07:05.0628 0x1210 Detected object count: 0

    19:07:05.0628 0x1210 Actual detected object count: 0



    #10 amedcalf

    amedcalf
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:08:28 AM

    Posted 30 August 2013 - 01:36 PM

    Result for ComboFix

     

     

    ComboFix 13-08-30.01 - Allan 30/08/2013  19:16:30.1.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2940.1652 [GMT 1:00]
    Running from: c:\users\Allan\Desktop\etavaresCF.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc10A5.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc149A.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc171.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc191C.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1E3B.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FEC.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2165.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc21A3.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc246D.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2746.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc279F.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc27DB.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2AAA.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2F20.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc33B0.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc389D.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3B60.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3D32.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E7.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4173.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4218.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4394.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc474B.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4977.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4B18.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4DD3.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4E4F.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5274.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc532F.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc53CB.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc54B5.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc559F.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc566A.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5734.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc59D3.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5B98.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5DFC.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5E37.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc629C.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc644E.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc65F5.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc661A.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A09.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6B8F.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6DBE.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6DD0.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70DC.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70FB.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7247.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7281.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75A2.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75BC.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77A3.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80B0.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc80D3.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc81AE.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8325.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc834F.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc848B.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8721.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc89C.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9000.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc900C.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc909C.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc94ED.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc99DB.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9C8D.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9FF7.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA28C.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA332.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA6F9.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA836.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E6.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC89.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB171.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB29C.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB6F4.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB864.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB95.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB9FD.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB44.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCF9.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD2D.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBDD6.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC03.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC243.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC774.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC7D2.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC89D.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCD14.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE67.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD01.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD20F.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3D5.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD5B6.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD817.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD819.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE62.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDEBB.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDF27.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE15A.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEE84.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9DD.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAE.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD73.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFDB0.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFE7B.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEBB.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFEF8.tmp
