Yahoo Mail Hacked and Email Spammed; 2 viruses found

[Wanda]

I found out yesterday that my online Yahoo mail account was hacked by someone in Poland and they sent spam mail to everyone on my online contact list. I immediately changed my Yahoo mail password and ran Malwarebytes on the full disk. It found 2 viruses. Below is the log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.28.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Wanda :: TOSHIBALAPTOP [administrator]

6/28/2012 11:57:32 AM

mbam-log-2012-06-28 (11-57-32).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 606693

Time elapsed: 2 hour(s), 56 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Zachary\Downloads\beer-pong.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.

(end)

I quarantined and deleted the files from my computer and rebooted the system. I don't know if these two viruses were able to capture my mail password or if there is something else still on the computer. I am wanting to change all my passwords in case anything else was obtained but don't want to do it until I am sure there is nothing else on my system.

Below is the reports from the dds.com program:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Wanda at 14:55:51 on 2012-06-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1740 [GMT -5:00]

.

AV: ZoneAlarm Extreme Security Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Prey\platform\windows\cronsvc.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\windows\System32\svchost.exe -k HPZ12

C:\windows\SysWOW64\PSIService.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\vssvc.exe

C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\System32\svchost.exe -k swprv

C:\windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Windows\system32\WUDFHost.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Toshiba\Power Saver\TPwrMain.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Toshiba\TECO\Teco.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe

C:\Users\Wanda\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler64.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\windows\system32\conhost.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\PROGRA~2\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\svchost.exe -k HPService

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\PROGRAM FILES (X86)\SUGARSYNC\SUGARSYNCMANAGER.EXE

C:\Users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://start.toshiba.com/g/

uDefault_Search_URL = hxxp://www.google.com/ie

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [Google Update] "C:\Users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [NWEReboot]

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\OFFICE11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: metlife.com\mybenefits

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\www.update

Trusted Zone: windowsupdate.com\download

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{07B503F0-69D1-418D-B7C9-9AB8B8DF3E4A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3747888A-9252-4A1E-AB08-0CF43D921E1E} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO-X64: ZoneAlarm Security Engine Registrar - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun-x64: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [NWEReboot]

mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

Hosts: 127.0.0.1 www.spywareinfo.com

.

============= SERVICES / DRIVERS ===============

.

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 kl2;kl2;C:\windows\system32\DRIVERS\kl2.sys --> C:\windows\system32\DRIVERS\kl2.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 ISWKL;ZoneAlarm ForceField ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672]

R2 IswSvc;ZoneAlarm ForceField IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-10-19 827520]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-10-20 2823512]

R2 ReflectService;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2011-7-1 301720]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-5 1153368]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-19 399416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-22 2656280]

R3 icsak;icsak;C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448]

R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]

R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys --> C:\windows\system32\DRIVERS\stdriver64.sys [?]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-22 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 250056]

S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-22 136176]

S3 nosGetPlusHelper;getPlus® Helper 3004;C:\windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]

S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RTSUVSTOR.sys --> C:\windows\system32\Drivers\RTSUVSTOR.sys [?]

S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-19 993848]

S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-29 13:46:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6F418457-66F5-46A5-9332-351968B5841F}\mpengine.dll

2012-06-27 15:42:48 33856 ---ha-w- C:\windows\System32\hamachi.sys

2012-06-27 15:42:42 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2012-06-27 00:17:58 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2012-06-23 14:56:29 2622464 ----a-w- C:\windows\System32\wucltux.dll

2012-06-23 14:56:01 99840 ----a-w- C:\windows\System32\wudriver.dll

2012-06-23 14:55:46 36864 ----a-w- C:\windows\System32\wuapp.exe

2012-06-23 14:55:46 186752 ----a-w- C:\windows\System32\wuwebv.dll

2012-06-12 21:34:59 748664 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2012-06-12 18:39:56 -------- d-----w- C:\Program Files (x86)\WILLPower

2012-06-12 18:17:10 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe

2012-06-12 18:17:10 77312 ----a-w- C:\windows\System32\rdpwsx.dll

2012-06-12 18:17:10 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll

2012-06-12 18:16:15 209920 ----a-w- C:\windows\System32\profsvc.dll

2012-06-12 18:15:49 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe

2012-06-12 18:15:49 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe

2012-06-12 18:15:48 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe

2012-06-12 18:15:20 3146752 ----a-w- C:\windows\System32\win32k.sys

2012-06-12 18:14:53 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys

2012-06-12 18:14:26 3216384 ----a-w- C:\windows\System32\msi.dll

2012-06-12 18:14:26 2342400 ----a-w- C:\windows\SysWow64\msi.dll

2012-06-12 18:14:04 184320 ----a-w- C:\windows\System32\cryptsvc.dll

2012-06-12 18:14:04 1462272 ----a-w- C:\windows\System32\crypt32.dll

2012-06-12 18:14:04 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll

2012-06-12 18:14:04 140288 ----a-w- C:\windows\System32\cryptnet.dll

2012-06-12 18:14:04 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll

2012-06-12 18:14:04 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll

2012-06-11 20:37:46 -------- d-----w- C:\Users\Wanda\AppData\Local\Roblox

2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 16:16:01 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-03 15:48:54 -------- d-----w- C:\Program Files (x86)\NetBeans 7.1.2

2012-06-03 15:33:54 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-03 15:33:19 772504 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

.

==================== Find3M ====================

.

2012-06-29 19:53:33 29 ----a-w- C:\windows\SysWow64\TempWmicBatchFile.bat

2012-06-23 04:09:19 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-23 04:09:19 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2012-05-31 22:00:32 2828 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys

2012-05-26 23:58:54 0 ----a-w- C:\windows\SysWow64\sho9DC7.tmp

2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2012-05-16 22:43:01 0 ----a-w- C:\windows\SysWow64\shoDFC.tmp

2012-05-16 15:07:47 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll

2012-05-16 15:07:47 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll

2012-05-12 21:49:00 180224 ----a-w- C:\windows\SysWow64\qtcf.dll

2012-05-09 23:12:50 0 ----a-w- C:\windows\SysWow64\sho9E72.tmp

2012-05-06 21:29:08 0 ----a-w- C:\windows\SysWow64\sho9C50.tmp

2012-05-05 14:32:55 0 ----a-w- C:\windows\SysWow64\shoB674.tmp

2012-04-22 21:31:08 0 ----a-w- C:\windows\SysWow64\sho938B.tmp

2012-04-19 01:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts

2012-04-16 15:36:09 0 ----a-w- C:\windows\SysWow64\sho6F85.tmp

2012-04-10 23:37:01 0 ----a-w- C:\windows\SysWow64\sho6CD8.tmp

2012-04-07 22:30:11 0 ----a-w- C:\windows\SysWow64\sho9D1F.tmp

2012-04-04 23:47:02 687504 ----a-w- C:\windows\SysWow64\deployJava1.dll

2012-04-04 20:56:40 24904 ----a-w- C:\windows\System32\drivers\mbam.sys

2012-04-03 23:09:56 0 ----a-w- C:\windows\SysWow64\sho3025.tmp

2012-04-01 21:32:53 0 ----a-w- C:\windows\SysWow64\sho4CAC.tmp

.

============= FINISH: 15:00:41.46 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/3/2011 3:18:05 PM

System Uptime: 6/29/2012 2:32:42 PM (1 hours ago)

.

Motherboard: Intel Corp. | | Base Board Product Name

Processor: Intel® Pentium® CPU B940 @ 2.00GHz | CPU1 | 2000/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 283 GiB total, 114.369 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer:

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

Class GUID:

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0001

Manufacturer:

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0001

Service:

.

Class GUID:

Description: DesignJet 500+HPGL2 (C7770B)

Device ID: ROOT\MULTIFUNCTION\0002

Manufacturer:

Name: DesignJet 500+HPGL2 (C7770B)

PNP Device ID: ROOT\MULTIFUNCTION\0002

Service:

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0003

Manufacturer: HP

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0003

Service:

.

Class GUID:

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0004

Manufacturer:

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0004

Service:

.

Class GUID:

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0005

Manufacturer:

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0005

Service:

.

Class GUID:

Description: Photosmart Premium C309g-m

Device ID: ROOT\MULTIFUNCTION\0006

Manufacturer:

Name: Photosmart Premium C309g-m

PNP Device ID: ROOT\MULTIFUNCTION\0006

Service:

.

==== System Restore Points ===================

.

RP203: 6/12/2012 4:34:25 PM - Windows Update

RP204: 6/15/2012 11:18:24 PM - Removed FreeRIP Toolbar v5.9.

RP205: 6/19/2012 11:28:52 AM - Windows Update

RP206: 6/22/2012 12:19:32 PM - Windows Update

RP207: 6/23/2012 9:55:01 AM - Windows Update

RP208: 6/26/2012 8:18:23 AM - Windows Update

RP209: 6/26/2012 7:17:00 PM - Installed Microsoft XNA Framework Redistributable 4.0

RP210: 6/29/2012 8:45:01 AM - Windows Update

.

==== Installed Programs ======================

.

.

