loner

Malwarebytes did not remove one virus

42 posts in this topic

I noticed that malwarebytes found a program call PUP Bitminer, and this created this HUGE journey for me. I used malwarebytes and it said the virus was gone. But after restarting and scaning and finding the PUP bitminer on my pc for a 2nd, 3rd, 4th, and 5th I would check the mark next to name and still find it pop up the next log in. I tried using the PC tools to get rid of the PUP Bitminer only to register the program and have my whole pc crash. The problem is my system restore was able to save my pc, but the PUP bitminer was in the system restore.

Noticing I wasnt the only one here with this problem I went to this page:

http://forums.malwarebytes.org/index.php?showtopic=102320&st=0

and tried the unhackme only to run into an error with a cd disc required.

When ever you get the chance to help, because I dont have any problems right now, I just read that this bitminer is a keylogger, so I do not want to have my passwords out there.

I noticed that malwarebytes found a program call PUP Bitminer, and this created this HUGE journey for me. I used malwarebytes and it said the virus was gone. But after restarting and scaning and finding the PUP bitminer on my pc for a 2nd, 3rd, 4th, and 5th I would check the mark next to name and still find it pop up the next log in. I tried using the PC tools to get rid of the PUP Bitminer only to register the program and have my whole pc crash. The problem is my system restore was able to save my pc, but the PUP bitminer was in the system restore.

Noticing I wasnt the only one here with this problem I went to this page:

http://forums.malwarebytes.org/index.php?showtopic=102320&st=0

and tried the unhackme only to run into an error with a cd disc required.

When ever you get the chance to help, because I dont have any problems right now, I just read that this bitminer is a keylogger, so I do not want to have my passwords out there.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 911122605

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

12/28/2011 9:29:52 AM

mbam-log-2011-12-28 (09-29-52).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 304496

Time elapsed: 39 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.

I have an issue with Bitminer and cant remove it. I have tried using the PC tools to get rid of the PUP Bitminer only to register the program and have my whole pc crash. The problem is my system restore was able to save my pc, but the PUP bitminer was in the system restore and now a PUM hidden desktop is showing up now. I also want to fix the whole fact that google is sending me to malcious sites, because I believe that's what started all of this.

Please help, and below are my log requirements

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by ClydeSanders at 21:03:14 on 2012-01-01

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.1921 [GMT -5:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\Program Files\MozyHome\mozystat.exe

C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtblfs.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\system32\taskhost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

LSP: mswsock.dll

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669}\C696E6B6379737 : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

TCP: Interfaces\{F4366FAE-55DC-43AD-82C3-07BB0D5C8805} : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO-X64: link filter bho - No File

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official | http://www.gmail.com |

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

FF - Ext: XULRunner: {8E22EFF7-4C23-468D-A046-F794FEAEDA54} - C:\Users\ClydeSanders\AppData\Local\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}

.

============= SERVICES / DRIVERS ===============

.

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\windows\system32\DRIVERS\klbg.sys --> C:\windows\system32\DRIVERS\klbg.sys [?]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]

R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-20 2320920]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]

S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]

S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-7-20 51512]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2011-12-28 18:34:34 -------- d-sh--r- C:\comment.htt

2011-12-28 18:24:10 2 --shatr- C:\windows\winstart.bat

2011-12-28 18:24:02 -------- d-----w- C:\Program Files (x86)\UnHackMe

2011-12-28 14:48:41 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools

2011-12-28 14:44:13 -------- d-----w- C:\ProgramData\PC Tools

2011-12-15 17:24:01 -------- d-----we C:\windows\system64

.

==================== Find3M ====================

.

2011-10-11 14:32:31 44544 ----a-w- C:\windows\SysWow64\agremove.exe

2011-10-11 13:21:47 17920 ----a-w- C:\windows\System32\rpcnetp.exe

.

============= FINISH: 21:06:05.39 ===============

Topics / Post MERGED

Attach.rar

DDS.rar

Attach.rar

Share this post


Link to post
Share on other sites

Hello,

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center

http://www.microsoft.com/downloads/details.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

It is suggested that you rename mrt.exe to some other name, such as Omega.exe, then run it.

After a run of MSRT has finished, you will find the log at C:\WINDOWS\Debug\mrt.log or C:\WINNT\Debug\mrt.log

The file may be opened and viewed with Notepad or similar text editor.

If and only if your system is Windows 7 x64, Vista x64, Windows XP x64 and Windows 2008/2003 x64 computers.

Get Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

http://www.microsoft.com/downloads/details.aspx?familyid=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

Additional information Microsoft® Windows® Malicious Software Removal Tool is here http://support.microsoft.com/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last scan log into reply.

If we do not hear back from you in 3 days, this thread will be closed.

Share this post


Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Share this post


Link to post
Share on other sites

Re-opened per member request.

@ loner

Requesting you run the tools I listed in my reply of Feb 8th. Post the new MBAM scan log for review.

Share this post


Link to post
Share on other sites

Just did and should I do a full scan and post that to here?

Share this post


Link to post
Share on other sites

Yes, do a full scan after updating MBAM. Post the MBAM scan log.

Also, run a new run of DDS, and copy & Paste those logs into your reply.

Share this post


Link to post
Share on other sites

ID: 7   Posted (edited)

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 912031605

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

3/20/2012 11:54:01 PM

mbam-log-2012-03-20 (23-54-00).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 357223

Time elapsed: 2 hour(s), 58 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by ClydeSanders at 0:06:29 on 2012-03-21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3891.767 [GMT -4:00]

.

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\system32\WLANExt.exe

C:\windows\system32\conhost.exe

C:\windows\System32\spoolsv.exe

C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\windows\system32\wbem\unsecapp.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

C:\Program Files (x86)\ooVoo\ooVoo.exe

C:\windows\system32\wbem\unsecapp.exe

C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\MozyHome\mozystat.exe

E:\Portable\FirefoxPortable\FirefoxPortable.exe

E:\Portable\FirefoxPortable\App\firefox\firefox.exe

C:\windows\system32\prevhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

E:\Portable\FirefoxPortable\App\firefox\plugin-container.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\MozyHome\mozybackup.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\windows\SysWOW64\NOTEPAD.EXE

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\ping.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\ooVoo.exe /minimized

uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

uRun: [gWLwiaDlyb.exe] C:\ProgramData\gWLwiaDlyb.exe

mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"

mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MOZYHO~1.LNK - C:\Program Files (x86)\MozyHome\mozystat.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

LSP: mswsock.dll

TCP: DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669}\64249402355727675696C6C616E63656026516E6D27657563747 : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

TCP: Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669}\C696E6B6379737 : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

TCP: Interfaces\{F4366FAE-55DC-43AD-82C3-07BB0D5C8805} : DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

BHO-X64: IEVkbdBHO - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

BHO-X64: link filter bho - No File

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

mRun-x64: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

mRun-x64: [Absolute Notifier] "C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe"

mRun-x64: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

AppInit_DLLs-X64: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official | http://www.gmail.com |

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll

FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

FF - Ext: XULRunner: {8E22EFF7-4C23-468D-A046-F794FEAEDA54} - C:\Users\ClydeSanders\AppData\Local\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}

.

============= SERVICES / DRIVERS ===============

.

R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\windows\system32\DRIVERS\klbg.sys --> C:\windows\system32\DRIVERS\klbg.sys [?]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\system32\DRIVERS\klim6.sys --> C:\windows\system32\DRIVERS\klim6.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-5-10 10920]

R2 AVP;Kaspersky Anti-Virus;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340520]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\system32\DRIVERS\klmouflt.sys --> C:\windows\system32\DRIVERS\klmouflt.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys --> C:\windows\system32\DRIVERS\NETw5s64.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]

S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]

S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-1-19 315664]

S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S3 WSDScan;WSD Scan Support via UMB;C:\windows\system32\DRIVERS\WSDScan.sys --> C:\windows\system32\DRIVERS\WSDScan.sys [?]

.

=============== Created Last 30 ================

.

2012-03-20 20:29:53 -------- d-----w- C:\windows\System32\MpEngineStore

2012-03-07 19:43:57 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2012-03-20 23:40:22 0 --sha-w- C:\windows\System32\dds_trash_log.cmd

2011-12-28 18:24:10 2 --shatr- C:\windows\winstart.bat

.

============= FINISH: 0:11:32.40 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 9/5/2010 1:55:55 AM

System Uptime: 3/20/2012 7:39:00 PM (5 hours ago)

.

Motherboard: TOSHIBA | | NWQAA

Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU | 2266/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 454 GiB total, 392.095 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP45: 2/21/2012 2:30:36 PM - Scheduled Checkpoint

RP46: 2/29/2012 1:50:21 AM - Scheduled Checkpoint

RP47: 3/12/2012 1:17:01 AM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

.

Absolute Notifier

Adobe Flash Player 10 Plugin

Adobe Reader 9.3

Amazon Kindle For PC

Canon IJ Network Scan Utility

Canon IJ Network Tool

Canon MP Navigator EX 3.1

Canon MX340 series User Registration

Canon Speed Dial Utility

Canon Utilities Easy-PhotoPrint EX

Canon Utilities My Printer

Canon Utilities Solution Menu

Compatibility Pack for the 2007 Office system

Hotfix for Office (KB975927)

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Rapid Storage Technology

jGRASP

JMicron Flash Media Controller Driver

Junk Mail filter update

Kaspersky Anti-Virus 2010

Label@Once 1.0

Malwarebytes' Anti-Malware version 1.51.1.1800

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Mozilla Firefox (3.6.8)

MSVCRT

ooVoo

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Skype™ 5.1

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA DVD PLAYER

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Quality Application

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Update for Microsoft Office Word 2007 (KB974631)

Utility Common Driver

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

WinRAR archiver

.

==== Event Viewer Messages From Past Week ========

.

3/20/2012 9:48:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service.

3/20/2012 9:45:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the hidserv service.

3/20/2012 7:40:34 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/20/2012 7:39:20 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.

3/20/2012 7:38:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

3/20/2012 7:38:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.

3/20/2012 7:37:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

3/20/2012 7:21:42 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

3/20/2012 7:21:24 AM, Error: Service Control Manager [7022] - The Kaspersky Anti-Virus service hung on starting.

3/20/2012 7:18:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FontCache service.

3/20/2012 7:18:05 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

3/20/2012 7:09:45 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/20/2012 7:08:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the upnphost service.

3/20/2012 2:01:51 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WPDBusEnum service.

3/20/2012 2:01:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.

3/20/2012 10:22:51 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

3/19/2012 9:00:39 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000004, 0x0000000000000258, 0xfffffa800416f040, 0xfffff80000b9c510). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 031912-19999-01.

3/19/2012 7:52:02 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

3/19/2012 10:50:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/17/2012 9:39:32 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

3/16/2012 9:23:55 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

3/16/2012 8:33:49 PM, Error: JMCR [15] - The device, \Device\Scsi\JMCR1, is not ready for access yet.

3/16/2012 7:46:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

3/15/2012 9:11:34 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WdiSystemHost service.

3/15/2012 9:11:34 PM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

Edited by Maurice Naggar
Logs put In=line

Share this post


Link to post
Share on other sites

Is this all I need for this cause I have also noticed a google is redirecting and also opening new tabs to random sites, is this something I would post again or after I shouldn't see any of this anymore?

Share this post


Link to post
Share on other sites

First, do NOT Attach log reports. Always Copy & Paste the contents into the main body of reply.

(Use NOTEPAD to open a log, then Select All, & Copy All; and then Paste into forum reply-box).

There's a lot more work to do. I will advise as to what tools to run & what logs are needed. This is just the beginning.

Do NOT do any websurfing of any kind, nor do any online transactions of any kind.

I'd also suggest you do not use instant messengers or Oovoo while we attempt to find & clean malware.

Tweak the settings on Oovoo so that it does not auto-start with each Windows startup.

The version of MBAM you have is out-dated. I will ask you to remove it and get the latest (steps below).

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Download and SAVE & then run mbam-clean.exe from >> here <<

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Next Download & SAVE the latest version of Malwarebytes' Anti-Malware from >> here <<

Then Run the mbam-setup.

Note: You will need to reactivate the program using the license you were sent via email if using the Pro version

Launch the program and set the Protection and Registration, if you have a license. Then go to the UPDATE tab if not done during installation and check for updates.

Restart the computer again and verify that Malwarebytes Anti-Malware is in the task tray if using the Pro version. Now setup any file exclusions as may be required in your Anti-Virus/Internet-Security/Firewall applications and restart your Anti-Virus/Internet-Security applications.

You may use the guides posted in the FAQ's >> here << or ask and we'll explain how to do it.

Run a FULL scan with MBAM

Step 4

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download >> aswMBR.exe << ( 511KB ) to your desktop.

RIGHT click on aswMBR.exe and select Run As Administrator to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 6

Please read carefully and follow these steps.

  • Download >> TDSSKiller << and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

RE-Enable your antivirus program.

Copy & Paste contents of the latest MBAM scan log, Checkup.txt & log from aswMBR & TDSSKILLER log.

Use separate replies as needed if logs do not fit into one reply box.

do NOT use the Attach option when putting reports. Always COPY & PASTE into main-body of reply-box

Share this post


Link to post
Share on other sites

Alright this is a long one....

