Jump to content

LisaB

Honorary Members
  • Posts

    35
  • Joined

  • Last visited

Reputation

0 Neutral
  1. MrCharlie was very knowledgeable, helped me fix my computer and responded promptly! Thanks for all your help MrCharlie, You're the best!!

  2. Ok, I ran TFC and then created a new restore point. I also downloaded Microsoft Security Essentials but havnt installed it yet. If I understand you correctly, it along with my windows firewall will be good? Also, I have not uninstalled Macafee yet. You stated we needed to uninstall all the programs we used to clean my computer. I'm ready when you are.
  3. It seems to be running back to normal, maybe a little slow, but other than that normal. Instead of Macafee is there a free virus, spyware and firewall all in one you would recommend? AVG, Eset? I really appreciate all your help and time!
  4. Let's try this again. If it doesn't attach this time, I guess I will need instructions on how to do it. I think I zipped it correctly. combolog.zip
  5. The above combo log is the log from the second time I had to run it. The first time the log was so large it would not let me post it here. I'm not sure what went wrong on the first run but the snapshot section was VERY LARGE.
  6. ComboFix 12-05-20.04 - Lisa 05/20/2012 9:32.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.2075 [GMT -5:00] Running from: c:\users\Lisa\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 ))))))))))))))))))))))))))))))) . . 2012-05-20 14:40 . 2012-05-20 14:40 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-05-20 14:40 . 2012-05-20 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-18 23:45 . 2012-05-18 23:46 -------- d-----w- c:\users\Guest 2012-05-15 03:57 . 2012-05-15 03:57 -------- d-----w- c:\programdata\Common Files 2012-05-15 03:52 . 2012-05-15 03:57 -------- d-----w- c:\programdata\MFAData 2012-05-13 13:27 . 2012-05-13 13:27 388096 ----a-r- c:\users\Lisa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-13 13:27 . 2012-05-13 13:27 -------- d-----w- c:\program files (x86)\Trend Micro 2012-05-11 11:01 . 2012-05-11 11:01 -------- d-----w- c:\program files\Microsoft Silverlight 2012-05-11 11:01 . 2012-05-11 11:01 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-05-09 23:56 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-09 23:56 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-09 23:56 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-09 23:56 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-09 23:56 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-09 23:56 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-09 23:55 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-09 23:54 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-09 23:54 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 23:54 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-04-27 23:02 . 2012-03-20 18:06 29272 ----a-w- c:\program files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 20:56 . 2011-01-19 17:37 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-20 18:11 . 2011-02-22 12:28 162192 ----a-w- c:\windows\system32\mfevtps.exe 2012-03-01 06:46 . 2012-04-11 09:57 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-11 09:57 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-11 09:57 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-11 09:57 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-11 09:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-11 09:57 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-11 09:57 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:56 . 2012-04-11 10:01 2311168 ----a-w- c:\windows\system32\jscript9.dll 2012-02-28 06:49 . 2012-04-11 10:01 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 06:48 . 2012-04-11 10:01 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-02-28 06:42 . 2012-04-11 10:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 01:18 . 2012-04-11 10:01 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-02-28 01:11 . 2012-04-11 10:01 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-02-28 01:11 . 2012-04-11 10:01 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 01:03 . 2012-04-11 10:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-02-22 18:29 . 2011-02-22 12:28 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-02-22 18:29 . 2011-02-22 12:28 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-02-22 18:29 . 2011-02-22 12:28 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-02-22 18:29 . 2011-02-22 12:28 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-02-22 18:29 . 2011-02-22 12:28 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-02-22 18:29 . 2011-02-22 12:28 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-02-22 18:29 . 2011-02-22 12:28 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-02-22 18:29 . 2011-02-22 12:28 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-02-22 18:29 . 2011-02-22 12:28 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-05-20_13.40.41 ))))))))))))))))))))))))))))))))))))))))) . + 2010-03-13 04:23 . 2012-05-20 13:59 55318 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-05-20 12:53 63148 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-20 13:59 63148 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-07-01 22:10 . 2012-05-20 13:59 16432 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3753022952-3108555767-2462944309-1001_UserData.bin + 2010-07-02 04:59 . 2012-05-20 14:41 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-07-02 04:59 . 2012-05-20 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-07-02 04:59 . 2012-05-20 13:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-07-02 04:59 . 2012-05-20 14:41 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-20 14:41 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-20 13:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-05-20 14:41 . 2012-05-20 14:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-20 13:32 . 2012-05-20 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-20 14:41 . 2012-05-20 14:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-20 13:32 . 2012-05-20 13:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-05-20 13:32 313912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-05-20 14:40 313912 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-10-30 02:54 . 2012-05-20 13:56 2466803 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753022952-3108555767-2462944309-1001-8192.dat - 2010-10-30 02:54 . 2012-05-20 13:32 2466803 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753022952-3108555767-2462944309-1001-8192.dat + 2011-07-02 13:41 . 2012-05-20 14:40 55166880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753022952-3108555767-2462944309-1001-4096.dat - 2011-07-02 13:41 . 2012-05-20 13:32 55166880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3753022952-3108555767-2462944309-1001-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\tbSwa1.dll" [2011-01-11 3911776] . [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files (x86)\Swag_Bucks\tbSwa1.dll" [2011-01-11 3911776] . [HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-05 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-22 1675160] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 136176] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 136176] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-09-13 308656] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2011-08-10 102608] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-28 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2010-02-22 16:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 04:20] . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-05 04:20] . 2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753022952-3108555767-2462944309-1001Core.job - c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-12 04:20] . 2012-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3753022952-3108555767-2462944309-1001UA.job - c:\users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-12 04:20] . 2012-04-28 c:\windows\Tasks\HPCeeScheduleForLisa.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104] "EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\nlnnun9l.default\ FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files (x86)\McAfee\SiteAdvisor . - - - - ORPHANS REMOVED - - - - . WebBrowser-{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE . ************************************************************************** . Completion time: 2012-05-20 09:52:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-20 14:52 ComboFix2.txt 2012-05-20 13:44 ComboFix3.txt 2011-03-05 06:39 . Pre-Run: 253,871,394,816 bytes free Post-Run: 253,771,894,784 bytes free . - - End Of File - - 0EDE134B226B59C63AD058B58F5C322D
