Jump to content


Photo
- - - - -

Virus- Purchased Pro- Can't find it


  • This topic is locked This topic is locked
15 replies to this topic

#1 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 May 2012 - 05:16 PM

I have followed the instructions and attached my logs.

Brief rundown of the situation. Caught some viruses/trojans and Malwarebytes found a removed a few with quick, full, and flash scans in safe mode. But I'm still infected. I get multiple iexplorer.exe applications running, one of which is currently taking up about 800,000 K of memory and 50% CPU. I don't even use internet explorer. I have tried closing it, but it comes back up. All day, I see Malwarebytes saying it has blocked outgoing transmissions from iexplore.exe.

My scans now find nothing but I'm still infected. If its any use, I'll also note that I had downloaded Prevx 3.0 and it found a trojan in the registry and another virus I forgot the name of. But it wanted me to purchase it to remove the two.

Sorry if this sounds weird, I am a little bit technically proficient, but not the most, so you'll have to excuse my questions.

Please help me remove this.

Attached Files



#2 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 May 2012 - 05:52 PM

I read in the other topics that you want the logs copy/pasted so I pasted Attach.txt first, followed by DDS.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 6/26/2009 6:27:51 PM
System Uptime: 5/8/2012 3:25:09 AM (14 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™2 Duo CPU T6400 @ 2.00GHz | CPU | 1200/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 289 GiB total, 81.27 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.3.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
BitTorrent
Camera Assistant Software for Toshiba
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Dutch
CCC Help English
CCC Help French
CCC Help German
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Swedish
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
CyberLink PowerCinema for TOSHIBA
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DivX Setup
DVD MovieFactory for TOSHIBA
Google Chrome
Google Earth Plug-in
Google Update Helper
Grand Theft Auto IV
Haali Media Splitter
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java™ 6 Update 29
Java™ 6 Update 6
Lexmark 2600 Series
Logitech Desktop Messenger
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
OpenOffice.org 3.1
QuickTime
REA's TESTware for the CLEP Macroeconomics
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Sid Meier's Civilization 4 Complete
Sid Meier's Civilization IV Colonization
Skins
Skype Toolbars
Skype™ 5.1
System Requirements Lab for Intel
Toshiba Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA PowerCinema Helper
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
VLC media player 0.9.9
Webroot Software
Windows Media Encoder 9 Series
Windows Media Player Firefox Plugin
WinRAR archiver
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/8/2012 10:23:34 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0022FA1DAF84 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/8/2012 1:21:18 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 172.24.60.79 for the Network Card with network address 0022FA1DAF84 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/7/2012 8:58:21 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.3 for the Network Card with network address 0022FA1DAF84 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/7/2012 2:57:42 PM, Error: Service Control Manager [7022] - The Client Virtualization Handler service hung on starting.
5/6/2012 5:46:46 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0022FA1DAF84 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/6/2012 3:13:31 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0022FA1DAF84 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/6/2012 10:12:20 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer VAIO that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E1530AD4-89EB-473E-B25A-44A4BD9E3D46}. The master browser is stopping or an election is being forced.
5/2/2012 2:03:47 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.4 for the Network Card with network address 0022FA1DAF84 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
5/1/2012 5:29:51 PM, Error: Microsoft-Windows-Windows Defender [2004] - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x8050a001 Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support. Signatures loading: Backup Loading signature version: 1.125.146.0 Loading engine version: 1.1.8202.0
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19222 BrowserJavaVersion: 1.6.0_29
Run by User at 17:00:57 on 2012-05-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.901 [GMT -5:00]
.
AV: Webroot Internet Security Essentials *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Webroot Internet Security Essentials *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223}
FW: Webroot Internet Security Essentials *Enabled* {6B1A9CB4-465E-94AA-C8FA-DF5405F1CFE5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxdncoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\RAVCpl64.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\PROGRA~2\Webroot\Security\Current\Plugins\cleanup\WRCLEA~1.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll
mWinlogon: Userinit=userinit.exe,
BHO: MRI_DISABLED - No File
BHO: Symantec Intrusion Prevention - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: WebrootBHO Class: {d93ec24d-8741-4d41-b83d-a5793b998416} - C:\Program Files (x86)\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Webroot Browser Helper Object: {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB: Webroot Toolbar: {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Sidebar] "C:\Program Files\Windows Sidebar\Sidebar.exe" /autorun
uRun: [RGSC] "C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" /silent
uRun: [LDM] C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
uRun: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Askcom] "RUNDLL32.EXE" C:\Users\User\AppData\Local\Askcom\pjqdogmn.dll,UpdateWindowDlg
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
mRun: [NDSTray.exe] NDSTray.exe
mRun: [cfFncEnabler.exe] cfFncEnabler.exe
mRun: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [lxdnmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\User\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9516A354-494B-4EC5-9320-4E0C164EEFD6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E1530AD4-89EB-473E-B25A-44A4BD9E3D46} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: MRI_DISABLED - No File
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: WebrootBHO Class: {D93EC24D-8741-4D41-B83D-A5793B998416} - C:\Program Files (x86)\Webroot\Security\current\plugins\browserextension\WebrootBHO.dll
BHO-X64: WRCommonBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Webroot Browser Helper Object: {e08861fe-8847-4b2a-8ec2-08edb20e4020} - C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
BHO-X64: Webroot Browser Helper Object - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll
TB-X64: Webroot Toolbar: {d84a64a0-f2b2-4975-b264-3a3bce8d57d6} - C:\Program Files (x86)\Webroot\Security\current\products\WISE\toolbar\LPBar.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [NDSTray.exe] NDSTray.exe
mRun-x64: [cfFncEnabler.exe] cfFncEnabler.exe
mRun-x64: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun-x64: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
mRun-x64: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [lxdnmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2600 Series\ezprint.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\extensions\{7a2cadc6-0db8-43bb-a6e4-9d8bda6a254f}\platform\WINNT_x86-msvc\components\wrxpcom.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Users\User\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 pwipf6;Privacyware Filter Driver;C:\Windows\system32\DRIVERS\pwipf6.sys --> C:\Windows\system32\DRIVERS\pwipf6.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 lxdn_device;lxdn_device;C:\Windows\system32\lxdncoms.exe -service --> C:\Windows\system32\lxdncoms.exe -service [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-1 654408]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 ssfmonm;ssfmonm;C:\Windows\system32\DRIVERS\ssfmonm.sys --> C:\Windows\system32\DRIVERS\ssfmonm.sys [?]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\Security\Current\Plugins\AntiMalware\AEI.exe [2010-9-9 3872776]
R2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [2010-8-26 3066528]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETwNv64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETwNv64.sys --> C:\Windows\system32\DRIVERS\NETwNv64.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CSIScanner;CSIScanner;"C:\Program Files\Prevx\prevx.exe" /service --> C:\Program Files\Prevx\prevx.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 129976]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFProcSRVC.exe [2008-6-27 36864]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2008-7-10 40960]
S4 KR10I64;KR10I64;C:\Windows\system32\drivers\kr10i64.sys --> C:\Windows\system32\drivers\kr10i64.sys [?]
S4 KR10N64;KR10N64;C:\Windows\system32\drivers\kr10n64.sys --> C:\Windows\system32\drivers\kr10n64.sys [?]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S4 SmartFaceVWatchSrv;SmartFaceVWatchSrv;C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [2008-4-24 84992]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2008-8-14 46392]
S4 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-3 175104]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-07 21:13:11 62976 ----a-w- C:\Windows\SysWow64\PxSecure.dll-93833634
2012-05-05 18:37:29 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-05 18:37:22 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 18:37:22 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-04 06:53:59 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{31B79148-1ADB-4433-A1E3-6E50B6D6819F}\mpengine.dll
2012-05-01 22:41:37 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-05-01 22:12:19 -------- d--h--w- C:\ProgramData\Common Files
2012-05-01 22:08:38 -------- d-----w- C:\ProgramData\MFAData
2012-04-26 22:36:39 -------- d-----w- C:\Users\User\AppData\Local\{4A48DC53-8FF0-11E1-826D-B8AC6F996F26}
2012-04-26 22:36:39 -------- d-----w- C:\Users\User\AppData\Local\{4A48A885-8FF0-11E1-826D-B8AC6F996F26}
2012-04-24 00:34:54 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-04-24 00:34:50 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-24 00:34:49 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-12 08:08:02 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 08:06:32 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 08:06:32 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 08:06:32 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 08:06:32 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 08:06:32 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 08:06:32 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 08:06:32 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
.
==================== Find3M ====================
.
2012-02-28 11:30:48 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 11:25:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-02-28 11:25:17 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 11:25:03 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2012-02-28 11:25:03 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2012-02-28 10:07:57 385024 ----a-w- C:\Windows\SysWow64\html.iec
2012-02-28 08:12:52 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-02-28 08:08:30 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-28 06:34:19 1147392 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:30:31 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2012-02-28 06:30:17 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:30:01 77312 ----a-w- C:\Windows\System32\iesetup.dll
2012-02-28 06:30:01 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2012-02-28 05:41:20 479232 ----a-w- C:\Windows\System32\html.iec
2012-02-28 05:00:09 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-02-28 04:58:53 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-14 17:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2010-09-10 04:52:04 7089544 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
.
============= FINISH: 17:03:17.52 ===============

#3 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 May 2012 - 12:52 AM

My topic has fallen off the page. Anybody?

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 05:40 AM

Welcome to the forum.

Before we proceed further, please uninstall BitTorrent and any other peer-to-peer filesharing app.
Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against our policy:
http://forums.malwar...showtopic=97700

----------------------------------------

Please also uninstall these from your control panels add/remove programs:
Ask Toolbar
Ask Toolbar Updater
Java™ 6 Update 6


--------------------------------------

You have out date Java on the system, older versions are vulnerable to malware.

Java™ 6 Update 29 <----should be 32

Please go to your control panel > Java > Update Tab > Update Now
Here's the Java Update info:

Posted Image

http://www.java.com/...d/installed.jsp <---verify your Java

-------------------------------------

Next......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system (don't run any other options, they're not all bad!)
Post back the report.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 May 2012 - 05:18 PM

I have removed Bittorent, Ask Toolbar, Ask Toolbar Updater, and Java 6 Update 6. Unfortunately I must have messed something up with Java and it wouldn't let me update, so I went and tried to download the version you told me (Java 6 Update 32), but it wouldn't work, so instead I downloaded the "lastest version" according to the Java website, which was Java 7 Update 4. Is this a problem?

Also my situation has deteriorated and Task Manager is now showing 11 iexplore.exe processes open, when it used to show only 2. Also, Firefox and Chrome would not allow me to open this forum or malwarebytes.org. Anyway I downloaded RogueKiller and here is the log:

RogueKiller V7.4.4 [05/08/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: User [Admin rights]
Mode: Scan -- Date: 05/09/2012 17:06:05

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] bimys.exe -- C:\Users\User\AppData\Roaming\Ikils\bimys.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Askcom ("RUNDLL32.EXE" C:\Users\User\AppData\Local\Askcom\pjqdogmn.dll,UpdateWindowDlg) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Keeqnyr (C:\Users\User\AppData\Roaming\Ikils\bimys.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1495340077-3318051157-4031678959-1000[...]\Run : Askcom ("RUNDLL32.EXE" C:\Users\User\AppData\Local\Askcom\pjqdogmn.dll,UpdateWindowDlg) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1495340077-3318051157-4031678959-1000[...]\Run : Keeqnyr (C:\Users\User\AppData\Roaming\Ikils\bimys.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVS-26VAT0 +++++
--- User ---
[MBR] bb3a41f32da03fc492aa2de0e48477d5
[BSP] ae587c3a91ec2690d12d86766f23480d : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 295622 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 608507904 | Size: 8122 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 05:27 PM

OK, run RogueKiller again and click Scan
When the scan completes > click on the Bad processes tab
Put a check next to all of these and uncheck the rest:

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] bimys.exe -- C:\Users\User\AppData\Roaming\Ikils\bimys.exe -> KILLED [TermProc]




Now click Delete on the left hand column.

---------------------

Repeat the process for these
Click on the Registry Entries > put a check next to these and uncheck the rest
Click on Delete

¤¤¤ Registry Entries: 8 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Askcom ("RUNDLL32.EXE" C:\Users\User\AppData\Local\Askcom\pjqdogmn.dll,UpdateWindowDlg) -> FOUND
[SUSP PATH] HKCU\[...]\Run : Keeqnyr (C:\Users\User\AppData\Roaming\Ikils\bimys.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1495340077-3318051157-4031678959-1000[...]\Run : Askcom ("RUNDLL32.EXE" C:\Users\User\AppData\Local\Askcom\pjqdogmn.dll,UpdateWindowDlg) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1495340077-3318051157-4031678959-1000[...]\Run : Keeqnyr (C:\Users\User\AppData\Roaming\Ikils\bimys.exe) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


-----------------------------

Then..........


Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:


If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 May 2012 - 05:55 PM

First I will say it's worth noting that RogueKiller did not remove ProxyIE under the Proxy tab, but I did delete the rest as you asked.

