Jump to content

Problems with 2nd computer in house


Recommended Posts

Hi. I'm currently getting help for my own laptop. This post is to get help for my gf's netbook. She's locked out of lots of folders on her hard drive, & lots of her documents are missing or hidden. A lot of them have long alphanumeric file names, almost like security keys for Office. Several program folders are missing too, like Firefox.

How do I start checking her computer? Does it matter that we are not on our home network (staying with family for a new days)?

I didn't know if I should take the same steps I took with my own laptop, besides the initial ones you recommend for this forum. I want to make sure both of our computers are good. Thank you!

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.08.08

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jessica :: JESSICA-PC [administrator]

Protection: Enabled

8/8/2012 11:03:23 AM

mbam-log-2012-08-08 (11-03-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 179337

Time elapsed: 7 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 9.0.8112.16421

Run by Jessica at 11:14:16 on 2012-08-08

Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.260 [GMT -6:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\Windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\taskeng.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Program Files\TOSHIBA\TECO\Teco.exe

C:\Windows\System32\ThpSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\windows\system32\igfxext.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\System32\svchost.exe -k WerSvcGroup

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://m.www.yahoo.com/?r624=1264134322

uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNB&bmod=TSNB

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB

uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [<NO NAME>]

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [sVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] "c:\program files\toshiba\utilities\HWSetup.exe" hwSetUP

mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe

mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

mRun: [smoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r

mRun: [TWebCamera] "c:\program files\toshiba\toshiba web camera application\TWebCamera.exe" autorun

mRun: [ThpSrv] c:\windows\system32\thpsrv /logon

mRun: [TUSBSleepChargeSrv] %ProgramFiles%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60

mRun: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe

mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe

mRun: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe

mRun: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

mRun: [NortonOnlineBackupReminder] "c:\program files\toshiba\toshiba online backup\activation\TobuActivation.exe" UNATTENDED

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mif5ba~1\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{28AFB986-FB26-422E-8A15-6B184961E142} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{28AFB986-FB26-422E-8A15-6B184961E142}\2375942554132383 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{28AFB986-FB26-422E-8A15-6B184961E142}\4656661657C647 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{28AFB986-FB26-422E-8A15-6B184961E142}\77962756C6563737 : DhcpNameServer = 192.168.2.1 192.168.0.1

Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\xq7kgf30.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - www.my.utep.edu

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

FF - component: c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\xq7kgf30.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\jessica\appdata\roaming\mozilla\firefox\profiles\xq7kgf30.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\plugins\np-mswmp.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]

R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2009-6-29 30272]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 13120]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\toshiba\configfree\CFIWmxSvcs.exe [2009-10-27 185712]

R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-30 655944]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-9-28 185712]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-30 22344]

R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2009-12-5 24064]

R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2009-12-5 51512]

R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-9-17 111960]

R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2009-10-30 677232]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-23 250056]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-20 113120]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]

S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2009-12-5 171520]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-12-5 230912]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-1 52224]

.

=============== Created Last 30 ================

.

2012-08-08 01:03:38 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{9e08f2ae-a594-4e14-81cc-b0f2ca314f50}\mpengine.dll

2012-08-07 04:33:09 6891424 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-07-22 17:57:27 713784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{62cc6c61-68a8-4e0f-acdd-ac0e20d20d28}\gapaengine.dll

2012-07-22 17:49:56 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-22 17:25:25 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-07-21 03:50:58 6891424 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f6286d3b-05aa-4d09-91b5-8a513b8eff15}\mpengine.dll

2012-07-16 22:30:43 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 01:11:01 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-07-11 01:11:01 225280 ----a-w- c:\windows\system32\schannel.dll

2012-07-11 01:11:01 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-11 01:11:01 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-07-11 01:11:00 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-11 01:10:58 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 01:10:57 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 01:10:57 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 01:10:55 1019904 ----a-w- c:\program files\common files\system\ado\msado15.dll

2012-07-11 01:10:54 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 01:10:54 57344 ----a-w- c:\program files\common files\system\ado\msador15.dll

2012-07-11 01:10:54 352256 ----a-w- c:\program files\common files\system\ado\msadomd.dll

2012-07-11 01:10:54 212992 ----a-w- c:\program files\common files\system\msadc\msadco.dll

2012-07-11 01:10:54 143360 ----a-w- c:\program files\common files\system\ado\msjro.dll

2012-07-11 01:10:53 372736 ----a-w- c:\program files\common files\system\ado\msadox.dll

.

==================== Find3M ====================

.

2012-08-03 02:53:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-03 02:53:28 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-05-31 18:25:14 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-30 16:32:08 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-05-11 02:21:58 10063000 ----a-w- c:\users\jessica\mbam-setup-1.61.0.1400.exe

.

============= FINISH: 11:16:25.06 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume1

Install Date: 1/21/2010 5:53:12 PM

System Uptime: 8/8/2012 9:54:18 AM (2 hours ago)

.

Motherboard: TOSHIBA | | NPVAA

Processor: Intel® Atom CPU N450 @ 1.66GHz | U2E1 | 1316/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 190.83 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP501: 6/8/2012 8:07:43 PM - Windows Update

RP502: 6/13/2012 8:59:49 PM - Windows Update

RP503: 6/14/2012 7:42:10 PM - Windows Update

RP504: 6/15/2012 5:29:26 PM - Windows Update

RP505: 6/19/2012 7:24:52 PM - Windows Update

RP506: 6/20/2012 7:17:08 PM - Windows Update

RP507: 6/29/2012 6:10:18 PM - Windows Update

RP508: 7/3/2012 9:11:59 PM - Windows Update

RP509: 7/7/2012 12:06:14 AM - Windows Update

RP510: 7/10/2012 6:58:52 PM - Windows Update

RP511: 7/16/2012 4:24:30 PM - Windows Update

RP512: 7/20/2012 9:49:42 PM - Windows Update

RP514: 7/21/2012 10:04:27 PM - Removed service pack backup files

RP515: 7/22/2012 11:25:27 AM - Windows Update

RP516: 7/25/2012 10:15:38 PM - Windows Update

RP517: 7/29/2012 10:38:06 PM - Windows Update

RP518: 8/3/2012 5:50:23 PM - Windows Update

RP519: 8/6/2012 10:31:50 PM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Atheros Driver Installation Program