  7. 21:30:57.0891 4768 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57 21:30:59.0482 4768 ============================================================ 21:30:59.0482 4768 Current date / time: 2012/05/19 21:30:59.0482 21:30:59.0482 4768 SystemInfo: 21:30:59.0482 4768 21:30:59.0482 4768 OS Version: 6.1.7601 ServicePack: 1.0 21:30:59.0482 4768 Product type: Workstation 21:30:59.0497 4768 ComputerName: LISA-PC 21:30:59.0497 4768 UserName: Lisa 21:30:59.0497 4768 Windows directory: C:\Windows 21:30:59.0497 4768 System windows directory: C:\Windows 21:30:59.0497 4768 Running under WOW64 21:30:59.0497 4768 Processor architecture: Intel x64 21:30:59.0497 4768 Number of processors: 2 21:30:59.0497 4768 Page size: 0x1000 21:30:59.0497 4768 Boot type: Normal boot 21:30:59.0497 4768 ============================================================ 21:31:00.0964 4768 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x193C38, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x6, Type 'K0', Flags 0x00000040 21:31:00.0979 4768 ============================================================ 21:31:00.0979 4768 \Device\Harddisk0\DR0: 21:31:00.0979 4768 MBR partitions: 21:31:00.0979 4768 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 21:31:00.0979 4768 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23A9F000 21:31:00.0979 4768 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23B03000, BlocksNum 0x192B000 21:31:00.0979 4768 ============================================================ 21:31:01.0011 4768 C: <-> \Device\Harddisk0\DR0\Partition1 21:31:01.0057 4768 D: <-> \Device\Harddisk0\DR0\Partition2 21:31:01.0057 4768 ============================================================ 21:31:01.0057 4768 Initialize success 21:31:01.0057 4768 ============================================================ 21:32:09.0308 3176 ============================================================ 21:32:09.0308 3176 Scan started 21:32:09.0308 3176 Mode: Manual; SigCheck; TDLFS; 21:32:09.0308 3176 ============================================================ 21:32:10.0228 3176 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 21:32:10.0431 3176 1394ohci - ok 21:32:10.0478 3176 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 21:32:10.0571 3176 ACPI - ok 21:32:10.0602 3176 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 21:32:10.0727 3176 AcpiPmi - ok 21:32:10.0805 3176 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:32:10.0852 3176 adp94xx - ok 21:32:10.0899 3176 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:32:10.0930 3176 adpahci - ok 21:32:10.0977 3176 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:32:10.0992 3176 adpu320 - ok 21:32:11.0055 3176 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 21:32:11.0351 3176 AeLookupSvc - ok 21:32:11.0414 3176 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 21:32:11.0554 3176 AFD - ok 21:32:11.0601 3176 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 21:32:11.0616 3176 agp440 - ok 21:32:11.0648 3176 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 21:32:11.0710 3176 ALG - ok 21:32:11.0726 3176 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 21:32:11.0757 3176 aliide - ok 21:32:11.0757 3176 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 21:32:11.0772 3176 amdide - ok 21:32:11.0850 3176 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:32:11.0928 3176 AmdK8 - ok 21:32:11.0944 3176 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:32:11.0991 3176 AmdPPM - ok 21:32:12.0053 3176 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 21:32:12.0131 3176 amdsata - ok 21:32:12.0178 3176 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:32:12.0209 3176 amdsbs - ok 21:32:12.0365 3176 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 21:32:12.0428 3176 amdxata - ok 21:32:12.0474 3176 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 21:32:12.0662 3176 AppID - ok 21:32:12.0708 3176 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 21:32:12.0755 3176 AppIDSvc - ok 21:32:12.0989 3176 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 21:32:13.0067 3176 Appinfo - ok 21:32:13.0192 3176 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 21:32:13.0286 3176 Apple Mobile Device - ok 21:32:13.0364 3176 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:32:13.0395 3176 arc - ok 21:32:13.0504 3176 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:32:13.0535 3176 arcsas - ok 21:32:13.0566 3176 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:32:13.0629 3176 AsyncMac - ok 21:32:13.0660 3176 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 21:32:13.0676 3176 atapi - ok 21:32:13.0754 3176 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys 21:32:13.0910 3176 athr - ok 21:32:14.0019 3176 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:32:14.0159 3176 AudioEndpointBuilder - ok 21:32:14.0159 3176 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 21:32:14.0222 3176 AudioSrv - ok 21:32:14.0268 3176 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 21:32:14.0393 3176 AxInstSV - ok 21:32:14.0471 3176 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:32:14.0549 3176 b06bdrv - ok 21:32:14.0658 3176 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:32:14.0705 3176 b57nd60a - ok 21:32:14.0861 3176 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 21:32:14.0939 3176 BBSvc - ok 21:32:14.0970 3176 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 21:32:15.0017 3176 BDESVC - ok 21:32:15.0048 3176 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:32:15.0126 3176 Beep - ok 21:32:15.0220 3176 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 21:32:15.0329 3176 BFE - ok 21:32:15.0392 3176 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 21:32:15.0532 3176 BITS - ok 21:32:15.0704 3176 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:32:15.0719 3176 blbdrive - ok 21:32:15.0906 3176 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 21:32:15.0984 3176 Bonjour Service - ok 21:32:16.0031 3176 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 21:32:16.0109 3176 bowser - ok 21:32:16.0156 3176 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:32:16.0250 3176 BrFiltLo - ok 21:32:16.0281 3176 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:32:16.0312 3176 BrFiltUp - ok 21:32:16.0359 3176 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 21:32:16.0437 3176 BridgeMP - ok 21:32:16.0484 3176 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 21:32:16.0530 3176 Browser - ok 21:32:16.0562 3176 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:32:16.0624 3176 Brserid - ok 21:32:16.0655 3176 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:32:16.0686 3176 BrSerWdm - ok 21:32:16.0733 3176 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:32:16.0827 3176 BrUsbMdm - ok 21:32:16.0889 3176 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:32:16.0920 3176 BrUsbSer - ok 21:32:16.0920 3176 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:32:16.0967 3176 BTHMODEM - ok 21:32:17.0014 3176 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 21:32:17.0061 3176 bthserv - ok 21:32:17.0139 3176 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys 21:32:17.0264 3176 CAXHWAZL - ok 21:32:17.0295 3176 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:32:17.0357 3176 cdfs - ok 21:32:17.0404 3176 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 21:32:17.0513 3176 cdrom - ok 21:32:17.0544 3176 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:32:17.0669 3176 CertPropSvc - ok 21:32:17.0732 3176 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys 21:32:17.0825 3176 cfwids - ok 21:32:17.0856 3176 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:32:17.0903 3176 circlass - ok 21:32:18.0215 3176 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:32:18.0262 3176 CLFS - ok 21:32:18.0434 3176 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:32:18.0465 3176 clr_optimization_v2.0.50727_32 - ok 21:32:18.0543 3176 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:32:18.0590 3176 clr_optimization_v2.0.50727_64 - ok 21:32:18.0699 3176 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:32:18.0777 3176 clr_optimization_v4.0.30319_32 - ok 21:32:18.0792 3176 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:32:18.0870 3176 clr_optimization_v4.0.30319_64 - ok 21:32:18.0902 