MBAM LOG:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.21.03

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

ClydeSanders :: CLYDESANDERS-PC [administrator]

Protection: Enabled

3/21/2012 12:17:00 PM

mbam-log-2012-03-21 (12-17-00).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 357906

Time elapsed: 44 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-03-21 15:04:14

-----------------------------

15:04:14.587 OS Version: Windows x64 6.1.7600

15:04:14.587 Number of processors: 4 586 0x2502

15:04:14.587 ComputerName: CLYDESANDERS-PC UserName: ClydeSanders

15:04:19.142 Initialize success

15:10:19.481 AVAST engine defs: 12032000

15:11:36.498 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

15:11:36.498 Disk 0 Vendor: ST950042 0001 Size: 476940MB BusType: 3

15:11:36.514 Disk 0 MBR read successfully

15:11:36.514 Disk 0 MBR scan

15:11:36.529 Disk 0 Windows VISTA default MBR code

15:11:36.529 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

15:11:36.545 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 464558 MB offset 3074048

15:11:36.576 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10881 MB offset 954488832

15:11:36.623 Disk 0 scanning C:\windows\system32\drivers

15:11:45.983 Service scanning

15:11:56.981 Service smwdm C:\windows\system32\nwrdr.dll **INFECTED** Win64:ZAccess-E [Rtk]

15:12:02.394 Modules scanning

15:12:02.394 Scan finished successfully

15:12:19.149 Disk 0 MBR has been saved successfully to "C:\Users\ClydeSanders\Desktop\MBR.dat"

15:12:19.149 The log file has been saved successfully to "C:\Users\ClydeSanders\Desktop\aswMBR-12.txt"

checkup log:

Results of screen317's Security Check version 0.99.31

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Kaspersky Anti-Virus 2010

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Adobe Flash Player 10.1.82.76 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (3.6.8) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