WILLPower

Adobe AIR

Adobe Digital Editions

Adobe Download Manager

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.0)

Adobe Reader X (10.1.3) MUI

Adobe Shockwave Player 11.6

Amazon Kindle

Amazon MP3 Downloader 1.0.15

Any Video Converter Professional 3.3.0

Apple Application Support

Apple Software Update

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Best Buy pc app

Brain Workshop 4.8.1

BufferChm

C309g-m

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compatibility Pack for the 2007 Office system

ConverterLite 0.1

Corel Paint Shop Pro Photo X2

Coupon Printer for Windows

CraftBukkit

D3DX10

Debut Video Capture Software

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell DataSafe Online

eMusic Download Manager 5.0.1

Express Burn Disc Burning Software

ffdshow [rev 2527] [2008-12-19]

Finale 2012

Finale NotePad 2003a

Fraps

Free M4a to MP3 Converter 6.2

Google Chrome

Google Update Helper

GSP Sudoku

HP Update

HPPhotoGadget

hpWLPGInstaller

HyperCam 2

Image Inc. 1.2

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

iSEEK AnswerWorks English Runtime

Java Auto Updater

Java™ 6 Update 32

Java™ SE Development Kit 6 Update 32

JavaFX 2.1.0

Junk Mail filter update

Kuriuz 1.5.1

Label@Once 1.0

Lightworks

Livebrush Lite

LogMeIn Hamachi

MailStore Home 4.2.0.5431

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Microsoft Home Publishing 2000

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Standard Edition 2003

Microsoft Office Starter 2010 - English

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft XNA Framework Redistributable 4.0

Mobipocket Reader 6.2

MotionDV STUDIO 5.6E LE for DV

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Nero Suite

NetBeans IDE 7.1.2

Notepad++

OpenAL

OpenWith (Enhanced)

OverDrive Media Console

Panasonic DVC USB Driver

PC Tune-Up

Picasa 3

PlayReady PC Runtime x86

Portal

PrimoPDF -- brought to you by Nitro PDF Software

PS_AIO_06_C309g-m_SW_Min

Quick Movie Magic 1.0E

Quicken 2011

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek USB 2.0 Reader Driver

Realtek WLAN Driver

Roblox for Wanda

Rummy.com

RummyRoyal.com

Safari

Scan

Secunia PSI (2.0.0.3003)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Skype Click to Call

Skype™ 5.8

SmartMusic 2012a

SmartMusic Content (shared music files)

SmartMusic for Essential Elements 2000 Strings Book 1 Student Edition

Spybot - Search & Destroy

SpywareBlaster 4.6

SSA Benefit Calculator

Steam

SugarSync Manager

swMSM

SyncBack

Tabula Digita DimensionU Games

Terraria

Toolbox

Torchlight Demo

TOSHIBA Application Installer

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Wireless LAN Indicator

Tube Toolbox

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VC 9.0 Runtime

Ventrilo Client

Vivitar Experience Image Manager

vReveal 3

WavePad Sound Editor

WebReg

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (32-bit)

WinX Free DVD Ripper 4.5.14

Wizard101

XSplit

ZoneAlarm Antivirus

ZoneAlarm DataLock

ZoneAlarm Extreme Security

ZoneAlarm Firewall

ZoneAlarm Security

.

==== Event Viewer Messages From Past Week ========

.

6/29/2012 9:39:27 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer DELL-DESKTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{3747888A-9252-4A1E-AB08-0CF43D921E1E}. The master browser is stopping or an election is being forced.

6/29/2012 2:34:46 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

6/29/2012 2:33:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: InCDPass

6/29/2012 2:33:20 PM, Error: Service Control Manager [7000] - The InCD Helper service failed to start due to the following error: The system cannot find the file specified.

6/29/2012 2:33:20 PM, Error: Service Control Manager [7000] - The InCD Helper (read only) service failed to start due to the following error: The system cannot find the file specified.

6/29/2012 2:32:52 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\incdrm.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/29/2012 2:32:52 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\DRIVERS\InCDPass.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/29/2012 2:32:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\InCDrec.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

6/28/2012 9:20:16 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

6/28/2012 8:01:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

6/27/2012 5:32:53 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds.

6/27/2012 10:43:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LogMeIn Hamachi Tunneling Engine service to connect.

6/27/2012 10:43:02 AM, Error: Service Control Manager [7000] - The LogMeIn Hamachi Tunneling Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/27/2012 10:42:49 AM, Error: Service Control Manager [7030] - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

6/26/2012 7:11:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

6/26/2012 7:11:00 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/24/2012 9:24:44 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

6/24/2012 2:00:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

6/23/2012 11:45:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

6/23/2012 11:45:44 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

6/22/2012 2:19:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

.

==== End Of File ===========================

Thank you for your time and effort to help me.

Wanda

[LDTate]

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

[Wanda]

Here is an updated MBAM log. I ran a full disk scan because I wanted to make sure nothing was found anywhere.

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.02.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Wanda :: TOSHIBALAPTOP [administrator]

7/2/2012 5:23:53 PM

mbam-log-2012-07-02 (17-23-53).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 550053

Time elapsed: 2 hour(s), 44 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Even though the scan found no malware, I still feel at times that my keystrokes are delayed so wonder if a keystroke logger is still on the computer. The browser seems to come up slow too. Is there any other utility I should run?

Thank you for your help,

Wanda

[LDTate]

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  
• Double click on ComboFix.exe & follow the prompts.
  Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
  Note: If you have XP SP3, use the XP SP2 package.
  If Vista or Windows 7, skip the Recovery Console part
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

[Wanda]

Wow it took around 3 hours to scan my PC with ComboFix!!!! I thought I had stopped all my antivirus and antispyware programs that was interfering with it. Since the wireless internet connection was stopped, I even killed the firewall which sped up the last 10 or so steps. It did finish and here is the log.

ComboFix 12-07-02.01 - Wanda 07/03/2012 16:31:45.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2462 [GMT -5:00]

Running from: c:\users\Wanda\Desktop\ComboFix.exe

FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Wanda\Documents\~WRL0002.tmp

c:\users\Wanda\Documents\~WRL0004.tmp

c:\users\Wanda\Documents\~WRL2606.tmp

c:\users\Wanda\Documents\~WRL2629.tmp

c:\users\Wanda\WINDOWS

c:\users\Zachary\mcedit-uninstall.exe

c:\windows\iun6002.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))

.

.

2012-07-04 00:30 . 2012-07-04 00:30 -------- d-----w- c:\users\Zachary\AppData\Local\temp

2012-07-04 00:30 . 2012-07-04 00:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-04 00:30 . 2012-07-04 00:30 -------- d-----w- c:\users\Ben\AppData\Local\temp

2012-07-02 23:40 . 2012-07-02 23:40 -------- d-----w- c:\users\Wanda\AppData\Roaming\Notepad++

2012-07-02 22:59 . 2012-07-02 22:59 -------- d-----w- c:\program files (x86)\Roblox

2012-07-01 03:56 . 2012-07-01 04:14 -------- d-----w- C:\MGtools

2012-07-01 03:34 . 2012-07-01 03:34 -------- d-----w- c:\program files\HitmanPro

2012-07-01 03:33 . 2012-07-01 03:36 -------- d-----w- c:\programdata\HitmanPro

2012-06-30 21:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 21:48 . 2012-06-30 21:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-30 21:12 . 2012-06-30 21:14 -------- d-----w- c:\users\Ben\AppData\Local\LogMeIn Hamachi

2012-06-27 15:42 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys

2012-06-27 15:42 . 2012-06-27 15:42 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-06-27 00:17 . 2012-06-27 00:17 -------- d-----w- c:\program files (x86)\Microsoft XNA

2012-06-23 14:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 14:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 14:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 14:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 14:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-23 14:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 14:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 14:55 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 14:55 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-12 21:34 . 2012-05-18 01:56 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-12 18:39 . 2012-06-12 18:40 -------- d-----w- c:\program files (x86)\WILLPower

2012-06-12 18:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-12 18:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-12 18:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-12 18:16 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-12 18:15 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-12 18:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-12 18:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-12 18:15 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 18:14 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 18:14 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-12 18:14 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-12 18:14 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 18:14 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 18:14 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 18:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-12 18:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-12 18:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-11 20:37 . 2012-06-16 22:51 -------- d-----w- c:\users\Wanda\AppData\Local\Roblox

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-11 16:15 . 2012-06-11 16:15 -------- d-----w- c:\program files (x86)\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-04 00:15 . 2011-08-27 14:45 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat

2012-06-23 04:09 . 2012-04-04 19:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 04:09 . 2011-11-01 04:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 04:04 . 2012-07-03 18:55 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BA1B10-8E68-4203-A62D-48E9A7AEB2B9}\mpengine.dll

2012-05-26 23:58 . 2012-05-26 23:58 0 ----a-w- c:\windows\SysWow64\sho9DC7.tmp

2012-05-16 22:43 . 2012-05-16 22:43 0 ----a-w- c:\windows\SysWow64\shoDFC.tmp

2012-05-16 15:07 . 2012-05-16 04:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-05-16 15:07 . 2012-05-16 04:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-05-12 21:49 . 2012-05-12 21:49 180224 ----a-w- c:\windows\SysWow64\qtcf.dll

2012-05-09 23:12 . 2012-05-09 23:12 0 ----a-w- c:\windows\SysWow64\sho9E72.tmp

2012-05-06 21:29 . 2012-05-06 21:29 0 ----a-w- c:\windows\SysWow64\sho9C50.tmp

2012-05-05 14:32 . 2012-05-05 14:32 0 ----a-w- c:\windows\SysWow64\shoB674.tmp

2012-04-22 21:31 . 2012-04-22 21:31 0 ----a-w- c:\windows\SysWow64\sho938B.tmp

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-16 15:36 . 2012-04-16 15:36 0 ----a-w- c:\windows\SysWow64\sho6F85.tmp

2012-04-10 23:37 . 2012-04-10 23:37 0 ----a-w- c:\windows\SysWow64\sho6CD8.tmp

2012-04-07 22:30 . 2012-04-07 22:30 0 ----a-w- c:\windows\SysWow64\sho9D1F.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176]

R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-16 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672]

S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 04:09]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job

- c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job

- c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job

- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job

- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uLocal Page = c:\windows\system32\blank.htm

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: metlife.com\mybenefits

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\www.update

Trusted Zone: windowsupdate.com\download

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-Corel Photo Downloader - c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe

Wow6432Node-HKLM-Run-NWEReboot - (no file)

Toolbar-Locked - (no file)

HKLM-Run-(Default) - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-ISW - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-CraftBukkit - 0:\users\Zachary\Desktop\Server starter\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,

ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,

57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b

"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,

8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,

ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,

f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,93,dd,a3,7f,64,bd,44,80,5a,41,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"Licence0"="REMOVED"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PSIService.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\SUGARSYNC\SUGARSYNCMANAGER.EXE

c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

c:\windows\SysWOW64\rundll32.exe

c:\users\Wanda\AppData\Local\Google\Chrome\Application\chrome.exe

.