Other than that, I created the restore point and downloaded and ran Kapersky, and it found 7 threats, but they were all UnsignedFile.MultiGeneric so I pressed Skip for all of them.

Here is the log:

17:45:07.0944 5212 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:45:09.0963 5212 ============================================================
17:45:09.0963 5212 Current date / time: 2012/05/09 17:45:09.0963
17:45:09.0963 5212 SystemInfo:
17:45:09.0964 5212
17:45:09.0964 5212 OS Version: 6.0.6002 ServicePack: 2.0
17:45:09.0964 5212 Product type: Workstation
17:45:09.0964 5212 ComputerName: USER-PC
17:45:09.0964 5212 UserName: User
17:45:09.0964 5212 Windows directory: C:\Windows
17:45:09.0964 5212 System windows directory: C:\Windows
17:45:09.0964 5212 Running under WOW64
17:45:09.0964 5212 Processor architecture: Intel x64
17:45:09.0964 5212 Number of processors: 2
17:45:09.0964 5212 Page size: 0x1000
17:45:09.0964 5212 Boot type: Normal boot
17:45:09.0964 5212 ============================================================
17:45:10.0893 5212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:45:10.0901 5212 ============================================================
17:45:10.0901 5212 \Device\Harddisk0\DR0:
17:45:10.0901 5212 MBR partitions:
17:45:10.0901 5212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x24163000
17:45:10.0901 5212 ============================================================
17:45:10.0931 5212 C: <-> \Device\Harddisk0\DR0\Partition0
17:45:10.0931 5212 ============================================================
17:45:10.0931 5212 Initialize success
17:45:10.0931 5212 ============================================================
17:46:17.0615 6244 ============================================================
17:46:17.0615 6244 Scan started
17:46:17.0615 6244 Mode: Manual;
17:46:17.0615 6244 ============================================================
17:46:18.0084 6244 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:46:18.0095 6244 ACPI - ok
17:46:18.0207 6244 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:46:18.0251 6244 adp94xx - ok
17:46:18.0347 6244 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:46:18.0379 6244 adpahci - ok
17:46:18.0417 6244 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:46:18.0431 6244 adpu160m - ok
17:46:18.0481 6244 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:46:18.0524 6244 adpu320 - ok
17:46:18.0569 6244 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
17:46:18.0571 6244 AeLookupSvc - ok
17:46:18.0647 6244 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
17:46:18.0666 6244 AFD - ok
17:46:18.0720 6244 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
17:46:18.0722 6244 AgereModemAudio - ok
17:46:18.0875 6244 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
17:46:18.0936 6244 AgereSoftModem - ok
17:46:18.0965 6244 Scan interrupted by user!
17:46:18.0965 6244 Scan interrupted by user!
17:46:18.0965 6244 Scan interrupted by user!
17:46:18.0965 6244 ============================================================
17:46:18.0965 6244 Scan finished
17:46:18.0965 6244 ============================================================
17:46:18.0986 6664 Detected object count: 0
17:46:18.0986 6664 Actual detected object count: 0
17:46:39.0613 4516 ============================================================
17:46:39.0613 4516 Scan started
17:46:39.0613 4516 Mode: Manual; SigCheck; TDLFS;
17:46:39.0613 4516 ============================================================
17:46:39.0929 4516 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:46:40.0134 4516 ACPI - ok
17:46:40.0249 4516 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:46:40.0306 4516 adp94xx - ok
17:46:40.0364 4516 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:46:40.0397 4516 adpahci - ok
17:46:40.0449 4516 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:46:40.0475 4516 adpu160m - ok
17:46:40.0517 4516 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:46:40.0544 4516 adpu320 - ok
17:46:40.0583 4516 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
17:46:40.0789 4516 AeLookupSvc - ok
17:46:40.0850 4516 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
17:46:41.0010 4516 AFD - ok
17:46:41.0055 4516 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
17:46:41.0141 4516 AgereModemAudio - ok
17:46:41.0348 4516 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
17:46:41.0458 4516 AgereSoftModem - ok
17:46:41.0504 4516 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:46:41.0530 4516 agp440 - ok
17:46:41.0573 4516 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:46:41.0612 4516 aic78xx - ok
17:46:41.0648 4516 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
17:46:41.0918 4516 ALG - ok
17:46:41.0966 4516 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:46:41.0988 4516 aliide - ok
17:46:42.0006 4516 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:46:42.0029 4516 amdide - ok
17:46:42.0069 4516 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:46:42.0161 4516 AmdK8 - ok
17:46:42.0262 4516 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
17:46:42.0350 4516 Appinfo - ok
17:46:42.0478 4516 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:46:42.0498 4516 Apple Mobile Device - ok
17:46:42.0556 4516 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:46:42.0594 4516 arc - ok
17:46:42.0640 4516 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:46:42.0678 4516 arcsas - ok
17:46:42.0699 4516 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:42.0790 4516 AsyncMac - ok
17:46:42.0828 4516 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:46:42.0852 4516 atapi - ok
17:46:42.0988 4516 Ati External Event Utility (673d134d1ef8b163e181939f5611bbd4) C:\Windows\system32\Ati2evxx.exe
17:46:43.0163 4516 Ati External Event Utility - ok
17:46:43.0617 4516 atikmdag (d51496a88a183b5363ac6651ea703434) C:\Windows\system32\DRIVERS\atikmdag.sys
17:46:43.0962 4516 atikmdag - ok
17:46:44.0171 4516 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
17:46:44.0343 4516 AudioEndpointBuilder - ok
17:46:44.0352 4516 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
17:46:44.0418 4516 AudioSrv - ok
17:46:44.0507 4516 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
17:46:44.0625 4516 BFE - ok
17:46:44.0784 4516 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
17:46:45.0010 4516 BITS - ok
17:46:45.0098 4516 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:46:45.0205 4516 blbdrive - ok
17:46:45.0339 4516 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:46:45.0425 4516 Bonjour Service - ok
17:46:45.0458 4516 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:46:45.0552 4516 bowser - ok
17:46:45.0616 4516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:46:45.0687 4516 BrFiltLo - ok
17:46:45.0714 4516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:46:45.0789 4516 BrFiltUp - ok
17:46:45.0853 4516 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
17:46:45.0928 4516 Browser - ok
17:46:45.0960 4516 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:46:46.0199 4516 Brserid - ok
17:46:46.0260 4516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:46:46.0410 4516 BrSerWdm - ok
17:46:46.0455 4516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:46:46.0577 4516 BrUsbMdm - ok
17:46:46.0597 4516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:46:46.0710 4516 BrUsbSer - ok
17:46:46.0762 4516 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:46:46.0881 4516 BTHMODEM - ok
17:46:46.0949 4516 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:46:47.0017 4516 BVRPMPR5a64 - ok
17:46:47.0052 4516 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:46:47.0179 4516 cdfs - ok
17:46:47.0248 4516 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:46:47.0351 4516 cdrom - ok
17:46:47.0419 4516 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
17:46:47.0525 4516 CertPropSvc - ok
17:46:47.0603 4516 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
17:46:47.0699 4516 circlass - ok
17:46:47.0770 4516 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:46:47.0876 4516 CLFS - ok
17:46:47.0964 4516 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:46:47.0987 4516 clr_optimization_v2.0.50727_32 - ok
17:46:48.0060 4516 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:46:48.0082 4516 clr_optimization_v2.0.50727_64 - ok
17:46:48.0179 4516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:46:48.0220 4516 clr_optimization_v4.0.30319_32 - ok
17:46:48.0291 4516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:46:48.0359 4516 clr_optimization_v4.0.30319_64 - ok
17:46:48.0433 4516 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
17:46:48.0530 4516 CmBatt - ok
17:46:48.0554 4516 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:46:48.0576 4516 cmdide - ok
17:46:48.0630 4516 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
17:46:48.0653 4516 Compbatt - ok
17:46:48.0658 4516 COMSysApp - ok
17:46:48.0750 4516 ConfigFree Gadget Service (b9d3d216c66e0cd37478f5e5778aa35b) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
17:46:48.0792 4516 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
17:46:48.0792 4516 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
17:46:48.0829 4516 ConfigFree Service (c508b28b9da7563634a2a2b2eef4395d) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
17:46:48.0858 4516 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
17:46:48.0858 4516 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
17:46:48.0865 4516 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:46:48.0890 4516 crcdisk - ok
17:46:49.0021 4516 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
17:46:49.0119 4516 CryptSvc - ok
17:46:49.0306 4516 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:46:49.0367 4516 cvhsvc - ok
17:46:49.0496 4516 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
17:46:49.0632 4516 DcomLaunch - ok
17:46:49.0734 4516 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:46:49.0813 4516 DfsC - ok
17:46:50.0222 4516 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
17:46:50.0502 4516 DFSR - ok
17:46:50.0661 4516 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
17:46:50.0775 4516 Dhcp - ok
17:46:50.0856 4516 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:46:50.0882 4516 disk - ok
17:46:50.0938 4516 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
17:46:50.0997 4516 Dnscache - ok
17:46:51.0039 4516 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
17:46:51.0180 4516 dot3svc - ok
17:46:51.0222 4516 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
17:46:51.0349 4516 DPS - ok
17:46:51.0397 4516 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:46:51.0476 4516 drmkaud - ok
17:46:51.0616 4516 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:46:51.0744 4516 DXGKrnl - ok
17:46:51.0785 4516 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:46:51.0880 4516 E1G60 - ok
17:46:51.0934 4516 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
17:46:52.0024 4516 EapHost - ok
17:46:52.0087 4516 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:46:52.0162 4516 Ecache - ok
17:46:52.0238 4516 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
17:46:52.0302 4516 ehRecvr - ok
17:46:52.0379 4516 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
17:46:52.0446 4516 ehSched - ok
17:46:52.0486 4516 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
17:46:52.0567 4516 ehstart - ok
17:46:52.0681 4516 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:46:52.0721 4516 elxstor - ok
17:46:52.0804 4516 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
17:46:52.0931 4516 EMDMgmt - ok
17:46:52.0975 4516 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:46:53.0079 4516 ErrDev - ok
17:46:53.0189 4516 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
17:46:53.0290 4516 EventSystem - ok
17:46:53.0551 4516 EvtEng (f7bf273af871315560bce41643af104d) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:46:53.0714 4516 EvtEng - ok
17:46:53.0899 4516 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:46:54.0017 4516 exfat - ok
17:46:54.0080 4516 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:46:54.0151 4516 fastfat - ok
17:46:54.0232 4516 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:46:54.0292 4516 fdc - ok
17:46:54.0321 4516 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
17:46:54.0407 4516 fdPHost - ok
17:46:54.0461 4516 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
17:46:54.0595 4516 FDResPub - ok
17:46:54.0632 4516 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:46:54.0657 4516 FileInfo - ok
17:46:54.0689 4516 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:46:54.0750 4516 Filetrace - ok
17:46:54.0774 4516 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:46:54.0864 4516 flpydisk - ok
17:46:54.0946 4516 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:46:54.0990 4516 FltMgr - ok
17:46:55.0191 4516 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
17:46:55.0354 4516 FontCache - ok
17:46:55.0412 4516 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:46:55.0432 4516 FontCache3.0.0.0 - ok
17:46:55.0514 4516 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
17:46:55.0585 4516 Fs_Rec - ok
17:46:55.0675 4516 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
17:46:55.0746 4516 FwLnk - ok
17:46:55.0807 4516 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:46:55.0832 4516 gagp30kx - ok
17:46:55.0884 4516 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:46:55.0902 4516 GEARAspiWDM - ok
17:46:56.0122 4516 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
17:46:56.0207 4516 gpsvc - ok
17:46:56.0291 4516 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:46:56.0322 4516 gupdate - ok
17:46:56.0368 4516 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:46:56.0387 4516 gupdatem - ok
17:46:56.0466 4516 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
17:46:56.0635 4516 HdAudAddService - ok
17:46:56.0774 4516 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:46:56.0936 4516 HDAudBus - ok
17:46:56.0969 4516 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:46:57.0091 4516 HidBth - ok
17:46:57.0142 4516 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
17:46:57.0258 4516 HidIr - ok
17:46:57.0304 4516 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
17:46:57.0380 4516 hidserv - ok
17:46:57.0465 4516 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:46:57.0537 4516 HidUsb - ok
17:46:57.0602 4516 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
17:46:57.0730 4516 hkmsvc - ok
17:46:57.0763 4516 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:46:57.0787 4516 HpCISSs - ok
17:46:57.0880 4516 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:46:58.0039 4516 HTTP - ok
17:46:58.0062 4516 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:46:58.0086 4516 i2omp - ok
17:46:58.0118 4516 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:46:58.0187 4516 i8042prt - ok
17:46:58.0285 4516 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
17:46:58.0319 4516 iaStor - ok
17:46:58.0360 4516 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:46:58.0408 4516 iaStorV - ok
