Jump to content

I fell for the ammyy scam


Recommended Posts

I hope you can help me. I got scammed by this yesterday. They called saying they were from microsoft and my computer was a host of some nasty viruses and was sending out illegal information(!). I should have known better but they were extremely persuasive, I let them in via the ammyy remote access and they started messing around with things – to show me all the ‘errors’ in my computer.

Afterwards I disconnected the internet, backed up all my files onto an external hard drive and then ran a system restore to a week ago. I also dowloaded latest malwarebytes anti-malware programme and ran it - which didnt bring up any problems. Then i ran rkill which was also clean. Is there anything else I can do? Should I take it to see a specialist?

Thanks

Link to post
Share on other sites

  • Replies 52
  • Created
  • Last Reply

Top Posters In This Topic

Hello HVV,

Be sure you have your antivirus program updated, and do a Full scan with it.

Then, afterwards, start MBAM. Do a Check for Updates run. Then a FULL scan with MBAM.

Just why did you fall for this scam ??

Dealing with Fake Tech Support & Phone Scams

http://windowsteamblog.com/windows/b/windowssecurity/archive/2011/06/16/dealing-with-fake-tech-support-amp-phone-scams.aspx

HOW TO Avoid Phone Scams & Other Cybercriminal Tech Support Scams

http://www.microsoft.com/security/online-privacy/avoid-phone-scams.aspx

HOW TO Avoid [phone & email] scams that use the Microsoft name fraudulently

http://www.microsoft.com/security/online-privacy/msname.aspx

Microsoft dumps [india-based Comantra Certified Gold] partner over telephone scam claims (21 Sept-11)

http://nakedsecurity.sophos.com/2011/09/21/microsoft-dumps-partner-telephone-support-scam/

More => http://securitygarden.blogspot.com/2011/09/microsoft-removes-gold-certified.html

Microsoft Survey Reveals Extent of Emerging Internet Phone Scam (16 Jun-11)

http://www.microsoft.com/Presspass/press/2011/jun11/06-16MSPhoneScamPR.mspx

Watch out for ‘Microsoft Tech Support’ scams (03 Feb-11)

http://windowssecrets.com/top-story/watch-out-for-microsoft-tech-support-scams/

ISC Diary | Older AV Scam Active again (23 Dec-10)

http://isc.sans.edu/diary.html?storyid=10135

Link to post
Share on other sites

Thank you for the response. I have absolutely no idea why I fell for this. I was worried about my computer anyway, was overtired having worked too much leading to seriously impaired judgement and have an issue with trust - in that I trust everyone.

Is virus scanning enough? On other forums I have read that you need to re-install windows etc.

Link to post
Share on other sites

I suggested you scan with 1) your antivirus -- FULL scan

2) MBAM --- full scan

3) do one or two scans online, at some of the following

ESET Online Scanner

BitDefender Quickscan

Trend Micro Housecall

F-Secure Online Scanner

Microsoft Safety Scanner

Panda ActiveScan

If nothing is found, consider yourself lucky.

If something is found, provide all details.

If your computer has personal financial info (credit card/bank), then consider that your identity & financial info is at risk.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

Consumers – Identity Theft http://www.ftc.gov/bcp/edu/microsites/idtheft/consumers/index.html

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Link to post
Share on other sites

MBAM has detected something...

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.14.05

Windows 7 x64 NTFS

Internet Explorer 9.0.8112.16421

Hannah :: HANNAH-TOSH [administrator]

Protection: Enabled

17/07/2012 05:48:52

mbam-log-2012-07-17 (20-01-36).txt

Scan type: Full scan (C:\|D:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 401703

Time elapsed: 59 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Hannah\Downloads\rundll32.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

(end)

Link to post
Share on other sites

You should have allowed MBAM to remove that file.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

We Need to Run a Batch Script

  1. Press the Windows-key on keyboard.
  2. In the 10-16-2011%204-33-46%20PM.png box, type notepad and press Enter.
  3. Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
    del /f /q C:\Users\Hannah\Downloads\rundll32.exe
    del /f /q "%~f0"


  4. Select File -> Save AS.
  5. Press the Desktop button on the left side of the save dialog.
  6. In the 10-16-2011%204-37-58%20PM.png box, type in Fix.bat.
  7. Press 10-16-2011%204-36-39%20PM.png.
  8. Close Notepad.
  9. Right click 10-16-2011%204-34-34%20PM.png on your desktop, and choose 10-16-2011%204-40-48%20PM.png.
  10. Press Yes if prompted by User Account Control.

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

Download DDS and save it to your desktop from http://www.techsupportforum.com/sectools/sUBs/dds here or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.forospyware.com/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

Then double click dds.scr to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

  • When done, DDS will open two (2) logs:
  • DDS.txt
  • Attach.txt
  • Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:

DDS.txt

Attach.txt

Link to post
Share on other sites

Hi there, I am still here, been away from the computer for a while. Have worked through the instructions. Details below, thanks!

The fix button was not enabled

20:24:14.0810 0388 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

20:24:15.0459 0388 ============================================================

20:24:15.0459 0388 Current date / time: 2012/07/20 20:24:15.0459

20:24:15.0459 0388 SystemInfo:

20:24:15.0459 0388

20:24:15.0459 0388 OS Version: 6.1.7600 ServicePack: 0.0

20:24:15.0459 0388 Product type: Workstation

20:24:15.0459 0388 ComputerName: HANNAH-TOSH

20:24:15.0460 0388 UserName: Hannah

20:24:15.0460 0388 Windows directory: C:\Windows

20:24:15.0460 0388 System windows directory: C:\Windows

20:24:15.0460 0388 Running under WOW64

20:24:15.0460 0388 Processor architecture: Intel x64

20:24:15.0460 0388 Number of processors: 1

20:24:15.0460 0388 Page size: 0x1000

20:24:15.0460 0388 Boot type: Normal boot

20:24:15.0460 0388 ============================================================

20:24:17.0681 0388 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:24:17.0783 0388 ============================================================

20:24:17.0783 0388 \Device\Harddisk0\DR0:

20:24:17.0803 0388 MBR partitions:

20:24:17.0803 0388 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0xE86C800

20:24:17.0803 0388 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE935000, BlocksNum 0xE890170

20:24:17.0803 0388 ============================================================

20:24:17.0843 0388 C: <-> \Device\Harddisk0\DR0\Partition0

20:24:17.0879 0388 D: <-> \Device\Harddisk0\DR0\Partition1

20:24:17.0915 0388 ============================================================

20:24:17.0915 0388 Initialize success

20:24:17.0915 0388 ============================================================

20:24:36.0244 4640 ============================================================

20:24:36.0244 4640 Scan started

20:24:36.0244 4640 Mode: Manual; SigCheck; TDLFS;

20:24:36.0244 4640 ============================================================

20:24:36.0619 4640 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

20:24:37.0250 4640 1394ohci - ok

20:24:37.0352 4640 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

20:24:37.0373 4640 ACPI - ok

20:24:37.0418 4640 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

20:24:37.0537 4640 AcpiPmi - ok

20:24:37.0615 4640 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:24:37.0640 4640 adp94xx - ok