**************************************************************************

.

Completion time: 2012-07-03 19:46:14 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-04 00:46

.

Pre-Run: 131,780,608,000 bytes free

Post-Run: 130,767,613,952 bytes free

.

- - End Of File - - 4940ECE7922FADF39611BCA94B25301F

I haven't had much freetime on the computer today to see the differences after the scan run since fireworks are calling. It seems to be a bit better in regular typing like this email. I don't have much time to log on to lots of websites and test the password logon being slower idea. Makes me wonder what was up with the very slow scan runtime though.

Wanda

[LDTate]

That was a long time for combofix to scan.

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

File::
c:\windows\SysWow64\TempWmicBatchFile.bat
c:\windows\SysWow64\sho9DC7.tmp
c:\windows\SysWow64\shoDFC.tmp
c:\windows\SysWow64\sho9E72.tmp
c:\windows\SysWow64\sho9C50.tmp
c:\windows\SysWow64\shoB674.tmp
c:\windows\SysWow64\sho938B.tmp
c:\windows\SysWow64\sho6F85.tmp
c:\windows\SysWow64\sho6CD8.tmp
c:\windows\SysWow64\sho9D1F.tmp

ClearJavaCache::

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

[Wanda]

Combofix ran much faster this time. Here is the latest Combofix Log:

ComboFix 12-07-04.02 - Wanda 07/04/2012 9:51.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2364 [GMT -5:00]

Running from: c:\users\Wanda\Desktop\ComboFix.exe

Command switches used :: c:\users\Wanda\Desktop\CFScript.txt

FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

.

FILE ::

"c:\windows\SysWow64\sho6CD8.tmp"

"c:\windows\SysWow64\sho6F85.tmp"

"c:\windows\SysWow64\sho938B.tmp"

"c:\windows\SysWow64\sho9C50.tmp"

"c:\windows\SysWow64\sho9D1F.tmp"

"c:\windows\SysWow64\sho9DC7.tmp"

"c:\windows\SysWow64\sho9E72.tmp"

"c:\windows\SysWow64\shoB674.tmp"

"c:\windows\SysWow64\shoDFC.tmp"

"c:\windows\SysWow64\TempWmicBatchFile.bat"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Wanda\AppData\Local\Temp\IswTmp\WH\0

c:\windows\SysWow64\sho6CD8.tmp

c:\windows\SysWow64\sho6F85.tmp

c:\windows\SysWow64\sho938B.tmp

c:\windows\SysWow64\sho9C50.tmp

c:\windows\SysWow64\sho9D1F.tmp

c:\windows\SysWow64\sho9DC7.tmp

c:\windows\SysWow64\sho9E72.tmp

c:\windows\SysWow64\shoB674.tmp

c:\windows\SysWow64\shoDFC.tmp

c:\windows\SysWow64\TempWmicBatchFile.bat

.

.

((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))

.

.

2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\Zachary\AppData\Local\temp

2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-04 15:10 . 2012-07-04 15:10 -------- d-----w- c:\users\Ben\AppData\Local\temp

2012-07-02 23:40 . 2012-07-02 23:40 -------- d-----w- c:\users\Wanda\AppData\Roaming\Notepad++

2012-07-02 22:59 . 2012-07-02 22:59 -------- d-----w- c:\program files (x86)\Roblox

2012-07-01 03:56 . 2012-07-01 04:14 -------- d-----w- C:\MGtools

2012-07-01 03:34 . 2012-07-01 03:34 -------- d-----w- c:\program files\HitmanPro

2012-07-01 03:33 . 2012-07-01 03:36 -------- d-----w- c:\programdata\HitmanPro

2012-06-30 21:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 21:48 . 2012-06-30 21:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-30 21:12 . 2012-06-30 21:14 -------- d-----w- c:\users\Ben\AppData\Local\LogMeIn Hamachi

2012-06-27 15:42 . 2009-03-18 22:35 33856 ---ha-w- c:\windows\system32\hamachi.sys

2012-06-27 15:42 . 2012-06-27 15:42 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2012-06-27 00:17 . 2012-06-27 00:17 -------- d-----w- c:\program files (x86)\Microsoft XNA

2012-06-23 14:56 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-23 14:56 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-23 14:56 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-23 14:56 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-23 14:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-23 14:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-23 14:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-23 14:55 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-23 14:55 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-12 21:34 . 2012-05-18 01:56 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-06-12 18:39 . 2012-06-12 18:40 -------- d-----w- c:\program files (x86)\WILLPower

2012-06-12 18:17 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-12 18:17 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-06-12 18:17 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-06-12 18:16 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-06-12 18:15 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-06-12 18:15 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-06-12 18:15 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-06-12 18:15 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-06-12 18:14 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-06-12 18:14 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-06-12 18:14 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-06-12 18:14 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-06-12 18:14 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-06-12 18:14 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-06-12 18:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-06-12 18:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-06-12 18:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-06-11 20:37 . 2012-06-16 22:51 -------- d-----w- c:\users\Wanda\AppData\Local\Roblox

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-06-11 16:16 . 2012-06-11 16:16 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-06-11 16:15 . 2012-06-11 16:15 -------- d-----w- c:\program files (x86)\QuickTime

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 04:09 . 2012-04-04 19:05 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 04:09 . 2011-11-01 04:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-31 04:04 . 2012-07-03 18:55 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5BA1B10-8E68-4203-A62D-48E9A7AEB2B9}\mpengine.dll

2012-05-16 15:07 . 2012-05-16 04:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-05-16 15:07 . 2012-05-16 04:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-05-12 21:49 . 2012-05-12 21:49 180224 ----a-w- c:\windows\SysWow64\qtcf.dll

2012-04-19 01:56 . 2012-04-19 01:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 01:56 . 2012-04-19 01:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-04_00.34.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-04 15:11 . 2012-07-04 15:11 14193 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-07-04 00:31 . 2012-07-04 00:31 14193 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2009-07-14 04:54 . 2012-07-04 00:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-04 15:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-04 15:13 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-04 00:32 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-04 15:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-04 00:32 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-07-04 15:14 85684 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-04 15:14 56924 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-03 22:00 . 2012-07-04 15:14 21914 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1544447177-2405547552-1170279638-1001_UserData.bin

+ 2011-07-03 18:53 . 2012-07-04 01:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-03 18:53 . 2012-07-03 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-03 18:53 . 2012-07-04 01:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-07-03 18:53 . 2012-07-03 23:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-03 23:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-04 01:13 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-07-05 16:47 . 2012-07-04 01:13 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2011-07-05 16:47 . 2012-07-03 23:43 16384 c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat

- 2012-07-04 00:31 . 2012-07-04 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-04 15:11 . 2012-07-04 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-04 15:11 . 2012-07-04 15:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-04 00:31 . 2012-07-04 00:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-07-05 20:48 . 2012-07-04 15:13 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2011-07-05 20:48 . 2012-07-04 00:15 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-07-04 22:09 . 2012-07-04 01:20 252118 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36 . 2012-07-03 22:05 668082 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-04 14:24 668082 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-07-03 22:05 124462 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-07-04 14:24 124462 c:\windows\system32\perfc009.dat

+ 2011-10-28 23:08 . 2012-07-04 01:54 269880 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-07-04 15:11 465884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-04 00:31 465884 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-07-03 23:49 . 2012-07-04 00:31 8965492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1544447177-2405547552-1170279638-1001-12288.dat

+ 2011-07-03 23:49 . 2012-07-04 15:11 8965492 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1544447177-2405547552-1170279638-1001-12288.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 136176]

R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [2011-10-19 45448]

R3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2010-11-30 307304]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-04-19 993848]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-03 1255736]

R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-10-14 11864]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-11-16 140672]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 33672]

S2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 827520]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-04-19 399416]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-03-02 266680]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-08 76912]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-05 1109096]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys [2011-09-15 103512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 04:09]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22 06:15]

.

2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001Core.job

- c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1001UA.job

- c:\users\Wanda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-04 02:09]

.

2012-06-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003Core.job

- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09]

.

2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544447177-2405547552-1170279638-1003UA.job

- c:\users\Zachary\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-06 02:09]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-06-12 00:15 463992 ----a-w- c:\program files (x86)\SugarSync\SugarSyncShellExt_x64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]

"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]

"ISW"="" [bU]

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uLocal Page = c:\windows\system32\blank.htm

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.yahoo.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

Trusted Zone: internet

Trusted Zone: intuit.com\ttlc

Trusted Zone: mcafee.com

Trusted Zone: metlife.com\mybenefits

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\www.update

Trusted Zone: windowsupdate.com\download

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,

ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,

57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b

"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,

8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,

ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,

f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ec,47,9e,00,8f,3b,cc,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d8,93,dd,a3,7f,64,bd,44,80,5a,41,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"Licence0"="REMOVED"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PSIService.exe

c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\SUGARSYNC\SUGARSYNCMANAGER.EXE

.

**************************************************************************

.

Completion time: 2012-07-04 10:26:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-04 15:26

ComboFix2.txt 2012-07-04 00:46

.

Pre-Run: 131,955,625,984 bytes free

Post-Run: 131,288,051,712 bytes free

.

- - End Of File - - B6176D2F6EAC306BA34B7150A18F39BA

Happy 4th of July!!!

Wanda

[LDTate]

How's it running now?

[Wanda]

Sorry I forgot the system update part. Things seem to be better but still don't know if everything is removed that I feel safe enough to change all our passwords again. I don't want to do this until I am confident that all malware is removed. Is there any more steps that you suggest to do?

Wanda

[LDTate]

We can run a online scan after you uninstall Combofix.