17:46:58.0549 4516 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:46:58.0577 4516 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:46:58.0577 4516 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:46:58.0767 4516 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:46:58.0855 4516 idsvc - ok
17:46:58.0899 4516 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:46:58.0921 4516 iirsp - ok
17:46:58.0988 4516 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
17:46:59.0124 4516 IKEEXT - ok
17:46:59.0322 4516 IntcAzAudAddService (1835b384d2d66752ed1460e9085230bd) C:\Windows\system32\drivers\RTKVHD64.sys
17:46:59.0483 4516 IntcAzAudAddService - ok
17:46:59.0696 4516 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:46:59.0719 4516 intelide - ok
17:46:59.0753 4516 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:46:59.0842 4516 intelppm - ok
17:46:59.0891 4516 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
17:47:00.0014 4516 IPBusEnum - ok
17:47:00.0061 4516 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:47:00.0154 4516 IpFilterDriver - ok
17:47:00.0227 4516 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
17:47:00.0356 4516 iphlpsvc - ok
17:47:00.0361 4516 IpInIp - ok
17:47:00.0392 4516 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:47:00.0455 4516 IPMIDRV - ok
17:47:00.0518 4516 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:47:00.0644 4516 IPNAT - ok
17:47:00.0817 4516 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
17:47:00.0924 4516 iPod Service - ok
17:47:00.0953 4516 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:47:01.0035 4516 IRENUM - ok
17:47:01.0081 4516 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:47:01.0104 4516 isapnp - ok
17:47:01.0152 4516 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:47:01.0186 4516 iScsiPrt - ok
17:47:01.0213 4516 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:47:01.0235 4516 iteatapi - ok
17:47:01.0319 4516 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:47:01.0341 4516 iteraid - ok
17:47:01.0378 4516 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:47:01.0401 4516 kbdclass - ok
17:47:01.0408 4516 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:47:01.0496 4516 kbdhid - ok
17:47:01.0560 4516 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:01.0656 4516 KeyIso - ok
17:47:01.0706 4516 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
17:47:01.0814 4516 KR10I64 - ok
17:47:01.0854 4516 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
17:47:01.0917 4516 KR10N64 - ok
17:47:02.0003 4516 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
17:47:02.0105 4516 KSecDD - ok
17:47:02.0141 4516 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:47:02.0230 4516 ksthunk - ok
17:47:02.0323 4516 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
17:47:02.0474 4516 KtmRm - ok
17:47:02.0578 4516 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
17:47:02.0697 4516 LanmanServer - ok
17:47:02.0804 4516 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
17:47:02.0886 4516 LanmanWorkstation - ok
17:47:02.0940 4516 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:47:03.0042 4516 lltdio - ok
17:47:03.0114 4516 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
17:47:03.0258 4516 lltdsvc - ok
17:47:03.0286 4516 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
17:47:03.0372 4516 lmhosts - ok
17:47:03.0433 4516 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:47:03.0469 4516 LSI_FC - ok
17:47:03.0507 4516 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:47:03.0556 4516 LSI_SAS - ok
17:47:03.0610 4516 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:47:03.0646 4516 LSI_SCSI - ok
17:47:03.0690 4516 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:47:03.0811 4516 luafv - ok
17:47:03.0842 4516 lxdn_device - ok
17:47:03.0889 4516 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:47:03.0912 4516 MBAMProtector - ok
17:47:04.0044 4516 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:47:04.0089 4516 MBAMService - ok
17:47:04.0196 4516 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:47:04.0222 4516 McComponentHostService - ok
17:47:04.0274 4516 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
17:47:04.0301 4516 Mcx2Svc - ok
17:47:04.0376 4516 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:47:04.0399 4516 megasas - ok
17:47:04.0462 4516 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:47:04.0517 4516 MegaSR - ok
17:47:04.0616 4516 Microsoft SharePoint Workspace Audit Service - ok
17:47:04.0647 4516 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:47:04.0746 4516 MMCSS - ok
17:47:04.0778 4516 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:47:04.0862 4516 Modem - ok
17:47:04.0913 4516 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:47:04.0975 4516 monitor - ok
17:47:05.0012 4516 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:47:05.0035 4516 mouclass - ok
17:47:05.0069 4516 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:47:05.0159 4516 mouhid - ok
17:47:05.0176 4516 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:47:05.0201 4516 MountMgr - ok
17:47:05.0284 4516 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:47:05.0307 4516 MozillaMaintenance - ok
17:47:05.0357 4516 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:47:05.0393 4516 mpio - ok
17:47:05.0421 4516 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:47:05.0496 4516 mpsdrv - ok
17:47:05.0626 4516 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
17:47:05.0763 4516 MpsSvc - ok
17:47:05.0824 4516 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:47:05.0847 4516 Mraid35x - ok
17:47:05.0893 4516 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:47:05.0980 4516 MRxDAV - ok
17:47:06.0033 4516 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:47:06.0093 4516 mrxsmb - ok
17:47:06.0149 4516 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:47:06.0291 4516 mrxsmb10 - ok
17:47:06.0342 4516 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:06.0412 4516 mrxsmb20 - ok
17:47:06.0463 4516 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
17:47:06.0487 4516 msahci - ok
17:47:06.0530 4516 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:47:06.0566 4516 msdsm - ok
17:47:06.0614 4516 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
17:47:06.0730 4516 MSDTC - ok
17:47:06.0754 4516 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:47:06.0848 4516 Msfs - ok
17:47:06.0905 4516 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:47:06.0928 4516 msisadrv - ok
17:47:06.0985 4516 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
17:47:07.0146 4516 MSiSCSI - ok
17:47:07.0152 4516 msiserver - ok
17:47:07.0196 4516 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:47:07.0282 4516 MSKSSRV - ok
17:47:07.0331 4516 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:47:07.0422 4516 MSPCLOCK - ok
17:47:07.0456 4516 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:47:07.0517 4516 MSPQM - ok
17:47:07.0607 4516 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:47:07.0672 4516 MsRPC - ok
17:47:07.0723 4516 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:47:07.0747 4516 mssmbios - ok
17:47:07.0776 4516 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:47:07.0900 4516 MSTEE - ok
17:47:07.0934 4516 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:47:07.0960 4516 Mup - ok
17:47:08.0021 4516 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
17:47:08.0083 4516 napagent - ok
17:47:08.0142 4516 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:47:08.0213 4516 NativeWifiP - ok
17:47:08.0373 4516 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:47:08.0456 4516 NDIS - ok
17:47:08.0491 4516 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:47:08.0568 4516 NdisTapi - ok
17:47:08.0576 4516 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:47:08.0680 4516 Ndisuio - ok
17:47:08.0734 4516 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:47:08.0862 4516 NdisWan - ok
17:47:08.0901 4516 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:47:08.0979 4516 NDProxy - ok
17:47:09.0009 4516 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:47:09.0121 4516 NetBIOS - ok
17:47:09.0199 4516 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:47:09.0297 4516 netbt - ok
17:47:09.0342 4516 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:09.0370 4516 Netlogon - ok
17:47:09.0447 4516 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
17:47:09.0560 4516 Netman - ok
17:47:09.0610 4516 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
17:47:09.0735 4516 netprofm - ok
17:47:09.0809 4516 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:47:09.0844 4516 NetTcpPortSharing - ok
17:47:09.0855 4516 NETw5v64 - ok
17:47:10.0819 4516 NETwNv64 (6b138b65b531c3a2380becabef0b6157) C:\Windows\system32\DRIVERS\NETwNv64.sys
17:47:11.0680 4516 NETwNv64 - ok
17:47:11.0859 4516 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:47:11.0882 4516 nfrd960 - ok
17:47:11.0966 4516 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
17:47:12.0109 4516 NlaSvc - ok
17:47:12.0154 4516 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:47:12.0227 4516 Npfs - ok
17:47:12.0254 4516 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
17:47:12.0344 4516 nsi - ok
17:47:12.0370 4516 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:47:12.0462 4516 nsiproxy - ok
17:47:12.0663 4516 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:47:12.0786 4516 Ntfs - ok
17:47:12.0987 4516 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:47:13.0077 4516 Null - ok
17:47:13.0118 4516 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:47:13.0145 4516 nvraid - ok
17:47:13.0181 4516 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:47:13.0210 4516 nvstor - ok
17:47:13.0242 4516 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:47:13.0268 4516 nv_agp - ok
17:47:13.0274 4516 NwlnkFlt - ok
17:47:13.0282 4516 NwlnkFwd - ok
17:47:13.0326 4516 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
17:47:13.0402 4516 ohci1394 - ok
17:47:13.0502 4516 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:47:13.0534 4516 ose - ok
17:47:14.0161 4516 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:47:14.0480 4516 osppsvc - ok
17:47:14.0731 4516 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:14.0879 4516 p2pimsvc - ok
17:47:14.0893 4516 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:14.0945 4516 p2psvc - ok
17:47:14.0998 4516 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
17:47:15.0133 4516 Parport - ok
17:47:15.0182 4516 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:47:15.0210 4516 partmgr - ok
17:47:15.0256 4516 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
17:47:15.0324 4516 PcaSvc - ok
17:47:15.0378 4516 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:47:15.0413 4516 pci - ok
17:47:15.0441 4516 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
17:47:15.0462 4516 pciide - ok
17:47:15.0506 4516 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:47:15.0537 4516 pcmcia - ok
17:47:15.0633 4516 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:47:15.0835 4516 PEAUTH - ok
17:47:15.0970 4516 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
17:47:16.0054 4516 PerfHost - ok
17:47:16.0238 4516 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
17:47:16.0450 4516 pla - ok
17:47:16.0518 4516 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
17:47:16.0614 4516 PlugPlay - ok
17:47:16.0777 4516 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:16.0824 4516 PNRPAutoReg - ok
17:47:16.0837 4516 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:16.0884 4516 PNRPsvc - ok
17:47:16.0958 4516 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
17:47:17.0101 4516 PolicyAgent - ok
17:47:17.0186 4516 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:47:17.0289 4516 PptpMiniport - ok
17:47:17.0331 4516 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
17:47:17.0424 4516 Processor - ok
17:47:17.0509 4516 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
17:47:17.0629 4516 ProfSvc - ok
17:47:17.0656 4516 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:17.0698 4516 ProtectedStorage - ok
17:47:17.0744 4516 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:47:17.0803 4516 PSched - ok
17:47:17.0844 4516 pwipf6 (67c0ffa05e72b46534cbef9098be6765) C:\Windows\system32\DRIVERS\pwipf6.sys
17:47:17.0864 4516 pwipf6 - ok
17:47:18.0016 4516 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:47:18.0161 4516 ql2300 - ok
17:47:18.0239 4516 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:47:18.0273 4516 ql40xx - ok
17:47:18.0324 4516 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
17:47:18.0420 4516 QWAVE - ok
17:47:18.0453 4516 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:47:18.0505 4516 QWAVEdrv - ok
17:47:18.0541 4516 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:47:18.0630 4516 RasAcd - ok
17:47:18.0691 4516 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
17:47:18.0808 4516 RasAuto - ok
17:47:18.0876 4516 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:47:18.0947 4516 Rasl2tp - ok
17:47:19.0010 4516 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
17:47:19.0134 4516 RasMan - ok
17:47:19.0194 4516 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:47:19.0284 4516 RasPppoe - ok
17:47:19.0334 4516 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:47:19.0391 4516 RasSstp - ok
17:47:19.0463 4516 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:47:19.0548 4516 rdbss - ok
17:47:19.0602 4516 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:47:19.0665 4516 RDPCDD - ok
17:47:19.0726 4516 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:47:19.0826 4516 rdpdr - ok
17:47:19.0832 4516 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:47:19.0926 4516 RDPENCDD - ok
17:47:20.0006 4516 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
17:47:20.0103 4516 RDPWD - ok
17:47:20.0271 4516 RegSrvc (92c422f8f0e6018ffc1c760b88a98eb3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:47:20.0331 4516 RegSrvc - ok
17:47:20.0395 4516 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
17:47:20.0501 4516 RemoteAccess - ok
17:47:20.0559 4516 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
17:47:20.0652 4516 RemoteRegistry - ok
17:47:20.0760 4516 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
17:47:20.0779 4516 Revoflt - ok
17:47:20.0847 4516 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
17:47:20.0926 4516 rimmptsk - ok
17:47:20.0950 4516 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
17:47:21.0011 4516 rimsptsk - ok
17:47:21.0029 4516 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:47:21.0059 4516 rismxdp - ok
17:47:21.0093 4516 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
17:47:21.0139 4516 RpcLocator - ok
17:47:21.0284 4516 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
17:47:21.0369 4516 RpcSs - ok
17:47:21.0464 4516 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:47:21.0530 4516 rspndr - ok
17:47:21.0593 4516 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