20:24:37.0680 4640 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:24:37.0701 4640 adpahci - ok

20:24:37.0756 4640 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:24:37.0781 4640 adpu320 - ok

20:24:37.0823 4640 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:24:37.0988 4640 AeLookupSvc - ok

20:24:38.0086 4640 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

20:24:38.0237 4640 AFD - ok

20:24:38.0291 4640 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

20:24:38.0308 4640 agp440 - ok

20:24:38.0362 4640 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:24:38.0426 4640 ALG - ok

20:24:38.0492 4640 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

20:24:38.0507 4640 aliide - ok

20:24:38.0570 4640 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

20:24:38.0585 4640 amdide - ok

20:24:38.0632 4640 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:24:38.0667 4640 AmdK8 - ok

20:24:38.0696 4640 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:24:38.0743 4640 AmdPPM - ok

20:24:38.0809 4640 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

20:24:38.0826 4640 amdsata - ok

20:24:38.0874 4640 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:24:38.0892 4640 amdsbs - ok

20:24:38.0948 4640 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

20:24:38.0962 4640 amdxata - ok

20:24:39.0014 4640 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

20:24:39.0117 4640 AppID - ok

20:24:39.0141 4640 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:24:39.0201 4640 AppIDSvc - ok

20:24:39.0253 4640 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

20:24:39.0326 4640 Appinfo - ok

20:24:39.0456 4640 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:24:39.0487 4640 Apple Mobile Device - ok

20:24:39.0541 4640 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:24:39.0557 4640 arc - ok

20:24:39.0575 4640 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:24:39.0596 4640 arcsas - ok

20:24:39.0655 4640 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys

20:24:39.0722 4640 aswFsBlk - ok

20:24:39.0811 4640 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys

20:24:39.0826 4640 aswMonFlt - ok

20:24:39.0867 4640 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys

20:24:39.0883 4640 aswRdr - ok

20:24:39.0981 4640 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys

20:24:40.0013 4640 aswSnx - ok

20:24:40.0063 4640 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys

20:24:40.0084 4640 aswSP - ok

20:24:40.0125 4640 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys

20:24:40.0140 4640 aswTdi - ok

20:24:40.0187 4640 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:24:40.0241 4640 AsyncMac - ok

20:24:40.0272 4640 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

20:24:40.0288 4640 atapi - ok

20:24:40.0388 4640 athr (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys

20:24:40.0460 4640 athr - ok

20:24:40.0598 4640 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

20:24:40.0664 4640 AudioEndpointBuilder - ok

20:24:40.0677 4640 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

20:24:40.0726 4640 AudioSrv - ok

20:24:40.0866 4640 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

20:24:40.0882 4640 avast! Antivirus - ok

20:24:40.0928 4640 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

20:24:41.0046 4640 AxInstSV - ok

20:24:41.0137 4640 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:24:41.0221 4640 b06bdrv - ok

20:24:41.0281 4640 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:24:41.0330 4640 b57nd60a - ok

20:24:41.0536 4640 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

20:24:41.0575 4640 BBSvc - ok

20:24:41.0774 4640 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

20:24:41.0815 4640 BBUpdate - ok

20:24:41.0871 4640 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:24:41.0980 4640 BDESVC - ok

20:24:42.0023 4640 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:24:42.0095 4640 Beep - ok

20:24:42.0164 4640 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

20:24:42.0251 4640 BFE - ok

20:24:42.0333 4640 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

20:24:42.0460 4640 BITS - ok

20:24:42.0529 4640 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:24:42.0564 4640 blbdrive - ok

20:24:42.0713 4640 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

20:24:42.0730 4640 Bonjour Service - ok

20:24:42.0791 4640 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

20:24:42.0884 4640 bowser - ok

20:24:42.0913 4640 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:24:42.0951 4640 BrFiltLo - ok

20:24:42.0961 4640 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:24:42.0982 4640 BrFiltUp - ok

20:24:43.0027 4640 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

20:24:43.0092 4640 Browser - ok

20:24:43.0138 4640 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:24:43.0193 4640 Brserid - ok

20:24:43.0201 4640 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:24:43.0233 4640 BrSerWdm - ok

20:24:43.0264 4640 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:24:43.0311 4640 BrUsbMdm - ok

20:24:43.0341 4640 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:24:43.0371 4640 BrUsbSer - ok

20:24:43.0394 4640 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:24:43.0437 4640 BTHMODEM - ok

20:24:43.0481 4640 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:24:43.0539 4640 bthserv - ok

20:24:43.0575 4640 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:24:43.0638 4640 cdfs - ok

20:24:43.0705 4640 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

20:24:43.0740 4640 cdrom - ok

20:24:43.0792 4640 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

20:24:43.0861 4640 CertPropSvc - ok

20:24:44.0009 4640 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

20:24:44.0026 4640 cfWiMAXService - ok

20:24:44.0075 4640 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:24:44.0115 4640 circlass - ok

20:24:44.0153 4640 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:24:44.0176 4640 CLFS - ok

20:24:44.0251 4640 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:24:44.0267 4640 clr_optimization_v2.0.50727_32 - ok

20:24:44.0293 4640 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:24:44.0309 4640 clr_optimization_v2.0.50727_64 - ok

20:24:44.0431 4640 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:24:44.0474 4640 clr_optimization_v4.0.30319_32 - ok

20:24:44.0548 4640 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:24:44.0564 4640 clr_optimization_v4.0.30319_64 - ok

20:24:44.0607 4640 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:24:44.0645 4640 CmBatt - ok

20:24:44.0689 4640 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

20:24:44.0709 4640 cmdide - ok

20:24:44.0759 4640 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys

20:24:44.0836 4640 CNG - ok

20:24:44.0925 4640 CnxtHdAudService (7247a4d0875f5f28919e0787e11b7b57) C:\Windows\system32\drivers\CHDRT64.sys

20:24:44.0970 4640 CnxtHdAudService - ok

20:24:45.0019 4640 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:24:45.0034 4640 Compbatt - ok

20:24:45.0059 4640 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

20:24:45.0094 4640 CompositeBus - ok

20:24:45.0119 4640 COMSysApp - ok

20:24:45.0237 4640 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

20:24:45.0248 4640 ConfigFree Service - ok

20:24:45.0270 4640 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:24:45.0287 4640 crcdisk - ok

20:24:45.0343 4640 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll

20:24:45.0405 4640 CryptSvc - ok

20:24:45.0481 4640 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

20:24:45.0551 4640 DcomLaunch - ok

20:24:45.0598 4640 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:24:45.0668 4640 defragsvc - ok

20:24:45.0738 4640 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

20:24:45.0809 4640 DfsC - ok

20:24:45.0860 4640 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

20:24:45.0937 4640 Dhcp - ok

20:24:45.0978 4640 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:24:46.0039 4640 discache - ok

20:24:46.0096 4640 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:24:46.0112 4640 Disk - ok