For XP:

• Click START run
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

For Vista / Windows 7

• Click START Search
  
• Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

[Wanda]

Ok, I followed your instructions to delete ComboFix and run the ESET scan. Below is the ESET scan log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5383b7f8f6772644bfbd9ffae81eadcd

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-05 05:55:40

# local_time=2012-07-05 12:55:40 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 93051012 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776893 100 13 9875505 21757042 0 0

# scanned=29920

# found=0

# cleaned=0

# scan_time=3379

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5383b7f8f6772644bfbd9ffae81eadcd

# end=stopped

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-05 08:01:13

# local_time=2012-07-05 03:01:13 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 93054522 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776573 100 13 9879015 21760552 0 0

# scanned=9658

# found=0

# cleaned=0

# scan_time=7402

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=5383b7f8f6772644bfbd9ffae81eadcd

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-05 10:07:50

# local_time=2012-07-05 05:07:50 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 0 93061999 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# compatibility_mode=9217 16776893 100 13 9886492 21768029 0 0

# scanned=315511

# found=1

# cleaned=1

# scan_time=7521

C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Computer seems better normally but still occasionally very slow in typing and bringing up Outlook messages or browser pages.

Any other scans you want me to do. I want to do anything I can to make the system as clean as possible before changing passwords and doing financial transactions on this laptop.

Thank you for your help,

Wanda

[LDTate]

Download TDSSKiller from here and save it to your Desktop.

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If Malicious objects are found then ensure Cure is selected
   
6. If TDLFS File System is found then ensure Delete is selected
   
7. Then click Continue Reboot now to finish the cleaning process.
   
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[Wanda]

Here is the log from the TDSSKiller scan I did this morning.

09:22:08.0187 4272 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08

09:22:08.0911 4272 ============================================================

09:22:08.0911 4272 Current date / time: 2012/07/06 09:22:08.0911

09:22:08.0911 4272 SystemInfo:

09:22:08.0911 4272

09:22:08.0911 4272 OS Version: 6.1.7601 ServicePack: 1.0

09:22:08.0911 4272 Product type: Workstation

09:22:08.0911 4272 ComputerName: TOSHIBALAPTOP

09:22:08.0912 4272 UserName: Wanda

09:22:08.0912 4272 Windows directory: C:\windows

09:22:08.0912 4272 System windows directory: C:\windows

09:22:08.0912 4272 Running under WOW64

09:22:08.0912 4272 Processor architecture: Intel x64

09:22:08.0912 4272 Number of processors: 2

09:22:08.0912 4272 Page size: 0x1000

09:22:08.0912 4272 Boot type: Normal boot

09:22:08.0912 4272 ============================================================

09:22:10.0246 4272 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

09:22:10.0254 4272 ============================================================

09:22:10.0254 4272 \Device\Harddisk0\DR0:

09:22:10.0254 4272 MBR partitions:

09:22:10.0254 4272 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235CB000

09:22:10.0254 4272 ============================================================

09:22:10.0296 4272 C: <-> \Device\Harddisk0\DR0\Partition0

09:22:10.0296 4272 ============================================================

09:22:10.0296 4272 Initialize success

09:22:10.0296 4272 ============================================================

09:22:58.0146 5856 ============================================================

09:22:58.0146 5856 Scan started

09:22:58.0146 5856 Mode: Manual; SigCheck; TDLFS;

09:22:58.0146 5856 ============================================================

09:22:58.0871 5856 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

09:22:59.0166 5856 !SASCORE - ok

09:22:59.0476 5856 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys

09:22:59.0608 5856 1394ohci - ok

09:22:59.0663 5856 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys

09:22:59.0751 5856 ACPI - ok

09:22:59.0776 5856 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys

09:22:59.0911 5856 AcpiPmi - ok

09:23:00.0021 5856 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

09:23:00.0073 5856 AdobeARMservice - ok

09:23:00.0216 5856 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

09:23:00.0266 5856 AdobeFlashPlayerUpdateSvc - ok

09:23:00.0366 5856 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys

09:23:00.0458 5856 adp94xx - ok

09:23:00.0501 5856 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys

09:23:00.0583 5856 adpahci - ok

09:23:00.0631 5856 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys

09:23:00.0706 5856 adpu320 - ok

09:23:00.0743 5856 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll

09:23:00.0958 5856 AeLookupSvc - ok

09:23:01.0043 5856 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys

09:23:01.0193 5856 AFD - ok

09:23:01.0236 5856 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys

09:23:01.0308 5856 agp440 - ok

09:23:01.0346 5856 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe

09:23:01.0433 5856 ALG - ok

09:23:01.0468 5856 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys

09:23:01.0538 5856 aliide - ok

09:23:01.0543 5856 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys

09:23:01.0614 5856 amdide - ok

09:23:01.0649 5856 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys

09:23:01.0752 5856 AmdK8 - ok

09:23:01.0777 5856 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys

09:23:01.0874 5856 AmdPPM - ok

09:23:01.0942 5856 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys

09:23:02.0014 5856 amdsata - ok

09:23:02.0054 5856 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys

09:23:02.0134 5856 amdsbs - ok

09:23:02.0182 5856 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys

09:23:02.0252 5856 amdxata - ok

09:23:02.0294 5856 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys

09:23:02.0532 5856 AppID - ok

09:23:02.0577 5856 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll

09:23:02.0724 5856 AppIDSvc - ok

09:23:02.0769 5856 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll

09:23:02.0912 5856 Appinfo - ok

09:23:03.0052 5856 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

09:23:03.0102 5856 Apple Mobile Device - ok

09:23:03.0167 5856 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys

09:23:03.0234 5856 arc - ok

09:23:03.0257 5856 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys

09:23:03.0324 5856 arcsas - ok

09:23:03.0439 5856 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

09:23:03.0502 5856 aspnet_state - ok

09:23:03.0547 5856 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys

09:23:03.0694 5856 AsyncMac - ok

09:23:03.0712 5856 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys

09:23:03.0777 5856 atapi - ok

09:23:03.0839 5856 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

09:23:03.0984 5856 AudioEndpointBuilder - ok

09:23:04.0002 5856 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll

09:23:04.0144 5856 AudioSrv - ok

09:23:04.0182 5856 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll

09:23:04.0322 5856 AxInstSV - ok

09:23:04.0387 5856 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys

09:23:04.0492 5856 b06bdrv - ok

09:23:04.0524 5856 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys

09:23:04.0627 5856 b57nd60a - ok

09:23:04.0674 5856 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll

09:23:04.0764 5856 BDESVC - ok

09:23:04.0787 5856 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys

09:23:04.0942 5856 Beep - ok

09:23:05.0024 5856 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll

09:23:05.0184 5856 BFE - ok

09:23:05.0244 5856 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll

09:23:05.0439 5856 BITS - ok

09:23:05.0514 5856 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys

09:23:05.0612 5856 blbdrive - ok

09:23:05.0729 5856 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

09:23:05.0797 5856 Bonjour Service - ok

09:23:05.0834 5856 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys

09:23:05.0949 5856 bowser - ok

09:23:05.0992 5856 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys

09:23:06.0097 5856 BrFiltLo - ok

09:23:06.0112 5856 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys

09:23:06.0217 5856 BrFiltUp - ok

09:23:06.0294 5856 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys

09:23:06.0437 5856 BridgeMP - ok

09:23:06.0484 5856 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll

09:23:06.0627 5856 Browser - ok

09:23:06.0687 5856 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys

09:23:06.0799 5856 Brserid - ok

09:23:06.0832 5856 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys

09:23:06.0932 5856 BrSerWdm - ok

09:23:06.0957 5856 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys

09:23:07.0059 5856 BrUsbMdm - ok

09:23:07.0089 5856 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys

09:23:07.0182 5856 BrUsbSer - ok

09:23:07.0214 5856 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys

09:23:07.0322 5856 BTHMODEM - ok

09:23:07.0372 5856 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll

09:23:07.0527 5856 bthserv - ok

09:23:07.0559 5856 catchme - ok

09:23:07.0594 5856 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys

09:23:07.0752 5856 cdfs - ok

09:23:07.0792 5856 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys

09:23:07.0884 5856 cdrom - ok

09:23:07.0927 5856 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

09:23:08.0069 5856 CertPropSvc - ok

09:23:08.0119 5856 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys

09:23:08.0219 5856 circlass - ok

09:23:08.0277 5856 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys

09:23:08.0367 5856 CLFS - ok

09:23:08.0449 5856 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:23:08.0527 5856 clr_optimization_v2.0.50727_32 - ok

09:23:08.0569 5856 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

09:23:08.0633 5856 clr_optimization_v2.0.50727_64 - ok

09:23:08.0718 5856 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:23:08.0793 5856 clr_optimization_v4.0.30319_32 - ok

09:23:08.0860 5856 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

09:23:08.0923 5856 clr_optimization_v4.0.30319_64 - ok

09:23:08.0958 5856 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys

09:23:09.0063 5856 CmBatt - ok

09:23:09.0105 5856 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys

09:23:09.0178 5856 cmdide - ok

09:23:09.0238 5856 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys

09:23:09.0365 5856 CNG - ok

09:23:09.0475 5856 CnxtHdAudService (66847c979893a11cfcc2280e772d7ea1) C:\windows\system32\drivers\CHDRT64.sys

09:23:09.0633 5856 CnxtHdAudService - ok

09:23:09.0750 5856 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys

09:23:09.0818 5856 Compbatt - ok

09:23:09.0850 5856 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys

09:23:09.0948 5856 CompositeBus - ok

09:23:09.0968 5856 COMSysApp - ok

09:23:10.0035 5856 cpuz135 - ok

09:23:10.0075 5856 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys

09:23:10.0145 5856 crcdisk - ok

09:23:10.0215 5856 CronService (63a7739ac9c1e38589b3edb1daeb9df5) C:\Prey\platform\windows\cronsvc.exe