    c:\users\Allan\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF24.tmp
    c:\users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1FC8.tmp
    c:\users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2BA6.tmp
    c:\users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9897.tmp
    c:\users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD3D3.tmp
    c:\users\Jack\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD874.tmp
    c:\users\Public\sdelevURL.tmp
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_pcCMService
    .
    .
    (((((((((((((((((((((((((   Files Created from 2013-07-28 to 2013-08-30  )))))))))))))))))))))))))))))))
    .
    .
    2013-08-29 20:54 . 2013-08-29 20:54 -------- d-----w- c:\programdata\IObit
    2013-08-28 19:57 . 2013-08-28 19:57 -------- d-----w- C:\FRST
    2013-08-27 17:20 . 2013-08-27 17:20 -------- d-----w- c:\users\Allan\.MinecraftStructurePlanner
    2013-08-24 20:33 . 2013-03-12 08:27 93976 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppluginrichmediaplayer.dll
    2013-08-24 20:15 . 2013-08-24 20:15 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2013-08-24 20:15 . 2013-08-24 20:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2013-08-24 20:15 . 2013-08-24 20:15 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
    2013-08-14 07:37 . 2013-07-09 05:51 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
    2013-08-14 07:37 . 2013-07-09 04:52 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
    2013-08-14 07:37 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-08-14 07:37 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
    2013-08-14 07:37 . 2013-07-09 05:46 1472512 ----a-w- c:\windows\system32\crypt32.dll
    2013-08-14 07:37 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
    2013-08-14 07:37 . 2013-07-09 04:52 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
    2013-08-14 07:37 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
    2013-08-14 07:37 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-08-14 07:37 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2013-08-14 07:37 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2013-08-14 07:37 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2013-08-14 07:36 . 2013-07-19 01:58 2048 ----a-w- c:\windows\system32\tzres.dll
    2013-08-14 07:36 . 2013-07-19 01:41 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2013-08-14 07:36 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-08-14 07:36 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-08-14 07:36 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll
    2013-08-14 07:36 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-08-14 07:36 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll
    2013-08-14 07:36 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
    2013-08-14 07:36 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-08-14 07:35 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-08-14 07:35 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-08-14 07:35 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-08-14 07:35 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-08-14 07:35 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
    2013-08-14 07:35 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-08-12 20:07 . 2013-08-12 20:16 -------- d-----w- c:\users\Administrator
    2013-08-12 09:56 . 2013-08-14 13:27 -------- d-----w- c:\users\Jack
    2013-08-11 22:21 . 2013-08-11 22:21 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
    2013-08-07 23:00 . 2013-08-07 23:00 -------- d-----w- c:\users\Allan\AppData\Roaming\TuneUp Software
    2013-08-07 23:00 . 2013-08-07 23:00 -------- d-----w- c:\programdata\TuneUp Software
    2013-08-07 23:00 . 2013-08-07 23:00 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
    2013-08-07 23:00 . 2013-08-07 23:00 -------- d--h--w- c:\programdata\Common Files
    2013-08-07 22:59 . 2013-08-24 20:32 -------- d-----w- c:\users\Allan\AppData\Roaming\OpenCandy
    2013-08-07 22:59 . 2013-08-07 23:00 -------- d-----w- c:\program files (x86)\DVDVideoSoft
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-08-14 08:12 . 2013-02-09 13:59 78161360 ----a-w- c:\windows\system32\MRT.exe
    2013-08-12 17:53 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
    2013-08-12 17:53 . 2009-08-18 10:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-07-15 17:50 . 2013-02-08 23:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-07-09 04:45 . 2013-08-14 07:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-07-02 20:12 . 2013-07-02 20:12 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-07-02 20:12 . 2013-07-02 20:12 226304 ----a-w- c:\windows\system32\elshyph.dll
    2013-07-02 20:12 . 2013-07-02 20:12 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-07-02 20:12 . 2013-07-02 20:12 158720 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-07-02 20:12 . 2013-07-02 20:12 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-07-02 20:12 . 2013-07-02 20:12 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-07-02 20:12 . 2013-07-02 20:12 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-07-02 20:12 . 2013-07-02 20:12 138752 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-07-02 20:12 . 2013-07-02 20:12 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-07-02 20:12 . 2013-07-02 20:12 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-07-02 20:12 . 2013-07-02 20:12 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-07-02 20:12 . 2013-07-02 20:12 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-07-02 20:12 . 2013-07-02 20:12 12800 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-07-02 20:12 . 2013-07-02 20:12 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-07-02 20:12 . 2013-07-02 20:12 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-07-02 20:12 . 2013-07-02 20:12 361984 ----a-w- c:\windows\SysWow64\html.iec
    2013-07-02 20:12 . 2013-07-02 20:12 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-07-02 20:12 . 2013-07-02 20:12 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-07-02 20:12 . 2013-07-02 20:12 197120 ----a-w- c:\windows\system32\msrating.dll