Bejeweled 2 Deluxe

Blackhawk Striker 2

CCleaner

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

Faerie Solitaire

FATE Undiscovered Realms

Google Toolbar for Internet Explorer

GoToMeeting 4.8.0.723

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

Java 6 Update 14

Junk Mail filter update

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

Mystery P.I. - The Vegas Heist

OGA Notifier 2.0.0048.0

Polar Bowler

Quickbooks Financial Center

Realtek Ethernet Controller Driver For Windows Vista and Later

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype Launcher

Synaptics Pointing Device Driver

Toshiba Application and Driver Installer

TOSHIBA Assist

TOSHIBA Bulletin Board

TOSHIBA ConfigFree

TOSHIBA eco Utility

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD Protection

TOSHIBA HDD/SSD Alert

TOSHIBA Media Controller

Toshiba Online Backup

TOSHIBA PC Health Monitor

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Service Station

TOSHIBA Supervisor Password

TOSHIBA USB Sleep and Charge Utility

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

ToshibaRegistration

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

USB Storage Driver

Utility Common Driver

Virtual Families

Virtual Villagers - The Secret City

WildTangent Games

WildTangent ORB Game Console

Windows 7 Upgrade Advisor

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/8/2012 10:57:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

8/7/2012 8:29:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:29:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/7/2012 8:29:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/7/2012 8:29:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/7/2012 8:29:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/7/2012 8:29:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/7/2012 8:29:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/7/2012 8:28:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 8:28:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/7/2012 7:10:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.131.1594.0).

8/7/2012 7:08:31 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.131.1523.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8601.0 Error code: 0x80070643 Error description: Fatal error during installation.

8/7/2012 11:27:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

8/7/2012 11:04:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

8/6/2012 10:19:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

.

==== End Of File ===========================

Link to post
Share on other sites

Hello superwow.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

  • Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  • Download TDSSKiller and save it to your Desktop.
  • If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
    If on Windows XP, double-click to start.
  • Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  • Then press Start Scan

When the scan is done, it will display a summary screen.

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 5

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Step 6

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of aswMBR report;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-10 09:33:29

-----------------------------

09:33:29.450 OS Version: Windows 6.1.7601 Service Pack 1

09:33:29.450 Number of processors: 2 586 0x1C0A

09:33:29.450 ComputerName: JESSICA-PC UserName: Jessica

09:33:34.458 Initialize success

09:38:55.345 AVAST engine defs: 12081000

09:39:40.554 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

09:39:40.554 Disk 0 Vendor: FUJITSU_ 0040 Size: 238475MB BusType: 3

09:39:40.585 Disk 0 MBR read successfully

09:39:40.585 Disk 0 MBR scan

09:39:40.663 Disk 0 Windows VISTA default MBR code

09:39:40.679 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048

09:39:40.710 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 228409 MB offset 3074048

09:39:40.741 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 8565 MB offset 470855680

09:39:40.788 Disk 0 scanning sectors +488396800

09:39:40.866 Disk 0 scanning C:\windows\system32\drivers

09:39:56.263 Service scanning

09:40:40.427 Modules scanning

09:40:56.760 Scan finished successfully

09:41:54.683 Disk 0 MBR has been saved successfully to "C:\Users\Jessica\Desktop\MBR.dat"

09:41:54.714 The log file has been saved successfully to "C:\Users\Jessica\Desktop\aswMBR.txt"

09:45:45.0811 1296 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

09:45:46.0341 1296 ============================================================

09:45:46.0341 1296 Current date / time: 2012/08/10 09:45:46.0341

09:45:46.0341 1296 SystemInfo:

09:45:46.0341 1296

09:45:46.0341 1296 OS Version: 6.1.7601 ServicePack: 1.0

09:45:46.0341 1296 Product type: Workstation

09:45:46.0341 1296 ComputerName: JESSICA-PC

09:45:46.0341 1296 UserName: Jessica

09:45:46.0341 1296 Windows directory: C:\windows

09:45:46.0341 1296 System windows directory: C:\windows

09:45:46.0341 1296 Processor architecture: Intel x86

09:45:46.0341 1296 Number of processors: 2

09:45:46.0341 1296 Page size: 0x1000

09:45:46.0341 1296 Boot type: Normal boot

09:45:46.0341 1296 ============================================================

09:45:47.0464 1296 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

09:45:47.0464 1296 ============================================================

09:45:47.0464 1296 \Device\Harddisk0\DR0:

09:45:47.0480 1296 MBR partitions:

09:45:47.0480 1296 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BE1C800

09:45:47.0480 1296 ============================================================

09:45:47.0495 1296 C: <-> \Device\Harddisk0\DR0\Partition0

09:45:47.0495 1296 ============================================================

09:45:47.0495 1296 Initialize success

09:45:47.0495 1296 ============================================================

09:46:07.0619 4724 ============================================================

09:46:07.0619 4724 Scan started

09:46:07.0619 4724 Mode: Manual; SigCheck; TDLFS;