09:23:10.0250 5856 CronService ( UnsignedFile.Multi.Generic ) - warning

09:23:10.0250 5856 CronService - detected UnsignedFile.Multi.Generic (1)

09:23:10.0333 5856 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll

09:23:10.0448 5856 CryptSvc - ok

09:23:10.0613 5856 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

09:23:10.0700 5856 cvhsvc - ok

09:23:10.0775 5856 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

09:23:10.0935 5856 DcomLaunch - ok

09:23:10.0983 5856 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll

09:23:11.0145 5856 defragsvc - ok

09:23:11.0220 5856 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys

09:23:11.0378 5856 DfsC - ok

09:23:11.0433 5856 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll

09:23:11.0583 5856 Dhcp - ok

09:23:11.0610 5856 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys

09:23:11.0768 5856 discache - ok

09:23:11.0815 5856 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys

09:23:11.0885 5856 Disk - ok

09:23:11.0928 5856 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll

09:23:12.0018 5856 Dnscache - ok

09:23:12.0058 5856 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll

09:23:12.0210 5856 dot3svc - ok

09:23:12.0235 5856 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll

09:23:12.0380 5856 DPS - ok

09:23:12.0418 5856 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys

09:23:12.0520 5856 drmkaud - ok

09:23:12.0580 5856 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys

09:23:12.0703 5856 DXGKrnl - ok

09:23:12.0738 5856 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll

09:23:12.0880 5856 EapHost - ok

09:23:13.0073 5856 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys

09:23:13.0310 5856 ebdrv - ok

09:23:13.0423 5856 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe

09:23:13.0503 5856 EFS - ok

09:23:13.0585 5856 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe

09:23:13.0718 5856 ehRecvr - ok

09:23:13.0765 5856 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe

09:23:13.0845 5856 ehSched - ok

09:23:13.0938 5856 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys

09:23:14.0030 5856 elxstor - ok

09:23:14.0045 5856 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys

09:23:14.0138 5856 ErrDev - ok

09:23:14.0205 5856 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll

09:23:14.0358 5856 EventSystem - ok

09:23:14.0423 5856 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys

09:23:14.0575 5856 exfat - ok

09:23:14.0610 5856 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys

09:23:14.0780 5856 fastfat - ok

09:23:14.0845 5856 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe

09:23:14.0943 5856 Fax - ok

09:23:14.0973 5856 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys

09:23:15.0063 5856 fdc - ok

09:23:15.0110 5856 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll

09:23:15.0263 5856 fdPHost - ok

09:23:15.0283 5856 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll

09:23:15.0410 5856 FDResPub - ok

09:23:15.0455 5856 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys

09:23:15.0525 5856 FileInfo - ok

09:23:15.0540 5856 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys

09:23:15.0708 5856 Filetrace - ok

09:23:15.0743 5856 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys

09:23:15.0823 5856 flpydisk - ok

09:23:15.0873 5856 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys

09:23:15.0960 5856 FltMgr - ok

09:23:16.0090 5856 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll

09:23:16.0200 5856 FontCache - ok

09:23:16.0260 5856 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

09:23:16.0310 5856 FontCache3.0.0.0 - ok

09:23:16.0345 5856 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys

09:23:16.0415 5856 FsDepends - ok

09:23:16.0473 5856 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys

09:23:16.0538 5856 fssfltr - ok

09:23:16.0694 5856 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

09:23:16.0839 5856 fsssvc - ok

09:23:16.0976 5856 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys

09:23:17.0046 5856 Fs_Rec - ok

09:23:17.0099 5856 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys

09:23:17.0189 5856 fvevol - ok

09:23:17.0234 5856 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys

09:23:17.0304 5856 gagp30kx - ok

09:23:17.0344 5856 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys

09:23:17.0406 5856 GEARAspiWDM - ok

09:23:17.0476 5856 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll

09:23:17.0641 5856 gpsvc - ok

09:23:17.0734 5856 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:23:17.0809 5856 gupdate - ok

09:23:17.0854 5856 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

09:23:17.0904 5856 gupdatem - ok

09:23:17.0984 5856 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

09:23:18.0059 5856 gusvc - ok

09:23:18.0121 5856 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys

09:23:18.0179 5856 hamachi - ok

09:23:18.0366 5856 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

09:23:18.0516 5856 Hamachi2Svc - ok

09:23:18.0626 5856 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys

09:23:18.0716 5856 hcw85cir - ok

09:23:18.0779 5856 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys

09:23:18.0894 5856 HdAudAddService - ok

09:23:18.0921 5856 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys

09:23:19.0026 5856 HDAudBus - ok

09:23:19.0046 5856 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys

09:23:19.0124 5856 HidBatt - ok

09:23:19.0169 5856 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys

09:23:19.0276 5856 HidBth - ok

09:23:19.0321 5856 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys

09:23:19.0409 5856 HidIr - ok

09:23:19.0434 5856 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll

09:23:19.0574 5856 hidserv - ok

09:23:19.0624 5856 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys

09:23:19.0706 5856 HidUsb - ok

09:23:19.0744 5856 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll

09:23:19.0904 5856 hkmsvc - ok

09:23:19.0934 5856 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll

09:23:20.0029 5856 HomeGroupListener - ok

09:23:20.0074 5856 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll

09:23:20.0159 5856 HomeGroupProvider - ok

09:23:20.0196 5856 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys

09:23:20.0271 5856 HpSAMD - ok

09:23:20.0424 5856 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

09:23:20.0491 5856 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

09:23:20.0491 5856 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

09:23:20.0554 5856 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys

09:23:20.0734 5856 HTTP - ok

09:23:20.0781 5856 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys

09:23:20.0849 5856 hwpolicy - ok

09:23:20.0879 5856 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys

09:23:20.0966 5856 i8042prt - ok

09:23:21.0029 5856 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys

09:23:21.0096 5856 iaStor - ok

09:23:21.0171 5856 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys

09:23:21.0256 5856 iaStorV - ok

09:23:21.0341 5856 icsak (5408b2175c7fae5ce22a05d6a91aecf4) C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys

09:23:21.0406 5856 icsak - ok

09:23:21.0529 5856 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

09:23:21.0594 5856 IDriverT ( UnsignedFile.Multi.Generic ) - warning

09:23:21.0594 5856 IDriverT - detected UnsignedFile.Multi.Generic (1)

09:23:21.0699 5856 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

09:23:21.0811 5856 idsvc - ok

09:23:22.0464 5856 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys

09:23:23.0104 5856 igfx - ok

09:23:23.0224 5856 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys

09:23:23.0286 5856 iirsp - ok

09:23:23.0351 5856 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll

09:23:23.0514 5856 IKEEXT - ok

09:23:23.0549 5856 InCDfs - ok

09:23:23.0574 5856 InCDPass - ok

09:23:23.0601 5856 InCDrec - ok

09:23:23.0614 5856 incdrm - ok

09:23:23.0671 5856 InCDsrv - ok

09:23:23.0679 5856 InCDsrvR - ok

09:23:23.0746 5856 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys

09:23:23.0856 5856 IntcDAud - ok

09:23:23.0879 5856 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys

09:23:23.0949 5856 intelide - ok

09:23:23.0986 5856 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys

09:23:24.0079 5856 intelppm - ok

09:23:24.0214 5856 IntuitUpdateService (3dc635b66dd7412e1c9c3a77b8d78f25) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

09:23:24.0262 5856 IntuitUpdateService - ok

09:23:24.0319 5856 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll

09:23:24.0467 5856 IPBusEnum - ok

09:23:24.0519 5856 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys

09:23:24.0670 5856 IpFilterDriver - ok

09:23:24.0728 5856 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll

09:23:24.0880 5856 iphlpsvc - ok

09:23:24.0905 5856 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys

09:23:25.0000 5856 IPMIDRV - ok

09:23:25.0013 5856 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys

09:23:25.0158 5856 IPNAT - ok

09:23:25.0328 5856 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

09:23:25.0415 5856 iPod Service - ok

09:23:25.0443 5856 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys

09:23:25.0538 5856 IRENUM - ok

09:23:25.0560 5856 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys

09:23:25.0630 5856 isapnp - ok

09:23:25.0660 5856 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys

09:23:25.0745 5856 iScsiPrt - ok

09:23:25.0818 5856 ISWKL (0af2f3ecdcd2470b856b211b4867fc63) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys

09:23:25.0880 5856 ISWKL - ok

09:23:25.0965 5856 IswSvc (2ec3c30ac72fa7f1dab43514cda61e80) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

09:23:26.0045 5856 IswSvc - ok

09:23:26.0070 5856 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys

09:23:26.0143 5856 kbdclass - ok

09:23:26.0185 5856 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys

09:23:26.0285 5856 kbdhid - ok

09:23:26.0320 5856 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

09:23:26.0385 5856 KeyIso - ok

09:23:26.0450 5856 KL1 (8d7120743a0973ceab548b475c9d4289) C:\windows\system32\DRIVERS\kl1.sys

09:23:26.0530 5856 KL1 - ok

09:23:26.0548 5856 kl2 (cd146d8e525d6eebdcaf24120a8ab9ce) C:\windows\system32\DRIVERS\kl2.sys

09:23:26.0608 5856 kl2 - ok

09:23:26.0655 5856 KLIF (a4813ee804a1d96dcb01aefd7f565c6b) C:\windows\system32\DRIVERS\klif.sys

09:23:26.0735 5856 KLIF - ok

09:23:26.0775 5856 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys

09:23:26.0848 5856 KSecDD - ok

09:23:26.0868 5856 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys

09:23:26.0945 5856 KSecPkg - ok

09:23:26.0978 5856 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys

09:23:27.0135 5856 ksthunk - ok

09:23:27.0183 5856 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll

09:23:27.0353 5856 KtmRm - ok

09:23:27.0400 5856 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\windows\system32\DRIVERS\L1C62x64.sys