Kaspersky Lab Kaspersky Anti-Virus 2010 avp.exe

Kaspersky Lab Kaspersky Anti-Virus 2010 x64 klwtblfs.exe

``````````End of Log````````````

Report log (kaspersky):

15:12:56.0529 4660 TDSS rootkit removing tool 2.7.21.0 Mar 21 2012 09:06:51

15:12:56.0872 4660 ============================================================

15:12:56.0872 4660 Current date / time: 2012/03/21 15:12:56.0872

15:12:56.0872 4660 SystemInfo:

15:12:56.0872 4660

15:12:56.0872 4660 OS Version: 6.1.7600 ServicePack: 0.0

15:12:56.0872 4660 Product type: Workstation

15:12:56.0872 4660 ComputerName: CLYDESANDERS-PC

15:12:56.0872 4660 UserName: ClydeSanders

15:12:56.0872 4660 Windows directory: C:\windows

15:12:56.0872 4660 System windows directory: C:\windows

15:12:56.0872 4660 Running under WOW64

15:12:56.0872 4660 Processor architecture: Intel x64

15:12:56.0872 4660 Number of processors: 4

15:12:56.0872 4660 Page size: 0x1000

15:12:56.0872 4660 Boot type: Normal boot

15:12:56.0872 4660 ============================================================

15:12:57.0371 4660 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:12:57.0371 4660 \Device\Harddisk0\DR0:

15:12:57.0371 4660 MBR used

15:12:57.0371 4660 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38B57000

15:12:57.0387 4660 Initialize success

15:12:57.0387 4660 ============================================================

15:13:07.0979 4364 ============================================================

15:13:07.0979 4364 Scan started

15:13:07.0979 4364 Mode: Manual;

15:13:07.0979 4364 ============================================================

15:13:10.0866 4364 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

15:13:10.0866 4364 1394ohci - ok

15:13:10.0928 4364 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

15:13:10.0944 4364 ACPI - ok

15:13:10.0990 4364 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys

15:13:10.0990 4364 acpials - ok

15:13:11.0022 4364 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

15:13:11.0022 4364 AcpiPmi - ok

15:13:11.0068 4364 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

15:13:11.0084 4364 adp94xx - ok

15:13:11.0115 4364 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

15:13:11.0131 4364 adpahci - ok

15:13:11.0162 4364 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

15:13:11.0178 4364 adpu320 - ok

15:13:11.0224 4364 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys

15:13:11.0240 4364 AFD - ok

15:13:11.0271 4364 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

15:13:11.0271 4364 agp440 - ok

15:13:11.0318 4364 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

15:13:11.0318 4364 aliide - ok

15:13:11.0349 4364 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

15:13:11.0349 4364 amdide - ok

15:13:11.0380 4364 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

15:13:11.0380 4364 AmdK8 - ok

15:13:11.0412 4364 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

15:13:11.0412 4364 AmdPPM - ok

15:13:11.0443 4364 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys

15:13:11.0443 4364 amdsata - ok

15:13:11.0458 4364 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

15:13:11.0458 4364 amdsbs - ok

15:13:11.0505 4364 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys

15:13:11.0505 4364 amdxata - ok

15:13:11.0552 4364 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

15:13:11.0552 4364 AppID - ok

15:13:11.0614 4364 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

15:13:11.0614 4364 arc - ok

15:13:11.0661 4364 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

15:13:11.0661 4364 arcsas - ok

15:13:11.0692 4364 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

15:13:11.0692 4364 AsyncMac - ok

15:13:11.0724 4364 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

15:13:11.0724 4364 atapi - ok

15:13:11.0802 4364 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

15:13:11.0848 4364 b06bdrv - ok

15:13:12.0145 4364 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

15:13:12.0160 4364 b57nd60a - ok

15:13:12.0192 4364 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

15:13:12.0192 4364 Beep - ok

15:13:12.0223 4364 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

15:13:12.0223 4364 blbdrive - ok

15:13:12.0270 4364 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys

15:13:12.0270 4364 bowser - ok

15:13:12.0301 4364 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

15:13:12.0301 4364 BrFiltLo - ok

15:13:12.0332 4364 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

15:13:12.0332 4364 BrFiltUp - ok

15:13:12.0394 4364 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

15:13:12.0394 4364 Brserid - ok

15:13:12.0426 4364 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

15:13:12.0426 4364 BrSerWdm - ok

15:13:12.0457 4364 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

15:13:12.0457 4364 BrUsbMdm - ok

15:13:12.0488 4364 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

15:13:12.0488 4364 BrUsbSer - ok

15:13:12.0519 4364 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

15:13:12.0519 4364 BTHMODEM - ok

15:13:12.0566 4364 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

15:13:12.0582 4364 cdfs - ok

15:13:12.0613 4364 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

15:13:12.0613 4364 cdrom - ok

15:13:12.0675 4364 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

15:13:12.0675 4364 circlass - ok

15:13:12.0722 4364 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

15:13:12.0722 4364 CLFS - ok

15:13:12.0769 4364 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

15:13:12.0769 4364 CmBatt - ok

15:13:12.0800 4364 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

15:13:12.0800 4364 cmdide - ok

15:13:12.0847 4364 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys

15:13:12.0847 4364 CNG - ok

15:13:12.0878 4364 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

15:13:12.0878 4364 Compbatt - ok

15:13:12.0925 4364 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

15:13:12.0925 4364 CompositeBus - ok

15:13:12.0972 4364 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

15:13:12.0972 4364 crcdisk - ok

15:13:13.0034 4364 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys

15:13:13.0034 4364 DfsC - ok

15:13:13.0081 4364 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

15:13:13.0081 4364 discache - ok

15:13:13.0096 4364 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

15:13:13.0096 4364 Disk - ok

15:13:13.0159 4364 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

15:13:13.0159 4364 drmkaud - ok

15:13:13.0190 4364 dump_wmimmc - ok

15:13:13.0237 4364 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys

15:13:13.0268 4364 DXGKrnl - ok

15:13:13.0377 4364 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

15:13:13.0455 4364 ebdrv - ok

15:13:13.0518 4364 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

15:13:13.0533 4364 elxstor - ok

15:13:13.0564 4364 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

15:13:13.0564 4364 ErrDev - ok

15:13:13.0611 4364 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

15:13:13.0611 4364 exfat - ok

15:13:13.0658 4364 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

15:13:13.0658 4364 fastfat - ok

15:13:13.0705 4364 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

15:13:13.0705 4364 fdc - ok

15:13:13.0752 4364 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

15:13:13.0752 4364 FileInfo - ok

15:13:13.0783 4364 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

15:13:13.0783 4364 Filetrace - ok

15:13:13.0814 4364 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

15:13:13.0814 4364 flpydisk - ok

15:13:13.0861 4364 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

15:13:13.0876 4364 FltMgr - ok

15:13:13.0908 4364 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

15:13:13.0908 4364 FsDepends - ok

15:13:13.0939 4364 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

15:13:13.0939 4364 Fs_Rec - ok

15:13:13.0970 4364 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys

15:13:13.0970 4364 fvevol - ok

15:13:14.0001 4364 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

15:13:14.0001 4364 gagp30kx - ok

15:13:14.0048 4364 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

15:13:14.0048 4364 hcw85cir - ok

15:13:14.0095 4364 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

15:13:14.0095 4364 HdAudAddService - ok

15:13:14.0142 4364 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

15:13:14.0142 4364 HDAudBus - ok

15:13:14.0188 4364 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

15:13:14.0188 4364 HECIx64 - ok

15:13:14.0235 4364 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

15:13:14.0235 4364 HidBatt - ok

15:13:14.0251 4364 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

15:13:14.0251 4364 HidBth - ok

15:13:14.0282 4364 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

15:13:14.0282 4364 HidIr - ok

15:13:14.0344 4364 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

15:13:14.0344 4364 HidUsb - ok

15:13:14.0407 4364 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

15:13:14.0407 4364 HpSAMD - ok

15:13:14.0454 4364 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

15:13:14.0469 4364 HTTP - ok

15:13:14.0500 4364 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

15:13:14.0500 4364 hwpolicy - ok

15:13:14.0547 4364 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

15:13:14.0547 4364 i8042prt - ok

15:13:14.0625 4364 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys

15:13:14.0625 4364 iaStor - ok

15:13:14.0656 4364 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys

15:13:14.0672 4364 iaStorV - ok

15:13:14.0890 4364 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys

15:13:15.0046 4364 igfx - ok

15:13:15.0109 4364 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

15:13:15.0109 4364 iirsp - ok

15:13:15.0171 4364 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys

15:13:15.0171 4364 Impcd - ok

15:13:15.0280 4364 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys

15:13:15.0343 4364 IntcAzAudAddService - ok

15:13:15.0405 4364 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys

15:13:15.0405 4364 IntcDAud - ok

15:13:15.0436 4364 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

15:13:15.0436 4364 intelide - ok

15:13:15.0468 4364 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

15:13:15.0483 4364 intelppm - ok

15:13:15.0546 4364 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

15:13:15.0546 4364 IpFilterDriver - ok

15:13:15.0561 4364 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

15:13:15.0561 4364 IPMIDRV - ok

15:13:15.0592 4364 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

15:13:15.0592 4364 IPNAT - ok

15:13:15.0639 4364 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

15:13:15.0639 4364 IRENUM - ok

15:13:15.0655 4364 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

15:13:15.0655 4364 isapnp - ok

15:13:15.0702 4364 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

15:13:15.0717 4364 iScsiPrt - ok

15:13:15.0764 4364 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys

15:13:15.0764 4364 JMCR - ok

15:13:15.0811 4364 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

15:13:15.0811 4364 kbdclass - ok

15:13:15.0889 4364 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

15:13:15.0889 4364 kbdhid - ok

15:13:15.0951 4364 kl1 (db449f50e5141458eb58e64ffac4863f) C:\windows\system32\DRIVERS\kl1.sys

15:13:15.0951 4364 kl1 - ok

15:13:15.0998 4364 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\windows\system32\DRIVERS\klbg.sys

15:13:15.0998 4364 KLBG - ok

15:13:16.0060 4364 KLIF (09bad645d3843669c281431c7df2db2e) C:\windows\system32\DRIVERS\klif.sys

15:13:16.0060 4364 KLIF - ok

15:13:16.0092 4364 KLIM6 (630f22545379437737cf4172f09fe449) C:\windows\system32\DRIVERS\klim6.sys

15:13:16.0092 4364 KLIM6 - ok

15:13:16.0107 4364 klmouflt (786791291939abb11f6d0f040da23912) C:\windows\system32\DRIVERS\klmouflt.sys

15:13:16.0107 4364 klmouflt - ok

15:13:16.0138 4364 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys

15:13:16.0154 4364 KSecDD - ok

15:13:16.0185 4364 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\windows\system32\Drivers\ksecpkg.sys

15:13:16.0185 4364 KSecPkg - ok

15:13:16.0232 4364 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

15:13:16.0232 4364 ksthunk - ok

15:13:16.0279 4364 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

15:13:16.0279 4364 lltdio - ok

15:13:16.0341 4364 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys

15:13:16.0341 4364 LPCFilter - ok

15:13:16.0388 4364 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

15:13:16.0404 4364 LSI_FC - ok

15:13:16.0435 4364 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

15:13:16.0435 4364 LSI_SAS - ok

15:13:16.0466 4364 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

15:13:16.0466 4364 LSI_SAS2 - ok

15:13:16.0497 4364 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

15:13:16.0497 4364 LSI_SCSI - ok

15:13:16.0528 4364 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

15:13:16.0528 4364 luafv - ok

15:13:16.0606 4364 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

15:13:16.0606 4364 MBAMProtector - ok

15:13:16.0669 4364 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

15:13:16.0669 4364 megasas - ok

15:13:16.0716 4364 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

15:13:16.0716 4364 MegaSR - ok

15:13:16.0762 4364 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

15:13:16.0762 4364 Modem - ok

15:13:16.0809 4364 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

15:13:16.0809 4364 monitor - ok

15:13:16.0872 4364 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

15:13:16.0872 4364 mouclass - ok

15:13:16.0903 4364 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

15:13:16.0903 4364 mouhid - ok

15:13:16.0934 4364 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

15:13:16.0934 4364 mountmgr - ok

15:13:16.0996 4364 mozyFilter (bde7b39f87bf7f1d1baaa04706f181c2) C:\windows\system32\DRIVERS\mozy.sys

15:13:16.0996 4364 mozyFilter - ok

15:13:17.0028 4364 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

15:13:17.0028 4364 mpio - ok

15:13:17.0059 4364 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

15:13:17.0059 4364 mpsdrv - ok

15:13:17.0106 4364 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

15:13:17.0106 4364 MRxDAV - ok

15:13:17.0137 4364 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys

15:13:17.0137 4364 mrxsmb - ok

15:13:17.0168 4364 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys

15:13:17.0168 4364 mrxsmb10 - ok

15:13:17.0199 4364 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys

15:13:17.0199 4364 mrxsmb20 - ok

15:13:17.0230 4364 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

15:13:17.0230 4364 msahci - ok

15:13:17.0277 4364 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

15:13:17.0277 4364 msdsm - ok

15:13:17.0308 4364 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

15:13:17.0308 4364 Msfs - ok

15:13:17.0355 4364 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

15:13:17.0355 4364 mshidkmdf - ok

15:13:17.0386 4364 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

15:13:17.0386 4364 msisadrv - ok

15:13:17.0433 4364 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

15:13:17.0433 4364 MSKSSRV - ok

15:13:17.0480 4364 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

15:13:17.0480 4364 MSPCLOCK - ok

15:13:17.0511 4364 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

15:13:17.0511 4364 MSPQM - ok

15:13:17.0542 4364 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

15:13:17.0558 4364 MsRPC - ok

15:13:17.0589 4364 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

15:13:17.0589 4364 mssmbios - ok

15:13:17.0620 4364 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

15:13:17.0620 4364 MSTEE - ok

15:13:17.0683 4364 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

15:13:17.0683 4364 MTConfig - ok

15:13:17.0714 4364 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

15:13:17.0730 4364 Mup - ok

15:13:17.0839 4364 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

15:13:17.0870 4364 NativeWifiP - ok

15:13:18.0088 4364 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

15:13:18.0104 4364 NDIS - ok

15:13:18.0151 4364 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

15:13:18.0151 4364 NdisCap - ok

15:13:18.0198 4364 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

15:13:18.0198 4364 NdisTapi - ok

15:13:18.0229 4364 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

15:13:18.0229 4364 Ndisuio - ok

15:13:18.0276 4364 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

15:13:18.0276 4364 NdisWan - ok

15:13:18.0307 4364 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

15:13:18.0307 4364 NDProxy - ok

15:13:18.0338 4364 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

15:13:18.0338 4364 NetBIOS - ok

15:13:18.0369 4364 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

15:13:18.0369 4364 NetBT - ok

15:13:18.0572 4364 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys

15:13:18.0712 4364 NETw5s64 - ok

15:13:18.0759 4364 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

15:13:18.0759 4364 nfrd960 - ok

15:13:18.0790 4364 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

15:13:18.0790 4364 Npfs - ok

15:13:18.0806 4364 NPPTNT2 - ok

15:13:18.0837 4364 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

15:13:18.0837 4364 nsiproxy - ok

15:13:18.0900 4364 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys

15:13:18.0946 4364 Ntfs - ok

15:13:18.0978 4364 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

15:13:18.0993 4364 Null - ok

15:13:19.0024 4364 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys

15:13:19.0024 4364 nvraid - ok

15:13:19.0071 4364 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys

15:13:19.0071 4364 nvstor - ok

15:13:19.0102 4364 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

15:13:19.0102 4364 nv_agp - ok

15:13:19.0165 4364 odeeuygl - ok

15:13:19.0212 4364 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

15:13:19.0227 4364 ohci1394 - ok

15:13:19.0274 4364 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

15:13:19.0290 4364 Parport - ok

15:13:19.0321 4364 Partizan - ok

15:13:19.0352 4364 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys

15:13:19.0352 4364 partmgr - ok

15:13:19.0399 4364 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys

15:13:19.0399 4364 pci - ok

15:13:19.0430 4364 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

15:13:19.0430 4364 pciide - ok

15:13:19.0461 4364 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

15:13:19.0461 4364 pcmcia - ok

15:13:19.0492 4364 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

15:13:19.0492 4364 pcw - ok

15:13:19.0539 4364 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

15:13:19.0539 4364 PEAUTH - ok

15:13:19.0602 4364 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

15:13:19.0617 4364 PGEffect - ok

15:13:19.0695 4364 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

15:13:19.0695 4364 PptpMiniport - ok

15:13:19.0726 4364 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

15:13:19.0726 4364 Processor - ok

15:13:19.0804 4364 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

15:13:19.0820 4364 Psched - ok

15:13:19.0867 4364 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

15:13:19.0898 4364 ql2300 - ok

15:13:19.0929 4364 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

15:13:19.0929 4364 ql40xx - ok

15:13:19.0976 4364 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

15:13:19.0992 4364 QWAVEdrv - ok

15:13:20.0007 4364 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

15:13:20.0023 4364 RasAcd - ok

15:13:20.0085 4364 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

15:13:20.0085 4364 RasAgileVpn - ok

15:13:20.0116 4364 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

15:13:20.0116 4364 Rasl2tp - ok

15:13:20.0163 4364 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

15:13:20.0163 4364 RasPppoe - ok

15:13:20.0210 4364 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

15:13:20.0210 4364 RasSstp - ok

15:13:20.0257 4364 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

15:13:20.0257 4364 rdbss - ok

15:13:20.0288 4364 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

15:13:20.0288 4364 rdpbus - ok

15:13:20.0319 4364 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

15:13:20.0319 4364 RDPCDD - ok

15:13:20.0350 4364 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

15:13:20.0350 4364 RDPENCDD - ok

15:13:20.0382 4364 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

15:13:20.0382 4364 RDPREFMP - ok

15:13:20.0413 4364 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys

15:13:20.0428 4364 RDPWD - ok

15:13:20.0460 4364 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

15:13:20.0460 4364 rdyboost - ok

15:13:20.0538 4364 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

15:13:20.0538 4364 rspndr - ok

15:13:20.0600 4364 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys

15:13:20.0600 4364 RTL8167 - ok

15:13:20.0647 4364 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

15:13:20.0647 4364 sbp2port - ok

15:13:20.0694 4364 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

15:13:20.0694 4364 scfilter - ok

15:13:20.0756 4364 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys

15:13:20.0756 4364 sdbus - ok

15:13:20.0803 4364 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

15:13:20.0803 4364 secdrv - ok

15:13:20.0850 4364 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

15:13:20.0850 4364 Serenum - ok

15:13:20.0928 4364 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

15:13:20.0928 4364 Serial - ok

15:13:20.0990 4364 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

15:13:20.0990 4364 sermouse - ok

15:13:21.0052 4364 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

15:13:21.0052 4364 sffdisk - ok

15:13:21.0068 4364 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

15:13:21.0068 4364 sffp_mmc - ok

15:13:21.0099 4364 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys

15:13:21.0099 4364 sffp_sd - ok

15:13:21.0115 4364 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

15:13:21.0115 4364 sfloppy - ok

15:13:21.0177 4364 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

15:13:21.0177 4364 SiSRaid2 - ok

15:13:21.0193 4364 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

15:13:21.0193 4364 SiSRaid4 - ok

15:13:21.0208 4364 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

15:13:21.0208 4364 Smb - ok

15:13:21.0255 4364 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

15:13:21.0255 4364 spldr - ok

15:13:21.0302 4364 srv (37c3abc2338010e110d2a6a3930f3149) C:\windows\system32\DRIVERS\srv.sys

15:13:21.0318 4364 srv - ok

15:13:21.0333 4364 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\windows\system32\DRIVERS\srv2.sys

15:13:21.0349 4364 srv2 - ok

15:13:21.0364 4364 srvnet (cce32bb223e9ff55d241099a858fa889) C:\windows\system32\DRIVERS\srvnet.sys

15:13:21.0364 4364 srvnet - ok

15:13:21.0411 4364 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

15:13:21.0411 4364 stexstor - ok

15:13:21.0442 4364 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

15:13:21.0458 4364 swenum - ok

15:13:21.0505 4364 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

15:13:21.0520 4364 SynTP - ok

15:13:21.0583 4364 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\drivers\tcpip.sys