09:46:07.0619 4724 ============================================================

09:46:08.0072 4724 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

09:46:10.0927 4724 1394ohci - ok

09:46:10.0973 4724 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

09:46:11.0036 4724 ACPI - ok

09:46:11.0083 4724 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

09:46:11.0192 4724 AcpiPmi - ok

09:46:11.0301 4724 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

09:46:11.0348 4724 AdobeFlashPlayerUpdateSvc - ok

09:46:11.0426 4724 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

09:46:11.0473 4724 adp94xx - ok

09:46:11.0519 4724 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

09:46:11.0566 4724 adpahci - ok

09:46:11.0629 4724 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

09:46:11.0660 4724 adpu320 - ok

09:46:11.0707 4724 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll

09:46:11.0894 4724 AeLookupSvc - ok

09:46:11.0972 4724 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

09:46:12.0050 4724 AFD - ok

09:46:12.0112 4724 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

09:46:12.0143 4724 agp440 - ok

09:46:12.0190 4724 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

09:46:12.0221 4724 aic78xx - ok

09:46:12.0268 4724 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe

09:46:12.0409 4724 ALG - ok

09:46:12.0455 4724 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

09:46:12.0487 4724 aliide - ok

09:46:12.0502 4724 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

09:46:12.0533 4724 amdagp - ok

09:46:12.0549 4724 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

09:46:12.0580 4724 amdide - ok

09:46:12.0611 4724 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

09:46:12.0674 4724 AmdK8 - ok

09:46:12.0721 4724 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

09:46:12.0767 4724 AmdPPM - ok

09:46:12.0814 4724 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

09:46:12.0845 4724 amdsata - ok

09:46:12.0877 4724 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

09:46:12.0908 4724 amdsbs - ok

09:46:12.0923 4724 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

09:46:12.0955 4724 amdxata - ok

09:46:13.0001 4724 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

09:46:13.0064 4724 AppID - ok

09:46:13.0111 4724 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll

09:46:13.0204 4724 AppIDSvc - ok

09:46:13.0251 4724 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll

09:46:13.0345 4724 Appinfo - ok

09:46:13.0391 4724 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

09:46:13.0423 4724 arc - ok

09:46:13.0438 4724 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

09:46:13.0485 4724 arcsas - ok

09:46:13.0501 4724 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

09:46:13.0672 4724 AsyncMac - ok

09:46:13.0735 4724 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

09:46:13.0766 4724 atapi - ok

09:46:13.0875 4724 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys

09:46:14.0000 4724 athr - ok

09:46:14.0078 4724 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

09:46:14.0171 4724 AudioEndpointBuilder - ok

09:46:14.0203 4724 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

09:46:14.0281 4724 Audiosrv - ok

09:46:14.0343 4724 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll

09:46:14.0437 4724 AxInstSV - ok

09:46:14.0530 4724 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

09:46:14.0624 4724 b06bdrv - ok

09:46:14.0686 4724 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

09:46:14.0749 4724 b57nd60x - ok

09:46:14.0827 4724 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll

09:46:14.0905 4724 BDESVC - ok

09:46:14.0936 4724 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

09:46:15.0014 4724 Beep - ok

09:46:15.0123 4724 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll

09:46:15.0217 4724 BFE - ok

09:46:15.0295 4724 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll

09:46:15.0404 4724 BITS - ok

09:46:15.0435 4724 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

09:46:15.0482 4724 blbdrive - ok

09:46:15.0544 4724 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

09:46:15.0591 4724 bowser - ok

09:46:15.0622 4724 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

09:46:15.0685 4724 BrFiltLo - ok

09:46:15.0716 4724 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

09:46:15.0778 4724 BrFiltUp - ok

09:46:15.0825 4724 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll

09:46:15.0919 4724 Browser - ok

09:46:15.0981 4724 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

09:46:16.0075 4724 Brserid - ok

09:46:16.0121 4724 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

09:46:16.0168 4724 BrSerWdm - ok

09:46:16.0215 4724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

09:46:16.0262 4724 BrUsbMdm - ok

09:46:16.0293 4724 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

09:46:16.0324 4724 BrUsbSer - ok

09:46:16.0340 4724 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

09:46:16.0402 4724 BTHMODEM - ok

09:46:16.0465 4724 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll

09:46:16.0543 4724 bthserv - ok

09:46:16.0574 4724 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

09:46:16.0636 4724 cdfs - ok

09:46:16.0699 4724 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

09:46:16.0761 4724 cdrom - ok

09:46:16.0823 4724 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

09:46:16.0917 4724 CertPropSvc - ok

09:46:17.0026 4724 cfWiMAXService (8a9dd5e028a783bcd595f1bb9cdbd65a) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