20:24:46.0143 4640 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

20:24:46.0197 4640 Dnscache - ok

20:24:46.0240 4640 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

20:24:46.0302 4640 dot3svc - ok

20:24:46.0364 4640 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

20:24:46.0413 4640 DPS - ok

20:24:46.0471 4640 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:24:46.0523 4640 drmkaud - ok

20:24:46.0636 4640 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

20:24:46.0670 4640 DXGKrnl - ok

20:24:46.0724 4640 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:24:46.0780 4640 EapHost - ok

20:24:46.0915 4640 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:24:47.0027 4640 ebdrv - ok

20:24:47.0124 4640 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

20:24:47.0183 4640 EFS - ok

20:24:47.0277 4640 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

20:24:47.0397 4640 ehRecvr - ok

20:24:47.0434 4640 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:24:47.0547 4640 ehSched - ok

20:24:47.0637 4640 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:24:47.0661 4640 elxstor - ok

20:24:47.0673 4640 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

20:24:47.0716 4640 ErrDev - ok

20:24:47.0779 4640 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:24:47.0842 4640 EventSystem - ok

20:24:47.0923 4640 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:24:47.0982 4640 exfat - ok

20:24:48.0017 4640 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:24:48.0071 4640 fastfat - ok

20:24:48.0145 4640 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

20:24:48.0233 4640 Fax - ok

20:24:48.0262 4640 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:24:48.0299 4640 fdc - ok

20:24:48.0338 4640 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:24:48.0380 4640 fdPHost - ok

20:24:48.0396 4640 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:24:48.0457 4640 FDResPub - ok

20:24:48.0486 4640 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:24:48.0501 4640 FileInfo - ok

20:24:48.0517 4640 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:24:48.0586 4640 Filetrace - ok

20:24:48.0610 4640 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:24:48.0647 4640 flpydisk - ok

20:24:48.0713 4640 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

20:24:48.0732 4640 FltMgr - ok

20:24:48.0802 4640 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

20:24:48.0890 4640 FontCache - ok

20:24:48.0959 4640 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:24:48.0971 4640 FontCache3.0.0.0 - ok

20:24:49.0028 4640 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:24:49.0044 4640 FsDepends - ok

20:24:49.0082 4640 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

20:24:49.0098 4640 Fs_Rec - ok

20:24:49.0148 4640 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:24:49.0171 4640 fvevol - ok

20:24:49.0219 4640 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\Windows\system32\DRIVERS\FwLnk.sys

20:24:49.0271 4640 FwLnk - ok

20:24:49.0330 4640 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:24:49.0347 4640 gagp30kx - ok

20:24:49.0438 4640 GameConsoleService (1a0b9d84beb3306f728bc3009d432f5c) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

20:24:49.0454 4640 GameConsoleService - ok

20:24:49.0493 4640 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:24:49.0504 4640 GEARAspiWDM - ok

20:24:49.0557 4640 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

20:24:49.0605 4640 gpsvc - ok

20:24:49.0648 4640 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:24:49.0724 4640 hcw85cir - ok

20:24:49.0788 4640 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

20:24:49.0836 4640 HdAudAddService - ok

20:24:49.0884 4640 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

20:24:49.0917 4640 HDAudBus - ok

20:24:49.0949 4640 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:24:49.0970 4640 HidBatt - ok

20:24:49.0983 4640 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:24:50.0026 4640 HidBth - ok

20:24:50.0040 4640 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:24:50.0064 4640 HidIr - ok

20:24:50.0106 4640 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:24:50.0166 4640 hidserv - ok

20:24:50.0224 4640 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

20:24:50.0254 4640 HidUsb - ok

20:24:50.0295 4640 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

20:24:50.0392 4640 hkmsvc - ok

20:24:50.0421 4640 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

20:24:50.0519 4640 HomeGroupListener - ok

20:24:50.0564 4640 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

20:24:50.0604 4640 HomeGroupProvider - ok

20:24:50.0661 4640 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

20:24:50.0677 4640 HpSAMD - ok

20:24:50.0745 4640 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

20:24:50.0815 4640 HTTP - ok

20:24:50.0842 4640 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

20:24:50.0858 4640 hwpolicy - ok

20:24:50.0927 4640 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

20:24:50.0946 4640 i8042prt - ok

20:24:51.0017 4640 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys

20:24:51.0036 4640 iaStor - ok

20:24:51.0115 4640 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

20:24:51.0137 4640 iaStorV - ok

20:24:51.0238 4640 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:24:51.0279 4640 idsvc - ok

20:24:51.0623 4640 igfx (898ab5bfed7040d7ab07af01885eb944) C:\Windows\system32\DRIVERS\igdkmd64.sys

20:24:51.0998 4640 igfx - ok

20:24:52.0121 4640 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:24:52.0136 4640 iirsp - ok

20:24:52.0199 4640 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

20:24:52.0281 4640 IKEEXT - ok

20:24:52.0332 4640 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

20:24:52.0348 4640 intelide - ok

20:24:52.0382 4640 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:24:52.0413 4640 intelppm - ok

20:24:52.0452 4640 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:24:52.0504 4640 IPBusEnum - ok

20:24:52.0548 4640 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:24:52.0607 4640 IpFilterDriver - ok

20:24:52.0663 4640 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

20:24:52.0709 4640 iphlpsvc - ok

20:24:52.0725 4640 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

20:24:52.0772 4640 IPMIDRV - ok

20:24:52.0785 4640 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:24:52.0833 4640 IPNAT - ok

20:24:52.0939 4640 iPod Service (d38469601b72d2da4f847fc642174e21) C:\Program Files\iPod\bin\iPodService.exe

20:24:52.0967 4640 iPod Service - ok

20:24:53.0032 4640 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:24:53.0054 4640 IRENUM - ok

20:24:53.0075 4640 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

20:24:53.0090 4640 isapnp - ok

20:24:53.0119 4640 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

20:24:53.0139 4640 iScsiPrt - ok

20:24:53.0192 4640 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:24:53.0208 4640 kbdclass - ok

20:24:53.0255 4640 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

20:24:53.0284 4640 kbdhid - ok

20:24:53.0324 4640 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

20:24:53.0359 4640 KeyIso - ok

20:24:53.0391 4640 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys

20:24:53.0407 4640 KSecDD - ok

20:24:53.0440 4640 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys

20:24:53.0458 4640 KSecPkg - ok

20:24:53.0511 4640 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:24:53.0579 4640 ksthunk - ok

20:24:53.0629 4640 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:24:53.0684 4640 KtmRm - ok

20:24:53.0735 4640 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys

20:24:53.0751 4640 L1C - ok

20:24:53.0823 4640 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll

20:24:53.0885 4640 LanmanServer - ok

20:24:53.0957 4640 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

20:24:54.0029 4640 LanmanWorkstation - ok

20:24:54.0095 4640 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:24:54.0150 4640 lltdio - ok

20:24:54.0198 4640 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:24:54.0247 4640 lltdsvc - ok

20:24:54.0275 4640 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:24:54.0328 4640 lmhosts - ok

20:24:54.0386 4640 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:24:54.0404 4640 LSI_FC - ok

20:24:54.0418 4640 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:24:54.0435 4640 LSI_SAS - ok