3176 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:32:18.0933 3176 CmBatt - ok 21:32:18.0948 3176 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 21:32:18.0980 3176 cmdide - ok 21:32:19.0026 3176 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 21:32:19.0120 3176 CNG - ok 21:32:19.0167 3176 CnxtHdAudService (a44dfdb81dc62b11760881175e5b2266) C:\Windows\system32\drivers\CHDRT64.sys 21:32:19.0260 3176 CnxtHdAudService - ok 21:32:19.0510 3176 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 21:32:19.0604 3176 Com4QLBEx - ok 21:32:19.0666 3176 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:32:19.0697 3176 Compbatt - ok 21:32:19.0728 3176 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 21:32:19.0822 3176 CompositeBus - ok 21:32:19.0838 3176 COMSysApp - ok 21:32:19.0900 3176 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:32:19.0931 3176 crcdisk - ok 21:32:19.0978 3176 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 21:32:20.0087 3176 CryptSvc - ok 21:32:20.0150 3176 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:32:20.0212 3176 DcomLaunch - ok 21:32:20.0243 3176 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 21:32:20.0306 3176 defragsvc - ok 21:32:20.0352 3176 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 21:32:20.0462 3176 DfsC - ok 21:32:20.0633 3176 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 21:32:20.0680 3176 Dhcp - ok 21:32:20.0727 3176 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:32:20.0789 3176 discache - ok 21:32:20.0836 3176 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:32:20.0883 3176 Disk - ok 21:32:20.0930 3176 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 21:32:21.0086 3176 Dnscache - ok 21:32:21.0117 3176 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 21:32:21.0210 3176 dot3svc - ok 21:32:21.0242 3176 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 21:32:21.0335 3176 DPS - ok 21:32:21.0398 3176 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:32:21.0460 3176 drmkaud - ok 21:32:21.0522 3176 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 21:32:21.0616 3176 DXGKrnl - ok 21:32:21.0803 3176 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 21:32:21.0850 3176 EapHost - ok 21:32:21.0959 3176 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:32:22.0053 3176 ebdrv - ok 21:32:22.0146 3176 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 21:32:22.0256 3176 EFS - ok 21:32:22.0318 3176 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 21:32:22.0427 3176 ehRecvr - ok 21:32:22.0443 3176 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 21:32:22.0490 3176 ehSched - ok 21:32:22.0568 3176 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:32:22.0599 3176 elxstor - ok 21:32:22.0630 3176 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 21:32:22.0661 3176 ErrDev - ok 21:32:22.0739 3176 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 21:32:22.0802 3176 EventSystem - ok 21:32:22.0911 3176 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:32:22.0973 3176 exfat - ok 21:32:23.0004 3176 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:32:23.0051 3176 fastfat - ok 21:32:23.0145 3176 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 21:32:23.0270 3176 Fax - ok 21:32:23.0301 3176 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:32:23.0332 3176 fdc - ok 21:32:23.0379 3176 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 21:32:23.0441 3176 fdPHost - ok 21:32:23.0457 3176 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 21:32:23.0504 3176 FDResPub - ok 21:32:23.0535 3176 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:32:23.0550 3176 FileInfo - ok 21:32:23.0550 3176 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:32:23.0613 3176 Filetrace - ok 21:32:23.0644 3176 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:32:23.0660 3176 flpydisk - ok 21:32:23.0691 3176 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 21:32:23.0753 3176 FltMgr - ok 21:32:23.0816 3176 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 21:32:23.0972 3176 FontCache - ok 21:32:24.0096 3176 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:32:24.0174 3176 FontCache3.0.0.0 - ok 21:32:24.0221 3176 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:32:24.0252 3176 FsDepends - ok 21:32:24.0284 3176 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 21:32:24.0346 3176 Fs_Rec - ok 21:32:24.0377 3176 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:32:24.0455 3176 fvevol - ok 21:32:24.0502 3176 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:32:24.0518 3176 gagp30kx - ok 21:32:24.0611 3176 GameConsoleService (c1bbce4b30b45410178ee674c818d10c) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 21:32:24.0705 3176 GameConsoleService - ok 21:32:24.0720 3176 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 21:32:24.0783 3176 GEARAspiWDM - ok 21:32:24.0830 3176 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 21:32:24.0892 3176 gpsvc - ok 21:32:25.0001 3176 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:32:25.0095 3176 gupdate - ok 21:32:25.0173 3176 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 21:32:25.0188 3176 gupdatem - ok 21:32:25.0251 3176 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 21:32:25.0313 3176 gusvc - ok 21:32:25.0344 3176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:32:25.0422 3176 hcw85cir - ok 21:32:25.0469 3176 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 21:32:25.0563 3176 HdAudAddService - ok 21:32:25.0625 3176 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 21:32:25.0703 3176 HDAudBus - ok 21:32:25.0734 3176 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:32:25.0750 3176 HidBatt - ok 21:32:25.0766 3176 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:32:25.0812 3176 HidBth - ok 21:32:25.0828 3176 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:32:25.0859 3176 HidIr - ok 21:32:25.0875 3176 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 21:32:25.0937 3176 hidserv - ok 21:32:25.0984 3176 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 21:32:26.0078 3176 HidUsb - ok 21:32:26.0109 3176 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 21:32:26.0187 3176 hkmsvc - ok 21:32:26.0280 3176 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 21:32:26.0374 3176 HomeGroupListener - ok 21:32:26.0405 3176 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 21:32:26.0436 3176 HomeGroupProvider - ok 21:32:26.0561 3176 HP Health Check Service (be78357fb49759b79ccc01894bcfdddb) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 21:32:26.0639 3176 HP Health Check Service - ok 21:32:26.0686 3176 HPDrvMntSvc.exe (2dfb151fd34df104dac0adf070eda83c) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 21:32:26.0780 3176 HPDrvMntSvc.exe - ok 21:32:26.0826 3176 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 21:32:26.0936 3176 HpqKbFiltr - ok 21:32:27.0014 3176 hpqwmiex (184c500cb9f69585f3fe85e1d2667cd8) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 21:32:27.0029 3176 hpqwmiex - ok 21:32:27.0076 3176 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 21:32:27.0138 3176 HpSAMD - ok 21:32:27.0435 3176 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll 21:32:27.0497 3176 HsfXAudioService - ok 21:32:27.0684 3176 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys 21:32:27.0778 3176 HSF_DPV - ok 21:32:27.0903 3176 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 21:32:28.0012 3176 HTTP - ok 21:32:28.0043 3176 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 21:32:28.0090 3176 hwpolicy - ok 21:32:28.0137 3176 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 21:32:28.0152 3176 i8042prt - ok 21:32:28.0230 3176 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 21:32:28.0308 3176 iaStorV - ok 21:32:28.0433 3176 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:32:28.0511 3176 idsvc - ok 21:32:29.0088 3176 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 21:32:29.0463 3176 igfx - ok 21:32:29.0588 3176 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:32:29.0619 3176 iirsp - ok 21:32:29.0666 3176 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 21:32:29.0775 3176 IKEEXT - ok 21:32:29.0837 3176 IntcHdmiAddService (88a20fa54c73ded4e8dac764e9130ae9) C:\Windows\system32\drivers\IntcHdmi.sys 21:32:29.0978 3176 IntcHdmiAddService - ok 21:32:30.0024 3176 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 21:32:30.0056 3176 intelide - ok 21:32:30.0071 3176 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:32:30.0102 3176 intelppm - ok 21:32:30.0134 3176 