17:47:21.0622 4516 RTHDMIAzAudService - ok
17:47:21.0690 4516 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
17:47:21.0800 4516 RTL8169 - ok
17:47:21.0850 4516 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:21.0876 4516 SamSs - ok
17:47:21.0947 4516 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:47:21.0983 4516 sbp2port - ok
17:47:22.0055 4516 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
17:47:22.0141 4516 SCardSvr - ok
17:47:22.0306 4516 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
17:47:22.0498 4516 Schedule - ok
17:47:22.0561 4516 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
17:47:22.0608 4516 SCPolicySvc - ok
17:47:22.0720 4516 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
17:47:22.0833 4516 sdbus - ok
17:47:22.0889 4516 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
17:47:23.0015 4516 SDRSVC - ok
17:47:23.0045 4516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:47:23.0137 4516 secdrv - ok
17:47:23.0167 4516 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
17:47:23.0260 4516 seclogon - ok
17:47:23.0363 4516 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
17:47:23.0470 4516 SENS - ok
17:47:23.0509 4516 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
17:47:23.0626 4516 Serenum - ok
17:47:23.0715 4516 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
17:47:23.0820 4516 Serial - ok
17:47:23.0848 4516 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:47:23.0936 4516 sermouse - ok
17:47:23.0969 4516 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
17:47:24.0087 4516 SessionEnv - ok
17:47:24.0148 4516 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:47:24.0237 4516 sffdisk - ok
17:47:24.0275 4516 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:47:24.0361 4516 sffp_mmc - ok
17:47:24.0382 4516 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:47:24.0463 4516 sffp_sd - ok
17:47:24.0500 4516 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:47:24.0620 4516 sfloppy - ok
17:47:24.0761 4516 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:47:24.0822 4516 Sftfs - ok
17:47:24.0970 4516 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:47:25.0045 4516 sftlist - ok
17:47:25.0141 4516 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:47:25.0210 4516 Sftplay - ok
17:47:25.0241 4516 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:47:25.0261 4516 Sftredir - ok
17:47:25.0291 4516 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:47:25.0312 4516 Sftvol - ok
17:47:25.0351 4516 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:47:25.0422 4516 sftvsa - ok
17:47:25.0480 4516 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
17:47:25.0568 4516 SharedAccess - ok
17:47:25.0644 4516 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
17:47:25.0771 4516 ShellHWDetection - ok
17:47:25.0800 4516 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:47:25.0824 4516 SiSRaid2 - ok
17:47:25.0865 4516 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:47:25.0915 4516 SiSRaid4 - ok
17:47:26.0208 4516 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
17:47:26.0422 4516 slsvc - ok
17:47:26.0620 4516 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
17:47:26.0717 4516 SLUINotify - ok
17:47:26.0849 4516 SmartFaceVWatchSrv (79ed2d6dec26e0fefb93ea21f09e6a51) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
17:47:26.0861 4516 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
17:47:26.0862 4516 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
17:47:26.0974 4516 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:47:27.0074 4516 Smb - ok
17:47:27.0129 4516 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
17:47:27.0182 4516 SNMPTRAP - ok
17:47:27.0252 4516 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:47:27.0277 4516 spldr - ok
17:47:27.0355 4516 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
17:47:27.0499 4516 Spooler - ok
17:47:27.0586 4516 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:47:27.0696 4516 srv - ok
17:47:27.0746 4516 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:47:27.0800 4516 srv2 - ok
17:47:27.0854 4516 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:47:27.0967 4516 srvnet - ok
17:47:28.0060 4516 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
17:47:28.0189 4516 SSDPSRV - ok
17:47:28.0221 4516 ssfmonm (2c8842ac3fb749423311d934a3746fe2) C:\Windows\system32\DRIVERS\ssfmonm.sys
17:47:28.0242 4516 ssfmonm - ok
17:47:28.0279 4516 ssidrv (4a69c76bba285745a45045c4672f89c7) C:\Windows\system32\DRIVERS\ssidrv.sys
17:47:28.0332 4516 ssidrv - ok
17:47:28.0382 4516 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
17:47:28.0446 4516 SstpSvc - ok
17:47:28.0556 4516 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
17:47:28.0689 4516 stisvc - ok
17:47:28.0743 4516 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:47:28.0764 4516 swenum - ok
17:47:28.0853 4516 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
17:47:28.0937 4516 swprv - ok
17:47:28.0978 4516 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:47:29.0001 4516 Symc8xx - ok
17:47:29.0031 4516 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:47:29.0053 4516 Sym_hi - ok
17:47:29.0071 4516 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:47:29.0093 4516 Sym_u3 - ok
17:47:29.0173 4516 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
17:47:29.0205 4516 SynTP - ok
17:47:29.0384 4516 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
17:47:29.0549 4516 SysMain - ok
17:47:29.0587 4516 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
17:47:29.0682 4516 TabletInputService - ok
17:47:29.0779 4516 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
17:47:29.0860 4516 TapiSrv - ok
17:47:29.0892 4516 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
17:47:30.0000 4516 TBS - ok
17:47:30.0217 4516 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
17:47:30.0381 4516 Tcpip - ok
17:47:30.0628 4516 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
17:47:30.0722 4516 Tcpip6 - ok
17:47:30.0943 4516 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
17:47:31.0022 4516 tcpipreg - ok
17:47:31.0079 4516 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:47:31.0098 4516 tdcmdpst - ok
17:47:31.0159 4516 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:47:31.0251 4516 TDPIPE - ok
17:47:31.0281 4516 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:47:31.0368 4516 TDTCP - ok
17:47:31.0437 4516 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:47:31.0543 4516 tdx - ok
17:47:31.0602 4516 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:47:31.0628 4516 TermDD - ok
17:47:31.0713 4516 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
17:47:31.0830 4516 TermService - ok
17:47:31.0903 4516 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
17:47:31.0935 4516 Themes - ok
17:47:31.0974 4516 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:47:32.0037 4516 THREADORDER - ok
17:47:32.0106 4516 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:47:32.0125 4516 TMachInfo - ok
17:47:32.0204 4516 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
17:47:32.0225 4516 TNaviSrv - ok
17:47:32.0301 4516 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
17:47:32.0324 4516 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
17:47:32.0324 4516 TODDSrv - detected UnsignedFile.Multi.Generic (1)
17:47:32.0481 4516 TosCoSrv (e17a81e6ad0e89630a3b0f2ed5cbbdf5) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:47:32.0546 4516 TosCoSrv - ok
17:47:32.0662 4516 TOSHIBA Bluetooth Service (4e5a8546709591d31ba086ca2a69cecd) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:47:32.0685 4516 TOSHIBA Bluetooth Service - ok
17:47:32.0720 4516 TOSHIBA SMART Log Service (19d979b9f6373a7cb17ebb7594feb819) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
17:47:32.0760 4516 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
17:47:32.0760 4516 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
17:47:32.0814 4516 Tosrfcom - ok
17:47:32.0836 4516 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
17:47:32.0909 4516 tosrfec - ok
17:47:33.0032 4516 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
17:47:33.0113 4516 tos_sps64 - ok
17:47:33.0160 4516 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
17:47:33.0305 4516 TrkWks - ok
17:47:33.0378 4516 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
17:47:33.0449 4516 TrustedInstaller - ok
17:47:33.0492 4516 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:47:33.0589 4516 tssecsrv - ok
17:47:33.0625 4516 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:47:33.0709 4516 tunmp - ok
17:47:33.0744 4516 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:47:33.0792 4516 tunnel - ok
17:47:33.0901 4516 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:47:33.0919 4516 TVALZ - ok
17:47:33.0965 4516 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:47:33.0990 4516 uagp35 - ok
17:47:34.0045 4516 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:47:34.0162 4516 udfs - ok
17:47:34.0217 4516 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
17:47:34.0344 4516 UI0Detect - ok
17:47:34.0444 4516 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
17:47:34.0482 4516 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
17:47:34.0482 4516 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
17:47:34.0556 4516 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:47:34.0582 4516 uliagpkx - ok
17:47:34.0624 4516 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:47:34.0657 4516 uliahci - ok
17:47:34.0696 4516 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:47:34.0729 4516 UlSata - ok
17:47:34.0763 4516 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:47:34.0795 4516 ulsata2 - ok
17:47:34.0848 4516 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:47:34.0909 4516 umbus - ok
17:47:34.0991 4516 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
17:47:35.0085 4516 upnphost - ok
17:47:35.0154 4516 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
17:47:35.0191 4516 USBAAPL64 - ok
17:47:35.0221 4516 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:47:35.0291 4516 usbccgp - ok
17:47:35.0336 4516 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:47:35.0452 4516 usbcir - ok
17:47:35.0490 4516 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:47:35.0563 4516 usbehci - ok
17:47:35.0611 4516 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:47:35.0697 4516 usbhub - ok
17:47:35.0726 4516 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
17:47:35.0839 4516 usbohci - ok
17:47:35.0955 4516 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:47:36.0016 4516 usbprint - ok
17:47:36.0121 4516 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:47:36.0229 4516 usbscan - ok
17:47:36.0291 4516 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:47:36.0340 4516 USBSTOR - ok
17:47:36.0381 4516 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:47:36.0428 4516 usbuhci - ok
17:47:36.0503 4516 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
17:47:36.0594 4516 usbvideo - ok
17:47:36.0640 4516 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
17:47:36.0658 4516 UVCFTR - ok
17:47:36.0700 4516 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
17:47:36.0749 4516 UxSms - ok
17:47:36.0822 4516 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
17:47:36.0915 4516 vds - ok
17:47:36.0935 4516 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:47:36.0997 4516 vga - ok
17:47:37.0011 4516 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:47:37.0097 4516 VgaSave - ok
17:47:37.0128 4516 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:47:37.0149 4516 viaide - ok
17:47:37.0196 4516 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:47:37.0223 4516 volmgr - ok
17:47:37.0300 4516 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:47:37.0359 4516 volmgrx - ok
17:47:37.0415 4516 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:47:37.0477 4516 volsnap - ok
17:47:37.0508 4516 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:47:37.0542 4516 vsmraid - ok
17:47:37.0744 4516 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
17:47:37.0903 4516 VSS - ok
17:47:38.0104 4516 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
17:47:38.0240 4516 W32Time - ok
17:47:38.0303 4516 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:47:38.0427 4516 WacomPen - ok
17:47:38.0472 4516 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:38.0564 4516 Wanarp - ok
17:47:38.0570 4516 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:38.0618 4516 Wanarpv6 - ok
17:47:38.0735 4516 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
17:47:38.0880 4516 wcncsvc - ok
17:47:38.0964 4516 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
17:47:39.0060 4516 WcsPlugInService - ok
17:47:39.0120 4516 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:47:39.0143 4516 Wd - ok
17:47:39.0279 4516 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
17:47:39.0372 4516 Wdf01000 - ok
17:47:39.0413 4516 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:47:39.0514 4516 WdiServiceHost - ok
17:47:39.0522 4516 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:47:39.0586 4516 WdiSystemHost - ok
17:47:39.0648 4516 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
17:47:39.0748 4516 WebClient - ok
17:47:40.0223 4516 WebrootSpySweeperService (74cbe3f3b912b7fc97e65e20385c5810) C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
17:47:40.0415 4516 WebrootSpySweeperService - ok
17:47:40.0604 4516 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
17:47:40.0691 4516 Wecsvc - ok
17:47:40.0726 4516 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
17:47:40.0788 4516 wercplsupport - ok
17:47:40.0846 4516 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
17:47:40.0963 4516 WerSvc - ok
17:47:41.0025 4516 WinDefend - ok
17:47:41.0039 4516 WinHttpAutoProxySvc - ok
17:47:41.0168 4516 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
17:47:41.0264 4516 Winmgmt - ok
17:47:41.0508 4516 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
17:47:41.0751 4516 WinRM - ok
17:47:41.0962 4516 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
17:47:42.0104 4516 Wlansvc - ok
17:47:42.0382 4516 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:47:42.0628 4516 wlidsvc - ok
17:47:42.0814 4516 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
17:47:42.0888 4516 WmiAcpi - ok
17:47:42.0974 4516 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
17:47:43.0073 4516 wmiApSrv - ok
17:47:43.0111 4516 WMPNetworkSvc - ok
17:47:43.0159 4516 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
17:47:43.0301 4516 WPCSvc - ok
17:47:43.0337 4516 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
17:47:43.0435 4516 WPDBusEnum - ok
17:47:43.0483 4516 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:47:43.0524 4516 WpdUsb - ok
17:47:43.0777 4516 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:47:43.0902 4516 WPFFontCache_v0400 - ok
17:47:44.0398 4516 WRConsumerService (ff0115403517a1fd7619f73f4a6c331e) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe

#8 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 May 2012 - 05:56 PM

Post was too long and wouldn't let me post the whole thing. Here is the remainder of the log:

17:47:44.0635 4516 WRConsumerService - ok
17:47:44.0820 4516 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:47:44.0903 4516 ws2ifsl - ok
17:47:44.0958 4516 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
17:47:45.0002 4516 wscsvc - ok
17:47:45.0008 4516 WSearch - ok
17:47:45.0316 4516 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
17:47:45.0488 4516 wuauserv - ok
17:47:45.0692 4516 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:47:45.0809 4516 WUDFRd - ok
17:47:45.0870 4516 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
17:47:45.0948 4516 wudfsvc - ok
17:47:46.0135 4516 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:47:46.0199 4516 YahooAUService - ok
17:47:46.0242 4516 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:47:46.0444 4516 \Device\Harddisk0\DR0 - ok
17:47:46.0450 4516 Boot (0x1200) (bfda696934bf2b1e81a5e9a81664075c) \Device\Harddisk0\DR0\Partition0
17:47:46.0452 4516 \Device\Harddisk0\DR0\Partition0 - ok
17:47:46.0454 4516 ============================================================
17:47:46.0454 4516 Scan finished
17:47:46.0454 4516 ============================================================
17:47:46.0475 6408 Detected object count: 7
17:47:46.0475 6408 Actual detected object count: 7
17:49:55.0004 6408 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0004 6408 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0005 6408 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0005 6408 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0005 6408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0005 6408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0009 6408 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0009 6408 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0011 6408 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0011 6408 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0014 6408 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0014 6408 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0015 6408 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0015 6408 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:45:07.0944 5212 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
17:45:09.0963 5212 ============================================================
17:45:09.0963 5212 Current date / time: 2012/05/09 17:45:09.0963
17:45:09.0963 5212 SystemInfo:
17:45:09.0964 5212
17:45:09.0964 5212 OS Version: 6.0.6002 ServicePack: 2.0
17:45:09.0964 5212 Product type: Workstation
17:45:09.0964 5212 ComputerName: USER-PC
17:45:09.0964 5212 UserName: User
17:45:09.0964 5212 Windows directory: C:\Windows
17:45:09.0964 5212 System windows directory: C:\Windows
17:45:09.0964 5212 Running under WOW64
17:45:09.0964 5212 Processor architecture: Intel x64
17:45:09.0964 5212 Number of processors: 2
17:45:09.0964 5212 Page size: 0x1000
17:45:09.0964 5212 Boot type: Normal boot
17:45:09.0964 5212 ============================================================
17:45:10.0893 5212 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:45:10.0901 5212 ============================================================
17:45:10.0901 5212 \Device\Harddisk0\DR0:
17:45:10.0901 5212 MBR partitions:
17:45:10.0901 5212 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x24163000
17:45:10.0901 5212 ============================================================
17:45:10.0931 5212 C: <-> \Device\Harddisk0\DR0\Partition0
17:45:10.0931 5212 ============================================================
17:45:10.0931 5212 Initialize success
17:45:10.0931 5212 ============================================================
17:46:17.0615 6244 ============================================================
17:46:17.0615 6244 Scan started
17:46:17.0615 6244 Mode: Manual;
17:46:17.0615 6244 ============================================================
17:46:18.0084 6244 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:46:18.0095 6244 ACPI - ok
17:46:18.0207 6244 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:46:18.0251 6244 adp94xx - ok
17:46:18.0347 6244 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:46:18.0379 6244 adpahci - ok
17:46:18.0417 6244 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:46:18.0431 6244 adpu160m - ok
17:46:18.0481 6244 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:46:18.0524 6244 adpu320 - ok
17:46:18.0569 6244 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
17:46:18.0571 6244 AeLookupSvc - ok
17:46:18.0647 6244 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
17:46:18.0666 6244 AFD - ok
17:46:18.0720 6244 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
17:46:18.0722 6244 AgereModemAudio - ok
17:46:18.0875 6244 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
17:46:18.0936 6244 AgereSoftModem - ok
17:46:18.0965 6244 Scan interrupted by user!
17:46:18.0965 6244 Scan interrupted by user!
17:46:18.0965 6244 Scan interrupted by user!
17:46:18.0965 6244 ============================================================
17:46:18.0965 6244 Scan finished
17:46:18.0965 6244 ============================================================
17:46:18.0986 6664 Detected object count: 0
17:46:18.0986 6664 Actual detected object count: 0
17:46:39.0613 4516 ============================================================
17:46:39.0613 4516 Scan started
17:46:39.0613 4516 Mode: Manual; SigCheck; TDLFS;
17:46:39.0613 4516 ============================================================
17:46:39.0929 4516 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
17:46:40.0134 4516 ACPI - ok
17:46:40.0249 4516 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
17:46:40.0306 4516 adp94xx - ok
17:46:40.0364 4516 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
17:46:40.0397 4516 adpahci - ok
17:46:40.0449 4516 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
17:46:40.0475 4516 adpu160m - ok
17:46:40.0517 4516 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
17:46:40.0544 4516 adpu320 - ok
17:46:40.0583 4516 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
17:46:40.0789 4516 AeLookupSvc - ok
17:46:40.0850 4516 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
17:46:41.0010 4516 AFD - ok
17:46:41.0055 4516 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
17:46:41.0141 4516 AgereModemAudio - ok
17:46:41.0348 4516 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
17:46:41.0458 4516 AgereSoftModem - ok
17:46:41.0504 4516 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
17:46:41.0530 4516 agp440 - ok
17:46:41.0573 4516 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
17:46:41.0612 4516 aic78xx - ok
17:46:41.0648 4516 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
17:46:41.0918 4516 ALG - ok
17:46:41.0966 4516 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
17:46:41.0988 4516 aliide - ok
17:46:42.0006 4516 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
17:46:42.0029 4516 amdide - ok
17:46:42.0069 4516 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
17:46:42.0161 4516 AmdK8 - ok
17:46:42.0262 4516 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
17:46:42.0350 4516 Appinfo - ok
17:46:42.0478 4516 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:46:42.0498 4516 Apple Mobile Device - ok
17:46:42.0556 4516 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
17:46:42.0594 4516 arc - ok
17:46:42.0640 4516 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
17:46:42.0678 4516 arcsas - ok
17:46:42.0699 4516 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
17:46:42.0790 4516 AsyncMac - ok
17:46:42.0828 4516 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
17:46:42.0852 4516 atapi - ok
17:46:42.0988 4516 Ati External Event Utility (673d134d1ef8b163e181939f5611bbd4) C:\Windows\system32\Ati2evxx.exe
17:46:43.0163 4516 Ati External Event Utility - ok
17:46:43.0617 4516 atikmdag (d51496a88a183b5363ac6651ea703434) C:\Windows\system32\DRIVERS\atikmdag.sys
17:46:43.0962 4516 atikmdag - ok
17:46:44.0171 4516 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
17:46:44.0343 4516 AudioEndpointBuilder - ok
17:46:44.0352 4516 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
17:46:44.0418 4516 AudioSrv - ok
17:46:44.0507 4516 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
17:46:44.0625 4516 BFE - ok
17:46:44.0784 4516 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
17:46:45.0010 4516 BITS - ok
17:46:45.0098 4516 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
17:46:45.0205 4516 blbdrive - ok
17:46:45.0339 4516 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
17:46:45.0425 4516 Bonjour Service - ok
17:46:45.0458 4516 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
17:46:45.0552 4516 bowser - ok
17:46:45.0616 4516 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
17:46:45.0687 4516 BrFiltLo - ok
17:46:45.0714 4516 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
17:46:45.0789 4516 BrFiltUp - ok
17:46:45.0853 4516 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
17:46:45.0928 4516 Browser - ok
17:46:45.0960 4516 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
17:46:46.0199 4516 Brserid - ok
17:46:46.0260 4516 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
17:46:46.0410 4516 BrSerWdm - ok
17:46:46.0455 4516 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
17:46:46.0577 4516 BrUsbMdm - ok
17:46:46.0597 4516 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
17:46:46.0710 4516 BrUsbSer - ok
17:46:46.0762 4516 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
17:46:46.0881 4516 BTHMODEM - ok
17:46:46.0949 4516 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\Windows\system32\drivers\BVRPMPR5a64.SYS
17:46:47.0017 4516 BVRPMPR5a64 - ok
17:46:47.0052 4516 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
17:46:47.0179 4516 cdfs - ok
17:46:47.0248 4516 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
17:46:47.0351 4516 cdrom - ok
17:46:47.0419 4516 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
17:46:47.0525 4516 CertPropSvc - ok
17:46:47.0603 4516 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
17:46:47.0699 4516 circlass - ok
17:46:47.0770 4516 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
17:46:47.0876 4516 CLFS - ok
17:46:47.0964 4516 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:46:47.0987 4516 clr_optimization_v2.0.50727_32 - ok
17:46:48.0060 4516 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:46:48.0082 4516 clr_optimization_v2.0.50727_64 - ok
17:46:48.0179 4516 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:46:48.0220 4516 clr_optimization_v4.0.30319_32 - ok
17:46:48.0291 4516 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:46:48.0359 4516 clr_optimization_v4.0.30319_64 - ok
17:46:48.0433 4516 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
17:46:48.0530 4516 CmBatt - ok
17:46:48.0554 4516 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
17:46:48.0576 4516 cmdide - ok
17:46:48.0630 4516 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
17:46:48.0653 4516 Compbatt - ok
17:46:48.0658 4516 COMSysApp - ok
17:46:48.0750 4516 ConfigFree Gadget Service (b9d3d216c66e0cd37478f5e5778aa35b) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
17:46:48.0792 4516 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - warning
17:46:48.0792 4516 ConfigFree Gadget Service - detected UnsignedFile.Multi.Generic (1)
17:46:48.0829 4516 ConfigFree Service (c508b28b9da7563634a2a2b2eef4395d) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
17:46:48.0858 4516 ConfigFree Service ( UnsignedFile.Multi.Generic ) - warning
17:46:48.0858 4516 ConfigFree Service - detected UnsignedFile.Multi.Generic (1)
17:46:48.0865 4516 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
17:46:48.0890 4516 crcdisk - ok
17:46:49.0021 4516 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
17:46:49.0119 4516 CryptSvc - ok
17:46:49.0306 4516 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:46:49.0367 4516 cvhsvc - ok
17:46:49.0496 4516 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
17:46:49.0632 4516 DcomLaunch - ok
17:46:49.0734 4516 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
17:46:49.0813 4516 DfsC - ok
17:46:50.0222 4516 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
17:46:50.0502 4516 DFSR - ok
17:46:50.0661 4516 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
17:46:50.0775 4516 Dhcp - ok
17:46:50.0856 4516 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
17:46:50.0882 4516 disk - ok
17:46:50.0938 4516 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
17:46:50.0997 4516 Dnscache - ok
17:46:51.0039 4516 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
17:46:51.0180 4516 dot3svc - ok
17:46:51.0222 4516 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
17:46:51.0349 4516 DPS - ok
17:46:51.0397 4516 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
17:46:51.0476 4516 drmkaud - ok
17:46:51.0616 4516 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
17:46:51.0744 4516 DXGKrnl - ok
17:46:51.0785 4516 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
17:46:51.0880 4516 E1G60 - ok
17:46:51.0934 4516 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
17:46:52.0024 4516 EapHost - ok
17:46:52.0087 4516 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
17:46:52.0162 4516 Ecache - ok
17:46:52.0238 4516 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
17:46:52.0302 4516 ehRecvr - ok
17:46:52.0379 4516 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
17:46:52.0446 4516 ehSched - ok
17:46:52.0486 4516 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
17:46:52.0567 4516 ehstart - ok
17:46:52.0681 4516 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
17:46:52.0721 4516 elxstor - ok
17:46:52.0804 4516 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
17:46:52.0931 4516 EMDMgmt - ok
17:46:52.0975 4516 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
17:46:53.0079 4516 ErrDev - ok
17:46:53.0189 4516 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
17:46:53.0290 4516 EventSystem - ok
17:46:53.0551 4516 EvtEng (f7bf273af871315560bce41643af104d) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
17:46:53.0714 4516 EvtEng - ok
17:46:53.0899 4516 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
17:46:54.0017 4516 exfat - ok
17:46:54.0080 4516 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
17:46:54.0151 4516 fastfat - ok
17:46:54.0232 4516 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
17:46:54.0292 4516 fdc - ok
17:46:54.0321 4516 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
17:46:54.0407 4516 fdPHost - ok
17:46:54.0461 4516 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
17:46:54.0595 4516 FDResPub - ok
17:46:54.0632 4516 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
17:46:54.0657 4516 FileInfo - ok
17:46:54.0689 4516 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
17:46:54.0750 4516 Filetrace - ok
17:46:54.0774 4516 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
17:46:54.0864 4516 flpydisk - ok
17:46:54.0946 4516 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
17:46:54.0990 4516 FltMgr - ok
17:46:55.0191 4516 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
17:46:55.0354 4516 FontCache - ok
17:46:55.0412 4516 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:46:55.0432 4516 FontCache3.0.0.0 - ok
17:46:55.0514 4516 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
17:46:55.0585 4516 Fs_Rec - ok
17:46:55.0675 4516 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
17:46:55.0746 4516 FwLnk - ok
17:46:55.0807 4516 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
17:46:55.0832 4516 gagp30kx - ok
17:46:55.0884 4516 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\Drivers\GEARAspiWDM.sys
17:46:55.0902 4516 GEARAspiWDM - ok
17:46:56.0122 4516 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
17:46:56.0207 4516 gpsvc - ok
17:46:56.0291 4516 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:46:56.0322 4516 gupdate - ok
17:46:56.0368 4516 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:46:56.0387 4516 gupdatem - ok
17:46:56.0466 4516 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
17:46:56.0635 4516 HdAudAddService - ok
17:46:56.0774 4516 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
17:46:56.0936 4516 HDAudBus - ok
17:46:56.0969 4516 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
17:46:57.0091 4516 HidBth - ok
17:46:57.0142 4516 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
17:46:57.0258 4516 HidIr - ok
17:46:57.0304 4516 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
17:46:57.0380 4516 hidserv - ok
17:46:57.0465 4516 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
17:46:57.0537 4516 HidUsb - ok
17:46:57.0602 4516 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
17:46:57.0730 4516 hkmsvc - ok