15:13:21.0645 4364 Tcpip - ok

15:13:21.0739 4364 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\DRIVERS\tcpip.sys

15:13:21.0739 4364 TCPIP6 - ok

15:13:21.0786 4364 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

15:13:21.0786 4364 tcpipreg - ok

15:13:21.0848 4364 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

15:13:21.0848 4364 tdcmdpst - ok

15:13:21.0848 4364 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

15:13:21.0848 4364 TDPIPE - ok

15:13:21.0879 4364 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

15:13:21.0879 4364 TDTCP - ok

15:13:21.0926 4364 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

15:13:21.0926 4364 tdx - ok

15:13:21.0957 4364 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

15:13:21.0957 4364 TermDD - ok

15:13:21.0988 4364 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

15:13:21.0988 4364 Thpdrv - ok

15:13:22.0020 4364 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

15:13:22.0020 4364 Thpevm - ok

15:13:22.0098 4364 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

15:13:22.0113 4364 tos_sps64 - ok

15:13:22.0176 4364 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

15:13:22.0176 4364 tssecsrv - ok

15:13:22.0207 4364 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

15:13:22.0207 4364 tunnel - ok

15:13:22.0254 4364 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

15:13:22.0254 4364 TVALZ - ok

15:13:22.0285 4364 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

15:13:22.0285 4364 TVALZFL - ok

15:13:22.0300 4364 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

15:13:22.0316 4364 uagp35 - ok

15:13:22.0332 4364 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

15:13:22.0347 4364 udfs - ok

15:13:22.0378 4364 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

15:13:22.0378 4364 uliagpkx - ok

15:13:22.0410 4364 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

15:13:22.0410 4364 umbus - ok

15:13:22.0441 4364 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

15:13:22.0441 4364 UmPass - ok

15:13:22.0488 4364 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys

15:13:22.0488 4364 usbccgp - ok

15:13:22.0503 4364 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

15:13:22.0503 4364 usbcir - ok

15:13:22.0550 4364 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys

15:13:22.0550 4364 usbehci - ok

15:13:22.0581 4364 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys

15:13:22.0581 4364 usbhub - ok

15:13:22.0597 4364 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys

15:13:22.0597 4364 usbohci - ok

15:13:22.0628 4364 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

15:13:22.0628 4364 usbprint - ok

15:13:22.0659 4364 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

15:13:22.0659 4364 usbscan - ok

15:13:22.0675 4364 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS

15:13:22.0675 4364 USBSTOR - ok

15:13:22.0706 4364 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys

15:13:22.0706 4364 usbuhci - ok

15:13:22.0737 4364 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys

15:13:22.0737 4364 usbvideo - ok

15:13:22.0784 4364 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

15:13:22.0784 4364 vdrvroot - ok

15:13:22.0800 4364 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

15:13:22.0800 4364 vga - ok

15:13:22.0831 4364 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

15:13:22.0831 4364 VgaSave - ok

15:13:22.0862 4364 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

15:13:22.0862 4364 vhdmp - ok

15:13:22.0893 4364 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

15:13:22.0893 4364 viaide - ok

15:13:22.0909 4364 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

15:13:22.0924 4364 volmgr - ok

15:13:22.0956 4364 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

15:13:22.0971 4364 volmgrx - ok

15:13:23.0002 4364 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

15:13:23.0002 4364 volsnap - ok

15:13:23.0018 4364 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

15:13:23.0034 4364 vsmraid - ok

15:13:23.0049 4364 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

15:13:23.0049 4364 vwifibus - ok

15:13:23.0080 4364 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

15:13:23.0080 4364 vwififlt - ok

15:13:23.0096 4364 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

15:13:23.0096 4364 vwifimp - ok

15:13:23.0127 4364 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

15:13:23.0127 4364 WacomPen - ok

15:13:23.0158 4364 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

15:13:23.0158 4364 WANARP - ok

15:13:23.0174 4364 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

15:13:23.0174 4364 Wanarpv6 - ok

15:13:23.0190 4364 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

15:13:23.0190 4364 Wd - ok

15:13:23.0236 4364 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

15:13:23.0252 4364 Wdf01000 - ok

15:13:23.0299 4364 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\windows\system32\DRIVERS\WDKMD.sys

15:13:23.0299 4364 wdkmd - ok

15:13:23.0314 4364 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

15:13:23.0330 4364 WfpLwf - ok

15:13:23.0346 4364 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

15:13:23.0346 4364 WIMMount - ok

15:13:23.0439 4364 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys

15:13:23.0439 4364 WinUsb - ok

15:13:23.0470 4364 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

15:13:23.0470 4364 WmiAcpi - ok

15:13:23.0548 4364 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

15:13:23.0548 4364 ws2ifsl - ok

15:13:23.0595 4364 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

15:13:23.0595 4364 WSDPrintDevice - ok

15:13:23.0611 4364 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\windows\system32\DRIVERS\WSDScan.sys

15:13:23.0611 4364 WSDScan - ok

15:13:23.0642 4364 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

15:13:23.0642 4364 WudfPf - ok

15:13:23.0658 4364 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys

15:13:23.0658 4364 WUDFRd - ok

15:13:23.0704 4364 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

15:13:23.0767 4364 \Device\Harddisk0\DR0 - ok

15:13:23.0782 4364 Boot (0x1200) (8ec2fe3fe560682812c8cc5cecb048a8) \Device\Harddisk0\DR0\Partition0

15:13:23.0782 4364 \Device\Harddisk0\DR0\Partition0 - ok

15:13:23.0782 4364 ============================================================

15:13:23.0782 4364 Scan finished

15:13:23.0782 4364 ============================================================

15:13:23.0814 3184 Detected object count: 0

15:13:23.0814 3184 Actual detected object count: 0

15:16:04.0144 0792 ============================================================

15:16:04.0144 0792 Scan started

15:16:04.0144 0792 Mode: Manual; SigCheck; TDLFS;

15:16:04.0144 0792 ============================================================

15:16:05.0844 0792 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys

15:16:05.0985 0792 1394ohci - ok

15:16:06.0032 0792 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys

15:16:06.0063 0792 ACPI - ok

15:16:06.0110 0792 acpials (12c5274cd87449a2a37a607cdb321922) C:\windows\system32\DRIVERS\acpials.sys

15:16:06.0172 0792 acpials - ok

15:16:06.0203 0792 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys

15:16:06.0281 0792 AcpiPmi - ok

15:16:06.0328 0792 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys

15:16:06.0359 0792 adp94xx - ok

15:16:06.0390 0792 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys

15:16:06.0422 0792 adpahci - ok

15:16:06.0468 0792 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys

15:16:06.0484 0792 adpu320 - ok

15:16:06.0562 0792 AFD (b9384e03479d2506bc924c16a3db87bc) C:\windows\system32\drivers\afd.sys

15:16:06.0687 0792 AFD - ok

15:16:06.0734 0792 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys

15:16:06.0765 0792 agp440 - ok

15:16:06.0796 0792 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys

15:16:06.0812 0792 aliide - ok

15:16:06.0858 0792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys

15:16:06.0874 0792 amdide - ok

15:16:06.0905 0792 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys

15:16:06.0936 0792 AmdK8 - ok

15:16:06.0983 0792 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys

15:16:07.0030 0792 AmdPPM - ok

15:16:07.0061 0792 amdsata (7a4b413614c055935567cf88a9734d38) C:\windows\system32\DRIVERS\amdsata.sys

15:16:07.0077 0792 amdsata - ok

15:16:07.0092 0792 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys

15:16:07.0124 0792 amdsbs - ok

15:16:07.0155 0792 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\windows\system32\DRIVERS\amdxata.sys

15:16:07.0170 0792 amdxata - ok

15:16:07.0202 0792 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys

15:16:07.0311 0792 AppID - ok

15:16:07.0358 0792 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys

15:16:07.0373 0792 arc - ok

15:16:07.0482 0792 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys

15:16:07.0498 0792 arcsas - ok

15:16:07.0560 0792 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

15:16:07.0638 0792 AsyncMac - ok

15:16:07.0685 0792 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys

15:16:07.0701 0792 atapi - ok

15:16:07.0763 0792 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys

15:16:07.0826 0792 b06bdrv - ok

15:16:07.0857 0792 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

15:16:07.0888 0792 b57nd60a - ok

15:16:07.0966 0792 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

15:16:08.0028 0792 Beep - ok

15:16:08.0060 0792 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

15:16:08.0106 0792 blbdrive - ok

15:16:08.0169 0792 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\windows\system32\DRIVERS\bowser.sys

15:16:08.0247 0792 bowser - ok

15:16:08.0278 0792 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys

15:16:08.0309 0792 BrFiltLo - ok

15:16:08.0356 0792 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys

15:16:08.0372 0792 BrFiltUp - ok

15:16:08.0418 0792 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

15:16:08.0481 0792 Brserid - ok

15:16:08.0512 0792 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

15:16:08.0543 0792 BrSerWdm - ok

15:16:08.0590 0792 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

15:16:08.0637 0792 BrUsbMdm - ok

15:16:08.0668 0792 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

15:16:08.0699 0792 BrUsbSer - ok

15:16:08.0746 0792 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys

15:16:08.0777 0792 BTHMODEM - ok

15:16:08.0840 0792 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

15:16:08.0902 0792 cdfs - ok

15:16:08.0949 0792 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys

15:16:08.0964 0792 cdrom - ok

15:16:09.0011 0792 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys

15:16:09.0058 0792 circlass - ok

15:16:09.0105 0792 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

15:16:09.0136 0792 CLFS - ok

15:16:09.0183 0792 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

15:16:09.0198 0792 CmBatt - ok

15:16:09.0214 0792 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys

15:16:09.0230 0792 cmdide - ok

15:16:09.0276 0792 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys

15:16:09.0308 0792 CNG - ok

15:16:09.0323 0792 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys

15:16:09.0354 0792 Compbatt - ok

15:16:09.0386 0792 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys

15:16:09.0432 0792 CompositeBus - ok

15:16:09.0464 0792 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys

15:16:09.0479 0792 crcdisk - ok

15:16:09.0542 0792 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\windows\system32\Drivers\dfsc.sys

15:16:09.0620 0792 DfsC - ok

15:16:09.0651 0792 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

15:16:09.0713 0792 discache - ok

15:16:09.0760 0792 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys

15:16:09.0776 0792 Disk - ok

15:16:09.0822 0792 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

15:16:09.0869 0792 drmkaud - ok

15:16:09.0869 0792 dump_wmimmc - ok

15:16:09.0947 0792 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\windows\System32\drivers\dxgkrnl.sys

15:16:09.0978 0792 DXGKrnl - ok

15:16:10.0088 0792 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys

15:16:10.0134 0792 ebdrv - ok

15:16:10.0181 0792 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys

15:16:10.0212 0792 elxstor - ok

15:16:10.0259 0792 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys

15:16:10.0306 0792 ErrDev - ok

15:16:10.0368 0792 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

15:16:10.0431 0792 exfat - ok

15:16:10.0462 0792 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

15:16:10.0524 0792 fastfat - ok

15:16:10.0556 0792 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys

15:16:10.0602 0792 fdc - ok

15:16:10.0649 0792 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

15:16:10.0665 0792 FileInfo - ok

15:16:10.0696 0792 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

15:16:10.0743 0792 Filetrace - ok

15:16:10.0790 0792 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys

15:16:10.0805 0792 flpydisk - ok

15:16:10.0852 0792 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys

15:16:10.0868 0792 FltMgr - ok

15:16:10.0914 0792 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

15:16:10.0914 0792 FsDepends - ok

15:16:10.0946 0792 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys

15:16:10.0961 0792 Fs_Rec - ok

15:16:10.0992 0792 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\windows\system32\DRIVERS\fvevol.sys

15:16:11.0008 0792 fvevol - ok

15:16:11.0039 0792 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys

15:16:11.0055 0792 gagp30kx - ok

15:16:11.0102 0792 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

15:16:11.0164 0792 hcw85cir - ok

15:16:11.0226 0792 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys

15:16:11.0258 0792 HdAudAddService - ok

15:16:11.0304 0792 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys

15:16:11.0336 0792 HDAudBus - ok

15:16:11.0398 0792 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\windows\system32\DRIVERS\HECIx64.sys

15:16:11.0414 0792 HECIx64 - ok

15:16:11.0445 0792 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys

15:16:11.0492 0792 HidBatt - ok

15:16:11.0523 0792 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys

15:16:11.0570 0792 HidBth - ok

15:16:11.0616 0792 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys

15:16:11.0648 0792 HidIr - ok

15:16:11.0726 0792 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys

15:16:11.0741 0792 HidUsb - ok

15:16:11.0788 0792 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys

15:16:11.0788 0792 HpSAMD - ok

15:16:11.0835 0792 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys

15:16:11.0897 0792 HTTP - ok

15:16:11.0944 0792 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys

15:16:11.0960 0792 hwpolicy - ok

15:16:11.0991 0792 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

15:16:12.0006 0792 i8042prt - ok

15:16:12.0084 0792 iaStor (85977cd13fc16069ce0af7943a811775) C:\windows\system32\DRIVERS\iaStor.sys

15:16:12.0116 0792 iaStor - ok

15:16:12.0147 0792 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\windows\system32\DRIVERS\iaStorV.sys

15:16:12.0162 0792 iaStorV - ok

15:16:12.0381 0792 igfx (2a22ab054f4630d2ef4bab2853f6d5f6) C:\windows\system32\DRIVERS\igdkmd64.sys

15:16:12.0568 0792 igfx - ok

15:16:12.0599 0792 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys

15:16:12.0615 0792 iirsp - ok

15:16:12.0646 0792 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\windows\system32\DRIVERS\Impcd.sys

15:16:12.0693 0792 Impcd - ok

15:16:12.0818 0792 IntcAzAudAddService (490947a9aff7ca31ef2e08f5776105eb) C:\windows\system32\drivers\RTKVHD64.sys

15:16:12.0880 0792 IntcAzAudAddService - ok

15:16:12.0911 0792 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\windows\system32\DRIVERS\IntcDAud.sys

15:16:12.0958 0792 IntcDAud - ok

15:16:12.0958 0792 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys

15:16:12.0974 0792 intelide - ok

15:16:12.0989 0792 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

15:16:13.0036 0792 intelppm - ok

15:16:13.0083 0792 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys

15:16:13.0161 0792 IpFilterDriver - ok

15:16:13.0161 0792 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys

15:16:13.0192 0792 IPMIDRV - ok

15:16:13.0192 0792 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

15:16:13.0270 0792 IPNAT - ok

15:16:13.0301 0792 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

15:16:13.0332 0792 IRENUM - ok

15:16:13.0332 0792 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys

15:16:13.0348 0792 isapnp - ok

15:16:13.0395 0792 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys

15:16:13.0410 0792 iScsiPrt - ok

15:16:13.0442 0792 JMCR (19496fe93696c929392f1595ed1f8bb3) C:\windows\system32\DRIVERS\jmcr.sys

15:16:13.0457 0792 JMCR - ok

15:16:13.0488 0792 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

15:16:13.0488 0792 kbdclass - ok

15:16:13.0520 0792 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys

15:16:13.0535 0792 kbdhid - ok

15:16:13.0566 0792 kl1 (db449f50e5141458eb58e64ffac4863f) C:\windows\system32\DRIVERS\kl1.sys

15:16:13.0582 0792 kl1 - ok

15:16:13.0598 0792 KLBG (87200a8afe40532baa4d2b24a7ba0eea) C:\windows\system32\DRIVERS\klbg.sys

15:16:13.0613 0792 KLBG - ok

15:16:13.0644 0792 KLIF (09bad645d3843669c281431c7df2db2e) C:\windows\system32\DRIVERS\klif.sys

15:16:13.0660 0792 KLIF - ok

15:16:13.0676 0792 KLIM6 (630f22545379437737cf4172f09fe449) C:\windows\system32\DRIVERS\klim6.sys

15:16:13.0691 0792 KLIM6 - ok

15:16:13.0707 0792 klmouflt (786791291939abb11f6d0f040da23912) C:\windows\system32\DRIVERS\klmouflt.sys

15:16:13.0722 0792 klmouflt - ok

15:16:13.0738 0792 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys

15:16:13.0754 0792 KSecDD - ok

15:16:13.0769 0792 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\windows\system32\Drivers\ksecpkg.sys

15:16:13.0785 0792 KSecPkg - ok

15:16:13.0816 0792 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

15:16:13.0910 0792 ksthunk - ok

15:16:13.0956 0792 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

15:16:14.0034 0792 lltdio - ok

15:16:14.0081 0792 LPCFilter (41e122f6d1448c94cc05196bc41d6bfb) C:\windows\system32\DRIVERS\LPCFilter.sys

15:16:14.0081 0792 LPCFilter - ok

15:16:14.0112 0792 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys

15:16:14.0128 0792 LSI_FC - ok

15:16:14.0144 0792 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys

15:16:14.0159 0792 LSI_SAS - ok

15:16:14.0206 0792 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys

15:16:14.0222 0792 LSI_SAS2 - ok

15:16:14.0237 0792 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys

15:16:14.0253 0792 LSI_SCSI - ok

15:16:14.0268 0792 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

15:16:14.0362 0792 luafv - ok

15:16:14.0393 0792 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys

15:16:14.0393 0792 MBAMProtector - ok

15:16:14.0456 0792 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys

15:16:14.0456 0792 megasas - ok

15:16:14.0487 0792 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys

15:16:14.0502 0792 MegaSR - ok

15:16:14.0534 0792 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

15:16:14.0612 0792 Modem - ok

15:16:14.0627 0792 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

15:16:14.0674 0792 monitor - ok

15:16:14.0721 0792 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

15:16:14.0736 0792 mouclass - ok

15:16:14.0752 0792 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

15:16:14.0768 0792 mouhid - ok

15:16:14.0799 0792 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys

15:16:14.0814 0792 mountmgr - ok

15:16:14.0861 0792 mozyFilter (bde7b39f87bf7f1d1baaa04706f181c2) C:\windows\system32\DRIVERS\mozy.sys

15:16:14.0877 0792 mozyFilter - ok

15:16:14.0908 0792 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys

15:16:14.0924 0792 mpio - ok

15:16:14.0939 0792 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

15:16:15.0033 0792 mpsdrv - ok

15:16:15.0064 0792 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys

15:16:15.0111 0792 MRxDAV - ok

15:16:15.0142 0792 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\windows\system32\DRIVERS\mrxsmb.sys

15:16:15.0204 0792 mrxsmb - ok

15:16:15.0220 0792 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\windows\system32\DRIVERS\mrxsmb10.sys

15:16:15.0267 0792 mrxsmb10 - ok

15:16:15.0298 0792 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\windows\system32\DRIVERS\mrxsmb20.sys

15:16:15.0314 0792 mrxsmb20 - ok

15:16:15.0329 0792 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys

15:16:15.0329 0792 msahci - ok

15:16:15.0360 0792 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys

15:16:15.0376 0792 msdsm - ok

15:16:15.0407 0792 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

15:16:15.0470 0792 Msfs - ok

15:16:15.0485 0792 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

15:16:15.0532 0792 mshidkmdf - ok

15:16:15.0548 0792 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys

15:16:15.0548 0792 msisadrv - ok

15:16:15.0579 0792 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

15:16:15.0641 0792 MSKSSRV - ok

15:16:15.0672 0792 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

15:16:15.0735 0792 MSPCLOCK - ok

15:16:15.0750 0792 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

15:16:15.0813 0792 MSPQM - ok

15:16:15.0860 0792 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys

15:16:15.0891 0792 MsRPC - ok

15:16:15.0906 0792 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

15:16:15.0906 0792 mssmbios - ok

15:16:15.0938 0792 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

15:16:16.0016 0792 MSTEE - ok

15:16:16.0031 0792 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys

15:16:16.0062 0792 MTConfig - ok

15:16:16.0094 0792 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

15:16:16.0109 0792 Mup - ok

15:16:16.0125 0792 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

15:16:16.0172 0792 NativeWifiP - ok

15:16:16.0218 0792 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys

15:16:16.0250 0792 NDIS - ok

15:16:16.0265 0792 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

15:16:16.0312 0792 NdisCap - ok

15:16:16.0343 0792 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

15:16:16.0421 0792 NdisTapi - ok

15:16:16.0452 0792 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys

15:16:16.0530 0792 Ndisuio - ok

15:16:16.0546 0792 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys

15:16:16.0608 0792 NdisWan - ok

15:16:16.0624 0792 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys

15:16:16.0671 0792 NDProxy - ok

15:16:16.0686 0792 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

15:16:16.0749 0792 NetBIOS - ok

15:16:16.0780 0792 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys

15:16:16.0874 0792 NetBT - ok

15:16:17.0030 0792 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\windows\system32\DRIVERS\NETw5s64.sys

15:16:17.0186 0792 NETw5s64 - ok

15:16:17.0201 0792 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys

15:16:17.0217 0792 nfrd960 - ok

15:16:17.0232 0792 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

15:16:17.0279 0792 Npfs - ok

15:16:17.0295 0792 NPPTNT2 - ok

15:16:17.0326 0792 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

15:16:17.0404 0792 nsiproxy - ok