20:24:54.0451 4640 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:24:54.0467 4640 LSI_SAS2 - ok

20:24:54.0487 4640 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:24:54.0505 4640 LSI_SCSI - ok

20:24:54.0536 4640 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:24:54.0626 4640 luafv - ok

20:24:54.0722 4640 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

20:24:54.0743 4640 MBAMProtector - ok

20:24:54.0850 4640 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:24:54.0874 4640 MBAMService - ok

20:24:54.0923 4640 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

20:24:54.0960 4640 Mcx2Svc - ok

20:24:54.0991 4640 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:24:55.0007 4640 megasas - ok

20:24:55.0041 4640 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:24:55.0062 4640 MegaSR - ok

20:24:55.0122 4640 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:24:55.0183 4640 MMCSS - ok

20:24:55.0214 4640 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:24:55.0271 4640 Modem - ok

20:24:55.0319 4640 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:24:55.0356 4640 monitor - ok

20:24:55.0401 4640 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:24:55.0435 4640 mouclass - ok

20:24:55.0484 4640 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:24:55.0517 4640 mouhid - ok

20:24:55.0548 4640 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

20:24:55.0567 4640 mountmgr - ok

20:24:55.0628 4640 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys

20:24:55.0648 4640 MpFilter - ok

20:24:55.0692 4640 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

20:24:55.0711 4640 mpio - ok

20:24:55.0737 4640 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:24:55.0779 4640 mpsdrv - ok

20:24:55.0837 4640 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

20:24:55.0896 4640 MpsSvc - ok

20:24:55.0940 4640 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

20:24:55.0984 4640 MRxDAV - ok

20:24:56.0032 4640 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:24:56.0138 4640 mrxsmb - ok

20:24:56.0190 4640 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:24:56.0224 4640 mrxsmb10 - ok

20:24:56.0301 4640 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:24:56.0331 4640 mrxsmb20 - ok

20:24:56.0373 4640 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

20:24:56.0389 4640 msahci - ok

20:24:56.0409 4640 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

20:24:56.0427 4640 msdsm - ok

20:24:56.0467 4640 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:24:56.0507 4640 MSDTC - ok

20:24:56.0551 4640 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:24:56.0594 4640 Msfs - ok

20:24:56.0652 4640 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:24:56.0710 4640 mshidkmdf - ok

20:24:56.0740 4640 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

20:24:56.0754 4640 msisadrv - ok

20:24:56.0818 4640 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:24:56.0892 4640 MSiSCSI - ok

20:24:56.0903 4640 msiserver - ok

20:24:56.0958 4640 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:24:57.0012 4640 MSKSSRV - ok

20:24:57.0215 4640 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe

20:24:57.0231 4640 MsMpSvc - ok

20:24:57.0318 4640 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:24:57.0379 4640 MSPCLOCK - ok

20:24:57.0390 4640 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:24:57.0439 4640 MSPQM - ok

20:24:57.0488 4640 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

20:24:57.0511 4640 MsRPC - ok

20:24:57.0537 4640 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

20:24:57.0553 4640 mssmbios - ok

20:24:57.0614 4640 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:24:57.0681 4640 MSTEE - ok

20:24:57.0692 4640 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:24:57.0724 4640 MTConfig - ok

20:24:57.0772 4640 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:24:57.0788 4640 Mup - ok

20:24:57.0838 4640 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

20:24:57.0908 4640 napagent - ok

20:24:57.0962 4640 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:24:58.0012 4640 NativeWifiP - ok

20:24:58.0075 4640 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

20:24:58.0112 4640 NDIS - ok

20:24:58.0150 4640 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:24:58.0203 4640 NdisCap - ok

20:24:58.0283 4640 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:24:58.0325 4640 NdisTapi - ok

20:24:58.0362 4640 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

20:24:58.0412 4640 Ndisuio - ok

20:24:58.0453 4640 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

20:24:58.0496 4640 NdisWan - ok

20:24:58.0519 4640 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

20:24:58.0580 4640 NDProxy - ok

20:24:58.0684 4640 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

20:24:58.0721 4640 Nero BackItUp Scheduler 4.0 - ok

20:24:58.0774 4640 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:24:58.0831 4640 NetBIOS - ok

20:24:58.0855 4640 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

20:24:58.0919 4640 NetBT - ok

20:24:58.0957 4640 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

20:24:58.0974 4640 Netlogon - ok

20:24:59.0034 4640 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:24:59.0107 4640 Netman - ok

20:24:59.0152 4640 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:24:59.0226 4640 netprofm - ok

20:24:59.0314 4640 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:24:59.0328 4640 NetTcpPortSharing - ok

20:24:59.0409 4640 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:24:59.0424 4640 nfrd960 - ok

20:24:59.0488 4640 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys

20:24:59.0503 4640 NisDrv - ok

20:24:59.0600 4640 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe

20:24:59.0621 4640 NisSrv - ok

20:24:59.0679 4640 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

20:24:59.0741 4640 NlaSvc - ok

20:24:59.0782 4640 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:24:59.0842 4640 Npfs - ok

20:24:59.0873 4640 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:24:59.0914 4640 nsi - ok

20:24:59.0930 4640 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:24:59.0988 4640 nsiproxy - ok

20:25:00.0078 4640 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

20:25:00.0159 4640 Ntfs - ok

20:25:00.0395 4640 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:25:00.0446 4640 Null - ok

20:25:00.0502 4640 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

20:25:00.0520 4640 nvraid - ok

20:25:00.0564 4640 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

20:25:00.0583 4640 nvstor - ok

20:25:00.0620 4640 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

20:25:00.0637 4640 nv_agp - ok

20:25:00.0757 4640 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:25:00.0777 4640 odserv - ok

20:25:00.0802 4640 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

20:25:00.0821 4640 ohci1394 - ok

20:25:00.0885 4640 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:25:00.0901 4640 ose - ok

20:25:00.0941 4640 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:25:01.0022 4640 p2pimsvc - ok

20:25:01.0070 4640 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:25:01.0094 4640 p2psvc - ok

20:25:01.0117 4640 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:25:01.0133 4640 Parport - ok

20:25:01.0187 4640 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

20:25:01.0202 4640 partmgr - ok

20:25:01.0247 4640 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:25:01.0294 4640 PcaSvc - ok

20:25:01.0339 4640 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

20:25:01.0357 4640 pci - ok

20:25:01.0368 4640 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

20:25:01.0385 4640 pciide - ok

20:25:01.0411 4640 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:25:01.0431 4640 pcmcia - ok

20:25:01.0444 4640 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:25:01.0460 4640 pcw - ok

20:25:01.0529 4640 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:25:01.0603 4640 PEAUTH - ok

20:25:01.0686 4640 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:25:01.0726 4640 PerfHost - ok

20:25:01.0792 4640 PGEffect (663962900e7fea522126ba287715bb4a) C:\Windows\system32\DRIVERS\pgeffect.sys