09:46:17.0073 4724 cfWiMAXService - ok

09:46:17.0104 4724 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

09:46:17.0167 4724 circlass - ok

09:46:17.0213 4724 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

09:46:17.0260 4724 CLFS - ok

09:46:17.0338 4724 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

09:46:17.0369 4724 clr_optimization_v2.0.50727_32 - ok

09:46:17.0447 4724 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

09:46:17.0494 4724 clr_optimization_v4.0.30319_32 - ok

09:46:17.0510 4724 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

09:46:17.0572 4724 CmBatt - ok

09:46:17.0619 4724 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

09:46:17.0650 4724 cmdide - ok

09:46:17.0681 4724 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys

09:46:17.0775 4724 CNG - ok

09:46:17.0806 4724 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

09:46:17.0837 4724 Compbatt - ok

09:46:17.0884 4724 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

09:46:17.0947 4724 CompositeBus - ok

09:46:17.0962 4724 COMSysApp - ok

09:46:18.0071 4724 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

09:46:18.0087 4724 ConfigFree Service - ok

09:46:18.0134 4724 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

09:46:18.0149 4724 crcdisk - ok

09:46:18.0227 4724 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll

09:46:18.0321 4724 CryptSvc - ok

09:46:18.0383 4724 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

09:46:18.0477 4724 DcomLaunch - ok

09:46:18.0555 4724 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll

09:46:18.0664 4724 defragsvc - ok

09:46:18.0727 4724 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

09:46:18.0805 4724 DfsC - ok

09:46:18.0898 4724 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll

09:46:18.0976 4724 Dhcp - ok

09:46:19.0039 4724 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

09:46:19.0117 4724 discache - ok

09:46:19.0179 4724 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

09:46:19.0210 4724 Disk - ok

09:46:19.0241 4724 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll

09:46:19.0351 4724 Dnscache - ok

09:46:19.0382 4724 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll

09:46:19.0491 4724 dot3svc - ok

09:46:19.0553 4724 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys

09:46:19.0616 4724 Dot4 - ok

09:46:19.0678 4724 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys

09:46:19.0709 4724 Dot4Print - ok

09:46:19.0741 4724 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys

09:46:19.0803 4724 dot4usb - ok

09:46:19.0850 4724 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll

09:46:19.0943 4724 DPS - ok

09:46:20.0006 4724 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

09:46:20.0053 4724 drmkaud - ok

09:46:20.0146 4724 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

09:46:20.0209 4724 DXGKrnl - ok

09:46:20.0255 4724 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll

09:46:20.0349 4724 EapHost - ok

09:46:20.0567 4724 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

09:46:20.0723 4724 ebdrv - ok

09:46:20.0833 4724 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe

09:46:20.0926 4724 EFS - ok

09:46:21.0020 4724 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

09:46:21.0067 4724 elxstor - ok

09:46:21.0113 4724 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

09:46:21.0160 4724 ErrDev - ok

09:46:21.0254 4724 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll

09:46:21.0347 4724 EventSystem - ok

09:46:21.0410 4724 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

09:46:21.0488 4724 exfat - ok

09:46:21.0503 4724 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

09:46:21.0581 4724 fastfat - ok

09:46:21.0800 4724 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe

09:46:21.0909 4724 Fax - ok

09:46:21.0940 4724 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

09:46:21.0987 4724 fdc - ok

09:46:22.0018 4724 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll

09:46:22.0112 4724 fdPHost - ok

09:46:22.0143 4724 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll

09:46:22.0237 4724 FDResPub - ok

09:46:22.0268 4724 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

09:46:22.0299 4724 FileInfo - ok

09:46:22.0315 4724 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

09:46:22.0393 4724 Filetrace - ok

09:46:22.0424 4724 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

09:46:22.0455 4724 flpydisk - ok

09:46:22.0517 4724 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

09:46:22.0549 4724 FltMgr - ok

09:46:22.0627 4724 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll

09:46:22.0736 4724 FontCache - ok

09:46:22.0798 4724 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

09:46:22.0814 4724 FontCache3.0.0.0 - ok

09:46:22.0845 4724 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

09:46:22.0876 4724 FsDepends - ok

09:46:22.0923 4724 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys

09:46:22.0954 4724 Fs_Rec - ok

09:46:23.0001 4724 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

09:46:23.0048 4724 fvevol - ok

09:46:23.0095 4724 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

09:46:23.0126 4724 gagp30kx - ok

09:46:23.0235 4724 GameConsoleService (4fbccbdd99a75c9efbc90392cf32af61) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

09:46:23.0266 4724 GameConsoleService - ok

09:46:23.0344 4724 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll

09:46:23.0453 4724 gpsvc - ok

09:46:23.0531 4724 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

09:46:23.0578 4724 gusvc - ok

09:46:23.0594 4724 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

09:46:23.0687 4724 hcw85cir - ok

09:46:23.0750 4724 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

09:46:23.0797 4724 HdAudAddService - ok

09:46:23.0843 4724 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

09:46:23.0921 4724 HDAudBus - ok

09:46:23.0968 4724 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

09:46:23.0999 4724 HidBatt - ok

09:46:24.0015 4724 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

09:46:24.0062 4724 HidBth - ok

09:46:24.0109 4724 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

09:46:24.0171 4724 HidIr - ok

09:46:24.0202 4724 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll

09:46:24.0296 4724 hidserv - ok

09:46:24.0358 4724 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys

09:46:24.0421 4724 HidUsb - ok

09:46:24.0452 4724 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll

09:46:24.0545 4724 hkmsvc - ok

09:46:24.0592 4724 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll

09:46:24.0686 4724 HomeGroupListener - ok

09:46:24.0733 4724 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll

09:46:24.0811 4724 HomeGroupProvider - ok

09:46:24.0873 4724 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

09:46:24.0904 4724 HpSAMD - ok

09:46:24.0982 4724 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

09:46:25.0060 4724 HTTP - ok

09:46:25.0091 4724 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

09:46:25.0107 4724 hwpolicy - ok

09:46:25.0169 4724 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

09:46:25.0216 4724 i8042prt - ok

09:46:25.0294 4724 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

09:46:25.0341 4724 iaStor - ok

09:46:25.0388 4724 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

09:46:25.0435 4724 iaStorV - ok

09:46:25.0559 4724 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

09:46:25.0622 4724 idsvc - ok

09:46:25.0949 4724 igfx (e21a74a91f7aa3bb2e985c4cddca63f2) C:\windows\system32\DRIVERS\igdkmd32.sys

09:46:26.0183 4724 igfx - ok

09:46:26.0339 4724 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

09:46:26.0371 4724 iirsp - ok

09:46:26.0480 4724 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll

09:46:26.0589 4724 IKEEXT - ok

09:46:26.0823 4724 IntcAzAudAddService (0a0e3c041c20c4175e1cc6580138ca38) C:\windows\system32\drivers\RTKVHDA.sys