17:46:57.0763 4516 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
17:46:57.0787 4516 HpCISSs - ok
17:46:57.0880 4516 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
17:46:58.0039 4516 HTTP - ok
17:46:58.0062 4516 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
17:46:58.0086 4516 i2omp - ok
17:46:58.0118 4516 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
17:46:58.0187 4516 i8042prt - ok
17:46:58.0285 4516 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
17:46:58.0319 4516 iaStor - ok
17:46:58.0360 4516 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
17:46:58.0408 4516 iaStorV - ok
17:46:58.0549 4516 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:46:58.0577 4516 IDriverT ( UnsignedFile.Multi.Generic ) - warning
17:46:58.0577 4516 IDriverT - detected UnsignedFile.Multi.Generic (1)
17:46:58.0767 4516 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:46:58.0855 4516 idsvc - ok
17:46:58.0899 4516 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
17:46:58.0921 4516 iirsp - ok
17:46:58.0988 4516 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
17:46:59.0124 4516 IKEEXT - ok
17:46:59.0322 4516 IntcAzAudAddService (1835b384d2d66752ed1460e9085230bd) C:\Windows\system32\drivers\RTKVHD64.sys
17:46:59.0483 4516 IntcAzAudAddService - ok
17:46:59.0696 4516 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
17:46:59.0719 4516 intelide - ok
17:46:59.0753 4516 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
17:46:59.0842 4516 intelppm - ok
17:46:59.0891 4516 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
17:47:00.0014 4516 IPBusEnum - ok
17:47:00.0061 4516 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:47:00.0154 4516 IpFilterDriver - ok
17:47:00.0227 4516 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
17:47:00.0356 4516 iphlpsvc - ok
17:47:00.0361 4516 IpInIp - ok
17:47:00.0392 4516 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
17:47:00.0455 4516 IPMIDRV - ok
17:47:00.0518 4516 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
17:47:00.0644 4516 IPNAT - ok
17:47:00.0817 4516 iPod Service (e94503089df8976f5c4c9d5168e9765f) C:\Program Files\iPod\bin\iPodService.exe
17:47:00.0924 4516 iPod Service - ok
17:47:00.0953 4516 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
17:47:01.0035 4516 IRENUM - ok
17:47:01.0081 4516 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
17:47:01.0104 4516 isapnp - ok
17:47:01.0152 4516 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
17:47:01.0186 4516 iScsiPrt - ok
17:47:01.0213 4516 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
17:47:01.0235 4516 iteatapi - ok
17:47:01.0319 4516 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
17:47:01.0341 4516 iteraid - ok
17:47:01.0378 4516 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
17:47:01.0401 4516 kbdclass - ok
17:47:01.0408 4516 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
17:47:01.0496 4516 kbdhid - ok
17:47:01.0560 4516 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:01.0656 4516 KeyIso - ok
17:47:01.0706 4516 KR10I64 (7c999f96b239e214154db3c808e6736a) C:\Windows\system32\drivers\kr10i64.sys
17:47:01.0814 4516 KR10I64 - ok
17:47:01.0854 4516 KR10N64 (8cb9a9164d4e789424f943fa718fa3f2) C:\Windows\system32\drivers\kr10n64.sys
17:47:01.0917 4516 KR10N64 - ok
17:47:02.0003 4516 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
17:47:02.0105 4516 KSecDD - ok
17:47:02.0141 4516 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
17:47:02.0230 4516 ksthunk - ok
17:47:02.0323 4516 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
17:47:02.0474 4516 KtmRm - ok
17:47:02.0578 4516 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
17:47:02.0697 4516 LanmanServer - ok
17:47:02.0804 4516 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
17:47:02.0886 4516 LanmanWorkstation - ok
17:47:02.0940 4516 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
17:47:03.0042 4516 lltdio - ok
17:47:03.0114 4516 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
17:47:03.0258 4516 lltdsvc - ok
17:47:03.0286 4516 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
17:47:03.0372 4516 lmhosts - ok
17:47:03.0433 4516 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
17:47:03.0469 4516 LSI_FC - ok
17:47:03.0507 4516 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
17:47:03.0556 4516 LSI_SAS - ok
17:47:03.0610 4516 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
17:47:03.0646 4516 LSI_SCSI - ok
17:47:03.0690 4516 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
17:47:03.0811 4516 luafv - ok
17:47:03.0842 4516 lxdn_device - ok
17:47:03.0889 4516 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
17:47:03.0912 4516 MBAMProtector - ok
17:47:04.0044 4516 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:47:04.0089 4516 MBAMService - ok
17:47:04.0196 4516 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
17:47:04.0222 4516 McComponentHostService - ok
17:47:04.0274 4516 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
17:47:04.0301 4516 Mcx2Svc - ok
17:47:04.0376 4516 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
17:47:04.0399 4516 megasas - ok
17:47:04.0462 4516 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
17:47:04.0517 4516 MegaSR - ok
17:47:04.0616 4516 Microsoft SharePoint Workspace Audit Service - ok
17:47:04.0647 4516 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:47:04.0746 4516 MMCSS - ok
17:47:04.0778 4516 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
17:47:04.0862 4516 Modem - ok
17:47:04.0913 4516 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
17:47:04.0975 4516 monitor - ok
17:47:05.0012 4516 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
17:47:05.0035 4516 mouclass - ok
17:47:05.0069 4516 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
17:47:05.0159 4516 mouhid - ok
17:47:05.0176 4516 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
17:47:05.0201 4516 MountMgr - ok
17:47:05.0284 4516 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:47:05.0307 4516 MozillaMaintenance - ok
17:47:05.0357 4516 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
17:47:05.0393 4516 mpio - ok
17:47:05.0421 4516 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
17:47:05.0496 4516 mpsdrv - ok
17:47:05.0626 4516 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
17:47:05.0763 4516 MpsSvc - ok
17:47:05.0824 4516 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
17:47:05.0847 4516 Mraid35x - ok
17:47:05.0893 4516 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
17:47:05.0980 4516 MRxDAV - ok
17:47:06.0033 4516 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:47:06.0093 4516 mrxsmb - ok
17:47:06.0149 4516 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:47:06.0291 4516 mrxsmb10 - ok
17:47:06.0342 4516 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:47:06.0412 4516 mrxsmb20 - ok
17:47:06.0463 4516 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
17:47:06.0487 4516 msahci - ok
17:47:06.0530 4516 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
17:47:06.0566 4516 msdsm - ok
17:47:06.0614 4516 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
17:47:06.0730 4516 MSDTC - ok
17:47:06.0754 4516 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
17:47:06.0848 4516 Msfs - ok
17:47:06.0905 4516 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
17:47:06.0928 4516 msisadrv - ok
17:47:06.0985 4516 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
17:47:07.0146 4516 MSiSCSI - ok
17:47:07.0152 4516 msiserver - ok
17:47:07.0196 4516 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
17:47:07.0282 4516 MSKSSRV - ok
17:47:07.0331 4516 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
17:47:07.0422 4516 MSPCLOCK - ok
17:47:07.0456 4516 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
17:47:07.0517 4516 MSPQM - ok
17:47:07.0607 4516 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
17:47:07.0672 4516 MsRPC - ok
17:47:07.0723 4516 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
17:47:07.0747 4516 mssmbios - ok
17:47:07.0776 4516 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
17:47:07.0900 4516 MSTEE - ok
17:47:07.0934 4516 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
17:47:07.0960 4516 Mup - ok
17:47:08.0021 4516 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
17:47:08.0083 4516 napagent - ok
17:47:08.0142 4516 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
17:47:08.0213 4516 NativeWifiP - ok
17:47:08.0373 4516 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
17:47:08.0456 4516 NDIS - ok
17:47:08.0491 4516 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
17:47:08.0568 4516 NdisTapi - ok
17:47:08.0576 4516 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
17:47:08.0680 4516 Ndisuio - ok
17:47:08.0734 4516 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
17:47:08.0862 4516 NdisWan - ok
17:47:08.0901 4516 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
17:47:08.0979 4516 NDProxy - ok
17:47:09.0009 4516 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
17:47:09.0121 4516 NetBIOS - ok
17:47:09.0199 4516 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
17:47:09.0297 4516 netbt - ok
17:47:09.0342 4516 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:09.0370 4516 Netlogon - ok
17:47:09.0447 4516 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
17:47:09.0560 4516 Netman - ok
17:47:09.0610 4516 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
17:47:09.0735 4516 netprofm - ok
17:47:09.0809 4516 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:47:09.0844 4516 NetTcpPortSharing - ok
17:47:09.0855 4516 NETw5v64 - ok
17:47:10.0819 4516 NETwNv64 (6b138b65b531c3a2380becabef0b6157) C:\Windows\system32\DRIVERS\NETwNv64.sys
17:47:11.0680 4516 NETwNv64 - ok
17:47:11.0859 4516 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
17:47:11.0882 4516 nfrd960 - ok
17:47:11.0966 4516 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
17:47:12.0109 4516 NlaSvc - ok
17:47:12.0154 4516 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
17:47:12.0227 4516 Npfs - ok
17:47:12.0254 4516 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
17:47:12.0344 4516 nsi - ok
17:47:12.0370 4516 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
17:47:12.0462 4516 nsiproxy - ok
17:47:12.0663 4516 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
17:47:12.0786 4516 Ntfs - ok
17:47:12.0987 4516 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
17:47:13.0077 4516 Null - ok
17:47:13.0118 4516 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
17:47:13.0145 4516 nvraid - ok
17:47:13.0181 4516 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
17:47:13.0210 4516 nvstor - ok
17:47:13.0242 4516 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
17:47:13.0268 4516 nv_agp - ok
17:47:13.0274 4516 NwlnkFlt - ok
17:47:13.0282 4516 NwlnkFwd - ok
17:47:13.0326 4516 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
17:47:13.0402 4516 ohci1394 - ok
17:47:13.0502 4516 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:47:13.0534 4516 ose - ok
17:47:14.0161 4516 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:47:14.0480 4516 osppsvc - ok
17:47:14.0731 4516 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:14.0879 4516 p2pimsvc - ok
17:47:14.0893 4516 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:14.0945 4516 p2psvc - ok
17:47:14.0998 4516 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
17:47:15.0133 4516 Parport - ok
17:47:15.0182 4516 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
17:47:15.0210 4516 partmgr - ok
17:47:15.0256 4516 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
17:47:15.0324 4516 PcaSvc - ok
17:47:15.0378 4516 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
17:47:15.0413 4516 pci - ok
17:47:15.0441 4516 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
17:47:15.0462 4516 pciide - ok
17:47:15.0506 4516 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
17:47:15.0537 4516 pcmcia - ok
17:47:15.0633 4516 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
17:47:15.0835 4516 PEAUTH - ok
17:47:15.0970 4516 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
17:47:16.0054 4516 PerfHost - ok
17:47:16.0238 4516 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
17:47:16.0450 4516 pla - ok
17:47:16.0518 4516 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
17:47:16.0614 4516 PlugPlay - ok
17:47:16.0777 4516 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:16.0824 4516 PNRPAutoReg - ok
17:47:16.0837 4516 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
17:47:16.0884 4516 PNRPsvc - ok
17:47:16.0958 4516 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
17:47:17.0101 4516 PolicyAgent - ok
17:47:17.0186 4516 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
17:47:17.0289 4516 PptpMiniport - ok
17:47:17.0331 4516 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
17:47:17.0424 4516 Processor - ok
17:47:17.0509 4516 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
17:47:17.0629 4516 ProfSvc - ok
17:47:17.0656 4516 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:17.0698 4516 ProtectedStorage - ok
17:47:17.0744 4516 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
17:47:17.0803 4516 PSched - ok
17:47:17.0844 4516 pwipf6 (67c0ffa05e72b46534cbef9098be6765) C:\Windows\system32\DRIVERS\pwipf6.sys
17:47:17.0864 4516 pwipf6 - ok
17:47:18.0016 4516 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
17:47:18.0161 4516 ql2300 - ok
17:47:18.0239 4516 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
17:47:18.0273 4516 ql40xx - ok
17:47:18.0324 4516 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
17:47:18.0420 4516 QWAVE - ok
17:47:18.0453 4516 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
17:47:18.0505 4516 QWAVEdrv - ok
17:47:18.0541 4516 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
17:47:18.0630 4516 RasAcd - ok
17:47:18.0691 4516 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
17:47:18.0808 4516 RasAuto - ok
17:47:18.0876 4516 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:47:18.0947 4516 Rasl2tp - ok
17:47:19.0010 4516 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
17:47:19.0134 4516 RasMan - ok
17:47:19.0194 4516 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
17:47:19.0284 4516 RasPppoe - ok
17:47:19.0334 4516 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
17:47:19.0391 4516 RasSstp - ok
17:47:19.0463 4516 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
17:47:19.0548 4516 rdbss - ok
17:47:19.0602 4516 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:47:19.0665 4516 RDPCDD - ok
17:47:19.0726 4516 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
17:47:19.0826 4516 rdpdr - ok
17:47:19.0832 4516 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
17:47:19.0926 4516 RDPENCDD - ok
17:47:20.0006 4516 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
17:47:20.0103 4516 RDPWD - ok
17:47:20.0271 4516 RegSrvc (92c422f8f0e6018ffc1c760b88a98eb3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
17:47:20.0331 4516 RegSrvc - ok
17:47:20.0395 4516 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
17:47:20.0501 4516 RemoteAccess - ok
17:47:20.0559 4516 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
17:47:20.0652 4516 RemoteRegistry - ok
17:47:20.0760 4516 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
17:47:20.0779 4516 Revoflt - ok
17:47:20.0847 4516 rimmptsk (d13d70fac45fc1df69f88559b1f72f0a) C:\Windows\system32\DRIVERS\rimmpx64.sys
17:47:20.0926 4516 rimmptsk - ok
17:47:20.0950 4516 rimsptsk (bb9edc55b0b8cb4fcd713428820e0776) C:\Windows\system32\DRIVERS\rimspx64.sys
17:47:21.0011 4516 rimsptsk - ok
17:47:21.0029 4516 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys
17:47:21.0059 4516 rismxdp - ok
17:47:21.0093 4516 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
17:47:21.0139 4516 RpcLocator - ok
17:47:21.0284 4516 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
17:47:21.0369 4516 RpcSs - ok
17:47:21.0464 4516 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
17:47:21.0530 4516 rspndr - ok
17:47:21.0593 4516 RTHDMIAzAudService (0328ffdf9d805723d0e420018136fa7b) C:\Windows\system32\drivers\RtHDMIVX.sys
17:47:21.0622 4516 RTHDMIAzAudService - ok
17:47:21.0690 4516 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
17:47:21.0800 4516 RTL8169 - ok
17:47:21.0850 4516 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
17:47:21.0876 4516 SamSs - ok
17:47:21.0947 4516 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
17:47:21.0983 4516 sbp2port - ok
17:47:22.0055 4516 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
17:47:22.0141 4516 SCardSvr - ok
17:47:22.0306 4516 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
17:47:22.0498 4516 Schedule - ok
17:47:22.0561 4516 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
17:47:22.0608 4516 SCPolicySvc - ok
17:47:22.0720 4516 sdbus (be100bc2be2513314c717bb2c4cfff10) C:\Windows\system32\DRIVERS\sdbus.sys
17:47:22.0833 4516 sdbus - ok