    2013-07-02 20:12 . 2013-07-02 20:12 216064 ----a-w- c:\windows\system32\msls31.dll
    2013-07-02 20:12 . 2013-07-02 20:12 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2013-07-02 20:12 . 2013-07-02 20:12 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-07-02 20:12 . 2013-07-02 20:12 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-07-02 20:12 . 2013-07-02 20:12 762368 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-07-02 20:12 . 2013-07-02 20:12 599552 ----a-w- c:\windows\system32\vbscript.dll
    2013-07-02 20:12 . 2013-07-02 20:12 452096 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-07-02 20:12 . 2013-07-02 20:12 441856 ----a-w- c:\windows\system32\html.iec
    2013-07-02 20:12 . 2013-07-02 20:12 281600 ----a-w- c:\windows\system32\dxtrans.dll
    2013-07-02 20:12 . 2013-07-02 20:12 27648 ----a-w- c:\windows\system32\licmgr10.dll
    2013-07-02 20:12 . 2013-07-02 20:12 270848 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-07-02 20:12 . 2013-07-02 20:12 247296 ----a-w- c:\windows\system32\webcheck.dll
    2013-07-02 20:12 . 2013-07-02 20:12 235008 ----a-w- c:\windows\system32\url.dll
    2013-07-02 20:12 . 2013-07-02 20:12 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-07-02 20:12 . 2013-07-02 20:12 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-07-02 20:12 . 2013-07-02 20:12 144896 ----a-w- c:\windows\system32\wextract.exe
    2013-07-02 20:12 . 2013-07-02 20:12 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-07-02 20:12 . 2013-07-02 20:12 102912 ----a-w- c:\windows\system32\inseng.dll
    2013-07-02 20:12 . 2013-07-02 20:12 62976 ----a-w- c:\windows\system32\pngfilt.dll
    2013-07-02 20:12 . 2013-07-02 20:12 173568 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-07-02 20:12 . 2013-07-02 20:12 149504 ----a-w- c:\windows\system32\occache.dll
    2013-07-02 20:12 . 2013-07-02 20:12 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-07-02 20:12 . 2013-07-02 20:12 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-07-02 20:12 . 2013-07-02 20:12 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-07-02 20:12 . 2013-07-02 20:12 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-07-02 20:12 . 2013-07-02 20:12 51200 ----a-w- c:\windows\system32\imgutil.dll
    2013-07-02 20:12 . 2013-07-02 20:12 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-07-02 20:12 . 2013-07-02 20:12 136192 ----a-w- c:\windows\system32\iepeers.dll
    2013-07-02 20:12 . 2013-07-02 20:12 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-07-02 20:12 . 2013-07-02 20:12 12800 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-06-26 21:31 . 2013-06-26 21:31 972712 ----a-w- c:\windows\system32\deployJava1.dll
    2013-06-26 21:31 . 2013-06-26 21:31 312232 ----a-w- c:\windows\system32\javaws.exe
    2013-06-26 21:31 . 2013-06-26 21:31 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
    2013-06-26 21:31 . 2013-06-26 21:31 189352 ----a-w- c:\windows\system32\javaw.exe
    2013-06-26 21:31 . 2013-06-26 21:31 188840 ----a-w- c:\windows\system32\java.exe
    2013-06-26 21:31 . 2013-06-26 21:31 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2013-06-11 19:02 . 2013-02-08 23:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-05 03:34 . 2013-07-11 22:04 3153920 ----a-w- c:\windows\system32\win32k.sys
    2013-06-04 06:00 . 2013-07-11 22:04 624128 ----a-w- c:\windows\system32\qedit.dll
    2013-06-04 04:53 . 2013-07-11 22:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 6581488]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
    "NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 958576]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
    "SS_MW"="c:\program files (x86)\Radica\Stylin' Studio\SS_MW.exe" [2008-04-25 524288]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
    .
    c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
    .
    c:\users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
    .
    c:\users\Allan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
    R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe;c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
    S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]
    S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
    S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
    S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 SpyroService;Spyro Portal Service;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe;c:\program files (x86)\FS\Spyro Portal\FlashPortal.exe [x]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
    S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    *Deregistered* - mfeavfk01
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-08-23 07:35 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-08 17:50]
    .
    2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 22:23]
    .
    2013-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-26 22:23]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]
    "Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-02-12 136136]
    "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2011-05-26 2821808]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: {{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - {A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - c:\users\Allan\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll
    IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.254 192.168.1.254
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{A7DF592F-6E2A-45C4-9A87-4BD217D714ED} - c:\users\Allan\AppData\Local\Rich Media Player\BrowserExtensions\IE\RichMediaDownloader.dll
    BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
    BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
    HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    AddRemove-Game Booster_is1 - c:\program files (x86)\IObit\Game Booster 3\unins000.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    .
    **************************************************************************
    .
    Completion time: 2013-08-30  19:33:46 - machine was rebooted
    ComboFix-quarantined-files.txt  2013-08-30 18:33
    .
    Pre-Run: 48,179,449,856 bytes free
    Post-Run: 48,253,472,768 bytes free
    .
    - - End Of File - - EC9A7A56CAA483738DCF499820CC2ACD
    A36C5E4F47E84449FF07ED3517B43A31
     