09:46:26.0979 4724 IntcAzAudAddService - ok

09:46:27.0104 4724 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

09:46:27.0119 4724 intelide - ok

09:46:27.0166 4724 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

09:46:27.0213 4724 intelppm - ok

09:46:27.0260 4724 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll

09:46:27.0353 4724 IPBusEnum - ok

09:46:27.0385 4724 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

09:46:27.0478 4724 IpFilterDriver - ok

09:46:27.0556 4724 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll

09:46:27.0650 4724 iphlpsvc - ok

09:46:27.0681 4724 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

09:46:27.0743 4724 IPMIDRV - ok

09:46:27.0775 4724 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

09:46:27.0853 4724 IPNAT - ok

09:46:27.0915 4724 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

09:46:27.0962 4724 IRENUM - ok

09:46:28.0009 4724 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

09:46:28.0024 4724 isapnp - ok

09:46:28.0071 4724 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

09:46:28.0118 4724 iScsiPrt - ok

09:46:28.0149 4724 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

09:46:28.0180 4724 kbdclass - ok

09:46:28.0227 4724 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

09:46:28.0289 4724 kbdhid - ok

09:46:28.0321 4724 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

09:46:28.0352 4724 KeyIso - ok

09:46:28.0383 4724 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys

09:46:28.0414 4724 KSecDD - ok

09:46:28.0461 4724 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys

09:46:28.0492 4724 KSecPkg - ok

09:46:28.0555 4724 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll

09:46:28.0664 4724 KtmRm - ok

09:46:28.0742 4724 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll

09:46:28.0835 4724 LanmanServer - ok

09:46:28.0898 4724 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll

09:46:28.0991 4724 LanmanWorkstation - ok

09:46:29.0038 4724 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

09:46:29.0132 4724 lltdio - ok

09:46:29.0179 4724 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll

09:46:29.0288 4724 lltdsvc - ok

09:46:29.0319 4724 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll

09:46:29.0381 4724 lmhosts - ok

09:46:29.0444 4724 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys

09:46:29.0475 4724 LPCFilter - ok

09:46:29.0522 4724 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

09:46:29.0553 4724 LSI_FC - ok

09:46:29.0569 4724 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

09:46:29.0600 4724 LSI_SAS - ok

09:46:29.0631 4724 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

09:46:29.0662 4724 LSI_SAS2 - ok

09:46:29.0693 4724 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

09:46:29.0725 4724 LSI_SCSI - ok

09:46:29.0756 4724 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

09:46:29.0849 4724 luafv - ok

09:46:29.0896 4724 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys

09:46:29.0927 4724 MBAMProtector - ok

09:46:30.0021 4724 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

09:46:30.0068 4724 MBAMService - ok

09:46:30.0099 4724 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

09:46:30.0130 4724 megasas - ok

09:46:30.0193 4724 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

09:46:30.0239 4724 MegaSR - ok

09:46:30.0271 4724 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

09:46:30.0380 4724 MMCSS - ok

09:46:30.0411 4724 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

09:46:30.0505 4724 Modem - ok

09:46:30.0536 4724 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

09:46:30.0567 4724 monitor - ok

09:46:30.0614 4724 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

09:46:30.0645 4724 mouclass - ok

09:46:30.0676 4724 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

09:46:30.0723 4724 mouhid - ok

09:46:30.0785 4724 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

09:46:30.0817 4724 mountmgr - ok

09:46:30.0895 4724 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

09:46:30.0926 4724 MozillaMaintenance - ok

09:46:30.0988 4724 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\windows\system32\DRIVERS\MpFilter.sys

09:46:31.0035 4724 MpFilter - ok

09:46:31.0066 4724 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

09:46:31.0097 4724 mpio - ok

09:46:31.0129 4724 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

09:46:31.0207 4724 mpsdrv - ok

09:46:31.0285 4724 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll

09:46:31.0409 4724 MpsSvc - ok

09:46:31.0472 4724 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

09:46:31.0550 4724 MRxDAV - ok

09:46:31.0612 4724 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

09:46:31.0675 4724 mrxsmb - ok

09:46:31.0737 4724 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

09:46:31.0784 4724 mrxsmb10 - ok

09:46:31.0799 4724 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

09:46:31.0846 4724 mrxsmb20 - ok

09:46:31.0893 4724 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

09:46:31.0924 4724 msahci - ok

09:46:31.0955 4724 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

09:46:31.0987 4724 msdsm - ok

09:46:32.0033 4724 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe

09:46:32.0111 4724 MSDTC - ok

09:46:32.0174 4724 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

09:46:32.0236 4724 Msfs - ok

09:46:32.0252 4724 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

09:46:32.0345 4724 mshidkmdf - ok

09:46:32.0377 4724 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

09:46:32.0408 4724 msisadrv - ok

09:46:32.0470 4724 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll

09:46:32.0548 4724 MSiSCSI - ok

09:46:32.0564 4724 msiserver - ok

09:46:32.0611 4724 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

09:46:32.0689 4724 MSKSSRV - ok

09:46:32.0782 4724 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

09:46:32.0813 4724 MsMpSvc - ok

09:46:32.0860 4724 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

09:46:32.0954 4724 MSPCLOCK - ok

09:46:32.0969 4724 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

09:46:33.0047 4724 MSPQM - ok

09:46:33.0079 4724 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

09:46:33.0125 4724 MsRPC - ok

09:46:33.0172 4724 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

09:46:33.0203 4724 mssmbios - ok

09:46:33.0235 4724 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

09:46:33.0297 4724 MSTEE - ok

09:46:33.0313 4724 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

09:46:33.0375 4724 MTConfig - ok

09:46:33.0391 4724 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

09:46:33.0422 4724 Mup - ok

09:46:33.0484 4724 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll

09:46:33.0593 4724 napagent - ok

09:46:33.0671 4724 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

09:46:33.0749 4724 NativeWifiP - ok

09:46:33.0827 4724 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

09:46:33.0890 4724 NDIS - ok

09:46:33.0937 4724 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

09:46:34.0015 4724 NdisCap - ok

09:46:34.0046 4724 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

09:46:34.0139 4724 NdisTapi - ok

09:46:34.0186 4724 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

09:46:34.0280 4724 Ndisuio - ok

09:46:34.0327 4724 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

09:46:34.0389 4724 NdisWan - ok

09:46:34.0405 4724 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

09:46:34.0467 4724 NDProxy - ok

09:46:34.0514 4724 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

09:46:34.0607 4724 NetBIOS - ok

09:46:34.0654 4724 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

09:46:34.0748 4724 NetBT - ok

09:46:34.0795 4724 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

09:46:34.0826 4724 Netlogon - ok

09:46:34.0873 4724 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll

09:46:34.0966 4724 Netman - ok

09:46:35.0013 4724 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll

09:46:35.0122 4724 netprofm - ok

09:46:35.0216 4724 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

09:46:35.0263 4724 NetTcpPortSharing - ok

09:46:35.0309 4724 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

09:46:35.0341 4724 nfrd960 - ok

09:46:35.0387 4724 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\windows\system32\DRIVERS\NisDrvWFP.sys