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 21:32:30.0180 3176 IPBusEnum - ok 21:32:30.0243 3176 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:32:30.0352 3176 IpFilterDriver - ok 21:32:30.0399 3176 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 21:32:30.0446 3176 iphlpsvc - ok 21:32:30.0477 3176 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 21:32:30.0555 3176 IPMIDRV - ok 21:32:30.0586 3176 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:32:30.0633 3176 IPNAT - ok 21:32:30.0726 3176 iPod Service (a3bda1a8a016b5e5a525bcf684894ebe) C:\Program Files\iPod\bin\iPodService.exe 21:32:30.0820 3176 iPod Service - ok 21:32:30.0851 3176 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:32:30.0898 3176 IRENUM - ok 21:32:30.0945 3176 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 21:32:30.0976 3176 isapnp - ok 21:32:31.0148 3176 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 21:32:31.0210 3176 iScsiPrt - ok 21:32:31.0257 3176 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 21:32:31.0272 3176 kbdclass - ok 21:32:31.0335 3176 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 21:32:31.0413 3176 kbdhid - ok 21:32:31.0428 3176 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:32:31.0460 3176 KeyIso - ok 21:32:31.0616 3176 Kodak AiO Network Discovery Service (1a8d8cb042e2724385227f1a19a8decc) C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe 21:32:31.0725 3176 Kodak AiO Network Discovery Service - ok 21:32:31.0756 3176 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 21:32:31.0803 3176 KSecDD - ok 21:32:31.0834 3176 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 21:32:31.0896 3176 KSecPkg - ok 21:32:31.0943 3176 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:32:31.0990 3176 ksthunk - ok 21:32:32.0021 3176 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 21:32:32.0099 3176 KtmRm - ok 21:32:32.0271 3176 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 21:32:32.0333 3176 LanmanServer - ok 21:32:32.0364 3176 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 21:32:32.0411 3176 LanmanWorkstation - ok 21:32:32.0536 3176 LightScribeService (47269f0de1e5089c6f23bc1ec48cfc31) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 21:32:32.0614 3176 LightScribeService ( UnsignedFile.Multi.Generic ) - warning 21:32:32.0614 3176 LightScribeService - detected UnsignedFile.Multi.Generic (1) 21:32:32.0645 3176 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:32:32.0692 3176 lltdio - ok 21:32:32.0723 3176 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 21:32:32.0786 3176 lltdsvc - ok 21:32:32.0801 3176 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 21:32:32.0848 3176 lmhosts - ok 21:32:32.0895 3176 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:32:32.0926 3176 LSI_FC - ok 21:32:32.0926 3176 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:32:32.0957 3176 LSI_SAS - ok 21:32:32.0973 3176 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:32:32.0988 3176 LSI_SAS2 - ok 21:32:33.0035 3176 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:32:33.0051 3176 LSI_SCSI - ok 21:32:33.0066 3176 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:32:33.0129 3176 luafv - ok 21:32:33.0222 3176 McAfee SiteAdvisor Service (02aa4f6f30605c72faab7a2858735c11) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe 21:32:33.0238 3176 McAfee SiteAdvisor Service - ok 21:32:33.0394 3176 McComponentHostService (fd3ad5e1ecdaa94a89d6697f5c5465d6) C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe 21:32:33.0472 3176 McComponentHostService - ok 21:32:33.0597 3176 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 21:32:33.0628 3176 McMPFSvc - ok 21:32:33.0659 3176 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 21:32:33.0690 3176 mcmscsvc - ok 21:32:33.0706 3176 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 21:32:33.0722 3176 McNaiAnn - ok 21:32:33.0753 3176 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 21:32:33.0768 3176 McNASvc - ok 21:32:33.0846 3176 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe 21:32:33.0878 3176 McODS - ok 21:32:33.0893 3176 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 21:32:33.0909 3176 McProxy - ok 21:32:33.0971 3176 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 21:32:33.0987 3176 McShield - ok 21:32:34.0080 3176 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 21:32:34.0158 3176 Mcx2Svc - ok 21:32:34.0221 3176 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys 21:32:34.0299 3176 mdmxsdk - ok 21:32:34.0346 3176 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:32:34.0361 3176 megasas - ok 21:32:34.0658 3176 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:32:34.0689 3176 MegaSR - ok 21:32:34.0845 3176 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys 21:32:34.0907 3176 mfeapfk - ok 21:32:34.0954 3176 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys 21:32:35.0032 3176 mfeavfk - ok 21:32:35.0063 3176 mfeavfk01 - ok 21:32:35.0110 3176 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 21:32:35.0172 3176 mfefire - ok 21:32:35.0219 3176 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys 21:32:35.0297 3176 mfefirek - ok 21:32:35.0360 3176 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys 21:32:35.0438 3176 mfehidk - ok 21:32:35.0484 3176 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys 21:32:35.0531 3176 mfenlfk - ok 21:32:35.0578 3176 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys 21:32:35.0656 3176 mferkdet - ok 21:32:35.0703 3176 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe 21:32:35.0781 3176 mfevtp - ok 21:32:35.0968 3176 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys 21:32:36.0030 3176 mfewfpk - ok 21:32:36.0062 3176 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:32:36.0124 3176 MMCSS - ok 21:32:36.0155 3176 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:32:36.0202 3176 Modem - ok 21:32:36.0233 3176 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:32:36.0264 3176 monitor - ok 21:32:36.0311 3176 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 21:32:36.0342 3176 mouclass - ok 21:32:36.0374 3176 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:32:36.0405 3176 mouhid - ok 21:32:36.0436 3176 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 21:32:36.0498 3176 mountmgr - ok 21:32:36.0748 3176 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 21:32:36.0826 3176 mpio - ok 21:32:36.0873 3176 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:32:36.0935 3176 mpsdrv - ok 21:32:37.0091 3176 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 21:32:37.0200 3176 MpsSvc - ok 21:32:37.0232 3176 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 21:32:37.0325 3176 MRxDAV - ok 21:32:37.0356 3176 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:32:37.0450 3176 mrxsmb - ok 21:32:37.0497 3176 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:32:37.0590 3176 mrxsmb10 - ok 21:32:37.0622 3176 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:32:37.0700 3176 mrxsmb20 - ok 21:32:37.0715 3176 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 21:32:37.0793 3176 msahci - ok 21:32:37.0824 3176 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 21:32:37.0918 3176 msdsm - ok 21:32:37.0949 3176 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 21:32:37.0996 3176 MSDTC - ok 21:32:38.0043 3176 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:32:38.0090 3176 Msfs - ok 21:32:38.0199 3176 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:32:38.0292 3176 mshidkmdf - ok 21:32:38.0324 3176 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 21:32:38.0339 3176 msisadrv - ok 21:32:38.0370 3176 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 21:32:38.0417 3176 MSiSCSI - ok 21:32:38.0433 3176 msiserver - ok 21:32:38.0464 3176 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:32:38.0526 3176 MSKSSRV - ok 21:32:38.0542 3176 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:32:38.0604 3176 MSPCLOCK - ok 21:32:38.0620 3176 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:32:38.0682 3176 MSPQM - ok 21:32:38.0714 3176 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 21:32:38.0776 3176 MsRPC - ok 21:32:38.0807 3176 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 21:32:38.0838 3176 mssmbios - ok 21:32:38.0854 3176 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:32:38.0916 3176 MSTEE - ok 21:32:38.0932 3176 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:32:38.0963 3176 MTConfig - ok 21:32:38.0979 3176 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:32:38.0994 3176 Mup - ok 