09:23:27.0470 5856 L1C - ok

09:23:27.0518 5856 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll

09:23:27.0665 5856 LanmanServer - ok

09:23:27.0713 5856 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll

09:23:27.0860 5856 LanmanWorkstation - ok

09:23:27.0933 5856 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys

09:23:28.0098 5856 lltdio - ok

09:23:28.0155 5856 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll

09:23:28.0320 5856 lltdsvc - ok

09:23:28.0343 5856 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll

09:23:28.0488 5856 lmhosts - ok

09:23:28.0575 5856 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

09:23:28.0638 5856 LMS - ok

09:23:28.0673 5856 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys

09:23:28.0743 5856 LSI_FC - ok

09:23:28.0765 5856 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys

09:23:28.0840 5856 LSI_SAS - ok

09:23:28.0855 5856 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys

09:23:28.0928 5856 LSI_SAS2 - ok

09:23:28.0963 5856 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys

09:23:29.0038 5856 LSI_SCSI - ok

09:23:29.0065 5856 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys

09:23:29.0228 5856 luafv - ok

09:23:29.0285 5856 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll

09:23:29.0365 5856 Mcx2Svc - ok

09:23:29.0393 5856 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys

09:23:29.0463 5856 megasas - ok

09:23:29.0525 5856 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys

09:23:29.0613 5856 MegaSR - ok

09:23:29.0655 5856 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys

09:23:29.0715 5856 MEIx64 - ok

09:23:29.0770 5856 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

09:23:29.0913 5856 MMCSS - ok

09:23:29.0953 5856 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys

09:23:30.0110 5856 Modem - ok

09:23:30.0138 5856 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys

09:23:30.0235 5856 monitor - ok

09:23:30.0288 5856 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys

09:23:30.0360 5856 mouclass - ok

09:23:30.0380 5856 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys

09:23:30.0475 5856 mouhid - ok

09:23:30.0523 5856 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys

09:23:30.0595 5856 mountmgr - ok

09:23:30.0625 5856 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys

09:23:30.0703 5856 mpio - ok

09:23:30.0728 5856 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys

09:23:30.0870 5856 mpsdrv - ok

09:23:30.0935 5856 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll

09:23:31.0108 5856 MpsSvc - ok

09:23:31.0133 5856 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys

09:23:31.0250 5856 MRxDAV - ok

09:23:31.0285 5856 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys

09:23:31.0408 5856 mrxsmb - ok

09:23:31.0455 5856 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys

09:23:31.0550 5856 mrxsmb10 - ok

09:23:31.0583 5856 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys

09:23:31.0665 5856 mrxsmb20 - ok

09:23:31.0698 5856 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys

09:23:31.0768 5856 msahci - ok

09:23:31.0790 5856 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys

09:23:31.0865 5856 msdsm - ok

09:23:31.0910 5856 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe

09:23:32.0003 5856 MSDTC - ok

09:23:32.0033 5856 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys

09:23:32.0173 5856 Msfs - ok

09:23:32.0193 5856 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys

09:23:32.0348 5856 mshidkmdf - ok

09:23:32.0385 5856 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys

09:23:32.0448 5856 msisadrv - ok

09:23:32.0498 5856 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll

09:23:32.0650 5856 MSiSCSI - ok

09:23:32.0658 5856 msiserver - ok

09:23:32.0700 5856 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys

09:23:32.0858 5856 MSKSSRV - ok

09:23:32.0885 5856 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys

09:23:33.0035 5856 MSPCLOCK - ok

09:23:33.0075 5856 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys

09:23:33.0223 5856 MSPQM - ok

09:23:33.0258 5856 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys

09:23:33.0343 5856 MsRPC - ok

09:23:33.0373 5856 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys

09:23:33.0445 5856 mssmbios - ok

09:23:33.0485 5856 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys

09:23:33.0639 5856 MSTEE - ok

09:23:33.0686 5856 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys

09:23:33.0764 5856 MTConfig - ok

09:23:33.0786 5856 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys

09:23:33.0856 5856 Mup - ok

09:23:33.0901 5856 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll

09:23:34.0056 5856 napagent - ok

09:23:34.0114 5856 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys

09:23:34.0229 5856 NativeWifiP - ok

09:23:34.0306 5856 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys

09:23:34.0426 5856 NDIS - ok

09:23:34.0454 5856 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys

09:23:34.0611 5856 NdisCap - ok

09:23:34.0644 5856 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys

09:23:34.0784 5856 NdisTapi - ok

09:23:34.0819 5856 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys

09:23:34.0976 5856 Ndisuio - ok

09:23:35.0009 5856 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys

09:23:35.0166 5856 NdisWan - ok

09:23:35.0219 5856 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys

09:23:35.0366 5856 NDProxy - ok

09:23:35.0404 5856 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll

09:23:35.0441 5856 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:23:35.0441 5856 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:23:35.0476 5856 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys

09:23:35.0631 5856 NetBIOS - ok

09:23:35.0671 5856 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys

09:23:35.0814 5856 NetBT - ok

09:23:35.0864 5856 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

09:23:35.0929 5856 Netlogon - ok

09:23:35.0976 5856 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll

09:23:36.0126 5856 Netman - ok

09:23:36.0249 5856 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:23:36.0316 5856 NetMsmqActivator - ok

09:23:36.0324 5856 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:23:36.0374 5856 NetPipeActivator - ok

09:23:36.0431 5856 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll

09:23:36.0581 5856 netprofm - ok

09:23:36.0604 5856 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:23:36.0654 5856 NetTcpActivator - ok

09:23:36.0661 5856 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

09:23:36.0711 5856 NetTcpPortSharing - ok

09:23:36.0771 5856 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys

09:23:36.0836 5856 nfrd960 - ok

09:23:36.0889 5856 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll

09:23:37.0031 5856 NlaSvc - ok

09:23:37.0276 5856 NOBU (deea1db5275a9667a909a4f0e8d14fc5) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

09:23:37.0459 5856 NOBU - ok

09:23:37.0546 5856 nosGetPlusHelper (1acf98d80e95add298832c7a8996b48c) C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll

09:23:37.0611 5856 nosGetPlusHelper - ok

09:23:37.0721 5856 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys

09:23:37.0864 5856 Npfs - ok

09:23:37.0889 5856 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll

09:23:38.0034 5856 nsi - ok

09:23:38.0064 5856 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys

09:23:38.0206 5856 nsiproxy - ok

09:23:38.0314 5856 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys

09:23:38.0464 5856 Ntfs - ok

09:23:38.0564 5856 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys

09:23:38.0704 5856 Null - ok

09:23:38.0761 5856 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys

09:23:38.0841 5856 nvraid - ok

09:23:38.0869 5856 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys

09:23:38.0946 5856 nvstor - ok

09:23:38.0994 5856 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys

09:23:39.0069 5856 nv_agp - ok

09:23:39.0104 5856 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys

09:23:39.0206 5856 ohci1394 - ok

09:23:39.0319 5856 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:23:39.0396 5856 ose - ok

09:23:39.0649 5856 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

09:23:40.0004 5856 osppsvc - ok

09:23:40.0204 5856 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

09:23:40.0306 5856 p2pimsvc - ok

09:23:40.0359 5856 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll

09:23:40.0441 5856 p2psvc - ok

09:23:40.0509 5856 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys

09:23:40.0594 5856 Parport - ok

09:23:40.0639 5856 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys

09:23:40.0714 5856 partmgr - ok

09:23:40.0759 5856 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll

09:23:40.0856 5856 PcaSvc - ok

09:23:40.0891 5856 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys

09:23:40.0974 5856 pci - ok

09:23:40.0991 5856 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys

09:23:41.0061 5856 pciide - ok

09:23:41.0099 5856 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys

09:23:41.0181 5856 pcmcia - ok

09:23:41.0219 5856 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys

09:23:41.0289 5856 pcw - ok

09:23:41.0336 5856 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys

09:23:41.0511 5856 PEAUTH - ok

09:23:41.0601 5856 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe

09:23:41.0706 5856 PerfHost - ok

09:23:41.0859 5856 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll

09:23:42.0059 5856 pla - ok

09:23:42.0116 5856 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll

09:23:42.0209 5856 PlugPlay - ok

09:23:42.0251 5856 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll

09:23:42.0284 5856 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

09:23:42.0284 5856 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

09:23:42.0309 5856 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll

09:23:42.0406 5856 PNRPAutoReg - ok

09:23:42.0446 5856 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll

09:23:42.0521 5856 PNRPsvc - ok

09:23:42.0569 5856 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll

09:23:42.0725 5856 PolicyAgent - ok

09:23:42.0787 5856 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll

09:23:42.0930 5856 Power - ok

09:23:43.0015 5856 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys

09:23:43.0175 5856 PptpMiniport - ok

09:23:43.0192 5856 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys

09:23:43.0272 5856 Processor - ok

09:23:43.0322 5856 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll

09:23:43.0410 5856 ProfSvc - ok

09:23:43.0452 5856 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

09:23:43.0517 5856 ProtectedStorage - ok

09:23:43.0615 5856 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\windows\SysWOW64\PSIService.exe