15:16:17.0451 0792 Ntfs (356698a13c4630d5b31c37378d469196) C:\windows\system32\drivers\Ntfs.sys

15:16:17.0498 0792 Ntfs - ok

15:16:17.0513 0792 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

15:16:17.0576 0792 Null - ok

15:16:17.0607 0792 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\windows\system32\DRIVERS\nvraid.sys

15:16:17.0622 0792 nvraid - ok

15:16:17.0638 0792 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\windows\system32\DRIVERS\nvstor.sys

15:16:17.0669 0792 nvstor - ok

15:16:17.0685 0792 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys

15:16:17.0700 0792 nv_agp - ok

15:16:17.0716 0792 odeeuygl - ok

15:16:17.0747 0792 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys

15:16:17.0763 0792 ohci1394 - ok

15:16:17.0794 0792 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys

15:16:17.0810 0792 Parport - ok

15:16:17.0825 0792 Partizan - ok

15:16:17.0856 0792 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys

15:16:17.0872 0792 partmgr - ok

15:16:17.0919 0792 pci (5aab2b170536885de70a6cba8d7ce52b) C:\windows\system32\DRIVERS\pci.sys

15:16:17.0934 0792 pci - ok

15:16:17.0934 0792 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

15:16:17.0950 0792 pciide - ok

15:16:17.0981 0792 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys

15:16:17.0997 0792 pcmcia - ok

15:16:18.0028 0792 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

15:16:18.0044 0792 pcw - ok

15:16:18.0090 0792 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

15:16:18.0137 0792 PEAUTH - ok

15:16:18.0184 0792 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys

15:16:18.0184 0792 PGEffect - ok

15:16:18.0231 0792 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys

15:16:18.0293 0792 PptpMiniport - ok

15:16:18.0309 0792 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys

15:16:18.0340 0792 Processor - ok

15:16:18.0387 0792 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys

15:16:18.0449 0792 Psched - ok

15:16:18.0512 0792 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys

15:16:18.0543 0792 ql2300 - ok

15:16:18.0574 0792 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys

15:16:18.0590 0792 ql40xx - ok

15:16:18.0605 0792 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

15:16:18.0636 0792 QWAVEdrv - ok

15:16:18.0652 0792 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

15:16:18.0699 0792 RasAcd - ok

15:16:18.0730 0792 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

15:16:18.0777 0792 RasAgileVpn - ok

15:16:18.0808 0792 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys

15:16:18.0886 0792 Rasl2tp - ok

15:16:18.0933 0792 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

15:16:18.0964 0792 RasPppoe - ok

15:16:18.0995 0792 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

15:16:19.0073 0792 RasSstp - ok

15:16:19.0104 0792 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys

15:16:19.0167 0792 rdbss - ok

15:16:19.0167 0792 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys

15:16:19.0214 0792 rdpbus - ok

15:16:19.0245 0792 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

15:16:19.0338 0792 RDPCDD - ok

15:16:19.0370 0792 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

15:16:19.0416 0792 RDPENCDD - ok

15:16:19.0432 0792 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

15:16:19.0479 0792 RDPREFMP - ok

15:16:19.0494 0792 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys

15:16:19.0557 0792 RDPWD - ok

15:16:19.0588 0792 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys

15:16:19.0604 0792 rdyboost - ok

15:16:19.0650 0792 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

15:16:19.0713 0792 rspndr - ok

15:16:19.0760 0792 RTL8167 (ba3e57c89e6f63808d3f2b11e1a2ad3c) C:\windows\system32\DRIVERS\Rt64win7.sys

15:16:19.0775 0792 RTL8167 - ok

15:16:19.0791 0792 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys

15:16:19.0806 0792 sbp2port - ok

15:16:19.0822 0792 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys

15:16:19.0869 0792 scfilter - ok

15:16:19.0884 0792 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\windows\system32\DRIVERS\sdbus.sys

15:16:19.0947 0792 sdbus - ok

15:16:19.0962 0792 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

15:16:20.0009 0792 secdrv - ok

15:16:20.0040 0792 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys

15:16:20.0056 0792 Serenum - ok

15:16:20.0072 0792 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys

15:16:20.0103 0792 Serial - ok

15:16:20.0134 0792 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys

15:16:20.0165 0792 sermouse - ok

15:16:20.0212 0792 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys

15:16:20.0243 0792 sffdisk - ok

15:16:20.0259 0792 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys

15:16:20.0290 0792 sffp_mmc - ok

15:16:20.0290 0792 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys

15:16:20.0306 0792 sffp_sd - ok

15:16:20.0321 0792 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys

15:16:20.0337 0792 sfloppy - ok

15:16:20.0368 0792 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys

15:16:20.0384 0792 SiSRaid2 - ok

15:16:20.0399 0792 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys

15:16:20.0415 0792 SiSRaid4 - ok

15:16:20.0430 0792 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

15:16:20.0477 0792 Smb - ok

15:16:20.0493 0792 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

15:16:20.0508 0792 spldr - ok

15:16:20.0540 0792 srv (37c3abc2338010e110d2a6a3930f3149) C:\windows\system32\DRIVERS\srv.sys

15:16:20.0571 0792 srv - ok

15:16:20.0602 0792 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\windows\system32\DRIVERS\srv2.sys

15:16:20.0664 0792 srv2 - ok

15:16:20.0696 0792 srvnet (cce32bb223e9ff55d241099a858fa889) C:\windows\system32\DRIVERS\srvnet.sys

15:16:20.0742 0792 srvnet - ok

15:16:20.0774 0792 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys

15:16:20.0789 0792 stexstor - ok

15:16:20.0805 0792 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

15:16:20.0820 0792 swenum - ok

15:16:20.0852 0792 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\windows\system32\DRIVERS\SynTP.sys

15:16:20.0867 0792 SynTP - ok

15:16:20.0914 0792 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\drivers\tcpip.sys

15:16:20.0961 0792 Tcpip - ok

15:16:21.0008 0792 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\windows\system32\DRIVERS\tcpip.sys

15:16:21.0054 0792 TCPIP6 - ok

15:16:21.0086 0792 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys

15:16:21.0148 0792 tcpipreg - ok

15:16:21.0179 0792 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys

15:16:21.0179 0792 tdcmdpst - ok

15:16:21.0195 0792 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

15:16:21.0257 0792 TDPIPE - ok

15:16:21.0288 0792 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys

15:16:21.0335 0792 TDTCP - ok

15:16:21.0366 0792 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys

15:16:21.0429 0792 tdx - ok

15:16:21.0460 0792 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys

15:16:21.0476 0792 TermDD - ok

15:16:21.0507 0792 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys

15:16:21.0507 0792 Thpdrv - ok

15:16:21.0538 0792 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS

15:16:21.0538 0792 Thpevm - ok

15:16:21.0585 0792 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

15:16:21.0600 0792 tos_sps64 - ok

15:16:21.0632 0792 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys

15:16:21.0694 0792 tssecsrv - ok

15:16:21.0725 0792 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys

15:16:21.0803 0792 tunnel - ok

15:16:21.0850 0792 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

15:16:21.0850 0792 TVALZ - ok

15:16:21.0881 0792 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys

15:16:21.0897 0792 TVALZFL - ok

15:16:21.0928 0792 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys

15:16:21.0944 0792 uagp35 - ok

15:16:21.0959 0792 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys

15:16:22.0022 0792 udfs - ok

15:16:22.0053 0792 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys

15:16:22.0068 0792 uliagpkx - ok

15:16:22.0084 0792 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys

15:16:22.0100 0792 umbus - ok

15:16:22.0115 0792 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys

15:16:22.0146 0792 UmPass - ok

15:16:22.0193 0792 usbccgp (b26afb54a534d634523c4fb66765b026) C:\windows\system32\DRIVERS\usbccgp.sys

15:16:22.0240 0792 usbccgp - ok

15:16:22.0271 0792 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys

15:16:22.0302 0792 usbcir - ok

15:16:22.0318 0792 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\windows\system32\DRIVERS\usbehci.sys

15:16:22.0334 0792 usbehci - ok

15:16:22.0349 0792 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\windows\system32\DRIVERS\usbhub.sys

15:16:22.0365 0792 usbhub - ok

15:16:22.0396 0792 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\DRIVERS\usbohci.sys

15:16:22.0412 0792 usbohci - ok

15:16:22.0427 0792 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys

15:16:22.0458 0792 usbprint - ok

15:16:22.0505 0792 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys

15:16:22.0536 0792 usbscan - ok

15:16:22.0583 0792 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\windows\system32\DRIVERS\USBSTOR.SYS

15:16:22.0614 0792 USBSTOR - ok

15:16:22.0661 0792 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\DRIVERS\usbuhci.sys

15:16:22.0677 0792 usbuhci - ok

15:16:22.0708 0792 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\windows\system32\Drivers\usbvideo.sys

15:16:22.0724 0792 usbvideo - ok

15:16:22.0770 0792 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys

15:16:22.0786 0792 vdrvroot - ok

15:16:22.0817 0792 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

15:16:22.0848 0792 vga - ok

15:16:22.0880 0792 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

15:16:22.0958 0792 VgaSave - ok

15:16:23.0004 0792 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys

15:16:23.0020 0792 vhdmp - ok

15:16:23.0051 0792 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys

15:16:23.0067 0792 viaide - ok

15:16:23.0098 0792 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys

15:16:23.0114 0792 volmgr - ok

15:16:23.0160 0792 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys

15:16:23.0176 0792 volmgrx - ok

15:16:23.0207 0792 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys

15:16:23.0223 0792 volsnap - ok

15:16:23.0254 0792 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys

15:16:23.0285 0792 vsmraid - ok

15:16:23.0316 0792 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

15:16:23.0332 0792 vwifibus - ok

15:16:23.0363 0792 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

15:16:23.0410 0792 vwififlt - ok

15:16:23.0441 0792 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

15:16:23.0472 0792 vwifimp - ok

15:16:23.0504 0792 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys

15:16:23.0519 0792 WacomPen - ok

15:16:23.0550 0792 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

15:16:23.0613 0792 WANARP - ok

15:16:23.0644 0792 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys

15:16:23.0691 0792 Wanarpv6 - ok

15:16:23.0722 0792 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys

15:16:23.0738 0792 Wd - ok

15:16:23.0784 0792 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

15:16:23.0816 0792 Wdf01000 - ok

15:16:23.0862 0792 wdkmd (7c2ef67b0a43c4deb7ef932ceda337d6) C:\windows\system32\DRIVERS\WDKMD.sys

15:16:23.0878 0792 wdkmd - ok

15:16:23.0925 0792 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

15:16:23.0972 0792 WfpLwf - ok

15:16:24.0003 0792 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

15:16:24.0018 0792 WIMMount - ok

15:16:24.0096 0792 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys

15:16:24.0128 0792 WinUsb - ok

15:16:24.0159 0792 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

15:16:24.0190 0792 WmiAcpi - ok

15:16:24.0252 0792 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

15:16:24.0299 0792 ws2ifsl - ok

15:16:24.0362 0792 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

15:16:24.0393 0792 WSDPrintDevice - ok

15:16:24.0455 0792 WSDScan (4a2a5c50dd1a63577d3aca94269fbc7f) C:\windows\system32\DRIVERS\WSDScan.sys

15:16:24.0486 0792 WSDScan - ok

15:16:24.0549 0792 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys

15:16:24.0611 0792 WudfPf - ok

15:16:24.0658 0792 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys

15:16:24.0720 0792 WUDFRd - ok

15:16:24.0752 0792 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

15:16:24.0923 0792 \Device\Harddisk0\DR0 - ok

15:16:24.0954 0792 Boot (0x1200) (8ec2fe3fe560682812c8cc5cecb048a8) \Device\Harddisk0\DR0\Partition0

15:16:24.0970 0792 \Device\Harddisk0\DR0\Partition0 - ok

15:16:24.0970 0792 ============================================================

15:16:24.0970 0792 Scan finished

15:16:24.0970 0792 ============================================================

15:16:24.0970 1836 Detected object count: 0

15:16:24.0970 1836 Actual detected object count: 0

Share this post


Link to post
Share on other sites

ID: 11   Posted (edited)

These steps are for loner only. If you are a casual viewer, do NOT try this on your system!

If you are not loner and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Reminder, to not do any websurfing of any kind.

The aswMBR log tends to show a malware zero access.

In addition, your Adobe Flash Player, Firefox browser, and Java runtime our out of date (which I'll guide you to update later).

But my guess is you got the infection in your browsing online.

Step 1

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,Kasperskey antivirus 2010.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 2

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Close all browsers before starting. Disable your antivirus program and anti-malware,Kasperskey antivirus 2010.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, look at your Drive light.

If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt.

Note:

Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Step 3

RE-Enable your anti-virus program.

Reply with a copy of the Stinger.txt log & C:\Combofix.txt log

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

Stinger here:

McAfee® Labs Stinger Version 10.2.0.554 built on Mar 21 2012

Copyright © 2011 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Mar 21 2012.

Ready to scan for 4191 viruses, trojans and variants.

Scan initiated on Thu Mar 22 08:51:36 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................1

Possibly Infected: ............0

Number of clean files: 21825

Combo fix here:

ComboFix 12-03-22.01 - ClydeSanders 03/22/2012 9:31.1.4 - x64

Running from: c:\users\ClydeSanders\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

AV: Kaspersky Anti-Virus *Enabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Anti-Virus *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Kaspersky Anti-Virus *Enabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\LoJackNotifier.txt

c:\programdata\sh5gy611u40h

c:\programdata\x0lf03t5uw0olr

c:\programdata\xp

c:\programdata\xp\EBLib.dll

c:\programdata\xp\TPwSav.sys

c:\users\ClydeSanders\AppData\Local\sh5gy611u40h

c:\users\ClydeSanders\AppData\Local\xpg.exe

c:\users\ClydeSanders\AppData\Roaming\Microsoft\Windows\Templates\sh5gy611u40h

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\assembly\temp\@

c:\windows\assembly\temp\bckfg.tmp

c:\windows\assembly\temp\cfg.ini

c:\windows\assembly\temp\keywords

c:\windows\system32\consrv.dll

c:\windows\system32\dds_trash_log.cmd

c:\windows\System64

.

.

((((((((((((((((((((((((( Files Created from 2012-02-22 to 2012-03-22 )))))))))))))))))))))))))))))))

.

.

2012-03-22 13:37 . 2012-03-22 13:37 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-22 06:34 . 2012-03-22 13:12 16200 ----a-w- c:\windows\stinger.sys

2012-03-22 06:33 . 2012-03-22 13:25 -------- d-----w- c:\program files (x86)\stinger

2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\users\ClydeSanders\AppData\Roaming\Malwarebytes

2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\programdata\Malwarebytes

2012-03-21 16:15 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-21 16:15 . 2012-03-21 16:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-21 15:15 . 2012-03-21 15:15 -------- d-----w- c:\program files (x86)\ERUNT

2012-03-20 20:29 . 2012-03-20 20:33 -------- d-----w- c:\windows\system32\MpEngineStore

2012-03-07 19:43 . 2012-03-07 19:43 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-07 19:41 . 2012-03-07 19:41 -------- d-----w- c:\windows\system32\Macromed

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-12-28 18:24 . 2011-12-28 18:24 2 --shatr- c:\windows\winstart.bat

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2009-09-29 140640]

"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-11-8 4832056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 odeeuygl;odeeuygl;c:\windows\system32\drivers\odeeuygl.sys [x]

R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [x]

R3 dump_wmimmc;dump_wmimmc;f:\clyde sanders files\Games\online games\Pangya\GameGuard\dump_wmimmc.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-01-20 315664]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-04-06 258928]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-06 137560]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]

@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"

[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]

2010-11-08 21:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]

@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"

[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]

2010-11-08 21:06 4345144 ----a-w- c:\program files\MozyHome\mozyshell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-01-20 1926928]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2710856]

"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]

"combofix"="c:\combofix\CF763.3XE" [2009-07-14 344576]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

smwdm

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

LSP: mswsock.dll

TCP: DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

FF - ProfilePath - c:\users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\

FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official | http://www.gmail.com |

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

FF - Ext: ReloadEvery: {888d99e7-e8b5-46a3-851e-1ec45da1e644} - %profile%\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

FF - Ext: XULRunner: {8E22EFF7-4C23-468D-A046-F794FEAEDA54} - c:\users\ClydeSanders\AppData\Local\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-gWLwiaDlyb.exe - c:\programdata\gWLwiaDlyb.exe

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{249B9E04-F0FC-434D-B0D8-12D3EDFF3B77}\Best Buy Software Installer Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11g_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11g.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

.

**************************************************************************

.

Completion time: 2012-03-22 09:44:16 - machine was rebooted

ComboFix-quarantined-files.txt 2012-03-22 13:44

.

Pre-Run: 424,249,344,000 bytes free

Post-Run: 424,774,270,976 bytes free

.

- - End Of File - - 0C7BEA2CDF1E9B00BFE84F3FA4997111

Share this post


Link to post
Share on other sites

Let's have you do some really needed updates:

1) Start your Kaspersky suite program. Do an update run & get it all up-to-date.

2) javaicon.gif

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, select Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u31-windows-i586-s.exe to install the newest version.
    ( jre-6u31-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml

When all is well, you should see Java Version: Java 6 Update 31 from Sun Microsystems Inc.

3) Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

4) Start your Firefox browser. Select Help, then About.

If an update is found, you will be prompted. Apply the update and allow a restart of Firefox, then Exit the browser.

5) Temporarily turn off your Kaspersky anti-virus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do not turn off the firewall.

Close all open browsers at this point.

Start Internet Explorer (fresh) by pressing Start >> Internet Explorer >> Right-Click and select Run As Administrator.

Using Internet Explorer browser only, go to

http://www.f-secure.com/en/web/home_us/protection/free-online-tools/free-online-tools

Please perform this online scan: F-Secure Online Scanner

The online scanner is on the bottom right of the page.

Follow the directions in the F-Secure page for proper Installation.

Click the checkbox to accept the terms and press Run Check

You may receive an alert on the address bar at this point to install the ActiveX control.

Click on that alert and then click "Install ActiveX component".

Read the license agreement and click "Accept".

Click "Custom Scan" and be sure the following are checked:

  • Scan whole System
  • Scan all files
  • Scan whole system for rootkits
  • Scan whole system for spyware
  • Use advanced heuristics

When the scan completes, click the "I want to decide item by item" button.

For each item found, Select "Disinfect" and click "Next".

When done, click the "Show Report" button, then copy and paste the entire report into your next reply

6) Re-enable your anti-virus program.

Confirm that you have done the updates (from above), and, tell me, How i your system now?

and copy & paste the contents of the F-Secure report

Share this post


Link to post
Share on other sites

Take a slow, careful look at the page. The Windows 64-bit is listed just below the one for 32-bit.

Make sure you are looking at the Windows section. It's all in front of you.

Share this post


Link to post
Share on other sites

Scanning Report

Friday, March 23, 2012 20:56:15 - 01:02:30

Computer name: CLYDESANDERS-PC

Scanning type: Scan system for malware, spyware and rootkits

Target: C:\

12 malware found

TrackingCookie.Questionmarket (spyware)

  • System (Disinfected)

TrackingCookie.2o7 (spyware)

  • System (Disinfected)

TrackingCookie.Advertising (spyware)

  • System (Disinfected)

TrackingCookie.Atdmt (spyware)

  • System (Disinfected)

TrackingCookie.Doubleclick (spyware)

  • System (Disinfected)

TrackingCookie.Revsci (spyware)

  • System (Disinfected)

TrackingCookie.Fastclick (spyware)

  • System (Disinfected)

TrackingCookie.Adbrite (spyware)

  • System (Disinfected)

TrackingCookie.Webtrends (spyware)

  • System (Disinfected)

TrackingCookie.Mediaplex (spyware)

  • System (Disinfected)

TrackingCookie.Atwola (spyware)

  • System (Disinfected)

TrackingCookie.Yieldmanager (spyware)

  • System (Disinfected)

Statistics

Scanned:

  • Files: 299686
  • System: 5699
  • Not scanned: 216

Actions:

  • Disinfected: 12
  • Renamed: 0
  • Deleted: 0
  • Not cleaned: 0
  • Submitted: 0

Files not scanned:

  • C:\HIBERFIL.SYS
  • C:\PAGEFILE.SYS
  • C:\WINDOWS\SYSWOW64\LOG.TXT
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG1
  • C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG2
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
  • C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
  • C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
  • C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
  • C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\NETWORKSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG1