09:46:35.0403 4724 NisDrv - ok

09:46:35.0512 4724 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe

09:46:35.0559 4724 NisSrv - ok

09:46:35.0621 4724 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll

09:46:35.0715 4724 NlaSvc - ok

09:46:35.0762 4724 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

09:46:35.0855 4724 Npfs - ok

09:46:35.0887 4724 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll

09:46:35.0965 4724 nsi - ok

09:46:35.0980 4724 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

09:46:36.0074 4724 nsiproxy - ok

09:46:36.0199 4724 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

09:46:36.0277 4724 Ntfs - ok

09:46:36.0308 4724 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

09:46:36.0370 4724 Null - ok

09:46:36.0433 4724 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

09:46:36.0464 4724 nvraid - ok

09:46:36.0495 4724 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

09:46:36.0526 4724 nvstor - ok

09:46:36.0573 4724 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

09:46:36.0604 4724 nv_agp - ok

09:46:36.0713 4724 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

09:46:36.0760 4724 odserv - ok

09:46:36.0807 4724 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

09:46:36.0854 4724 ohci1394 - ok

09:46:36.0932 4724 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

09:46:36.0979 4724 ose - ok

09:46:37.0010 4724 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

09:46:37.0088 4724 p2pimsvc - ok

09:46:37.0135 4724 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll

09:46:37.0197 4724 p2psvc - ok

09:46:37.0259 4724 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

09:46:37.0306 4724 Parport - ok

09:46:37.0353 4724 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys

09:46:37.0384 4724 partmgr - ok

09:46:37.0400 4724 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

09:46:37.0462 4724 Parvdm - ok

09:46:37.0509 4724 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll

09:46:37.0587 4724 PcaSvc - ok

09:46:37.0634 4724 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

09:46:37.0665 4724 pci - ok

09:46:37.0681 4724 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

09:46:37.0712 4724 pciide - ok

09:46:37.0759 4724 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

09:46:37.0805 4724 pcmcia - ok

09:46:37.0821 4724 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

09:46:37.0852 4724 pcw - ok

09:46:37.0915 4724 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

09:46:38.0024 4724 PEAUTH - ok

09:46:38.0102 4724 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys

09:46:38.0164 4724 PGEffect - ok

09:46:38.0289 4724 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll

09:46:38.0461 4724 pla - ok

09:46:38.0617 4724 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll

09:46:38.0695 4724 PlugPlay - ok

09:46:38.0726 4724 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll

09:46:38.0788 4724 PNRPAutoReg - ok

09:46:38.0835 4724 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

09:46:38.0866 4724 PNRPsvc - ok

09:46:38.0929 4724 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll

09:46:39.0053 4724 PolicyAgent - ok

09:46:39.0116 4724 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll

09:46:39.0194 4724 Power - ok

09:46:39.0256 4724 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

09:46:39.0350 4724 PptpMiniport - ok

09:46:39.0412 4724 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

09:46:39.0459 4724 Processor - ok

09:46:39.0521 4724 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll

09:46:39.0615 4724 ProfSvc - ok

09:46:39.0631 4724 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

09:46:39.0677 4724 ProtectedStorage - ok

09:46:39.0709 4724 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

09:46:39.0802 4724 Psched - ok

09:46:39.0911 4724 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

09:46:40.0021 4724 ql2300 - ok

09:46:40.0145 4724 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

09:46:40.0177 4724 ql40xx - ok

09:46:40.0223 4724 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll

09:46:40.0301 4724 QWAVE - ok

09:46:40.0348 4724 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

09:46:40.0411 4724 QWAVEdrv - ok

09:46:40.0426 4724 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

09:46:40.0535 4724 RasAcd - ok

09:46:40.0567 4724 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

09:46:40.0660 4724 RasAgileVpn - ok

09:46:40.0707 4724 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll

09:46:40.0801 4724 RasAuto - ok

09:46:40.0832 4724 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

09:46:40.0925 4724 Rasl2tp - ok

09:46:40.0988 4724 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll

09:46:41.0097 4724 RasMan - ok

09:46:41.0159 4724 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

09:46:41.0237 4724 RasPppoe - ok

09:46:41.0253 4724 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

09:46:41.0347 4724 RasSstp - ok

09:46:41.0409 4724 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

09:46:41.0503 4724 rdbss - ok

09:46:41.0518 4724 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

09:46:41.0581 4724 rdpbus - ok

09:46:41.0627 4724 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

09:46:41.0690 4724 RDPCDD - ok

09:46:41.0752 4724 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

09:46:41.0830 4724 RDPENCDD - ok

09:46:41.0861 4724 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

09:46:41.0939 4724 RDPREFMP - ok

09:46:41.0986 4724 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys

09:46:42.0064 4724 RDPWD - ok

09:46:42.0127 4724 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

09:46:42.0158 4724 rdyboost - ok

09:46:42.0205 4724 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll

09:46:42.0283 4724 RemoteAccess - ok

09:46:42.0329 4724 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll

09:46:42.0439 4724 RemoteRegistry - ok

09:46:42.0454 4724 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll

09:46:42.0563 4724 RpcEptMapper - ok

09:46:42.0595 4724 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe

09:46:42.0673 4724 RpcLocator - ok

09:46:42.0735 4724 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

09:46:42.0813 4724 RpcSs - ok

09:46:42.0860 4724 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

09:46:42.0953 4724 rspndr - ok

09:46:43.0000 4724 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys

09:46:43.0094 4724 RSUSBSTOR - ok

09:46:43.0141 4724 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\windows\system32\DRIVERS\Rt86win7.sys