20:25:01.0803 4640 PGEffect - ok

20:25:01.0878 4640 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

20:25:01.0961 4640 pla - ok

20:25:02.0029 4640 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

20:25:02.0107 4640 PlugPlay - ok

20:25:02.0130 4640 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:25:02.0149 4640 PNRPAutoReg - ok

20:25:02.0162 4640 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:25:02.0178 4640 PNRPsvc - ok

20:25:02.0249 4640 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

20:25:02.0310 4640 PolicyAgent - ok

20:25:02.0352 4640 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:25:02.0407 4640 Power - ok

20:25:02.0477 4640 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

20:25:02.0587 4640 PptpMiniport - ok

20:25:02.0615 4640 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:25:02.0654 4640 Processor - ok

20:25:02.0753 4640 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll

20:25:02.0821 4640 ProfSvc - ok

20:25:02.0857 4640 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

20:25:02.0876 4640 ProtectedStorage - ok

20:25:02.0923 4640 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

20:25:02.0968 4640 Psched - ok

20:25:03.0041 4640 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:25:03.0085 4640 ql2300 - ok

20:25:03.0190 4640 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:25:03.0214 4640 ql40xx - ok

20:25:03.0253 4640 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:25:03.0289 4640 QWAVE - ok

20:25:03.0305 4640 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:25:03.0341 4640 QWAVEdrv - ok

20:25:03.0366 4640 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:25:03.0428 4640 RasAcd - ok

20:25:03.0472 4640 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:25:03.0519 4640 RasAgileVpn - ok

20:25:03.0593 4640 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:25:03.0672 4640 RasAuto - ok

20:25:03.0742 4640 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:25:03.0822 4640 Rasl2tp - ok

20:25:03.0866 4640 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

20:25:03.0935 4640 RasMan - ok

20:25:03.0975 4640 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:25:04.0035 4640 RasPppoe - ok

20:25:04.0071 4640 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:25:04.0125 4640 RasSstp - ok

20:25:04.0162 4640 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

20:25:04.0226 4640 rdbss - ok

20:25:04.0252 4640 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:25:04.0285 4640 rdpbus - ok

20:25:04.0316 4640 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:25:04.0362 4640 RDPCDD - ok

20:25:04.0412 4640 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:25:04.0468 4640 RDPENCDD - ok

20:25:04.0504 4640 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:25:04.0543 4640 RDPREFMP - ok

20:25:04.0593 4640 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys

20:25:04.0661 4640 RDPWD - ok

20:25:04.0699 4640 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

20:25:04.0720 4640 rdyboost - ok

20:25:04.0775 4640 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:25:04.0843 4640 RemoteAccess - ok

20:25:04.0881 4640 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:25:04.0947 4640 RemoteRegistry - ok

20:25:04.0993 4640 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys

20:25:05.0032 4640 RimUsb - ok

20:25:05.0080 4640 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:25:05.0139 4640 RpcEptMapper - ok

20:25:05.0178 4640 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:25:05.0234 4640 RpcLocator - ok

20:25:05.0282 4640 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

20:25:05.0329 4640 RpcSs - ok

20:25:05.0398 4640 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:25:05.0455 4640 rspndr - ok

20:25:05.0547 4640 RSUSBSTOR (907c4464381b5ebdfdc60f6c7d0dedfc) C:\Windows\system32\Drivers\RtsUStor.sys

20:25:05.0562 4640 RSUSBSTOR - ok

20:25:05.0590 4640 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

20:25:05.0608 4640 SamSs - ok

20:25:05.0634 4640 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

20:25:05.0652 4640 sbp2port - ok

20:25:05.0692 4640 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:25:05.0737 4640 SCardSvr - ok

20:25:05.0762 4640 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

20:25:05.0817 4640 scfilter - ok

20:25:05.0889 4640 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

20:25:05.0976 4640 Schedule - ok

20:25:06.0014 4640 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

20:25:06.0056 4640 SCPolicySvc - ok

20:25:06.0104 4640 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

20:25:06.0184 4640 SDRSVC - ok

20:25:06.0251 4640 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:25:06.0304 4640 secdrv - ok

20:25:06.0340 4640 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

20:25:06.0402 4640 seclogon - ok

20:25:06.0420 4640 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:25:06.0483 4640 SENS - ok

20:25:06.0539 4640 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:25:06.0602 4640 SensrSvc - ok

20:25:06.0626 4640 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:25:06.0665 4640 Serenum - ok

20:25:06.0703 4640 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:25:06.0772 4640 Serial - ok

20:25:06.0784 4640 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:25:06.0821 4640 sermouse - ok

20:25:06.0876 4640 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

20:25:06.0919 4640 SessionEnv - ok

20:25:06.0973 4640 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

20:25:07.0014 4640 sffdisk - ok

20:25:07.0029 4640 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

20:25:07.0067 4640 sffp_mmc - ok

20:25:07.0097 4640 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

20:25:07.0117 4640 sffp_sd - ok

20:25:07.0129 4640 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:25:07.0149 4640 sfloppy - ok

20:25:07.0194 4640 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:25:07.0260 4640 SharedAccess - ok

20:25:07.0317 4640 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

20:25:07.0362 4640 ShellHWDetection - ok

20:25:07.0415 4640 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:25:07.0429 4640 SiSRaid2 - ok

20:25:07.0449 4640 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:25:07.0465 4640 SiSRaid4 - ok

20:25:07.0496 4640 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:25:07.0546 4640 Smb - ok

20:25:07.0597 4640 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:25:07.0632 4640 SNMPTRAP - ok

20:25:07.0663 4640 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:25:07.0678 4640 spldr - ok

20:25:07.0728 4640 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

20:25:07.0804 4640 Spooler - ok

20:25:07.0937 4640 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

20:25:08.0053 4640 sppsvc - ok

20:25:08.0186 4640 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:25:08.0241 4640 sppuinotify - ok

20:25:08.0316 4640 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

20:25:08.0363 4640 srv - ok

20:25:08.0401 4640 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

20:25:08.0444 4640 srv2 - ok

20:25:08.0486 4640 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

20:25:08.0510 4640 srvnet - ok

20:25:08.0564 4640 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:25:08.0621 4640 SSDPSRV - ok

20:25:08.0635 4640 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:25:08.0682 4640 SstpSvc - ok

20:25:08.0721 4640 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:25:08.0736 4640 stexstor - ok

20:25:08.0799 4640 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

20:25:08.0850 4640 stisvc - ok

20:25:08.0885 4640 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

20:25:08.0900 4640 swenum - ok

20:25:08.0939 4640 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:25:09.0000 4640 swprv - ok

20:25:09.0053 4640 SynTP (470c47daba9ca3966f0ab3f835d7d135) C:\Windows\system32\DRIVERS\SynTP.sys

20:25:09.0072 4640 SynTP - ok

20:25:09.0161 4640 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

20:25:09.0223 4640 SysMain - ok

20:25:09.0564 4640 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

20:25:09.0602 4640 TabletInputService - ok

20:25:09.0662 4640 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

20:25:09.0752 4640 TapiSrv - ok

20:25:09.0810 4640 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:25:09.0853 4640 TBS - ok