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\NTUSER.DAT.LOG2
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE0.DAT
  • C:\WINDOWS\SERVICEPROFILES\LOCALSERVICE\APPDATA\LOCAL\LASTALIVE1.DAT
  • C:\USERS\CLYDESANDERS\NTUSER.DAT
  • C:\USERS\CLYDESANDERS\NTUSER.DAT.LOG1
  • C:\USERS\CLYDESANDERS\NTUSER.DAT.LOG2
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy I and II - Dawn of Souls.zip\Final Fantasy I & II - Dawn of Souls.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy IV Advance.zip\2279 - Final Fantasy 4 Advance (U).gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy Tactics Advance.zip\FFTA.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Final Fantasy Tactics Advance.zip\Final Fantasy I and II - Dawn of Souls.zip\Final Fantasy I & II - Dawn of Souls.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\Legend of Zelda - The Minish Cap, The.zip\Minish cap.gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\MegaMan Battle Network 6 - Cybeast Falzar.zip\2428 - MegaMan Battle Network 6 - Cybeast Falzar (E)(Rising Sun).gba
  • C:\Users\ClydeSanders\Documents\Chill\from crs dive\bored\GBA roms (1)\Roms\Gameboy Advanced\Police\MegaMan Battle Network 6 - Cybeast Gregar.rar\MMBN6 Grega.gba
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF5063AC45362FA071.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF53B42819FB6B0560.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF5B692D36C647A832.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DF9C3A657ECE30D72C.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFC3E8B09403860077.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFCA0ED874315C8B73.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFDB796D7CECC85286.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFE58254B0334D6D61.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFF4000A443855808B.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\~DFFC65D086BDCF4893.TMP
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\HSPERFDATA_CLYDESANDERS\2332
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\TEMP\HSPERFDATA_CLYDESANDERS\4964
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG2
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG1
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\WINDOWS\USRCLASS.DAT
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE\RECOVERYSTORE.{6D407A5F-747F-11E1-9614-88AE1D53A027}.DAT
  • C:\USERS\CLYDESANDERS\APPDATA\LOCAL\MICROSOFT\INTERNET EXPLORER\RECOVERY\HIGH\ACTIVE\{6D407A60-747F-11E1-9614-88AE1D53A027}.DAT
  • C:\SYSTEM VOLUME INFORMATION\ISWIFT3.DAT
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG1
  • C:\SYSTEM VOLUME INFORMATION\SYSCACHE.HVE.LOG2
  • C:\SYSTEM VOLUME INFORMATION\{0E15E0A7-69FB-11E1-9EB8-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{1150031B-634F-11E1-8621-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{59754B11-60F3-11E1-A912-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{59754B48-60F3-11E1-A912-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{5C1C31CF-73E8-11E1-97E8-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{8777266D-727E-11E1-96DF-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{A0E00049-747A-11E1-9614-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{B7065B7A-7370-11E1-BA30-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{C0069E8F-6C56-11E1-BA80-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\SYSTEM VOLUME INFORMATION\{E473E118-6680-11E1-A5A7-88AE1D53A027}{3808876B-C176-4E48-B7AE-04046E6CC752}
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\MSS.LOG
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\TMP.EDB
  • C:\PROGRAMDATA\MICROSOFT\SEARCH\DATA\APPLICATIONS\WINDOWS\WINDOWS.EDB
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0120C722915B0A40C8B0829739535948_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0147C46973824CC3688A881F10B9A75D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\04B8A385D7A1C220E4E2D3085F4A6035_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\077155BCD49F2B5AD9EE0CD16299F410_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\08A9D2B3ED1E8481AD86356731CD5BEF_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0CFCA56CD4C50EEFAF88059473F9DB76_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\0D2EE0B64A71D3DE1EECC6D70EAEE156_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\10E7F822D3D810DE42FB12E36F216C16_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1733A217D7B9B3AED64728C3CD09943B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\17801B1DD157D2D8BFEE433C2C6B53D4_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1865536216E6763EE547F64ECE0F2DFA_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1B30403299BC211E65CADD2A1C314764_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\1D9B84D6BD419340B836BEE8F3EC9A0D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\21E50035340B9C79C2723B0B68075289_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2A68BCB8ECA230A616C32F56CE78C8E2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CC68D3C7FD853B5EB1CFCCC86AF26D5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2CFC15EFEAE8C7386276EEFAD0F5BF3E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2D68D0AAFF8EE018C54425F709EFF966_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2DF9537918BF3238F18AA33DA27C9C6C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\2F2413DCD557B6C58E0891EBBE71C0C8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\322935E150BAA1DD5DF8D93E3A072AEC_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\34D003D15A8103F7532E4AED166A7757_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3737B010C25191A1C139FE046C5797B2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3E573F5761511F002BDCB785F3D7D418_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\40BAF4706C62D0B5453617E3F9E0DF36_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\42711FE5A5D590DA19584F3D60FD51F8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\43E9300AA5E9C7BBB8EF5247115DA5ED_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\454D0D90028448B991AA6CE101E2847E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\455C6CA9130831FE8FA7DD72396033DD_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\3C6DC397AF9D0068CC2E72C572EFEECE_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4A71D7C7FA32E5528B31B376D8ECFEB8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\4CB1C56725C8EC0166282D58B85D7957_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\50DAB54054053FA942B34CDF6B26C755_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\516D39B5620F801AE475BE72AC4245F5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\522525B46DB8F6BFC3E00CA95354A805_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\535EEA2C7D693EAA7CD01E2C1AB91453_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53D6C2C93FBF10E67692B94661399434_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\53F79171025D01EC07F62A61D2E4F32A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\545588339FA8623275D1DD8556621F7A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\54C725882630A8A737DF47D4F92607E9_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\56D07C6E4DD7EAA37786507AD9E736A5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\58533418637DC9D169D46F1232AC3E1B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5C0B07933DE33E7CADBC04C5F793EBD7_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5E6124E20F02C061432D36629887886C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\5FBEDDCD8E346B75E04CFA68927A2BB7_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\62A04B96C20152405777E80697E690A1_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\67BDDDCBE3579CD603E47B9AC7AC6816_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6A166F96BC69F23BDED6F1DA2F7473AE_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C2D44FB3DF1F29FBD326033E01927A3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6C504E03555450A2F6FFCA95A034715C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6E6B83F1FC7872D0994541BEC2C20331_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FACCFDA3139CA8693ECAA48B73F290C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\6FF6DCD886AA0423ACC9B152FD55313A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\72E824D0C3AEFB152BE279A798A3A7B1_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\71C741FC77871ACD2E4E979F6614DE48_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\74A8C9AA74AB5B9B2A83CF94A5398E87_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7524FA94507545CC0243AF3D77FFA31A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76145BC18D43947999D9A09F60F20D06_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\76EA54C8387AB197BD10014BFDCD0F37_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\78D2B5C0725998B767E9D6AAE798D257_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A04EFB1C5E4700E7C81AD621A03CB7C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7A8D7BD471DB486CE3E335F6F82D0618_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7E853FD5EFF7DA4C00EF6525B67A6F4A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7EA40C4D1D439DD9004634D8745410BA_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\7FC126E03EC994A705F67E60824FCFB0_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\82A190DB9819A15B3ADA959146DD9E95_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8573871771868B1D456C2A0B3598D76C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8824E4707E1159DD3B0C4272B910388E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\89A77402AA26EE471E4554C388AD9D73_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8AC62196776377093B41DA39C96BA0C3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8AC9BA0BF7ADDF8A5DED9FC181FE16FE_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8D99955D9E0FA2F96FB97A9845E9E2DC_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8EA55D1D608C5B821A1E61D2B796B37E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F271D190527E3C69DEC8C81A580EE7B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\8F335E19078FB21C0D77F31DAA8FADAB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9199597B987A46F4E6293D83FFD9ADE6_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92C056C95C44BCC8408859E4B4C02BDB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\92EA3D6CC2EF08656400244E7B7CC897_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\93BA3C69907DFE3338AEC4BD23135C7A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9EEB5ED586969357D670A7BAB229E0B9_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\9FEE334A0C829F63134B6C5C2592168A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A07754BE28A9C1BE693FB201563F1838_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A19D5328C85479BC364CCD9C515F12D8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A59775E7B1E94D33EAE124F007CBF28E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A7544C945CA49319EC6935D8415E22AB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A8147270E6BAB825277580027AB3B73D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\A92CC313F01A63EA281585BA0F646627_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AAF1D2E55D506F470CD76B465AEF2168_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\ACD0305A43FFEE6861ECAF4C5FA2909D_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AD236CC13CEEF27C0410D6A004A87D35_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\AF542077D7009F4382FC41F3EC2B2A9E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4A7EDFE0A1107172F904116C3896CAB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B4B42E80AD205293762A23CDDA9AD339_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\B655A0CFE46F76882855D32304FD9390_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA21F05E0A44CDD9C2FA42865FA64E37_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA4C2B5484BFBED7E53C758F608DF891_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BA786C7CCEF0AC9998D6F56322E3905A_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BB7FF01BF617ED95E72FD51F52B800F2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BC7B9AF5549BBAC1F621FC290499AAB4_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF004E9BC24AE8D8435BB503854933DB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\BF8B78BC58D853ECF9FEA509F8928900_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C03F7B2FB6F6CA1590E144ACD05B64FB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C0651F927A325AA983855118F0306569_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C2D9F92B3A435708DC3D5777C339F766_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C6029B6BF43F95A6AF9DFE4761F68BFA_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C8DE100A3D78C8BF249E2FDC5FDE776B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\C907F5025A1C60B8CC0BB0475796A0D3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CB3065860852A2353D6BC38A8848AAA0_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\CF2B1505323141DB9432ECAEF0B8B2C3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D3FC9CB855E32A5DAE87D93BFCE7124C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6514EDC2CA5EBD09C7B73A22FEFA5A3_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D689B3A88FD13997B83A396CDAA487E7_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D6E5507486E63E23F79CFF611F13E396_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\D712FCFA4B40093E8B749799CF56545B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DAF2D90FCBD622E63C90C458E1CF4B6B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DC4057990ECCEE973DC821C58038B854_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD093336A4376CDFD2094270582404CB_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DD76EC887418DF108CBFF40F05BDFF5C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E27AE525EA7B2BD839C3DCBF22FBBF4F_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E3F5543E61FA7D41C50F0055CF23C386_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\DDABDD752611856DDE0D83A5990921F2_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E8FF6F101704F1D3AE5A73BD272C2F5C_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\E40EF4A5DA88C4F3E1525F98466980D0_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB16C6D441CE0614998C3A4A5453C425_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EB3EF2B51490C8BF844197AC07C7C79E_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\EC3C52F13C43B6FE038A4A07BD7B4810_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F41733F23886A8CB15CBCA2A9630B986_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F4CCFA5E4C34E02C969E32CBBECE6F56_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F6ACF7165306E5EC9664E258AAFA35D5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F80B81388BFFFCE909AA2F7C018CC1F8_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F82A07123055D731F601595B0BF577E5_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F8EA7A66B8823D88655B9C5B9FF3D907_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\F9E8F198746934334C663C105E0772A4_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FAB867BAD1B2A90DB96265DE06EC6785_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FE548D76F068CF9FEE3B4404B796872B_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\FFE46099E9D8B7AA56CBCEEC7BE59A78_1301896A-8544-4673-AD9D-33FF428C0EE3
  • C:\PROGRAMDATA\KASPERSKY LAB\AVP9\BASES\CACHE\AVDE4.TMP

Options

Scanning engines: Scanning options:

  • Scan all files
  • Scan inside archives
  • Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure

F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

I noticed its taking longer because I did also have to a system before when I shutdown the first time and redid the steps but I other than the speed issue, I think I am alright

Thank you very much

Share this post


Link to post
Share on other sites

I am noticing that I am also getting the url directed links when I go on google still.

Share this post


Link to post
Share on other sites

The F-Secure scan removed some tracking cookies. Let's do a few more follow-up steps & a different online scan.

Download OTL by OldTimer & SAVE to your Desktop: http://oldtimer.geekstogo.com/OTL.exe

Close and save any open work documents you have running. Do not start any other programs. Let these next tools run un-interrupted.

Step 2

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :Commands
    [purity]
    [resethosts]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

Get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm

Steps to follow for the MVP Hosts file:

1) Download and SAVE the zip file to a temporary folder

2) Unzip (extract the contents) in the same folder

3) After extract is complete, run mvps.bat batch file. This copies your pre-existing Hosts file to Hosts.mvp in the folder where Windows' Hosts resides

typically, C:\WINDOWS\system32\drivers\etc

and after that copy is saved, it replaces the old Hosts with the new one.

And you should see (in the blue background command window) the following:

_________________________________________________

¦ +---+¦

¦ THE MVPS HOSTS FILE IS NOW UPDATED ¦ v ¦¦

¦ +---+¦

¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

Previous version saved and renamed to HOSTS.MVP

Press any key to continue . . .

Find the folder where you saved the original download. Delete hosts.zip and a file folder there named hosts

The latter is the same folder that had mvps.bat

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Using Internet Explorer browser only, go to ESET Online Scanner website:

{Windows 7 & Vista users should start IE by Start >> Internet Explorer >> Right-Click and select Run As Administrator.}

  • Press the ESET Online scanner" button
  • Check the I accept the terms box. Accept the Terms of Use and press Start button;
  • Approve the install of the required ActiveX Control, then follow on-screen instructions;
  • Un-check the Remove found threats option.
  • Checkmark Scan Archives option.
  • Click on Advanced Settings and checkmark the following
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology
    click Scan.
  • After the scan completes, the Details tab in the Results window will display what was found and removed.
    • A logfile is created and located at C:\Program Files\Eset\EsetOnlineScanner\log.txt.

    Look at contents of this file using Notepad or Wordpad.

    The Frequently Asked Questions for ESET Online Scanner can be viewed here

    http://www.eset.com/...c4.php?page=faq

    • It is emphasized to temporarily disable any pc-resident {active} antivirus program prior to any on-line scan by any on-line scanner.
      (And the prompt re-enabling when finished.)
    • If you use Firefox, you have to install IETab, an add-on. This is to enable ActiveX support.

After the scan is done, re-enable your antivirus program.

Reply with copy of the Eset scan log, and

tell me, How is your system now :excl:

Share this post


Link to post
Share on other sites

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: ClydeSanders

->Flash cache emptied: 228482 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.39.2 log created on 03232012_193642

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_32\Desktop.ini.vir Win32/Sirefef.DN trojan

C:\Qoobox\Quarantine\C\Windows\assembly\GAC_64\Desktop.ini.vir Win64/Sirefef.G trojan

C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir Win64/Sirefef.G trojan

Operating memory a variant of Win32/Sirefef.DN trojan

What is next if I don't think the scanner deleted the files, (I think it just showed the different files.) because the pop up tabs to random sites are still occuring.

Share this post


Link to post
Share on other sites

Those 3 files in the list are already in quarantine & are not active.

Provide more details as to the how & when of the "pop up tabs".

Were you browsing or searching?

If so, what browser were you using? (Internet Explorer, or Chrome, or Firefox, or which ?? )

Where were you browsing?

What are some of the Titles in the popups ?

I'd like for you to do 2 separate scans:

1) With your Kaspersky AV 2010

Start Kaspersky antivirus. Do an update run. Do a full system scan.

Provide details in next reply.

2) Temporarily turn off Kaspersky anti-virus.

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

3) After MBAM has finished, turn ON your Kaspersky antivirus.

4) Provide answers to my earlier questions,

details on the Kaspersky scan,

and copy & Paste the latest MBAM scan log

Share this post


Link to post
Share on other sites

I cant update kasperkasy because of the key has expired, so I am going to to get another program from (my store, its already shipping)

The malwarebytes update is here though:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000

www.malwarebytes.org

Database version: v2012.03.25.01

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

ClydeSanders :: CLYDESANDERS-PC [administrator]

Protection: Disabled

3/25/2012 1:02:05 AM

mbam-log-2012-03-25 (01-02-05).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 365032

Time elapsed: 44 minute(s), 15 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

and the popups are like facebook then it reroutes to a random page. Also here if I just try to scroll up by clicking the scroll bar on the left I get a page showing the black and yellow otl button on a new tab

"http://platform.twitter.com/widgets/tweet_button.1332442903.html" - what just popped up.

Share this post


Link to post
Share on other sites

Some observations:

You noted

I cant update kasperkasy because of the key has expired, so I am going to to get another program from (my store, its already shipping)
:blink:

Dude :excl:

Why-o-why did you not plan for replacement before the license expiration ?

If you value your system and what you have stored on it, do not allow this to happen again.

Your system should never be without a current & updated antivirus program installed. Otherwise, it is exposed to new viruses that come out in the wild.

When you do get the new program, first, de-install the old program via Control Panel >> Programs and features. Then reboot.

Immediately run setup of new program.

In the meantime, absolutely reduce your websurfing of any kind to none.

btw, the link you noted is just to a tweet icon (which of itself is not harmful) but the popup(s) are a concern.

More reply to follow.

Share this post


Link to post
Share on other sites

ID: 23   Posted (edited)

You already have the Security Check utility on the system (downloaded from before).

I need for you to run it now (one more time).

You also have OTL utility from before. Need a new report from it.

Locate the OTL.exe on your Desktop

Right-click OTL.exe otlDesktopIcon.png & select Run as Administrator to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Copy and paste back here a copy of the new OTL.txt and Checkup.txt

Edited by Maurice Naggar

Share this post


Link to post
Share on other sites

here is the log of the security check:

Results of screen317's Security Check version 0.99.32

Windows 7 x64 (UAC is enabled)

Internet Explorer 8 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

ESET Online Scanner v3

Kaspersky Anti-Virus 2010

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

MVPS Hosts File

Java 6 Update 31

Adobe Flash Player 10.3.183.16 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (3.6.8) Firefox out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Kaspersky Lab Kaspersky Anti-Virus 2010 avp.exe

Kaspersky Lab Kaspersky Anti-Virus 2010 x64 klwtblfs.exe

Kaspersky Lab Kaspersky Anti-Virus 2010 avp.exe