09:46:43.0281 4724 RTL8167 - ok

09:46:43.0297 4724 RtsUIR - ok

09:46:43.0343 4724 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

09:46:43.0375 4724 SamSs - ok

09:46:43.0421 4724 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

09:46:43.0453 4724 sbp2port - ok

09:46:43.0484 4724 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll

09:46:43.0593 4724 SCardSvr - ok

09:46:43.0624 4724 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

09:46:43.0702 4724 scfilter - ok

09:46:43.0796 4724 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll

09:46:43.0921 4724 Schedule - ok

09:46:43.0967 4724 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

09:46:44.0045 4724 SCPolicySvc - ok

09:46:44.0061 4724 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll

09:46:44.0155 4724 SDRSVC - ok

09:46:44.0186 4724 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

09:46:44.0311 4724 secdrv - ok

09:46:44.0357 4724 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll

09:46:44.0482 4724 seclogon - ok

09:46:44.0529 4724 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll

09:46:44.0638 4724 SENS - ok

09:46:44.0685 4724 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

09:46:44.0716 4724 Serenum - ok

09:46:44.0747 4724 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

09:46:44.0825 4724 Serial - ok

09:46:44.0888 4724 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

09:46:44.0935 4724 sermouse - ok

09:46:45.0028 4724 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll

09:46:45.0122 4724 SessionEnv - ok

09:46:45.0169 4724 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

09:46:45.0200 4724 sffdisk - ok

09:46:45.0215 4724 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

09:46:45.0278 4724 sffp_mmc - ok

09:46:45.0309 4724 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

09:46:45.0356 4724 sffp_sd - ok

09:46:45.0387 4724 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

09:46:45.0434 4724 sfloppy - ok

09:46:45.0481 4724 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll

09:46:45.0605 4724 SharedAccess - ok

09:46:45.0668 4724 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll

09:46:45.0761 4724 ShellHWDetection - ok

09:46:45.0808 4724 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

09:46:45.0839 4724 sisagp - ok

09:46:45.0886 4724 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

09:46:45.0917 4724 SiSRaid2 - ok

09:46:45.0933 4724 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

09:46:45.0980 4724 SiSRaid4 - ok

09:46:46.0011 4724 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

09:46:46.0089 4724 Smb - ok

09:46:46.0120 4724 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe

09:46:46.0183 4724 SNMPTRAP - ok

09:46:46.0214 4724 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

09:46:46.0245 4724 spldr - ok

09:46:46.0307 4724 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe

09:46:46.0401 4724 Spooler - ok

09:46:46.0635 4724 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe

09:46:46.0838 4724 sppsvc - ok

09:46:46.0994 4724 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll

09:46:47.0072 4724 sppuinotify - ok

09:46:47.0150 4724 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

09:46:47.0228 4724 srv - ok

09:46:47.0275 4724 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

09:46:47.0337 4724 srv2 - ok

09:46:47.0353 4724 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

09:46:47.0399 4724 srvnet - ok

09:46:47.0446 4724 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll

09:46:47.0524 4724 SSDPSRV - ok

09:46:47.0540 4724 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll

09:46:47.0649 4724 SstpSvc - ok

09:46:47.0680 4724 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

09:46:47.0711 4724 stexstor - ok

09:46:47.0789 4724 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll

09:46:47.0883 4724 StiSvc - ok

09:46:47.0930 4724 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

09:46:47.0961 4724 swenum - ok

09:46:48.0008 4724 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll

09:46:48.0117 4724 swprv - ok

09:46:48.0195 4724 SynTP (6da97d6b6de6326eba8ab8291ab41a09) C:\windows\system32\DRIVERS\SynTP.sys

09:46:48.0226 4724 SynTP - ok

09:46:48.0335 4724 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll

09:46:48.0445 4724 SysMain - ok

09:46:48.0491 4724 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll

09:46:48.0569 4724 TabletInputService - ok

09:46:48.0616 4724 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll

09:46:48.0725 4724 TapiSrv - ok

09:46:48.0772 4724 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll

09:46:48.0881 4724 TBS - ok

09:46:49.0037 4724 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys

09:46:49.0147 4724 Tcpip - ok

09:46:49.0178 4724 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys

09:46:49.0271 4724 TCPIP6 - ok

09:46:49.0318 4724 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

09:46:49.0396 4724 tcpipreg - ok

09:46:49.0459 4724 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys

09:46:49.0474 4724 tdcmdpst - ok

09:46:49.0505 4724 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

09:46:49.0568 4724 TDPIPE - ok

09:46:49.0599 4724 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys

09:46:49.0630 4724 TDTCP - ok

09:46:49.0661 4724 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

09:46:49.0739 4724 tdx - ok

09:46:49.0786 4724 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

09:46:49.0817 4724 TermDD - ok

09:46:49.0895 4724 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll

09:46:50.0005 4724 TermService - ok

09:46:50.0036 4724 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll

09:46:50.0114 4724 Themes - ok

09:46:50.0161 4724 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys

09:46:50.0176 4724 Thpdrv - ok

09:46:50.0207 4724 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS

09:46:50.0223 4724 Thpevm - ok

09:46:50.0285 4724 Thpsrv (32c625d61d2c7cb1eaac3f094d0887c1) C:\windows\system32\ThpSrv.exe

09:46:50.0332 4724 Thpsrv - ok

09:46:50.0379 4724 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

09:46:50.0457 4724 THREADORDER - ok

09:46:50.0519 4724 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

09:46:50.0551 4724 TMachInfo - ok

09:46:50.0582 4724 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe

09:46:50.0629 4724 TODDSrv - ok

09:46:50.0707 4724 TosCoSrv (451b09ba1a0d019ba0b5a27229559d55) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

09:46:50.0738 4724 TosCoSrv - ok

09:46:50.0785 4724 TOSHIBA eco Utility Service (cdd03ce0c0060d1a6f0e2dc65de5350a) C:\Program Files\TOSHIBA\TECO\TecoService.exe

09:46:50.0831 4724 TOSHIBA eco Utility Service - ok

09:46:50.0878 4724 TOSHIBA HDD SSD Alert Service (67c1da40d78c92622081a3e780c926b2) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

09:46:50.0925 4724 TOSHIBA HDD SSD Alert Service - ok

09:46:51.0019 4724 TPCHSrv (4aa4e09a213ed1376d494a6c9b71e462) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