20:25:10.0166 4640 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

20:25:10.0260 4640 Tcpip - ok

20:25:10.0450 4640 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

20:25:10.0527 4640 TCPIP6 - ok

20:25:10.0797 4640 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

20:25:10.0838 4640 tcpipreg - ok

20:25:10.0910 4640 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\Windows\system32\DRIVERS\tdcmdpst.sys

20:25:10.0923 4640 tdcmdpst - ok

20:25:10.0951 4640 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:25:11.0083 4640 TDPIPE - ok

20:25:11.0139 4640 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

20:25:11.0254 4640 TDTCP - ok

20:25:11.0407 4640 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

20:25:11.0467 4640 tdx - ok

20:25:11.0686 4640 TemproMonitoringService (1b43fdbfe5a98f6b3d90595c6b2e5277) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe

20:25:12.0495 4640 TemproMonitoringService - ok

20:25:12.0532 4640 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

20:25:12.0549 4640 TermDD - ok

20:25:12.0624 4640 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

20:25:12.0716 4640 TermService - ok

20:25:12.0748 4640 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:25:12.0788 4640 Themes - ok

20:25:12.0833 4640 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:25:12.0876 4640 THREADORDER - ok

20:25:13.0054 4640 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

20:25:13.0096 4640 TMachInfo - ok

20:25:13.0152 4640 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe

20:25:13.0167 4640 TODDSrv - ok

20:25:13.0290 4640 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

20:25:13.0304 4640 TOSHIBA HDD SSD Alert Service - ok

20:25:13.0404 4640 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:25:13.0461 4640 TrkWks - ok

20:25:13.0576 4640 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

20:25:13.0595 4640 TrustedInstaller - ok

20:25:13.0741 4640 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:25:13.0782 4640 tssecsrv - ok

20:25:13.0843 4640 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

20:25:14.0000 4640 tunnel - ok

20:25:14.0094 4640 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS

20:25:14.0106 4640 TVALZ - ok

20:25:14.0140 4640 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:25:14.0157 4640 uagp35 - ok

20:25:14.0183 4640 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

20:25:14.0241 4640 udfs - ok

20:25:14.0293 4640 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:25:14.0313 4640 UI0Detect - ok

20:25:14.0349 4640 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

20:25:14.0365 4640 uliagpkx - ok

20:25:14.0476 4640 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

20:25:14.0513 4640 umbus - ok

20:25:14.0605 4640 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:25:14.0644 4640 UmPass - ok

20:25:14.0700 4640 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:25:14.0763 4640 upnphost - ok

20:25:14.0804 4640 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

20:25:14.0851 4640 USBAAPL64 - ok

20:25:14.0893 4640 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys

20:25:14.0993 4640 usbccgp - ok

20:25:15.0046 4640 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

20:25:15.0083 4640 usbcir - ok

20:25:15.0135 4640 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\DRIVERS\usbehci.sys

20:25:15.0166 4640 usbehci - ok

20:25:15.0224 4640 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys

20:25:15.0247 4640 usbhub - ok

20:25:15.0286 4640 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys

20:25:15.0319 4640 usbohci - ok

20:25:15.0357 4640 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:25:15.0389 4640 usbprint - ok

20:25:15.0458 4640 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:25:15.0566 4640 USBSTOR - ok

20:25:15.0611 4640 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\DRIVERS\usbuhci.sys

20:25:15.0645 4640 usbuhci - ok

20:25:15.0716 4640 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys

20:25:15.0787 4640 usbvideo - ok

20:25:15.0818 4640 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:25:15.0878 4640 UxSms - ok

20:25:15.0919 4640 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

20:25:15.0934 4640 VaultSvc - ok

20:25:15.0999 4640 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

20:25:16.0014 4640 vdrvroot - ok

20:25:16.0086 4640 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

20:25:16.0129 4640 vds - ok

20:25:16.0180 4640 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:25:16.0201 4640 vga - ok

20:25:16.0221 4640 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:25:16.0281 4640 VgaSave - ok

20:25:16.0300 4640 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

20:25:16.0320 4640 vhdmp - ok

20:25:16.0362 4640 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

20:25:16.0378 4640 viaide - ok

20:25:16.0402 4640 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

20:25:16.0419 4640 volmgr - ok

20:25:16.0474 4640 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

20:25:16.0508 4640 volmgrx - ok

20:25:16.0543 4640 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

20:25:16.0566 4640 volsnap - ok

20:25:16.0613 4640 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:25:16.0630 4640 vsmraid - ok

20:25:16.0715 4640 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

20:25:16.0760 4640 VSS - ok

20:25:16.0869 4640 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:25:16.0902 4640 vwifibus - ok

20:25:16.0947 4640 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:25:16.0979 4640 vwififlt - ok

20:25:17.0040 4640 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:25:17.0087 4640 W32Time - ok

20:25:17.0122 4640 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:25:17.0158 4640 WacomPen - ok

20:25:17.0214 4640 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

20:25:17.0278 4640 WANARP - ok

20:25:17.0303 4640 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

20:25:17.0345 4640 Wanarpv6 - ok

20:25:17.0429 4640 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:25:17.0479 4640 WatAdminSvc - ok

20:25:17.0565 4640 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

20:25:17.0689 4640 wbengine - ok

20:25:17.0800 4640 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:25:17.0828 4640 WbioSrvc - ok

20:25:17.0871 4640 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

20:25:17.0926 4640 wcncsvc - ok

20:25:17.0950 4640 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:25:17.0995 4640 WcsPlugInService - ok

20:25:18.0062 4640 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:25:18.0079 4640 Wd - ok

20:25:18.0135 4640 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:25:18.0163 4640 Wdf01000 - ok

20:25:18.0201 4640 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:25:18.0239 4640 WdiServiceHost - ok

20:25:18.0248 4640 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:25:18.0273 4640 WdiSystemHost - ok

20:25:18.0323 4640 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

20:25:18.0386 4640 WebClient - ok

20:25:18.0422 4640 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:25:18.0489 4640 Wecsvc - ok

20:25:18.0519 4640 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:25:18.0562 4640 wercplsupport - ok

20:25:18.0626 4640 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:25:18.0685 4640 WerSvc - ok

20:25:18.0748 4640 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:25:18.0790 4640 WfpLwf - ok

20:25:18.0814 4640 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:25:18.0829 4640 WIMMount - ok

20:25:18.0877 4640 WinDefend - ok

20:25:18.0894 4640 WinHttpAutoProxySvc - ok

20:25:18.0964 4640 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:25:19.0174 4640 Winmgmt - ok

20:25:19.0271 4640 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

20:25:19.0363 4640 WinRM - ok

20:25:19.0530 4640 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

20:25:19.0564 4640 WinUsb - ok

20:25:19.0620 4640 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:25:19.0675 4640 Wlansvc - ok

20:25:19.0803 4640 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:25:19.0908 4640 wlidsvc - ok

20:25:20.0013 4640 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

20:25:20.0029 4640 WmiAcpi - ok

20:25:20.0094 4640 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:25:20.0201 4640 wmiApSrv - ok