``````````End of Log````````````

here is the logs of the otl scan:

OTL logfile created on: 3/25/2012 11:09:39 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ClydeSanders\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.04% Memory free

7.60 Gb Paging File | 5.81 Gb Available in Paging File | 76.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453.67 Gb Total Space | 390.89 Gb Free Space | 86.16% Space Free | Partition Type: NTFS

Computer Name: CLYDESANDERS-PC | User Name: ClydeSanders | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/23 15:54:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\ClydeSanders\Desktop\OTL.exe

PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/05/10 13:37:32 | 000,010,920 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe

PRC - [2010/09/06 11:11:48 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

PRC - [2010/07/22 22:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/03/17 16:03:08 | 000,252,728 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

PRC - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/02/24 04:54:48 | 002,454,840 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe

PRC - [2009/12/25 18:21:16 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

PRC - [2009/09/28 20:56:18 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe

========== Modules (No Company Name) ==========

MOD - [2012/03/22 20:29:03 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

MOD - [2010/07/22 22:06:54 | 001,015,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll

MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/04/06 17:53:14 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2010/01/19 20:26:58 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV:64bit: - [2010/01/19 20:08:16 | 000,315,664 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2010/01/19 20:05:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2009/10/21 12:30:36 | 000,531,520 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2009/07/28 18:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\nwrdr.dll -- (smwdm)

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/10 13:37:32 | 000,010,920 | ---- | M] (Absolute Software) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)

SRV - [2010/11/29 13:11:29 | 003,989,568 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2010/09/06 11:11:48 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe -- (AVP)

SRV - [2010/03/03 17:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

SRV - [2010/03/03 17:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/11/08 17:06:40 | 000,066,552 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mozy.sys -- (mozyFilter)

DRV:64bit: - [2010/09/06 11:11:48 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2010/05/18 19:02:48 | 000,164,464 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2010/05/08 21:38:56 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2010/05/03 17:44:02 | 000,331,880 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/04/21 14:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/02/26 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/03 09:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®

DRV:64bit: - [2010/01/15 15:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/01/13 11:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/12/17 22:09:20 | 000,036,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)

DRV:64bit: - [2009/10/15 00:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)

DRV:64bit: - [2009/10/09 22:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2009/10/02 22:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®

DRV:64bit: - [2009/09/14 17:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2009/09/01 18:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)

DRV:64bit: - [2009/07/31 00:02:36 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/13 20:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)

DRV:64bit: - [2009/06/29 19:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)

DRV:64bit: - [2009/06/29 13:25:22 | 000,034,880 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2005/01/04 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B82B168C-42C7-44BE-A3E4-A78276E8AAB7}

IE:64bit: - HKLM\..\SearchScopes\{B82B168C-42C7-44BE-A3E4-A78276E8AAB7}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA

IE - HKLM\..\SearchScopes,DefaultScope = {0A9B5BD7-25A8-4282-B606-DA9F577C628E}

IE - HKLM\..\SearchScopes\{0A9B5BD7-25A8-4282-B606-DA9F577C628E}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSNA&bmod=TSNA

IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {26232E5B-48C4-4F29-941A-36A45073F6A2}

IE - HKCU\..\SearchScopes\{26232E5B-48C4-4F29-941A-36A45073F6A2}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official | http://www.gmail.com |"

FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736

FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.4

FF - prefs.js..extensions.enabledItems: {8E22EFF7-4C23-468D-A046-F794FEAEDA54}:1.9.1

FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:7.0.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/06 10:06:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/22 20:11:50 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}: C:\Users\ClydeSanders\AppData\Local\{8E22EFF7-4C23-468D-A046-F794FEAEDA54} [2011/03/23 08:54:06 | 000,000,000 | ---D | M]

[2012/03/21 14:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Extensions

[2012/03/11 23:16:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}

[2012/02/04 12:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable

[2012/02/04 12:31:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{718e30fb-e89b-41dd-9da7-e25a45638b28}

[2012/01/13 19:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2012/03/25 23:05:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\extensions

[2011/03/06 01:48:48 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}

[2011/12/03 16:37:57 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\ClydeSanders\AppData\Roaming\Mozilla\Firefox\Profiles\mowxtix2.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}

[2012/03/22 20:11:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/03/22 20:11:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2010/09/06 12:33:12 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru

[2011/03/23 08:54:06 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\CLYDESANDERS\APPDATA\LOCAL\{8E22EFF7-4C23-468D-A046-F794FEAEDA54}

[2012/03/22 20:11:39 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/02/28 02:10:18 | 000,610,100 | ---- | M]) - C:\Windows\SysNative\drivers\etc\HOSTS

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost #[iPv6]

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 abcstats.com

O1 - Hosts: 127.0.0.1 a.abv.bg

O1 - Hosts: 127.0.0.1 adserver.abv.bg

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 ca.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 16230 more lines...

O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\ievkbd.dll (Kaspersky Lab)

O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [smartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)

O4 - HKLM..\Run: [avp] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [gWLwiaDlyb.exe] C:\ProgramData\gWLwiaDlyb.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 [2012/03/23 20:55:20 | 000,000,000 | ---D | M]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9:64bit: - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)

O9:64bit: - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\x64\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - %SystemRoot%\system32\pnrpnsp.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - %SystemRoot%\system32\pnrpnsp.dll File not found

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{956A3BB1-236E-40A4-9B3A-66CB2330D89C}: NameServer = 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A32CE649-BF5D-407D-A364-B4A32C330669}: DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F4366FAE-55DC-43AD-82C3-07BB0D5C8805}: DhcpNameServer = 168.28.176.11 168.28.176.253 198.72.72.10

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2010\mzvkbd3.dll (Kaspersky Lab)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/12/28 14:34:34 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/24 23:13:23 | 080,143,432 | ---- | C] (Kaspersky Lab) -- C:\Users\ClydeSanders\Desktop\kav12.0.0.374en.exe

[2012/03/23 19:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/03/23 19:37:46 | 000,000,000 | ---D | C] -- C:\Users\ClydeSanders\Desktop\5

[2012/03/23 19:36:42 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/03/23 15:54:12 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\ClydeSanders\Desktop\OTL.exe

[2012/03/23 01:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

[2012/03/22 20:56:15 | 000,000,000 | ---D | C] -- C:\Users\ClydeSanders\AppData\Roaming\f-secure

[2012/03/22 20:56:08 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure

[2012/03/22 20:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2012/03/22 20:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/03/22 20:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/03/22 20:02:40 | 000,000,000 | ---D | C] -- C:\windows\temp

[2012/03/22 19:57:47 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2012/03/22 19:29:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012/03/22 19:20:48 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012/03/22 19:16:43 | 009,273,408 | ---- | C] (McAfee Inc.) -- C:\Users\ClydeSanders\Desktop\stinger.exe

[2012/03/22 19:14:06 | 004,443,082 | R--- | C] (Swearware) -- C:\Users\ClydeSanders\Desktop\ComboFix.exe

[2012/03/22 13:03:34 | 000,000,000 | ---D | C] -- C:\Users\ClydeSanders\Desktop\KLUpdater

[2012/03/22 09:29:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012/03/22 09:29:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012/03/22 09:27:37 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/03/22 02:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger

[2012/03/21 15:14:32 | 000,000,000 | ---D | C] -- C:\Users\ClydeSanders\Desktop\4

[2012/03/21 12:15:34 | 000,000,000 | ---D | C] -- C:\Users\ClydeSanders\AppData\Roaming\Malwarebytes

[2012/03/21 12:15:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/03/21 12:15:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012/03/21 12:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/03/21 12:15:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/03/21 11:35:04 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ClydeSanders\Desktop\mbam--setup-1.60.1.1000.exe

[2012/03/21 11:18:21 | 000,066,896 | ---- | C] (Malwarebytes Corporation) -- C:\Users\ClydeSanders\Desktop\mbam-clean.exe

[2012/03/21 11:16:05 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/03/21 11:15:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2012/03/21 11:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT

[2012/03/21 11:14:32 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\ClydeSanders\Desktop\erunt-setup.exe

[2012/03/21 00:05:40 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\ClydeSanders\Desktop\dds.scr

[2012/03/20 16:29:53 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MpEngineStore

[2012/03/07 15:41:58 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/25 23:03:28 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/03/25 23:03:28 | 000,016,080 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/03/25 23:02:18 | 000,879,714 | ---- | M] () -- C:\Users\ClydeSanders\Desktop\SecurityCheck.exe