17:47:22.0889 4516 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
17:47:23.0015 4516 SDRSVC - ok
17:47:23.0045 4516 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:47:23.0137 4516 secdrv - ok
17:47:23.0167 4516 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
17:47:23.0260 4516 seclogon - ok
17:47:23.0363 4516 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
17:47:23.0470 4516 SENS - ok
17:47:23.0509 4516 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
17:47:23.0626 4516 Serenum - ok
17:47:23.0715 4516 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
17:47:23.0820 4516 Serial - ok
17:47:23.0848 4516 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
17:47:23.0936 4516 sermouse - ok
17:47:23.0969 4516 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
17:47:24.0087 4516 SessionEnv - ok
17:47:24.0148 4516 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
17:47:24.0237 4516 sffdisk - ok
17:47:24.0275 4516 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
17:47:24.0361 4516 sffp_mmc - ok
17:47:24.0382 4516 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
17:47:24.0463 4516 sffp_sd - ok
17:47:24.0500 4516 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
17:47:24.0620 4516 sfloppy - ok
17:47:24.0761 4516 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
17:47:24.0822 4516 Sftfs - ok
17:47:24.0970 4516 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:47:25.0045 4516 sftlist - ok
17:47:25.0141 4516 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
17:47:25.0210 4516 Sftplay - ok
17:47:25.0241 4516 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
17:47:25.0261 4516 Sftredir - ok
17:47:25.0291 4516 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
17:47:25.0312 4516 Sftvol - ok
17:47:25.0351 4516 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:47:25.0422 4516 sftvsa - ok
17:47:25.0480 4516 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
17:47:25.0568 4516 SharedAccess - ok
17:47:25.0644 4516 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
17:47:25.0771 4516 ShellHWDetection - ok
17:47:25.0800 4516 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
17:47:25.0824 4516 SiSRaid2 - ok
17:47:25.0865 4516 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
17:47:25.0915 4516 SiSRaid4 - ok
17:47:26.0208 4516 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
17:47:26.0422 4516 slsvc - ok
17:47:26.0620 4516 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
17:47:26.0717 4516 SLUINotify - ok
17:47:26.0849 4516 SmartFaceVWatchSrv (79ed2d6dec26e0fefb93ea21f09e6a51) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
17:47:26.0861 4516 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - warning
17:47:26.0862 4516 SmartFaceVWatchSrv - detected UnsignedFile.Multi.Generic (1)
17:47:26.0974 4516 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
17:47:27.0074 4516 Smb - ok
17:47:27.0129 4516 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
17:47:27.0182 4516 SNMPTRAP - ok
17:47:27.0252 4516 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
17:47:27.0277 4516 spldr - ok
17:47:27.0355 4516 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
17:47:27.0499 4516 Spooler - ok
17:47:27.0586 4516 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
17:47:27.0696 4516 srv - ok
17:47:27.0746 4516 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
17:47:27.0800 4516 srv2 - ok
17:47:27.0854 4516 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
17:47:27.0967 4516 srvnet - ok
17:47:28.0060 4516 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
17:47:28.0189 4516 SSDPSRV - ok
17:47:28.0221 4516 ssfmonm (2c8842ac3fb749423311d934a3746fe2) C:\Windows\system32\DRIVERS\ssfmonm.sys
17:47:28.0242 4516 ssfmonm - ok
17:47:28.0279 4516 ssidrv (4a69c76bba285745a45045c4672f89c7) C:\Windows\system32\DRIVERS\ssidrv.sys
17:47:28.0332 4516 ssidrv - ok
17:47:28.0382 4516 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
17:47:28.0446 4516 SstpSvc - ok
17:47:28.0556 4516 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
17:47:28.0689 4516 stisvc - ok
17:47:28.0743 4516 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
17:47:28.0764 4516 swenum - ok
17:47:28.0853 4516 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
17:47:28.0937 4516 swprv - ok
17:47:28.0978 4516 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
17:47:29.0001 4516 Symc8xx - ok
17:47:29.0031 4516 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
17:47:29.0053 4516 Sym_hi - ok
17:47:29.0071 4516 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
17:47:29.0093 4516 Sym_u3 - ok
17:47:29.0173 4516 SynTP (572438150fc79e41a0348e3dc56b1dd2) C:\Windows\system32\DRIVERS\SynTP.sys
17:47:29.0205 4516 SynTP - ok
17:47:29.0384 4516 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
17:47:29.0549 4516 SysMain - ok
17:47:29.0587 4516 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
17:47:29.0682 4516 TabletInputService - ok
17:47:29.0779 4516 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
17:47:29.0860 4516 TapiSrv - ok
17:47:29.0892 4516 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
17:47:30.0000 4516 TBS - ok
17:47:30.0217 4516 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
17:47:30.0381 4516 Tcpip - ok
17:47:30.0628 4516 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
17:47:30.0722 4516 Tcpip6 - ok
17:47:30.0943 4516 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
17:47:31.0022 4516 tcpipreg - ok
17:47:31.0079 4516 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
17:47:31.0098 4516 tdcmdpst - ok
17:47:31.0159 4516 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
17:47:31.0251 4516 TDPIPE - ok
17:47:31.0281 4516 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
17:47:31.0368 4516 TDTCP - ok
17:47:31.0437 4516 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
17:47:31.0543 4516 tdx - ok
17:47:31.0602 4516 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
17:47:31.0628 4516 TermDD - ok
17:47:31.0713 4516 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
17:47:31.0830 4516 TermService - ok
17:47:31.0903 4516 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
17:47:31.0935 4516 Themes - ok
17:47:31.0974 4516 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
17:47:32.0037 4516 THREADORDER - ok
17:47:32.0106 4516 TMachInfo (e09caafb2b323a6ff120cefb96da0a44) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:47:32.0125 4516 TMachInfo - ok
17:47:32.0204 4516 TNaviSrv (89f74c86523f5e334628dbce66e6d165) C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
17:47:32.0225 4516 TNaviSrv - ok
17:47:32.0301 4516 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
17:47:32.0324 4516 TODDSrv ( UnsignedFile.Multi.Generic ) - warning
17:47:32.0324 4516 TODDSrv - detected UnsignedFile.Multi.Generic (1)
17:47:32.0481 4516 TosCoSrv (e17a81e6ad0e89630a3b0f2ed5cbbdf5) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:47:32.0546 4516 TosCoSrv - ok
17:47:32.0662 4516 TOSHIBA Bluetooth Service (4e5a8546709591d31ba086ca2a69cecd) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
17:47:32.0685 4516 TOSHIBA Bluetooth Service - ok
17:47:32.0720 4516 TOSHIBA SMART Log Service (19d979b9f6373a7cb17ebb7594feb819) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
17:47:32.0760 4516 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - warning
17:47:32.0760 4516 TOSHIBA SMART Log Service - detected UnsignedFile.Multi.Generic (1)
17:47:32.0814 4516 Tosrfcom - ok
17:47:32.0836 4516 tosrfec (9fb4aa68d4e833c795994513bc9e3aca) C:\Windows\system32\DRIVERS\tosrfec.sys
17:47:32.0909 4516 tosrfec - ok
17:47:33.0032 4516 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
17:47:33.0113 4516 tos_sps64 - ok
17:47:33.0160 4516 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
17:47:33.0305 4516 TrkWks - ok
17:47:33.0378 4516 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
17:47:33.0449 4516 TrustedInstaller - ok
17:47:33.0492 4516 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:47:33.0589 4516 tssecsrv - ok
17:47:33.0625 4516 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
17:47:33.0709 4516 tunmp - ok
17:47:33.0744 4516 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
17:47:33.0792 4516 tunnel - ok
17:47:33.0901 4516 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
17:47:33.0919 4516 TVALZ - ok
17:47:33.0965 4516 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
17:47:33.0990 4516 uagp35 - ok
17:47:34.0045 4516 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
17:47:34.0162 4516 udfs - ok
17:47:34.0217 4516 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
17:47:34.0344 4516 UI0Detect - ok
17:47:34.0444 4516 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
17:47:34.0482 4516 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
17:47:34.0482 4516 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
17:47:34.0556 4516 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
17:47:34.0582 4516 uliagpkx - ok
17:47:34.0624 4516 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
17:47:34.0657 4516 uliahci - ok
17:47:34.0696 4516 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
17:47:34.0729 4516 UlSata - ok
17:47:34.0763 4516 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
17:47:34.0795 4516 ulsata2 - ok
17:47:34.0848 4516 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
17:47:34.0909 4516 umbus - ok
17:47:34.0991 4516 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
17:47:35.0085 4516 upnphost - ok
17:47:35.0154 4516 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
17:47:35.0191 4516 USBAAPL64 - ok
17:47:35.0221 4516 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
17:47:35.0291 4516 usbccgp - ok
17:47:35.0336 4516 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
17:47:35.0452 4516 usbcir - ok
17:47:35.0490 4516 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
17:47:35.0563 4516 usbehci - ok
17:47:35.0611 4516 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
17:47:35.0697 4516 usbhub - ok
17:47:35.0726 4516 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
17:47:35.0839 4516 usbohci - ok
17:47:35.0955 4516 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
17:47:36.0016 4516 usbprint - ok
17:47:36.0121 4516 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
17:47:36.0229 4516 usbscan - ok
17:47:36.0291 4516 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:47:36.0340 4516 USBSTOR - ok
17:47:36.0381 4516 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
17:47:36.0428 4516 usbuhci - ok
17:47:36.0503 4516 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
17:47:36.0594 4516 usbvideo - ok
17:47:36.0640 4516 UVCFTR (56ed086f1300ecb1e6f67ac43955e5e9) C:\Windows\system32\Drivers\UVCFTR_S.SYS
17:47:36.0658 4516 UVCFTR - ok
17:47:36.0700 4516 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
17:47:36.0749 4516 UxSms - ok
17:47:36.0822 4516 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
17:47:36.0915 4516 vds - ok
17:47:36.0935 4516 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
17:47:36.0997 4516 vga - ok
17:47:37.0011 4516 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
17:47:37.0097 4516 VgaSave - ok
17:47:37.0128 4516 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
17:47:37.0149 4516 viaide - ok
17:47:37.0196 4516 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
17:47:37.0223 4516 volmgr - ok
17:47:37.0300 4516 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
17:47:37.0359 4516 volmgrx - ok
17:47:37.0415 4516 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
17:47:37.0477 4516 volsnap - ok
17:47:37.0508 4516 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
17:47:37.0542 4516 vsmraid - ok
17:47:37.0744 4516 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
17:47:37.0903 4516 VSS - ok
17:47:38.0104 4516 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
17:47:38.0240 4516 W32Time - ok
17:47:38.0303 4516 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
17:47:38.0427 4516 WacomPen - ok
17:47:38.0472 4516 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:38.0564 4516 Wanarp - ok
17:47:38.0570 4516 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
17:47:38.0618 4516 Wanarpv6 - ok
17:47:38.0735 4516 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
17:47:38.0880 4516 wcncsvc - ok
17:47:38.0964 4516 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
17:47:39.0060 4516 WcsPlugInService - ok
17:47:39.0120 4516 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
17:47:39.0143 4516 Wd - ok
17:47:39.0279 4516 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
17:47:39.0372 4516 Wdf01000 - ok
17:47:39.0413 4516 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:47:39.0514 4516 WdiServiceHost - ok
17:47:39.0522 4516 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
17:47:39.0586 4516 WdiSystemHost - ok
17:47:39.0648 4516 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
17:47:39.0748 4516 WebClient - ok
17:47:40.0223 4516 WebrootSpySweeperService (74cbe3f3b912b7fc97e65e20385c5810) C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
17:47:40.0415 4516 WebrootSpySweeperService - ok
17:47:40.0604 4516 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
17:47:40.0691 4516 Wecsvc - ok
17:47:40.0726 4516 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
17:47:40.0788 4516 wercplsupport - ok
17:47:40.0846 4516 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
17:47:40.0963 4516 WerSvc - ok
17:47:41.0025 4516 WinDefend - ok
17:47:41.0039 4516 WinHttpAutoProxySvc - ok
17:47:41.0168 4516 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
17:47:41.0264 4516 Winmgmt - ok
17:47:41.0508 4516 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
17:47:41.0751 4516 WinRM - ok
17:47:41.0962 4516 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
17:47:42.0104 4516 Wlansvc - ok
17:47:42.0382 4516 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:47:42.0628 4516 wlidsvc - ok
17:47:42.0814 4516 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
17:47:42.0888 4516 WmiAcpi - ok
17:47:42.0974 4516 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
17:47:43.0073 4516 wmiApSrv - ok
17:47:43.0111 4516 WMPNetworkSvc - ok
17:47:43.0159 4516 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
17:47:43.0301 4516 WPCSvc - ok
17:47:43.0337 4516 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
17:47:43.0435 4516 WPDBusEnum - ok
17:47:43.0483 4516 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
17:47:43.0524 4516 WpdUsb - ok
17:47:43.0777 4516 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:47:43.0902 4516 WPFFontCache_v0400 - ok
17:47:44.0398 4516 WRConsumerService (ff0115403517a1fd7619f73f4a6c331e) C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
17:47:44.0635 4516 WRConsumerService - ok
17:47:44.0820 4516 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
17:47:44.0903 4516 ws2ifsl - ok
17:47:44.0958 4516 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
17:47:45.0002 4516 wscsvc - ok
17:47:45.0008 4516 WSearch - ok
17:47:45.0316 4516 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
17:47:45.0488 4516 wuauserv - ok
17:47:45.0692 4516 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:47:45.0809 4516 WUDFRd - ok
17:47:45.0870 4516 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
17:47:45.0948 4516 wudfsvc - ok
17:47:46.0135 4516 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:47:46.0199 4516 YahooAUService - ok
17:47:46.0242 4516 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:47:46.0444 4516 \Device\Harddisk0\DR0 - ok
17:47:46.0450 4516 Boot (0x1200) (bfda696934bf2b1e81a5e9a81664075c) \Device\Harddisk0\DR0\Partition0
17:47:46.0452 4516 \Device\Harddisk0\DR0\Partition0 - ok
17:47:46.0454 4516 ============================================================
17:47:46.0454 4516 Scan finished
17:47:46.0454 4516 ============================================================
17:47:46.0475 6408 Detected object count: 7
17:47:46.0475 6408 Actual detected object count: 7
17:49:55.0004 6408 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0004 6408 ConfigFree Gadget Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0005 6408 ConfigFree Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0005 6408 ConfigFree Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0005 6408 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0005 6408 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0009 6408 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0009 6408 SmartFaceVWatchSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0011 6408 TODDSrv ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0011 6408 TODDSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0014 6408 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0014 6408 TOSHIBA SMART Log Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:49:55.0015 6408 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
17:49:55.0015 6408 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