20:25:20.0268 4640 WMPNetworkSvc - ok

20:25:20.0297 4640 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:25:20.0333 4640 WPCSvc - ok

20:25:20.0365 4640 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

20:25:20.0454 4640 WPDBusEnum - ok

20:25:20.0493 4640 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:25:20.0550 4640 ws2ifsl - ok

20:25:20.0588 4640 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll

20:25:20.0656 4640 wscsvc - ok

20:25:20.0666 4640 WSearch - ok

20:25:20.0782 4640 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

20:25:20.0846 4640 wuauserv - ok

20:25:20.0962 4640 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

20:25:21.0018 4640 WudfPf - ok

20:25:21.0048 4640 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:25:21.0091 4640 WUDFRd - ok

20:25:21.0129 4640 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

20:25:21.0188 4640 wudfsvc - ok

20:25:21.0216 4640 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:25:21.0247 4640 WwanSvc - ok

20:25:21.0315 4640 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:25:22.0310 4640 \Device\Harddisk0\DR0 - ok

20:25:22.0352 4640 Boot (0x1200) (fc7be64788f4a5799208eddd2dba98dd) \Device\Harddisk0\DR0\Partition0

20:25:22.0354 4640 \Device\Harddisk0\DR0\Partition0 - ok

20:25:22.0378 4640 Boot (0x1200) (7e3eecf4feec7edbc839ab75e2b6879e) \Device\Harddisk0\DR0\Partition1

20:25:22.0379 4640 \Device\Harddisk0\DR0\Partition1 - ok

20:25:22.0383 4640 ============================================================

20:25:22.0383 4640 Scan finished

20:25:22.0383 4640 ============================================================

20:25:22.0402 4472 Detected object count: 0

20:25:22.0402 4472 Actual detected object count: 0

Link to post
Share on other sites

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Hannah at 21:04:48 on 2012-07-20

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.956.106 [GMT 1:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe

C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Online Product Information\TOPI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Users\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Users\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Hannah\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingBar.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://toshiba.msn.com

uDefault_Page_URL = hxxp://toshiba.msn.com

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

uRun: [Google Update] "C:\Users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\244584F6D656845726D283033493 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{7BC6162B-8FA6-4F02-9D16-FCC1846E815F}\4514C4B44514C4B4D2734413330373 : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

mRun-x64: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-16 44808]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-3-2 655944]

R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]

R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2010-4-8 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-2-11 124368]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-07-20 19:16:22 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{203D2FB6-BB0F-41D8-A11B-CA633FA7A3A1}\mpengine.dll

2012-07-17 06:03:28 9133488 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-16 19:07:11 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-16 19:07:09 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-16 19:07:06 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-16 19:05:15 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-16 19:04:42 -------- d-----w- C:\ProgramData\AVAST Software

2012-07-16 19:04:42 -------- d-----w- C:\Program Files\AVAST Software

2012-07-14 20:53:15 3147264 ----a-w- C:\Windows\System32\win32k.sys

2012-07-14 16:04:58 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{82422A75-9FB1-4585-B3A4-F14EA2F28186}\gapaengine.dll

2012-07-14 14:43:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-07-14 14:42:28 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-07-14 14:41:54 374664 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-07-14 14:21:09 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-14 14:21:07 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-14 13:56:38 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BEDF14B0-6D19-44F8-B13E-3F4501427B9E}\mpengine.dll

2012-07-14 11:29:27 -------- d-----w- C:\ProgramData\AMMYY

2012-06-21 19:27:26 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-21 19:27:02 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-21 19:26:01 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-21 19:26:01 186752 ----a-w- C:\Windows\System32\wuwebv.dll

.

==================== Find3M ====================

.

2012-07-03 12:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32:43 208896 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:59:45 182272 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:59:45 1460224 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 05:59:45 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 04:47:04 139264 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:47:04 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-24 04:47:03 1156608 ----a-w- C:\Windows\SysWow64\crypt32.dll

.

============= FINISH: 21:07:23.70 ===============

Link to post
Share on other sites

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 28/10/2010 20:11:00

System Uptime: 20/07/2012 20:42:08 (1 hours ago)

.

Motherboard: TOSHIBA | | Portable PC

Processor: Intel® Celeron® CPU 900 @ 2.20GHz | CPU | 2194/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 56.857 GiB free.

D: is FIXED (NTFS) - 116 GiB total, 108.928 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP376: 14/07/2012 15:04:17 - Removed Atheros Communications Inc.® AR81Family Gigabit/Fast EŒVŸ3

RP377: 14/07/2012 15:07:14 - Configured TOSHIBA Value Added Package

RP378: 14/07/2012 15:15:45 - Configured TOSHIBA Bulletin Board

RP379: 14/07/2012 15:41:19 - Windows Update

RP380: 14/07/2012 21:34:16 - Windows Update

RP381: 16/07/2012 19:38:15 - Windows Update

RP382: 16/07/2012 20:04:16 - avast! Free Antivirus Setup

RP384: 20/07/2012 20:14:50 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Reader 9.3

Advertising Center

Apple Application Support

Apple Software Update

Atheros Driver Installation Program

avast! Free Antivirus

Bejeweled 2 Deluxe

Bing Bar

Chuzzle Deluxe

Compatibility Pack for the 2007 Office system

Diner Dash 2 Restaurant Rescue

eBay

ERUNT 1.1j

FATE

Google Chrome

ImagXpress

Intel® Graphics Media Accelerator Driver

Java 6 Update 17

Jewel Quest II

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Choice Guard

Microsoft Default Manager

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 9 Essentials

Nero BackItUp

Nero BackItUp and Burn

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero RescueAgent

Nero StartSmart

Nero StartSmart Help

NeroExpress

neroxml

Penguins!

Photo Service - powered by myphotobook

Plants vs. Zombies

Polar Bowler

QuickTime

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Toolbars

Skype™ 5.5

Toshiba Assist

TOSHIBA ConfigFree

TOSHIBA Face Recognition

TOSHIBA Hardware Setup

TOSHIBA HDD/SSD Alert

Toshiba Manuals

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

TOSHIBA Online Product Information

TOSHIBA Recovery Media Creator Reminder

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

Toshiba TEMPRO

TOSHIBA Web Camera Application

TRORMCLauncher

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

WildTangent Games

WildTangent ORB Game Console

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Zuma Deluxe

.

==== Event Viewer Messages From Past Week ========

.

20/07/2012 20:53:11, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

20/07/2012 20:51:09, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the EapHost service.

20/07/2012 20:50:14, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

20/07/2012 20:47:37, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

20/07/2012 20:47:01, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.

17/07/2012 07:02:47, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

16/07/2012 20:16:47, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

16/07/2012 20:15:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.

16/07/2012 20:14:48, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MsMpSvc service.

16/07/2012 19:48:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1723.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

16/07/2012 19:48:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1723.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

16/07/2012 19:48:02, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.129.1723.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8502.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

15/07/2012 16:57:59, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

15/07/2012 16:57:58, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.

14/07/2012 16:12:20, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrustedInstaller service.

14/07/2012 15:45:50, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

14/07/2012 15:45:50, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

14/07/2012 15:17:11, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.