09:23:43.0672 5856 ProtexisLicensing - ok

09:23:43.0710 5856 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys

09:23:43.0872 5856 Psched - ok

09:23:43.0917 5856 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys

09:23:43.0982 5856 PSI - ok

09:23:44.0050 5856 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys

09:23:44.0152 5856 QIOMem - ok

09:23:44.0260 5856 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys

09:23:44.0380 5856 ql2300 - ok

09:23:44.0512 5856 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys

09:23:44.0587 5856 ql40xx - ok

09:23:44.0630 5856 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll

09:23:44.0730 5856 QWAVE - ok

09:23:44.0740 5856 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys

09:23:44.0845 5856 QWAVEdrv - ok

09:23:44.0865 5856 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys

09:23:45.0025 5856 RasAcd - ok

09:23:45.0082 5856 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys

09:23:45.0225 5856 RasAgileVpn - ok

09:23:45.0265 5856 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll

09:23:45.0420 5856 RasAuto - ok

09:23:45.0457 5856 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys

09:23:45.0620 5856 Rasl2tp - ok

09:23:45.0685 5856 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll

09:23:45.0837 5856 RasMan - ok

09:23:45.0880 5856 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys

09:23:46.0040 5856 RasPppoe - ok

09:23:46.0055 5856 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys

09:23:46.0212 5856 RasSstp - ok

09:23:46.0240 5856 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys

09:23:46.0395 5856 rdbss - ok

09:23:46.0427 5856 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys

09:23:46.0527 5856 rdpbus - ok

09:23:46.0557 5856 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys

09:23:46.0710 5856 RDPCDD - ok

09:23:46.0737 5856 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys

09:23:46.0885 5856 RDPENCDD - ok

09:23:46.0907 5856 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys

09:23:47.0055 5856 RDPREFMP - ok

09:23:47.0117 5856 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys

09:23:47.0210 5856 RDPWD - ok

09:23:47.0275 5856 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys

09:23:47.0357 5856 rdyboost - ok

09:23:47.0387 5856 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll

09:23:47.0542 5856 RemoteAccess - ok

09:23:47.0602 5856 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll

09:23:47.0752 5856 RemoteRegistry - ok

09:23:47.0785 5856 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll

09:23:47.0922 5856 RpcEptMapper - ok

09:23:47.0950 5856 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe

09:23:48.0032 5856 RpcLocator - ok

09:23:48.0085 5856 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll

09:23:48.0232 5856 RpcSs - ok

09:23:48.0287 5856 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys

09:23:48.0482 5856 rspndr - ok

09:23:48.0565 5856 RSUSBSTOR (135a64530d7699ad48f29d73a658dd11) C:\windows\system32\Drivers\RtsUStor.sys

09:23:48.0662 5856 RSUSBSTOR - ok

09:23:48.0712 5856 RSUSBVSTOR (e54a5586a28d0630a79a68bbab84bfcf) C:\windows\system32\Drivers\RTSUVSTOR.sys

09:23:48.0797 5856 RSUSBVSTOR - ok

09:23:48.0895 5856 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys

09:23:49.0012 5856 RTL8192Ce - ok

09:23:49.0052 5856 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

09:23:49.0117 5856 SamSs - ok

09:23:49.0210 5856 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

09:23:49.0262 5856 SASDIFSV - ok

09:23:49.0315 5856 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

09:23:49.0367 5856 SASKUTIL - ok

09:23:49.0400 5856 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys

09:23:49.0472 5856 sbp2port - ok

09:23:49.0605 5856 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

09:23:49.0695 5856 SBSDWSCService - ok

09:23:49.0737 5856 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll

09:23:49.0880 5856 SCardSvr - ok

09:23:49.0937 5856 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys

09:23:50.0090 5856 scfilter - ok

09:23:50.0160 5856 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll

09:23:50.0340 5856 Schedule - ok

09:23:50.0382 5856 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll

09:23:50.0537 5856 SCPolicySvc - ok

09:23:50.0580 5856 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll

09:23:50.0677 5856 SDRSVC - ok

09:23:50.0752 5856 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys

09:23:50.0907 5856 secdrv - ok

09:23:50.0945 5856 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll

09:23:51.0082 5856 seclogon - ok

09:23:51.0200 5856 Secunia PSI Agent (2d0599dd0124764fc939c59985c860de) C:\Program Files (x86)\Secunia\PSI\PSIA.exe

09:23:51.0292 5856 Secunia PSI Agent - ok

09:23:51.0340 5856 Secunia Update Agent (20b9e1adbc58958b480933e4da005dfb) C:\Program Files (x86)\Secunia\PSI\sua.exe

09:23:51.0405 5856 Secunia Update Agent - ok

09:23:51.0510 5856 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll

09:23:51.0656 5856 SENS - ok

09:23:51.0693 5856 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll

09:23:51.0791 5856 SensrSvc - ok

09:23:51.0876 5856 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys

09:23:51.0968 5856 Serenum - ok

09:23:51.0998 5856 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys

09:23:52.0091 5856 Serial - ok

09:23:52.0136 5856 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys

09:23:52.0226 5856 sermouse - ok

09:23:52.0278 5856 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll

09:23:52.0416 5856 SessionEnv - ok

09:23:52.0433 5856 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys

09:23:52.0531 5856 sffdisk - ok

09:23:52.0561 5856 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys

09:23:52.0653 5856 sffp_mmc - ok

09:23:52.0673 5856 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys

09:23:52.0776 5856 sffp_sd - ok

09:23:52.0818 5856 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys

09:23:52.0916 5856 sfloppy - ok

09:23:53.0011 5856 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys

09:23:53.0113 5856 Sftfs - ok

09:23:53.0226 5856 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

09:23:53.0293 5856 sftlist - ok

09:23:53.0343 5856 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys

09:23:53.0416 5856 Sftplay - ok

09:23:53.0438 5856 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys

09:23:53.0501 5856 Sftredir - ok

09:23:53.0533 5856 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys

09:23:53.0593 5856 Sftvol - ok

09:23:53.0651 5856 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

09:23:53.0706 5856 sftvsa - ok

09:23:53.0768 5856 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll

09:23:53.0916 5856 SharedAccess - ok

09:23:53.0966 5856 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll

09:23:54.0121 5856 ShellHWDetection - ok

09:23:54.0166 5856 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys

09:23:54.0233 5856 SiSRaid2 - ok

09:23:54.0261 5856 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys

09:23:54.0328 5856 SiSRaid4 - ok

09:23:54.0391 5856 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

09:23:54.0526 5856 SkypeUpdate - ok

09:23:54.0553 5856 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys

09:23:54.0711 5856 Smb - ok

09:23:54.0768 5856 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe

09:23:54.0853 5856 SNMPTRAP - ok

09:23:54.0871 5856 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys

09:23:54.0941 5856 spldr - ok

09:23:54.0983 5856 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe

09:23:55.0126 5856 Spooler - ok

09:23:55.0331 5856 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe

09:23:55.0586 5856 sppsvc - ok

09:23:55.0686 5856 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll

09:23:55.0823 5856 sppuinotify - ok

09:23:55.0898 5856 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys

09:23:56.0033 5856 srv - ok

09:23:56.0068 5856 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys

09:23:56.0181 5856 srv2 - ok

09:23:56.0241 5856 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\windows\system32\DRIVERS\VSTAZL6.SYS

09:23:56.0333 5856 SrvHsfHDA - ok

09:23:56.0416 5856 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\windows\system32\DRIVERS\VSTDPV6.SYS

09:23:56.0591 5856 SrvHsfV92 - ok

09:23:56.0754 5856 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\windows\system32\DRIVERS\VSTCNXT6.SYS

09:23:56.0849 5856 SrvHsfWinac - ok

09:23:56.0904 5856 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys

09:23:56.0989 5856 srvnet - ok

09:23:57.0044 5856 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll

09:23:57.0204 5856 SSDPSRV - ok

09:23:57.0246 5856 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll

09:23:57.0366 5856 SstpSvc - ok

09:23:57.0416 5856 stdriver (c270c64b4f6ca87dac2d7f68ed57a141) C:\windows\system32\DRIVERS\stdriver64.sys

09:23:57.0481 5856 stdriver - ok

09:23:57.0571 5856 Steam Client Service - ok

09:23:57.0611 5856 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys

09:23:57.0679 5856 stexstor - ok

09:23:57.0716 5856 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys

09:23:57.0821 5856 StillCam - ok

09:23:57.0886 5856 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll

09:23:57.0996 5856 stisvc - ok

09:23:58.0029 5856 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys

09:23:58.0091 5856 swenum - ok

09:23:58.0161 5856 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll

09:23:58.0299 5856 swprv - ok

09:23:58.0404 5856 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys

09:23:58.0529 5856 SynTP - ok

09:23:58.0685 5856 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll

09:23:58.0832 5856 SysMain - ok

09:23:58.0932 5856 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll

09:23:59.0052 5856 TabletInputService - ok

09:23:59.0095 5856 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll

09:23:59.0240 5856 TapiSrv - ok

09:23:59.0280 5856 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll

09:23:59.0415 5856 TBS - ok

09:23:59.0585 5856 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys

09:23:59.0745 5856 Tcpip - ok

09:23:59.0930 5856 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys

09:24:00.0060 5856 TCPIP6 - ok

09:24:00.0157 5856 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys

09:24:00.0315 5856 tcpipreg - ok

09:24:00.0335 5856 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys

09:24:00.0415 5856 TDPIPE - ok

09:24:00.0457 5856 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys

09:24:00.0555 5856 TDTCP - ok

09:24:00.0615 5856 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys

09:24:00.0757 5856 tdx - ok

09:24:00.0780 5856 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys

09:24:00.0852 5856 TermDD - ok

09:24:00.0917 5856 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll

09:24:01.0075 5856 TermService - ok

09:24:01.0112 5856 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll

09:24:01.0195 5856 Themes - ok

09:24:01.0237 5856 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll

09:24:01.0367 5856 THREADORDER - ok

09:24:01.0490 5856 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe

09:24:01.0555 5856 TosCoSrv - ok

09:24:01.0607 5856 TOSHIBA eco Utility Service (d0f868a67cb4d817a3f7abef8c42f49c) C:\Program Files\TOSHIBA\TECO\TecoService.exe