#9 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 05:57 PM

That scan was clean.....

Please download and run ComboFix.
The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.
MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#10 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 May 2012 - 07:17 PM

ComboFix 12-05-09.01 - User 05/09/2012 18:25:55.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1757 [GMT -5:00]
Running from: c:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\programdata\SPLD23C.tmp
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zs0g5ds4.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zs0g5ds4.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\chrome.manifest
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zs0g5ds4.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\chrome\xulcache.jar
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zs0g5ds4.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\defaults\preferences\xulcache.js
c:\users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\zs0g5ds4.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\install.rdf
c:\users\User\AppData\Roaming\Ikils
c:\users\User\AppData\Roaming\Ikils\bimys.exe
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\chrome\xulcache.jar
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\defaults\preferences\xulcache.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\extensions\{5ed7c7bf-b623-4a1d-b141-a2e2323a332f}\install.rdf
c:\users\User\AppData\Roaming\Ziqua
c:\users\User\AppData\Roaming\Ziqua\rycef.oso
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 00:01 . 2012-05-10 00:01 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-05-10 00:01 . 2012-05-10 00:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 21:42 . 2012-05-09 21:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-05-09 21:41 . 2012-05-09 21:41 -------- d-----w- c:\program files (x86)\Oracle
2012-05-09 21:16 . 2012-05-09 21:16 544032 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-05-09 21:16 . 2012-05-09 21:16 525600 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-09 21:02 . 2012-04-04 23:47 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-09 20:14 . 2012-04-18 08:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C545F664-E176-4B2A-8E8A-D536CA7D8A97}\mpengine.dll
2012-05-09 00:17 . 2012-05-09 21:34 -------- d-----w- c:\users\User\AppData\Roaming\Ivsuc
2012-05-05 18:37 . 2012-05-05 18:37 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-05 18:37 . 2012-05-05 18:37 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 18:37 . 2012-05-05 18:37 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-01 22:41 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-01 22:12 . 2012-05-01 22:12 -------- d--h--w- c:\programdata\Common Files
2012-05-01 22:08 . 2012-05-01 22:12 -------- d-----w- c:\programdata\MFAData
2012-04-26 22:39 . 2012-04-26 22:39 -------- d-----w- c:\windows\system32\Macromed
2012-04-26 22:36 . 2012-04-26 22:36 -------- d-----w- c:\users\User\AppData\Local\{4A48DC53-8FF0-11E1-826D-B8AC6F996F26}
2012-04-26 22:36 . 2012-04-26 22:36 -------- d-----w- c:\users\User\AppData\Local\{4A48A885-8FF0-11E1-826D-B8AC6F996F26}
2012-04-24 00:34 . 2012-04-24 00:34 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2012-04-24 00:34 . 2012-04-24 00:34 -------- d-----w- c:\programdata\Malwarebytes
2012-04-24 00:34 . 2012-05-01 22:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-12 08:08 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 08:06 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 08:06 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 08:06 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 08:06 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 08:06 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 08:06 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 08:06 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 23:47 . 2010-07-22 00:20 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-20 04:06 . 2009-08-18 18:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-03-20 04:06 . 2009-08-18 17:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 15:18 . 2010-09-10 06:11 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 17:09 . 2012-02-14 17:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-14 16:49 . 2012-03-14 00:16 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 00:16 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 00:16 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 00:16 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 00:16 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 00:16 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 00:16 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 00:16 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 00:16 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 00:16 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
2010-09-10 04:52 . 2010-09-10 04:52 7089544 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-01-21 213816]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1555968]
"LDM"="c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-07-09 32768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"PCMAgent"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe" [2007-12-14 143360]
"CLMLServer"="c:\program files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe" [2008-07-11 188416]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-07-31 417792]
"WebrootTrayApp"="c:\program files (x86)\Webroot\Security\Current\Framework\WRTray.exe" [2010-10-15 1286960]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"lxdnmon.exe"="c:\program files (x86) (x86)\Lexmark 2600 Series\lxdnmon.exe" [2010-02-04 660136]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 2600 Series\ezprint.exe" [2010-02-04 107176]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2010-7-9 450560]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToshibaServiceStation]
2008-08-04 21:46 1242424 ----a-w- c:\program files (x86)\Toshiba\TOSHIBA Service Station\TSS.exe
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 23:52]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-30 23:52]
.
2012-05-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1495340077-3318051157-4031678959-1000Core.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 23:52]
.
2012-05-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1495340077-3318051157-4031678959-1000UA.job
- c:\users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-27 23:52]
.
2012-05-09 c:\windows\Tasks\User_Feed_Synchronization-{0D568D07-70AC-4191-9435-2CB316D03466}.job
- c:\windows\system32\msfeedssync.exe [2012-04-12 08:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{6B78A880-15CA-468f-8422-A7960AD6FBB9}"
[HKEY_CLASSES_ROOT\CLSID\{6B78A880-15CA-468f-8422-A7960AD6FBB9}]
2010-08-16 17:32 143672 ----a-w- c:\program files (x86)\Webroot\Security\Current\Plugins\sync\WebRootShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{4EE7A346-5845-471e-9FAB-002EAF83F8B0}"
[HKEY_CLASSES_ROOT\CLSID\{4EE7A346-5845-471e-9FAB-002EAF83F8B0}]
2010-08-16 17:32 143672 ----a-w- c:\program files (x86)\Webroot\Security\Current\Plugins\sync\WebRootShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}"
[HKEY_CLASSES_ROOT\CLSID\{53DABC15-4F29-44ad-B09A-E0D0F9A3D075}]
2010-08-16 17:32 143672 ----a-w- c:\program files (x86)\Webroot\Security\Current\Plugins\sync\WebRootShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{493FC96E-B938-4924-9B38-C4088E9B8AC2}"
[HKEY_CLASSES_ROOT\CLSID\{493FC96E-B938-4924-9B38-C4088E9B8AC2}]
2010-08-16 17:32 143672 ----a-w- c:\program files (x86)\Webroot\Security\Current\Plugins\sync\WebRootShellExt_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-04-08 6156288]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1216808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\yqvhyd7h.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-cfFncEnabler.exe - cfFncEnabler.exe
MSConfigStartUp-ITSecMng - %ProgramFiles(x86)%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Lexmark 2600 Series - c:\program files (x86)\Lexmark 2600 Series\Install\x64\Uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1495340077-3318051157-4031678959-1000\Software\SecuROM\License information*]
"datasecu"=hex:ed,32,2e,b8,69,c9,af,d8,a6,ed,3c,ee,bb,87,a8,18,c7,4c,16,8a,17,
0c,1a,85,e4,b0,44,ec,67,e6,29,67,3c,8a,7a,83,2f,44,bc,71,1d,74,13,0b,ab,32,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil9e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\progra~2\Webroot\Security\Current\Plugins\cleanup\WRCLEA~1.EXE
c:\program files (x86)\Toshiba\ConfigFree\NDSTray.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Completion time: 2012-05-09 19:12:46 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 00:12
.
Pre-Run: 83,023,855,616 bytes free
Post-Run: 84,141,371,392 bytes free
.
- - End Of File - - C04D8AEB4A9EB9F110FD58C3098EC52D

#11 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 07:34 PM

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#12 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 May 2012 - 08:03 PM

Everything clean. iexplore.exe processes all gone.

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19222
User :: USER-PC [administrator]

Protection: Enabled

5/9/2012 7:38:11 PM
mbam-log-2012-05-09 (19-38-11).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 223051
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 08:18 PM

so instead I downloaded the "lastest version" according to the Java website, which was Java 7 Update 4. Is this a problem?


I forgot to answer this...Yes it's OK

------------------------------------

A little clean up to do......

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 hypotyposis

hypotyposis

    New Member

  • Members
  • Pip
  • 9 posts

Posted 09 May 2012 - 10:28 PM

So I'm on a different computer now because as soon as I did the Combofix Uninstall and OTL Clean Up, my internet suddenly does not work. I get the error that "The network adapter 'Realtek RTL8102E Family PCI-E Fast Ethernet NIC (NDIS 6.0)' is experiencing driver or hardware related issues. The other option it gives me is "Make sure your Internet Protocol Bindings are correct" (I checked and they are).

So I'm assuming something got messed up and/or deleted during the OTL Clean Up. I have tried multiple System Restore points and none of them have solved my problem. Help?

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,193 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 May 2012 - 10:56 PM

I'm assuming something got messed up and/or deleted during the OTL Clean Up. I have tried multiple System Restore points and none of them have solved my problem. Help?


It shouldn't have..never seen this before.

If you uninstalled ComboFix as described, you should only have one restore point left.
Running system restore should have fixed it.

See if you can do this on the sick computer.....

Please remove any usb or external drives from the computer before you run these scan!

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
It's late here, get back to you tomorrow am....MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 14 May 2012 - 06:42 AM

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users