21:32:39.0026 3176 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 21:32:39.0088 3176 napagent - ok 21:32:39.0135 3176 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:32:39.0213 3176 NativeWifiP - ok 21:32:39.0400 3176 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 21:32:39.0478 3176 NDIS - ok 21:32:39.0525 3176 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:32:39.0603 3176 NdisCap - ok 21:32:39.0618 3176 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:32:39.0665 3176 NdisTapi - ok 21:32:39.0712 3176 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 21:32:39.0806 3176 Ndisuio - ok 21:32:39.0837 3176 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 21:32:39.0930 3176 NdisWan - ok 21:32:39.0962 3176 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 21:32:40.0040 3176 NDProxy - ok 21:32:40.0086 3176 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:32:40.0149 3176 NetBIOS - ok 21:32:40.0180 3176 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 21:32:40.0274 3176 NetBT - ok 21:32:40.0320 3176 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:32:40.0336 3176 Netlogon - ok 21:32:40.0508 3176 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 21:32:40.0570 3176 Netman - ok 21:32:40.0601 3176 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 21:32:40.0648 3176 netprofm - ok 21:32:40.0757 3176 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:32:40.0773 3176 NetTcpPortSharing - ok 21:32:40.0976 3176 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 21:32:41.0147 3176 netw5v64 - ok 21:32:41.0272 3176 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:32:41.0303 3176 nfrd960 - ok 21:32:41.0366 3176 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 21:32:41.0412 3176 NlaSvc - ok 21:32:41.0459 3176 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:32:41.0506 3176 Npfs - ok 21:32:41.0646 3176 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 21:32:41.0693 3176 nsi - ok 21:32:41.0724 3176 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:32:41.0771 3176 nsiproxy - ok 21:32:41.0849 3176 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 21:32:41.0943 3176 Ntfs - ok 21:32:42.0052 3176 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:32:42.0114 3176 Null - ok 21:32:42.0146 3176 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 21:32:42.0208 3176 nvraid - ok 21:32:42.0224 3176 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 21:32:42.0286 3176 nvstor - ok 21:32:42.0333 3176 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 21:32:42.0364 3176 nv_agp - ok 21:32:42.0458 3176 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:32:42.0489 3176 odserv - ok 21:32:42.0520 3176 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 21:32:42.0567 3176 ohci1394 - ok 21:32:42.0582 3176 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:32:42.0598 3176 ose - ok 21:32:42.0910 3176 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:32:42.0972 3176 p2pimsvc - ok 21:32:43.0082 3176 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 21:32:43.0113 3176 p2psvc - ok 21:32:43.0144 3176 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:32:43.0175 3176 Parport - ok 21:32:43.0206 3176 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 21:32:43.0269 3176 partmgr - ok 21:32:43.0284 3176 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 21:32:43.0331 3176 PcaSvc - ok 21:32:43.0378 3176 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 21:32:43.0440 3176 pci - ok 21:32:43.0456 3176 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 21:32:43.0487 3176 pciide - ok 21:32:43.0518 3176 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:32:43.0550 3176 pcmcia - ok 21:32:43.0565 3176 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:32:43.0581 3176 pcw - ok 21:32:43.0612 3176 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:32:43.0690 3176 PEAUTH - ok 21:32:43.0768 3176 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 21:32:43.0799 3176 PerfHost - ok 21:32:43.0877 3176 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 21:32:43.0986 3176 pla - ok 21:32:44.0033 3176 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 21:32:44.0142 3176 PlugPlay - ok 21:32:44.0205 3176 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 21:32:44.0236 3176 PNRPAutoReg - ok 21:32:44.0252 3176 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:32:44.0283 3176 PNRPsvc - ok 21:32:44.0314 3176 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 21:32:44.0408 3176 PolicyAgent - ok 21:32:44.0439 3176 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 21:32:44.0501 3176 Power - ok 21:32:44.0579 3176 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 21:32:44.0688 3176 PptpMiniport - ok 21:32:44.0720 3176 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:32:44.0751 3176 Processor - ok 21:32:44.0782 3176 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 21:32:44.0829 3176 ProfSvc - ok 21:32:44.0860 3176 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:32:44.0876 3176 ProtectedStorage - ok 21:32:44.0938 3176 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 21:32:45.0032 3176 Psched - ok 21:32:45.0094 3176 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:32:45.0156 3176 ql2300 - ok 21:32:45.0422 3176 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:32:45.0453 3176 ql40xx - ok 21:32:45.0484 3176 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 21:32:45.0515 3176 QWAVE - ok 21:32:45.0531 3176 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:32:45.0578 3176 QWAVEdrv - ok 21:32:45.0593 3176 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:32:45.0656 3176 RasAcd - ok 21:32:45.0702 3176 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:32:45.0749 3176 RasAgileVpn - ok 21:32:45.0780 3176 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 21:32:45.0843 3176 RasAuto - ok 21:32:45.0858 3176 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:32:45.0968 3176 Rasl2tp - ok 21:32:45.0999 3176 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 21:32:46.0077 3176 RasMan - ok 21:32:46.0124 3176 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:32:46.0186 3176 RasPppoe - ok 21:32:46.0217 3176 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:32:46.0264 3176 RasSstp - ok 21:32:46.0451 3176 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 21:32:46.0545 3176 rdbss - ok 21:32:46.0576 3176 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:32:46.0623 3176 rdpbus - ok 21:32:46.0638 3176 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:32:46.0701 3176 RDPCDD - ok 21:32:46.0732 3176 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:32:46.0794 3176 RDPENCDD - ok 21:32:46.0810 3176 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:32:46.0857 3176 RDPREFMP - ok 21:32:46.0888 3176 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 21:32:46.0997 3176 RDPWD - ok 21:32:47.0028 3176 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 21:32:47.0106 3176 rdyboost - ok 21:32:47.0122 3176 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 21:32:47.0184 3176 RemoteAccess - ok 21:32:47.0200 3176 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 21:32:47.0262 3176 RemoteRegistry - ok 21:32:47.0372 3176 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 21:32:47.0465 3176 RichVideo - ok 21:32:47.0590 3176 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 21:32:47.0652 3176 RpcEptMapper - ok 21:32:47.0668 3176 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 21:32:47.0715 3176 RpcLocator - ok 21:32:47.0762 3176 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 21:32:47.0808 3176 RpcSs - ok 21:32:47.0855 3176 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:32:47.0933 3176 rspndr - ok 21:32:47.0980 3176 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys 21:32:48.0058 3176 RSUSBSTOR - ok 21:32:48.0105 3176 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys 21:32:48.0198 3176 RTL8167 - ok 21:32:48.0230 3176 RtsUIR - ok 21:32:48.0261 3176 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:32:48.0276 3176 SamSs - ok 21:32:48.0308 3176 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 21:32:48.0370 3176 sbp2port - ok 21:32:48.0401 3176 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 21:32:48.0464 3176 SCardSvr - ok 21:32:48.0510 3176 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 21:32:48.0651 3176 scfilter - ok 21:32:48.0729 3176 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 21:32:48.0838 3176 Schedule - ok 21:32:48.0869 3176 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 