09:24:01.0662 5856 TOSHIBA eco Utility Service - ok

09:24:01.0720 5856 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

09:24:01.0767 5856 TOSHIBA HDD SSD Alert Service - ok

09:24:01.0847 5856 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys

09:24:01.0942 5856 tos_sps64 - ok

09:24:01.0995 5856 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll

09:24:02.0140 5856 TrkWks - ok

09:24:02.0212 5856 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe

09:24:02.0357 5856 TrustedInstaller - ok

09:24:02.0400 5856 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys

09:24:02.0547 5856 tssecsrv - ok

09:24:02.0600 5856 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys

09:24:02.0677 5856 TsUsbFlt - ok

09:24:02.0687 5856 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys

09:24:02.0772 5856 TsUsbGD - ok

09:24:02.0827 5856 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys

09:24:02.0982 5856 tunnel - ok

09:24:03.0035 5856 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS

09:24:03.0100 5856 TVALZ - ok

09:24:03.0120 5856 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys

09:24:03.0192 5856 uagp35 - ok

09:24:03.0245 5856 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys

09:24:03.0410 5856 udfs - ok

09:24:03.0460 5856 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe

09:24:03.0532 5856 UI0Detect - ok

09:24:03.0580 5856 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys

09:24:03.0652 5856 uliagpkx - ok

09:24:03.0697 5856 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys

09:24:03.0790 5856 umbus - ok

09:24:03.0822 5856 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys

09:24:03.0907 5856 UmPass - ok

09:24:04.0112 5856 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

09:24:04.0282 5856 UNS - ok

09:24:04.0392 5856 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll

09:24:04.0552 5856 upnphost - ok

09:24:04.0647 5856 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys

09:24:04.0742 5856 USBAAPL64 - ok

09:24:04.0792 5856 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys

09:24:04.0877 5856 usbccgp - ok

09:24:04.0927 5856 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys

09:24:05.0012 5856 usbcir - ok

09:24:05.0050 5856 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys

09:24:05.0147 5856 usbehci - ok

09:24:05.0190 5856 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys

09:24:05.0297 5856 usbhub - ok

09:24:05.0347 5856 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys

09:24:05.0442 5856 usbohci - ok

09:24:05.0470 5856 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys

09:24:05.0572 5856 usbprint - ok

09:24:05.0615 5856 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS

09:24:05.0712 5856 USBSTOR - ok

09:24:05.0740 5856 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys

09:24:05.0820 5856 usbuhci - ok

09:24:05.0875 5856 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys

09:24:05.0972 5856 usbvideo - ok

09:24:06.0000 5856 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll

09:24:06.0147 5856 UxSms - ok

09:24:06.0207 5856 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe

09:24:06.0272 5856 VaultSvc - ok

09:24:06.0305 5856 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys

09:24:06.0370 5856 vdrvroot - ok

09:24:06.0422 5856 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe

09:24:06.0582 5856 vds - ok

09:24:06.0615 5856 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys

09:24:06.0704 5856 vga - ok

09:24:06.0724 5856 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys

09:24:06.0872 5856 VgaSave - ok

09:24:06.0922 5856 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys

09:24:07.0007 5856 vhdmp - ok

09:24:07.0034 5856 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys

09:24:07.0099 5856 viaide - ok

09:24:07.0152 5856 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\windows\system32\DRIVERS\vmnetadapter.sys

09:24:07.0214 5856 VMnetAdapter - ok

09:24:07.0249 5856 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys

09:24:07.0322 5856 volmgr - ok

09:24:07.0354 5856 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys

09:24:07.0442 5856 volmgrx - ok

09:24:07.0472 5856 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys

09:24:07.0559 5856 volsnap - ok

09:24:07.0624 5856 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\windows\system32\DRIVERS\vsdatant.sys

09:24:07.0718 5856 Vsdatant - ok

09:24:07.0808 5856 vsmon - ok

09:24:07.0868 5856 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys

09:24:07.0940 5856 vsmraid - ok

09:24:08.0035 5856 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe

09:24:08.0223 5856 VSS - ok

09:24:08.0328 5856 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys

09:24:08.0425 5856 vwifibus - ok

09:24:08.0458 5856 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys

09:24:08.0555 5856 vwififlt - ok

09:24:08.0570 5856 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys

09:24:08.0663 5856 vwifimp - ok

09:24:08.0705 5856 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll

09:24:08.0848 5856 W32Time - ok

09:24:08.0883 5856 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys

09:24:08.0980 5856 WacomPen - ok

09:24:09.0075 5856 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

09:24:09.0228 5856 WANARP - ok

09:24:09.0245 5856 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys

09:24:09.0368 5856 Wanarpv6 - ok

09:24:09.0475 5856 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe

09:24:09.0598 5856 WatAdminSvc - ok

09:24:09.0688 5856 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe

09:24:09.0840 5856 wbengine - ok

09:24:09.0950 5856 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll

09:24:10.0050 5856 WbioSrvc - ok

09:24:10.0083 5856 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll

09:24:10.0190 5856 wcncsvc - ok

09:24:10.0225 5856 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll

09:24:10.0305 5856 WcsPlugInService - ok

09:24:10.0363 5856 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys

09:24:10.0435 5856 Wd - ok

09:24:10.0488 5856 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys

09:24:10.0595 5856 Wdf01000 - ok

09:24:10.0628 5856 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

09:24:10.0730 5856 WdiServiceHost - ok

09:24:10.0738 5856 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll

09:24:10.0820 5856 WdiSystemHost - ok

09:24:10.0855 5856 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll

09:24:10.0965 5856 WebClient - ok

09:24:11.0000 5856 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll

09:24:11.0155 5856 Wecsvc - ok

09:24:11.0185 5856 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll

09:24:11.0318 5856 wercplsupport - ok

09:24:11.0348 5856 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll

09:24:11.0493 5856 WerSvc - ok

09:24:11.0563 5856 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys

09:24:11.0700 5856 WfpLwf - ok

09:24:11.0740 5856 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys

09:24:11.0810 5856 WIMMount - ok

09:24:11.0860 5856 WinDefend - ok

09:24:11.0878 5856 WinHttpAutoProxySvc - ok

09:24:11.0945 5856 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll

09:24:12.0080 5856 Winmgmt - ok

09:24:12.0188 5856 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll

09:24:12.0390 5856 WinRM - ok

09:24:12.0528 5856 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys

09:24:12.0610 5856 WinUsb - ok

09:24:12.0686 5856 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll

09:24:12.0821 5856 Wlansvc - ok

09:24:12.0906 5856 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

09:24:12.0969 5856 wlcrasvc - ok

09:24:13.0164 5856 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

09:24:13.0311 5856 wlidsvc - ok

09:24:13.0429 5856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys

09:24:13.0521 5856 WmiAcpi - ok

09:24:13.0601 5856 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe

09:24:13.0704 5856 wmiApSrv - ok

09:24:13.0769 5856 WMPNetworkSvc - ok

09:24:13.0816 5856 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll

09:24:13.0894 5856 WPCSvc - ok

09:24:13.0919 5856 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll

09:24:14.0029 5856 WPDBusEnum - ok

09:24:14.0061 5856 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys

09:24:14.0201 5856 ws2ifsl - ok

09:24:14.0241 5856 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll

09:24:14.0339 5856 wscsvc - ok

09:24:14.0381 5856 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys

09:24:14.0469 5856 WSDPrintDevice - ok

09:24:14.0476 5856 WSearch - ok

09:24:14.0619 5856 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll

09:24:14.0779 5856 wuauserv - ok

09:24:14.0896 5856 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys

09:24:15.0056 5856 WudfPf - ok

09:24:15.0089 5856 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys

09:24:15.0244 5856 WUDFRd - ok

09:24:15.0286 5856 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll

09:24:15.0426 5856 wudfsvc - ok

09:24:15.0451 5856 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll

09:24:15.0564 5856 WwanSvc - ok

09:24:15.0634 5856 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

09:24:16.0692 5856 \Device\Harddisk0\DR0 - ok

09:24:16.0722 5856 Boot (0x1200) (a33f24941161d842fbb88a41471599df) \Device\Harddisk0\DR0\Partition0

09:24:16.0727 5856 \Device\Harddisk0\DR0\Partition0 - ok

09:24:16.0727 5856 ============================================================

09:24:16.0727 5856 Scan finished

09:24:16.0727 5856 ============================================================

09:24:16.0745 4084 Detected object count: 5

09:24:16.0745 4084 Actual detected object count: 5

09:24:38.0771 4084 CronService ( UnsignedFile.Multi.Generic ) - skipped by user

09:24:38.0771 4084 CronService ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:24:38.0771 4084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

09:24:38.0771 4084 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:24:38.0776 4084 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

09:24:38.0776 4084 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:24:38.0778 4084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:24:38.0778 4084 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:24:38.0781 4084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

09:24:38.0781 4084 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

09:24:47.0264 3096 Deinitialize success

Computer seems to be the same which is normally ok but occasionally acting weird when I type or slow in Outbook and browsers. Still want to do whatever is needed to clean up system before changing passwords.

Thank you for your time and assistance,

Wanda

[LDTate]

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

[Wanda]

Thank you for all your assistance to get the computer as clean as possible. Is there any last steps I need to do? Also I put a post in the forum yesterday asking for assistance in cleaning up my son's computer. I would love to work with you again as you have been very detailed in the steps needed to do so everything was simplified to execute.

Wanda

[LDTate]

I replied to your other topic.

When your email account gets "spoofed" the first thing to do is contact your provider to get your password,changed.

They should be able to help correct that type of issue.

You can delete any of the leftover toools I had you use if they are still there.

You're more than welcome.

Glad we were able to help

Peace be with you

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!