[2012/03/25 22:54:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/03/25 22:54:40 | 3059,748,864 | -HS- | M] () -- C:\hiberfil.sys

[2012/03/24 23:57:36 | 000,003,640 | ---- | M] () -- C:\windows\mozy.blk

[2012/03/24 23:57:36 | 000,000,212 | ---- | M] () -- C:\windows\mozy.flt

[2012/03/24 23:23:42 | 080,143,432 | ---- | M] (Kaspersky Lab) -- C:\Users\ClydeSanders\Desktop\kav12.0.0.374en.exe

[2012/03/24 21:25:45 | 000,713,888 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012/03/24 21:25:45 | 000,615,360 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012/03/24 21:25:45 | 000,103,702 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012/03/24 13:26:44 | 001,073,432 | ---- | M] () -- C:\Users\ClydeSanders\Desktop\KLUpdater.zip

[2012/03/23 19:36:42 | 000,000,098 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS.MVP

[2012/03/23 15:54:17 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\ClydeSanders\Desktop\OTL.exe

[2012/03/22 20:12:53 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd

[2012/03/22 19:26:20 | 000,000,046 | RH-- | M] () -- C:\Users\ClydeSanders\Desktop\stinger.opt

[2012/03/22 19:20:48 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys

[2012/03/22 19:19:23 | 009,273,408 | ---- | M] (McAfee Inc.) -- C:\Users\ClydeSanders\Desktop\stinger.exe

[2012/03/22 19:14:38 | 004,443,082 | R--- | M] (Swearware) -- C:\Users\ClydeSanders\Desktop\ComboFix.exe

[2012/03/21 15:12:19 | 000,000,512 | ---- | M] () -- C:\Users\ClydeSanders\Desktop\MBR.dat

[2012/03/21 11:35:05 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ClydeSanders\Desktop\mbam--setup-1.60.1.1000.exe

[2012/03/21 11:18:22 | 000,066,896 | ---- | M] (Malwarebytes Corporation) -- C:\Users\ClydeSanders\Desktop\mbam-clean.exe

[2012/03/21 11:14:35 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\ClydeSanders\Desktop\erunt-setup.exe

[2012/03/21 00:05:46 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\ClydeSanders\Desktop\dds.scr

[2012/03/19 21:00:32 | 539,680,324 | ---- | M] () -- C:\windows\MEMORY.DMP

[2012/02/28 02:10:18 | 000,610,100 | ---- | M] () -- C:\windows\SysNative\drivers\etc\HOSTS

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/25 23:01:54 | 000,879,714 | ---- | C] () -- C:\Users\ClydeSanders\Desktop\SecurityCheck.exe

[2012/03/24 13:26:39 | 001,073,432 | ---- | C] () -- C:\Users\ClydeSanders\Desktop\KLUpdater.zip

[2012/03/22 20:12:53 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd

[2012/03/22 19:29:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012/03/22 19:29:13 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012/03/22 19:29:13 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012/03/22 19:29:13 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012/03/22 09:29:35 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012/03/22 09:11:15 | 000,000,046 | RH-- | C] () -- C:\Users\ClydeSanders\Desktop\stinger.opt

[2012/03/21 15:12:19 | 000,000,512 | ---- | C] () -- C:\Users\ClydeSanders\Desktop\MBR.dat

[2012/02/21 16:25:25 | 000,000,112 | ---- | C] () -- C:\ProgramData\h51E8jmF7.dat

[2011/12/29 12:52:10 | 000,009,722 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\qta72td65gg0auoxxprm177273n4qmg807b33ohkia0

[2011/12/29 12:52:10 | 000,009,722 | -HS- | C] () -- C:\ProgramData\qta72td65gg0auoxxprm177273n4qmg807b33ohkia0

[2011/12/28 22:00:35 | 000,010,284 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\52tb78why18d25wl01r112ii7i11otgi7x51ik3sicf6n

[2011/12/28 22:00:35 | 000,010,284 | -HS- | C] () -- C:\ProgramData\52tb78why18d25wl01r112ii7i11otgi7x51ik3sicf6n

[2011/12/28 17:26:09 | 000,023,164 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\k6imghcjia483ald

[2011/12/28 17:26:09 | 000,023,164 | -HS- | C] () -- C:\ProgramData\k6imghcjia483ald

[2011/12/26 20:59:59 | 000,009,206 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\8elgg28tj7in1oxni76qo537508r3n4470by51ry81k13

[2011/12/26 20:59:59 | 000,009,206 | -HS- | C] () -- C:\ProgramData\8elgg28tj7in1oxni76qo537508r3n4470by51ry81k13

[2011/12/15 13:23:45 | 000,010,620 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\2h65bu2q45h570

[2011/12/15 13:23:45 | 000,010,620 | -HS- | C] () -- C:\ProgramData\2h65bu2q45h570

[2011/12/04 18:14:31 | 000,010,060 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\x0lf03t5uw0olr

[2011/05/17 19:17:00 | 000,009,016 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\7d4i311773tt2pw75p52g3581l664hd2876u16o0v8

[2011/05/17 19:17:00 | 000,009,016 | -HS- | C] () -- C:\ProgramData\7d4i311773tt2pw75p52g3581l664hd2876u16o0v8

[2011/05/15 00:13:21 | 000,009,124 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366

[2011/05/15 00:13:21 | 000,009,124 | -HS- | C] () -- C:\ProgramData\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366

[2011/03/23 08:54:09 | 000,000,000 | ---- | C] () -- C:\Users\ClydeSanders\AppData\Local\Okaducenafi.bin

[2011/03/23 08:54:08 | 000,000,120 | ---- | C] () -- C:\Users\ClydeSanders\AppData\Local\Vvoqitamewiga.dat

[2011/03/08 22:33:07 | 000,009,760 | -HS- | C] () -- C:\Users\ClydeSanders\AppData\Local\3050008006

[2011/03/08 22:33:07 | 000,009,760 | -HS- | C] () -- C:\ProgramData\3050008006

[2011/03/06 00:01:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/04/21 14:14:54 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin

[2010/04/21 14:14:52 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin

[2010/04/21 14:14:52 | 000,104,636 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin

[2010/04/21 13:22:50 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll

[2010/04/21 13:22:50 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2010/09/06 10:26:52 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\Absolute

[2011/08/31 14:11:00 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\Absolute Software

[2010/09/06 12:34:34 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\Absolute_Software

[2011/03/14 08:14:28 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\Amazon

[2010/10/10 19:59:32 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\Canon

[2012/03/22 20:56:15 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\f-secure

[2011/03/06 13:55:51 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\ooVoo Details

[2010/11/19 21:53:25 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\Toshiba

[2010/09/05 01:56:28 | 000,000,000 | ---D | M] -- C:\Users\ClydeSanders\AppData\Roaming\WinBatch

[2011/12/14 08:58:57 | 000,032,610 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

Extras:

OTL Extras logfile created on: 3/25/2012 11:09:39 PM - Run 1

OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\ClydeSanders\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 55.04% Memory free

7.60 Gb Paging File | 5.81 Gb Available in Paging File | 76.46% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453.67 Gb Total Space | 390.89 Gb Free Space | 86.16% Space Free | Partition Type: NTFS

Computer Name: CLYDESANDERS-PC | User Name: ClydeSanders | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring" = 1

"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers

"{26F41FA3-3170-446B-A3A2-83F5FA26E6CD}" = Intel® Wireless Display

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007

"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel® PROSet/Wireless WiFi Software

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"{CB090A2C-B2F9-110F-F9D2-08B47D08D36F}" = MozyHome

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3

"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{EBE939ED-4612-45FD-A39E-77AC199C4273}" = Absolute Notifier

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Canon MX340 series User Registration" = Canon MX340 series User Registration

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime

"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility

"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010

"jGRASP" = jGRASP

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1

"Speed Dial Utility" = Canon Speed Dial Utility

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Amazon Kindle For PC" = Amazon Kindle For PC

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/26/2011 11:41:16 AM | Computer Name = ClydeSanders-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 5/6/2011 8:13:39 PM | Computer Name = ClydeSanders-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 5/7/2011 9:53:38 PM | Computer Name = ClydeSanders-PC | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 1.9.2.3855,

time stamp: 0x4c48d590 Faulting module name: ntdll.dll, version: 6.1.7600.16385,

time stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x00022272 Faulting

process id: 0x1188 Faulting application start time: 0x01cc0cc4a4610612 Faulting application

path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module

path: C:\windows\SysWOW64\ntdll.dll Report Id: fd64e237-7915-11e0-becc-88ae1d53a027

Error - 5/10/2011 12:20:40 PM | Computer Name = ClydeSanders-PC | Source = Application Error | ID = 1000

Description = Faulting application name: firefox.exe, version: 1.9.2.3855, time

stamp: 0x4c48d5ce Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x4a801f90 Faulting process id: 0x1038 Faulting application

start time: 0x01cc0d7f3704f708 Faulting application path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Faulting module path: unknown Report Id: 718b6cda-7b21-11e0-a39e-88ae1d53a027

Error - 5/10/2011 3:30:26 PM | Computer Name = ClydeSanders-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 5/14/2011 10:09:03 PM | Computer Name = ClydeSanders-PC | Source = Application Error | ID = 1000

Description = Faulting application name: firefox.exe, version: 1.9.2.3855, time

stamp: 0x4c48d5ce Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xf48 Faulting application

start time: 0x01cc12a4006a324f Faulting application path: C:\Program Files (x86)\Mozilla

Firefox\firefox.exe Faulting module path: unknown Report Id: 4dd23f92-7e98-11e0-a7eb-88ae1d53a027

Error - 5/15/2011 12:13:29 AM | Computer Name = ClydeSanders-PC | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 1.9.2.3855,

time stamp: 0x4c48d590 Faulting module name: ntdll.dll, version: 6.1.7600.16385,

time stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x00022272 Faulting

process id: 0x104c Faulting application start time: 0x01cc12a416e155f5 Faulting application

path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module

path: C:\windows\SysWOW64\ntdll.dll Report Id: afd4b49f-7ea9-11e0-a7eb-88ae1d53a027

Error - 5/15/2011 1:27:11 AM | Computer Name = ClydeSanders-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

Error - 5/17/2011 7:17:01 PM | Computer Name = ClydeSanders-PC | Source = Application Error | ID = 1000

Description = Faulting application name: plugin-container.exe, version: 1.9.2.3855,

time stamp: 0x4c48d590 Faulting module name: ntdll.dll, version: 6.1.7600.16385,

time stamp: 0x4a5bdb3b Exception code: 0xc0000005 Fault offset: 0x00022272 Faulting

process id: 0xbbc Faulting application start time: 0x01cc13eb382b0f35 Faulting application

path: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe Faulting module

path: C:\windows\SysWOW64\ntdll.dll Report Id: c4bd1337-80db-11e0-a307-88ae1d53a027

Error - 5/18/2011 11:05:25 PM | Computer Name = ClydeSanders-PC | Source = SideBySide | ID = 16842787

Description = Activation context generation failed for "c:\program files (x86)\windows

live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program

files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity

found in manifest does not match the identity of the component requested. Reference

is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition

is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use

sxstrace.exe for detailed diagnosis.

[ System Events ]

Error - 11/16/2011 12:40:00 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 12:40:00 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 12:40:00 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 12:40:00 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 12:40:00 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 12:40:00 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 12:40:00 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 9:44:05 AM | Computer Name = ClydeSanders-PC | Source = Microsoft-Windows-Kernel-General | ID = 5

Description =

Error - 11/16/2011 9:44:09 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

Error - 11/16/2011 9:44:09 AM | Computer Name = ClydeSanders-PC | Source = Ntfs | ID = 262199

Description = The file system structure on the disk is corrupt and unusable. Please

run the chkdsk utility on the volume TI105835W0O.

< End of report >

Share this post


Link to post
Share on other sites

Some maintenance (update/security) items, then next, a new run of Combofix.

Out-of-date utilities & apps (such as Flash Player, Firefox browser, Google, other browsers, and Adobe Reader) expose you to security risks IF you are not keeping current with security updates. [which you have not, since I am having to repeat a call for updates on 3 of them] (In future, use Secunia PSI to keep current.)

Step 1

Download, Save, then Run this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for McAfee Security Scan Plus, or any other widget or toolbar !!!

Step 2

Start your Firefox browser. Select Help, then About.

FF will look for most recent update, and prompt your to Apply. Allow it to update, now, and follow prompts.

Step 3

Older versions of Adobe Reader pose a potential security risk.

De-install your Adobe Reader: Use Windows7' Programs & Features, Remove Adobe Reader.

Get latest Adobe Reader version

http://get.adobe.com/reader/

Be sure to un-check the box for Free McAfee Security Scan or any "toolbar" (if offered )

Step 4

You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!

I am going to have you get a fresh copy of Combofix, save it first, and then run a special script.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.

Link 1

Link 2

CF_download_FF.gif

CF_download_rename.gif

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the Code box below into it:


DDS::
uRun: [gWLwiaDlyb.exe] C:\ProgramData\gWLwiaDlyb.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB}

File::
C:\ProgramData\gWLwiaDlyb.exe
C:\ProgramData\ezsidmv.dat
C:\Users\ClydeSanders\AppData\Local\Vvoqitamewiga.dat
C:\Users\ClydeSanders\AppData\Local\Okaducenafi.bin

Folder::
C:\Users\ClydeSanders\AppData\Local\3050008006
C:\ProgramData\3050008006
C:\Users\ClydeSanders\AppData\Local\qta72td65gg0auoxxprm177273n4qmg807b33ohkia0
C:\ProgramData\qta72td65gg0auoxxprm177273n4qmg807b33ohkia0
C:\Users\ClydeSanders\AppData\Local\52tb78why18d25wl01r112ii7i11otgi7x51ik3sicf6n
C:\ProgramData\52tb78why18d25wl01r112ii7i11otgi7x51ik3sicf6n
C:\Users\ClydeSanders\AppData\Local\k6imghcjia483ald
C:\ProgramData\k6imghcjia483ald
C:\Users\ClydeSanders\AppData\Local\8elgg28tj7in1oxni76qo537508r3n4470by51ry81k13
C:\ProgramData\8elgg28tj7in1oxni76qo537508r3n4470by51ry81k13
C:\Users\ClydeSanders\AppData\Local\2h65bu2q45h570
C:\ProgramData\2h65bu2q45h570
C:\Users\ClydeSanders\AppData\Local\x0lf03t5uw0olr
C:\Users\ClydeSanders\AppData\Local\7d4i311773tt2pw75p52g3581l664hd2876u16o0v8
C:\ProgramData\7d4i311773tt2pw75p52g3581l664hd2876u16o0v8
C:\Users\ClydeSanders\AppData\Local\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366
C:\ProgramData\rn24wn5mm136m16l4n4fn6k3c0m7h2k77366

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Reply with the latest C:\Combofix.txt

and tell me, How is your system now ?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.