21:32:48.0916 3176 SCPolicySvc - ok 21:32:48.0947 3176 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys 21:32:49.0010 3176 sdbus - ok 21:32:49.0041 3176 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 21:32:49.0103 3176 SDRSVC - ok 21:32:49.0212 3176 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 21:32:49.0244 3176 SeaPort - ok 21:32:49.0290 3176 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:32:49.0337 3176 secdrv - ok 21:32:49.0368 3176 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 21:32:49.0462 3176 seclogon - ok 21:32:49.0493 3176 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 21:32:49.0571 3176 SENS - ok 21:32:49.0587 3176 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 21:32:49.0649 3176 SensrSvc - ok 21:32:49.0805 3176 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:32:49.0836 3176 Serenum - ok 21:32:49.0852 3176 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:32:49.0883 3176 Serial - ok 21:32:49.0914 3176 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:32:49.0946 3176 sermouse - ok 21:32:49.0977 3176 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 21:32:50.0070 3176 SessionEnv - ok 21:32:50.0102 3176 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 21:32:50.0148 3176 sffdisk - ok 21:32:50.0148 3176 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 21:32:50.0195 3176 sffp_mmc - ok 21:32:50.0195 3176 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 21:32:50.0273 3176 sffp_sd - ok 21:32:50.0289 3176 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:32:50.0304 3176 sfloppy - ok 21:32:50.0351 3176 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 21:32:50.0414 3176 SharedAccess - ok 21:32:50.0445 3176 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 21:32:50.0507 3176 ShellHWDetection - ok 21:32:50.0538 3176 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:32:50.0554 3176 SiSRaid2 - ok 21:32:50.0585 3176 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:32:50.0601 3176 SiSRaid4 - ok 21:32:50.0632 3176 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:32:50.0694 3176 Smb - ok 21:32:50.0726 3176 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 21:32:50.0757 3176 SNMPTRAP - ok 21:32:50.0772 3176 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:32:50.0804 3176 spldr - ok 21:32:51.0053 3176 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 21:32:51.0162 3176 Spooler - ok 21:32:51.0303 3176 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 21:32:51.0396 3176 sppsvc - ok 21:32:51.0490 3176 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 21:32:51.0568 3176 sppuinotify - ok 21:32:51.0630 3176 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 21:32:51.0740 3176 srv - ok 21:32:51.0771 3176 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 21:32:51.0849 3176 srv2 - ok 21:32:51.0896 3176 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 21:32:51.0927 3176 SrvHsfHDA - ok 21:32:51.0974 3176 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 21:32:52.0052 3176 SrvHsfV92 - ok 21:32:52.0192 3176 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 21:32:52.0364 3176 SrvHsfWinac - ok 21:32:52.0395 3176 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 21:32:52.0473 3176 srvnet - ok 21:32:52.0520 3176 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 21:32:52.0582 3176 SSDPSRV - ok 21:32:52.0598 3176 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 21:32:52.0644 3176 SstpSvc - ok 21:32:52.0676 3176 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:32:52.0691 3176 stexstor - ok 21:32:52.0738 3176 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 21:32:52.0832 3176 stisvc - ok 21:32:52.0863 3176 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 21:32:52.0878 3176 swenum - ok 21:32:52.0910 3176 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 21:32:52.0972 3176 swprv - ok 21:32:53.0019 3176 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys 21:32:53.0097 3176 SynTP - ok 21:32:53.0175 3176 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 21:32:53.0237 3176 SysMain - ok 21:32:53.0487 3176 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 21:32:53.0549 3176 TabletInputService - ok 21:32:53.0580 3176 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 21:32:53.0674 3176 TapiSrv - ok 21:32:53.0690 3176 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 21:32:53.0736 3176 TBS - ok 21:32:53.0861 3176 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 21:32:53.0970 3176 Tcpip - ok 21:32:54.0142 3176 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 21:32:54.0189 3176 TCPIP6 - ok 21:32:54.0236 3176 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 21:32:54.0329 3176 tcpipreg - ok 21:32:54.0376 3176 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:32:54.0423 3176 TDPIPE - ok 21:32:54.0594 3176 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 21:32:54.0672 3176 TDTCP - ok 21:32:54.0704 3176 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 21:32:54.0797 3176 tdx - ok 21:32:54.0828 3176 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 21:32:54.0875 3176 TermDD - ok 21:32:54.0922 3176 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 21:32:55.0016 3176 TermService - ok 21:32:55.0031 3176 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 21:32:55.0078 3176 Themes - ok 21:32:55.0109 3176 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:32:55.0140 3176 THREADORDER - ok 21:32:55.0172 3176 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 21:32:55.0218 3176 TrkWks - ok 21:32:55.0265 3176 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 21:32:55.0390 3176 TrustedInstaller - ok 21:32:55.0421 3176 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:32:55.0515 3176 tssecsrv - ok 21:32:55.0733 3176 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 21:32:55.0811 3176 TsUsbFlt - ok 21:32:55.0858 3176 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 21:32:55.0952 3176 tunnel - ok 21:32:55.0983 3176 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:32:56.0014 3176 uagp35 - ok 21:32:56.0045 3176 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 21:32:56.0139 3176 udfs - ok 21:32:56.0186 3176 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 21:32:56.0201 3176 UI0Detect - ok 21:32:56.0233 3176 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 21:32:56.0264 3176 uliagpkx - ok 21:32:56.0295 3176 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 21:32:56.0373 3176 umbus - ok 21:32:56.0404 3176 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:32:56.0435 3176 UmPass - ok 21:32:56.0482 3176 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 21:32:56.0545 3176 upnphost - ok 21:32:56.0607 3176 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys 21:32:56.0701 3176 USBAAPL64 - ok 21:32:56.0872 3176 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 21:32:56.0950 3176 usbccgp - ok 21:32:56.0966 3176 USBCCID - ok 21:32:56.0997 3176 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 21:32:57.0028 3176 usbcir - ok 21:32:57.0059 3176 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 21:32:57.0137 3176 usbehci - ok 21:32:57.0184 3176 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 21:32:57.0262 3176 usbhub - ok 21:32:57.0293 3176 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 21:32:57.0356 3176 usbohci - ok 21:32:57.0403 3176 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:32:57.0434 3176 usbprint - ok 21:32:57.0449 3176 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:32:57.0543 3176 USBSTOR - ok 21:32:57.0590 3176 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 21:32:57.0668 3176 usbuhci - ok 21:32:57.0699 3176 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 21:32:57.0761 3176 usbvideo - ok 21:32:57.0793 3176 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 21:32:57.0855 3176 UxSms - ok 21:32:57.0964 3176 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 21:32:57.0995 3176 VaultSvc - ok 21:32:58.0042 3176 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 21:32:58.0058 3176 vdrvroot - ok 21:32:58.0105 3176 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 21:32:58.0198 3176 vds - ok 21:32:58.0229 3176 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:32:58.0261 3176 vga - ok 21:32:58.0276 3176 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:32:58.0323 3176 VgaSave - ok 21:32:58.0354 3176 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 21:32:58.0432 3176 vhdmp - ok 21:32:58.0463 3176 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 21:32:58.0479 3176 viaide - ok 