    #11 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:28 AM

    Posted 30 August 2013 - 03:18 PM

    Hello, amedcalf.
     
    Looking better...how is your computer running?  We'll do two more scans to confirm you are clean, then we'll clean up our tools in the final post.
     
     
    Trusted Zone Warning
     
    Having trusted sites may not be a good idea.  The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?
     
    It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.
     
    They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.
     
     
     
    Step 1
     
    Please download Malwarebytes Anti-Malware and save it to your desktop.
     
    MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
  • Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
     
     
     
    Step 2
     
    I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  •  
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #12 amedcalf

    amedcalf
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:08:28 AM

    Posted 31 August 2013 - 03:12 AM

    Hi etavares,

     

    Computer seems a lot better now, internet still slow when loading IE, just need to get rid of items no required :)

     

    MBAM results as below -

     

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.08.31.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16660
    Allan :: ALLAN-TOSH [administrator]

    Protection: Enabled

    31/08/2013 08:57:55
    mbam-log-2013-08-31 (08-57-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 300433
    Time elapsed: 9 minute(s), 19 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 6
    HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178} (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 8
    C:\Users\Allan\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\OpenCandy\2F9C44B5FF0B41BF83CDF59DDB8A7B6D (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\OpenCandy\33F9B6E7A57B418E8764486D5AB97200 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\OpenCandy\6D3BAF1B7D17447893A8680BD6C46AF1 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

    Files Detected: 8
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\OpenCandy\6D3BAF1B7D17447893A8680BD6C46AF1\Deltabar_p1v6.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\OpenCandy\2F9C44B5FF0B41BF83CDF59DDB8A7B6D\TuneUpUtilities2013-2200340-p3v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
    C:\Users\Allan\AppData\Roaming\OpenCandy\2F9C44B5FF0B41BF83CDF59DDB8A7B6D\TuneUpUtilities2013-2200340_en-GB.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

    (end)



    #13 amedcalf

    amedcalf
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:08:28 AM

    Posted 31 August 2013 - 08:31 AM

    ESET Scan results -

     

    C:\Users\Allan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\621c4567-11e7cf04 a variant of Win32/Kryptik.BIWV trojan cleaned by deleting - quarantined
    C:\Users\Allan\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\41ae1fef-52e19ccb Java/Exploit.Agent.PLC trojan cleaned by deleting - quarantined
     

     

     

    I appreciate all your help with this.



    #14 etavares

    etavares

      Bleepin' Remover


    • Malware Response Team
    • 15,514 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:04:28 AM

    Posted 01 September 2013 - 07:02 PM

    Hello, amedcalf.
     
    Ok, good news.  Your log appears clean.  Let's clean up our mess.  If your computer is running well; please do the steps listed below.  At the end, I've also listed a few completely optional things you can do to further secure your computer.  Safe surfing!
     
     
     
    Step 1
     
     
     
    Uninstall ComboFix and Clean Up
    Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall)  See below:
    CF_Uninstall-1.jpg
    Please advise if this step is missed for any reason as it performs some important actions.
     
    Download and Run OTC
     
    We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • If that link doesn't work, try this one.
  • Double click OTC_Icon.jpgicon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
  •  
    If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it.  See the instructions here to do so.
     
     
    Optional Items
     
    Please take the time to read below to secure your machine and take the necessary steps to keep it that way.
     
     
    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.  If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware
     
    Protect yourself from malicious sites
     
    The HOSTS file can protect you from connecting to bad sites.  See The Hosts File and what it can do for you for more background.
     
     
     
     
    Keep Windows Up to Date
    It is important that you visit http://www.windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
     
     
     
    Update your AntiVirus Software
     
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.  If you use a commercial antivirus program you must make sure you keep renewing your subscription.  Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.
     
     
    Make sure your applications have all of their updates
     
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.  Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.  You can check these by visiting Secunia Software Inspector and Calendar of Updates.
     
     
     
     
     
     
    Update all these programs regularly
    Make sure you update all your programs regularly.  Without regular updates you WILL NOT be protected when new malicious programs are released.  You can use Secunia PSI to keep track of necessary updates. It can run in the background and constantly monitor your software; although I just run it once a week manually.  It will alert you when an update is available for a variety of software.  It is very useful.
     
    Follow this list and your potential for being infected again will reduce dramatically.
     
    Good luck!
     
    etavares


    If I don't respond within 2 days, please feel free to PM me.
    Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

    Posted Image
    Unified Network of Instructors and Trusted Eliminators
     


    #15 amedcalf

    amedcalf
    • Topic Starter

    • Members
    • 52 posts
    • OFFLINE
    •  
    • Local time:08:28 AM

    Posted 02 September 2013 - 02:30 PM

    Thanks for all your help with this, my computer is running so much better.

     

    Just need to wait so I can sign up and take the course to help others like you have taken the time to help me.

     

    Thank you

     

    Allan






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users