14/07/2012 14:55:00, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

14/07/2012 14:54:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

14/07/2012 14:54:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

14/07/2012 14:54:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

14/07/2012 14:54:53, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

14/07/2012 14:54:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

14/07/2012 14:54:46, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

14/07/2012 14:54:30, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

14/07/2012 14:54:29, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

14/07/2012 13:02:08, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DPS service.

14/07/2012 13:01:37, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

13/07/2012 19:59:22, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

.

==== End Of File ===========================

Link to post
Share on other sites

I did not see the log here from aswMBR run ? Did you run it?

Also, a more pressing question for you: This shows AVAST antivirus set to start with Windows....but also shows MS Security Essentials.

I highly suggest to you to only ever have 1 active antivirus program.

Which one of these is the one you want to keep?

If you want to keep AVAST, you must de-install MSE

if so, do this,

Download and save the MS Security Essentials removal tool from here http://go.microsoft.com/?linkid=9748340

Then right-click on the tool & select Run as Administrator and allow to run

When finished, logoff and Restart fresh. Then report back here, please.

There is more to do.

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-20 20:18:41

-----------------------------

20:18:41.638 OS Version: Windows x64 6.1.7600

20:18:41.639 Number of processors: 1 586 0x170A

20:18:41.654 ComputerName: HANNAH-TOSH UserName: Hannah

20:18:44.786 Initialize success

20:18:46.884 AVAST engine defs: 12072000

20:19:27.943 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

20:19:28.004 Disk 0 Vendor: TOSHIBA_ GH01 Size: 238475MB BusType: 3

20:19:28.024 Disk 0 MBR read successfully

20:19:28.027 Disk 0 MBR scan

20:19:28.071 Disk 0 Windows 7 default MBR code

20:19:28.075 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048

20:19:28.105 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 119001 MB offset 821248

20:19:28.130 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 119072 MB offset 244535296

20:19:28.233 Disk 0 scanning C:\Windows\system32\drivers

20:19:44.986 Service scanning

20:20:38.944 Modules scanning

20:20:38.953 Scan finished successfully

20:21:23.710 Disk 0 MBR has been saved successfully to "C:\Users\Hannah\Desktop\MBR.dat"

20:21:23.851 The log file has been saved successfully to "C:\Users\Hannah\Desktop\aswMBR.txt"

Link to post
Share on other sites

No. But proceed with the following:

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member HVVM only. If you are a casual viewer, do NOT try this on your system!

If you are not HVVM and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion
....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

Reply with a copy of the C:\Combofix.txt log and tell me, How is your system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Hi Maurice

I have followed all the steps. System seems to be running ok at the moment.

Log from combofix below. Many thanks

ComboFix 12-07-21.01 - Hannah 21/07/2012 17:19:12.1.1 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.956.249 [GMT 1:00]

Running from: c:\users\Hannah\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\AMMYY

c:\programdata\AMMYY\hr

c:\programdata\AMMYY\hr3

c:\programdata\AMMYY\settings3.bin

.

.

((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))

.

.

2012-07-21 16:30 . 2012-07-21 16:30 -------- d-----w- c:\users\Jess\AppData\Local\temp

2012-07-21 16:30 . 2012-07-21 16:30 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-20 21:05 . 2012-07-20 21:05 18238 ----a-w- C:\FixitRegBackup.reg

2012-07-20 19:16 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{203D2FB6-BB0F-41D8-A11B-CA633FA7A3A1}\mpengine.dll

2012-07-20 18:59 . 2012-07-20 19:01 -------- d-----w- c:\program files (x86)\ERUNT

2012-07-17 06:03 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-16 19:07 . 2012-07-03 16:21 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-16 19:07 . 2012-07-03 16:21 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-16 19:07 . 2012-07-03 16:21 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-16 19:07 . 2012-07-03 16:21 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-16 19:07 . 2012-07-03 16:21 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-16 19:07 . 2012-07-03 16:21 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-16 19:07 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-16 19:05 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr

2012-07-16 19:05 . 2012-07-03 16:21 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-16 19:04 . 2012-07-16 19:04 -------- d-----w- c:\programdata\AVAST Software

2012-07-16 19:04 . 2012-07-16 19:04 -------- d-----w- c:\program files\AVAST Software

2012-07-14 20:53 . 2012-06-12 03:02 3147264 ----a-w- c:\windows\system32\win32k.sys

2012-07-14 20:43 . 2012-07-14 20:43 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2012-07-14 16:04 . 2012-07-14 14:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{82422A75-9FB1-4585-B3A4-F14EA2F28186}\gapaengine.dll

2012-07-14 14:43 . 2012-07-14 14:43 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-07-14 14:42 . 2012-07-14 14:44 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-14 14:41 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys

2012-07-14 14:21 . 2012-06-06 05:50 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-14 14:21 . 2012-06-06 05:09 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-14 13:56 . 2012-06-18 02:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEDF14B0-6D19-44F8-B13E-3F4501427B9E}\mpengine.dll

2012-06-21 19:27 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-21 19:27 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-21 19:27 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-21 19:27 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-21 19:27 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-21 19:27 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-21 19:27 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-21 19:26 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-21 19:26 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 12:46 . 2011-03-02 15:09 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-04 10:52 . 2012-06-13 20:05 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:08 . 2012-06-13 20:05 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:08 . 2012-06-13 20:05 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-02 05:32 . 2012-06-13 20:05 208896 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:50 . 2012-06-13 20:05 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:34 . 2012-06-13 20:05 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:34 . 2012-06-13 20:05 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:28 . 2012-06-13 20:05 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:59 . 2012-06-13 20:05 1460224 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 05:59 . 2012-06-13 20:05 182272 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:59 . 2012-06-13 20:05 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 04:47 . 2012-06-13 20:05 139264 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:47 . 2012-06-13 20:05 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-04-24 04:47 . 2012-06-13 20:05 1156608 ----a-w- c:\windows\SysWow64\crypt32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]

"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]

.

c:\users\Jess\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

TRDCReminder.lnk - c:\program files (x86)\Toshiba\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]

R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]

R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-28 1255736]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1619723474-2863385415-1075423570-1001Core.job

- c:\users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 20:56]

.

2012-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1619723474-2863385415-1075423570-1001UA.job

- c:\users\Hannah\AppData\Local\Google\Update\GoogleUpdate.exe [2010-10-28 20:56]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-18 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-18 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-18 410648]

"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]

"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]

"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-02-12 136136]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://toshiba.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe

.

**************************************************************************

.

Completion time: 2012-07-21 17:43:20 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-21 16:43

.

Pre-Run: 61,844,979,712 bytes free

Post-Run: 62,124,773,376 bytes free

.

- - End Of File - - 95FEA7A72B0DB002BFA4DBAAC5BB1D15

Link to post
Share on other sites

Good. That is a relief.

You already have the DDS tool. Do a new run with it. Save the new logs. You should allow overwrite of the old versions.

Copy and Paste the all contents of DDS.txt + Attach.txt

Then I can review and I intend after to guide you to the next steps. Please have patience.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.