21:32:58.0510 3176 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 21:32:58.0573 3176 volmgr - ok 21:32:58.0619 3176 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 21:32:58.0682 3176 volmgrx - ok 21:32:58.0729 3176 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 21:32:58.0807 3176 volsnap - ok 21:32:58.0822 3176 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:32:58.0853 3176 vsmraid - ok 21:32:58.0916 3176 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 21:32:59.0056 3176 VSS - ok 21:32:59.0493 3176 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 21:32:59.0524 3176 vwifibus - ok 21:32:59.0555 3176 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 21:32:59.0602 3176 vwififlt - ok 21:32:59.0649 3176 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 21:32:59.0696 3176 W32Time - ok 21:32:59.0727 3176 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:32:59.0758 3176 WacomPen - ok 21:32:59.0805 3176 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:32:59.0914 3176 WANARP - ok 21:32:59.0930 3176 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 21:32:59.0977 3176 Wanarpv6 - ok 21:33:00.0086 3176 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 21:33:00.0179 3176 WatAdminSvc - ok 21:33:00.0242 3176 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 21:33:00.0351 3176 wbengine - ok 21:33:00.0585 3176 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 21:33:00.0616 3176 WbioSrvc - ok 21:33:00.0647 3176 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 21:33:00.0725 3176 wcncsvc - ok 21:33:00.0757 3176 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 21:33:00.0788 3176 WcsPlugInService - ok 21:33:00.0850 3176 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:33:00.0881 3176 Wd - ok 21:33:00.0928 3176 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:33:00.0959 3176 Wdf01000 - ok 21:33:01.0006 3176 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:33:01.0100 3176 WdiServiceHost - ok 21:33:01.0115 3176 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:33:01.0131 3176 WdiSystemHost - ok 21:33:01.0162 3176 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 21:33:01.0240 3176 WebClient - ok 21:33:01.0271 3176 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 21:33:01.0318 3176 Wecsvc - ok 21:33:01.0334 3176 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 21:33:01.0396 3176 wercplsupport - ok 21:33:01.0427 3176 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 21:33:01.0474 3176 WerSvc - ok 21:33:01.0537 3176 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:33:01.0583 3176 WfpLwf - ok 21:33:01.0677 3176 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:33:01.0693 3176 WIMMount - ok 21:33:01.0739 3176 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys 21:33:01.0817 3176 winachsf - ok 21:33:01.0864 3176 WinDefend - ok 21:33:01.0880 3176 WinHttpAutoProxySvc - ok 21:33:01.0942 3176 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 21:33:02.0005 3176 Winmgmt - ok 21:33:02.0083 3176 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 21:33:02.0207 3176 WinRM - ok 21:33:02.0379 3176 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 21:33:02.0473 3176 WinUsb - ok 21:33:02.0519 3176 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 21:33:02.0566 3176 Wlansvc - ok 21:33:02.0894 3176 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:33:02.0987 3176 wlidsvc - ok 21:33:03.0097 3176 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 21:33:03.0159 3176 WmiAcpi - ok 21:33:03.0206 3176 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 21:33:03.0237 3176 wmiApSrv - ok 21:33:03.0284 3176 WMPNetworkSvc - ok 21:33:03.0331 3176 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 21:33:03.0362 3176 WPCSvc - ok 21:33:03.0409 3176 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 21:33:03.0487 3176 WPDBusEnum - ok 21:33:03.0518 3176 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:33:03.0565 3176 ws2ifsl - ok 21:33:03.0611 3176 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 21:33:03.0643 3176 wscsvc - ok 21:33:03.0658 3176 WSearch - ok 21:33:03.0752 3176 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 21:33:03.0908 3176 wuauserv - ok 21:33:04.0033 3176 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 21:33:04.0142 3176 WudfPf - ok 21:33:04.0173 3176 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:33:04.0251 3176 WUDFRd - ok 21:33:04.0282 3176 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 21:33:04.0360 3176 wudfsvc - ok 21:33:04.0407 3176 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 21:33:04.0438 3176 WwanSvc - ok 21:33:04.0469 3176 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys 21:33:04.0532 3176 XAudio - ok 21:33:04.0594 3176 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 21:33:04.0625 3176 yukonw7 - ok 21:33:04.0657 3176 MBR (0x1B8) (bc01fc9188605366fce52432c36921c9) \Device\Harddisk0\DR0 21:33:04.0859 3176 \Device\Harddisk0\DR0 - ok 21:33:04.0875 3176 Boot (0x1200) (69c60842a2457bf66012bbb9af4c8caf) \Device\Harddisk0\DR0\Partition0 21:33:04.0875 3176 \Device\Harddisk0\DR0\Partition0 - ok 21:33:04.0906 3176 Boot (0x1200) (c0e0a6a6699366b1648ae37a3c48a015) \Device\Harddisk0\DR0\Partition1 21:33:04.0906 3176 \Device\Harddisk0\DR0\Partition1 - ok 21:33:04.0937 3176 Boot (0x1200) (65f59d0fde43d532faa1250c550aa8a1) \Device\Harddisk0\DR0\Partition2 21:33:04.0984 3176 \Device\Harddisk0\DR0\Partition2 - ok 21:33:04.0984 3176 ============================================================ 21:33:04.0984 3176 Scan finished 21:33:04.0984 3176 ============================================================ 21:33:05.0000 3732 Detected object count: 1 21:33:05.0000 3732 Actual detected object count: 1 21:33:29.0554 3732 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user 21:33:29.0554 3732 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:38:26.0563 4284 Deinitialize success
  8. I think I was able to get it deleted. Here is the RougeKiller last report: RogueKiller V7.4.5 [05/18/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Lisa [Admin rights] Mode: Scan -- Date: 05/19/2012 14:27:33 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM321HI ATA Device +++++ --- User --- [MBR] 977e86e96fab566055d2e964dd4af9a1 [bSP] 7a3e53dde8162bc98e28149bec4a8675 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292158 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598749184 | Size: 12886 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[8].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ; RKreport[6].txt ; RKreport[7].txt ; RKreport[8].txt
  9. I ran the Unhide on Bleeping Computer and it looks like all files/shortcuts etc was restored. That's a relief! Thank you so much! I ran RogueKiller after making sure all hidden files were showing and only 6 entries were listed in Registry, can you confirm that these 6 need to be deleted? I think they are the ones you listed above. I wasnt sure what to do so I just exited out before screwing something up even worse. Here is the report: RogueKiller V7.4.5 [05/18/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Lisa [Admin rights] Mode: Scan -- Date: 05/19/2012 09:07:22 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : irMSTkFdIRNGS.exe (C:\ProgramData\irMSTkFdIRNGS.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-3753022952-3108555767-2462944309-1001[...]\Run : irMSTkFdIRNGS.exe (C:\ProgramData\irMSTkFdIRNGS.exe) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost 93.115.241.27 www.google-analytics.com. 93.115.241.27 ad-emea.doubleclick.net. 93.115.241.27 www.statcounter.com. 108.163.215.51 www.google-analytics.com. 108.163.215.51 ad-emea.doubleclick.net. 108.163.215.51 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM321HI ATA Device +++++ --- User --- [MBR] 977e86e96fab566055d2e964dd4af9a1 [bSP] 7a3e53dde8162bc98e28149bec4a8675 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292158 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598749184 | Size: 12886 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  10. Also, when I booted up my computer this morning now all my files and shortcuts are hid and my desktop is blacked out. I think it may be the fake hdd?? I was able to set up a guest login and it allowed me to get online and run the two above and get the logs. It also let me run the malwarebytes and found 4 infected files that were deleted, but I still do not have my desktop back, as well as everything else. Just wanted you to know in case the logs above show this. Thanks for all the help, I truly appreciate what you do.
  11. RogueKiller V7.4.5 [05/18/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Lisa [Admin rights] Mode: Scan -- Date: 05/18/2012 20:04:48 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 18 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : irMSTkFdIRNGS.exe (C:\ProgramData\irMSTkFdIRNGS.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-3753022952-3108555767-2462944309-1001[...]\Run : irMSTkFdIRNGS.exe (C:\ProgramData\irMSTkFdIRNGS.exe) -> FOUND [WallPP] HKCU\[...]\Desktop : Wallpaper () -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowControlPanel (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost 93.115.241.27 www.google-analytics.com. 93.115.241.27 ad-emea.doubleclick.net. 93.115.241.27 www.statcounter.com. 108.163.215.51 www.google-analytics.com. 108.163.215.51 ad-emea.doubleclick.net. 108.163.215.51 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM321HI ATA Device +++++ --- User --- [MBR] 977e86e96fab566055d2e964dd4af9a1 [bSP] 7a3e53dde8162bc98e28149bec4a8675 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 292158 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 598749184 | Size: 12886 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  12. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Lisa at 19:52:54 on 2012-05-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1754 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll BHO: AutorunsDisabled - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427180239.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [irMSTkFdIRNGS.exe] C:\ProgramData\irMSTkFdIRNGS.exe mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{353F3681-A626-4CEE-B764-DB86E70E2482} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{353F3681-A626-4CEE-B764-DB86E70E2482}\33274696 : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{BCE18823-329B-4E54-BF20-2511981A821C} : DhcpNameServer = 172.168.37.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: AutorunsDisabled - No File BHO-X64: AcroIEHelperStub - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427180239.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: Swag Bucks Toolbar: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Hosts: 93.115.241.27 www.google-analytics.com. Hosts: 93.115.241.27 ad-emea.doubleclick.net. Hosts: 93.115.241.27 www.statcounter.com. Hosts: 108.163.215.51 www.google-analytics.com. Hosts: 108.163.215.51 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\nlnnun9l.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-9-13 308656] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-9-10 102608] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-2 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-2 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-2 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-22 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-22 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-12 227896] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-4 136176] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-4 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-05-15 03:57:18 -------- d--h--w- C:\ProgramData\Common Files 2012-05-15 03:52:32 -------- d--h--w- C:\ProgramData\MFAData 2012-05-13 13:27:23 388096 ---ha-r- C:\Users\Lisa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-13 13:27:23 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-05-09 23:56:51 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-09 23:56:46 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-09 23:56:34 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-09 23:56:30 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-09 23:56:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-09 23:56:22 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-09 23:55:21 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-09 23:54:17 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-09 23:54:08 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 23:54:03 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-04-27 23:02:39 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-04-19 13:56:56 -------- d--h--w- C:\Users\Lisa\AppData\Local\{B17E9218-6685-4F75-B028-7DF07D30A945} 2012-04-19 13:56:33 -------- d--h--w- C:\Users\Lisa\AppData\Local\{7E01F80C-5A40-4786-8755-4833D98811C6} . ==================== Find3M ==================== . 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-20 18:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-22 18:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2012-02-22 18:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-02-22 18:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2012-02-22 18:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-02-22 18:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-02-22 18:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-02-22 18:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2012-02-22 18:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-02-22 18:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys . ============= FINISH: 19:54:30.68 =============== . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29 Run by Lisa at 19:52:54 on 2012-05-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1754 [GMT -5:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files (x86)\Internet Explorer\IELowutil.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll BHO: AutorunsDisabled - No File BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427180239.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Google Update] "C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [irMSTkFdIRNGS.exe] C:\ProgramData\irMSTkFdIRNGS.exe mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{353F3681-A626-4CEE-B764-DB86E70E2482} : DhcpNameServer = 192.168.1.254 TCP: Interfaces\{353F3681-A626-4CEE-B764-DB86E70E2482}\33274696 : DhcpNameServer = 10.0.0.1 TCP: Interfaces\{BCE18823-329B-4E54-BF20-2511981A821C} : DhcpNameServer = 172.168.37.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\McAfee\SITEAD~1\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: AutorunsDisabled - No File BHO-X64: AcroIEHelperStub - No File BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427180239.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File TB-X64: Swag Bucks Toolbar: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe Hosts: 93.115.241.27 www.google-analytics.com. Hosts: 93.115.241.27 ad-emea.doubleclick.net. Hosts: 93.115.241.27 www.statcounter.com. Hosts: 108.163.215.51 www.google-analytics.com. Hosts: 108.163.215.51 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\nlnnun9l.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Lisa\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?] R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-10-14 92216] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe [2010-9-13 308656] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2011-9-10 102608] R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-2 249936] R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-2 249936] R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-2 249936] R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-22 199272] R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-22 210584] R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-3-12 227896] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-4 136176] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-7-4 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-3 227232] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-05-15 03:57:18 -------- d--h--w- C:\ProgramData\Common Files 2012-05-15 03:52:32 -------- d--h--w- C:\ProgramData\MFAData 2012-05-13 13:27:23 388096 ---ha-r- C:\Users\Lisa\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-05-13 13:27:23 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-05-09 23:56:51 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-09 23:56:46 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-09 23:56:34 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-09 23:56:30 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-09 23:56:25 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-09 23:56:22 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-09 23:55:21 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-09 23:54:17 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-09 23:54:08 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-09 23:54:03 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-04-27 23:02:39 29272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\{D19CA586-DD6C-4a0a-96F8-14644F340D60}\components\scriptff.dll 2012-04-19 13:56:56 -------- d--h--w- C:\Users\Lisa\AppData\Local\{B17E9218-6685-4F75-B028-7DF07D30A945} 2012-04-19 13:56:33 -------- d--h--w- C:\Users\Lisa\AppData\Local\{7E01F80C-5A40-4786-8755-4833D98811C6} . ==================== Find3M ==================== . 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-03-20 18:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll 2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-02-22 18:29:46 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys 2012-02-22 18:29:46 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-02-22 18:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2012-02-22 18:29:46 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-02-22 18:29:46 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-02-22 18:29:46 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-02-22 18:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2012-02-22 18:29:46 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-02-22 18:29:46 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys . ============= FINISH: 19:54:30.68 ===============
  13. Can someone help me clean my computer from popups and a "scour" redirect? Here is my hijack log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:13:30 PM, on 5/14/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16421) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Users\Lisa\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files (x86)\Swag_Bucks\tbSwa1.dll R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O1 - Hosts: ::1 localhost O1 - Hosts: 93.115.241.27 www.google-analytics.com. O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net. O1 - Hosts: 93.115.241.27 www.statcounter.com. O1 - Hosts: 108.163.215.51 www.google-analytics.com. O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net. O1 - Hosts: 108.163.215.51 www.statcounter.com. O2 - BHO: (no name) - AutorunsDisabled - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120427180239.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Lisa\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\ekdiscovery.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12893 bytes
  14. It seems to be running ok, it is really slow on booting up though.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.