09:46:51.0065 4724 TPCHSrv - ok

09:46:51.0190 4724 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll

09:46:51.0299 4724 TrkWks - ok

09:46:51.0362 4724 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe

09:46:51.0440 4724 TrustedInstaller - ok

09:46:51.0487 4724 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

09:46:51.0565 4724 tssecsrv - ok

09:46:51.0643 4724 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

09:46:51.0721 4724 TsUsbFlt - ok

09:46:51.0767 4724 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

09:46:51.0861 4724 tunnel - ok

09:46:51.0892 4724 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS

09:46:51.0908 4724 TVALZ - ok

09:46:51.0955 4724 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys

09:46:51.0970 4724 TVALZFL - ok

09:46:52.0001 4724 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

09:46:52.0033 4724 uagp35 - ok

09:46:52.0095 4724 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

09:46:52.0189 4724 udfs - ok

09:46:52.0251 4724 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe

09:46:52.0313 4724 UI0Detect - ok

09:46:52.0376 4724 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

09:46:52.0438 4724 uliagpkx - ok

09:46:52.0485 4724 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

09:46:52.0532 4724 umbus - ok

09:46:52.0563 4724 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

09:46:52.0610 4724 UmPass - ok

09:46:52.0657 4724 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll

09:46:52.0750 4724 upnphost - ok

09:46:52.0797 4724 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

09:46:52.0859 4724 usbccgp - ok

09:46:52.0875 4724 USBCCID - ok

09:46:52.0906 4724 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

09:46:52.0953 4724 usbcir - ok

09:46:52.0953 4724 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

09:46:53.0000 4724 usbehci - ok

09:46:53.0047 4724 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

09:46:53.0109 4724 usbhub - ok

09:46:53.0156 4724 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

09:46:53.0203 4724 usbohci - ok

09:46:53.0265 4724 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

09:46:53.0296 4724 usbprint - ok

09:46:53.0343 4724 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

09:46:53.0405 4724 usbscan - ok

09:46:53.0452 4724 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS

09:46:53.0530 4724 USBSTOR - ok

09:46:53.0561 4724 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

09:46:53.0593 4724 usbuhci - ok

09:46:53.0671 4724 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

09:46:53.0733 4724 usbvideo - ok

09:46:53.0780 4724 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll

09:46:53.0889 4724 UxSms - ok

09:46:53.0936 4724 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

09:46:53.0967 4724 VaultSvc - ok

09:46:54.0014 4724 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

09:46:54.0045 4724 vdrvroot - ok

09:46:54.0107 4724 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe

09:46:54.0201 4724 vds - ok

09:46:54.0232 4724 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

09:46:54.0295 4724 vga - ok

09:46:54.0326 4724 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

09:46:54.0388 4724 VgaSave - ok

09:46:54.0435 4724 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

09:46:54.0482 4724 vhdmp - ok

09:46:54.0529 4724 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

09:46:54.0560 4724 viaagp - ok

09:46:54.0607 4724 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

09:46:54.0653 4724 ViaC7 - ok

09:46:54.0685 4724 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

09:46:54.0716 4724 viaide - ok

09:46:54.0763 4724 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

09:46:54.0794 4724 volmgr - ok

09:46:54.0841 4724 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

09:46:54.0887 4724 volmgrx - ok

09:46:54.0919 4724 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

09:46:54.0965 4724 volsnap - ok

09:46:54.0997 4724 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

09:46:55.0043 4724 vsmraid - ok

09:46:55.0137 4724 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe

09:46:55.0262 4724 VSS - ok

09:46:55.0277 4724 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

09:46:55.0340 4724 vwifibus - ok

09:46:55.0387 4724 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

09:46:55.0433 4724 vwififlt - ok

09:46:55.0496 4724 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll

09:46:55.0589 4724 W32Time - ok

09:46:55.0652 4724 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

09:46:55.0699 4724 WacomPen - ok

09:46:55.0761 4724 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

09:46:55.0839 4724 WANARP - ok

09:46:55.0839 4724 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

09:46:55.0901 4724 Wanarpv6 - ok

09:46:56.0011 4724 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe

09:46:56.0089 4724 wbengine - ok

09:46:56.0151 4724 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll

09:46:56.0229 4724 WbioSrvc - ok

09:46:56.0276 4724 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll

09:46:56.0370 4724 wcncsvc - ok

09:46:56.0401 4724 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll

09:46:56.0479 4724 WcsPlugInService - ok

09:46:56.0541 4724 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

09:46:56.0572 4724 Wd - ok

09:46:56.0619 4724 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

09:46:56.0697 4724 Wdf01000 - ok

09:46:56.0728 4724 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

09:46:56.0838 4724 WdiServiceHost - ok

09:46:56.0853 4724 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

09:46:56.0900 4724 WdiSystemHost - ok

09:46:56.0947 4724 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll

09:46:57.0025 4724 WebClient - ok

09:46:57.0087 4724 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll

09:46:57.0165 4724 Wecsvc - ok

09:46:57.0196 4724 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll

09:46:57.0306 4724 wercplsupport - ok

09:46:57.0337 4724 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll

09:46:57.0430 4724 WerSvc - ok

09:46:57.0446 4724 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

09:46:57.0524 4724 WfpLwf - ok

09:46:57.0555 4724 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

09:46:57.0571 4724 WIMMount - ok

09:46:57.0680 4724 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

09:46:57.0774 4724 WinDefend - ok

09:46:57.0789 4724 WinHttpAutoProxySvc - ok

09:46:57.0898 4724 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll

09:46:57.0976 4724 Winmgmt - ok

09:46:58.0086 4724 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll

09:46:58.0226 4724 WinRM - ok

09:46:58.0351 4724 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll

09:46:58.0444 4724 Wlansvc - ok

09:46:58.0507 4724 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

09:46:58.0554 4724 WmiAcpi - ok

09:46:58.0632 4724 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe

09:46:58.0694 4724 wmiApSrv - ok

09:46:58.0850 4724 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

09:46:58.0944 4724 WMPNetworkSvc - ok

09:46:58.0990 4724 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll

09:46:59.0068 4724 WPCSvc - ok

09:46:59.0115 4724 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll

09:46:59.0178 4724 WPDBusEnum - ok

09:46:59.0224 4724 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

09:46:59.0318 4724 ws2ifsl - ok

09:46:59.0365 4724 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll

09:46:59.0427 4724 wscsvc - ok

09:46:59.0443 4724 WSearch - ok

09:46:59.0614 4724 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll

09:46:59.0739 4724 wuauserv - ok

09:46:59.0864 4724 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

09:46:59.0926 4724 WudfPf - ok

09:46:59.0973 4724 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

09:47:00.0036 4724 WUDFRd - ok

09:47:00.0098 4724 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll

09:47:00.0176 4724 wudfsvc - ok

09:47:00.0207 4724 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll

09:47:00.0270 4724 WwanSvc - ok

09:47:00.0441 4724 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

09:47:00.0488 4724 YahooAUService - ok

09:47:00.0519 4724 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

09:47:00.0816 4724 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

09:47:00.0816 4724 \Device\Harddisk0\DR0 - detected TDSS File System (1)

09:47:00.0847 4724 Boot (0x1200) (7754d01fb3ff45522fd1ad26abd51a0b) \Device\Harddisk0\DR0\Partition0

09:47:00.0847 4724 \Device\Harddisk0\DR0\Partition0 - ok

09:47:00.0847 4724 ============================================================

09:47:00.0847 4724 Scan finished

09:47:00.0847 4724 ============================================================

09:47:00.0878 5356 Detected object count: 1

09:47:00.0878 5356 Actual detected object count: 1

09:50:51.0275 5356 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

09:50:51.0275 5356 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User: Jessica [Admin rights]

Mode: Scan -- Date: 08/10/2012 10:01:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MJA2250BH G2 +++++

--- User ---

[MBR] d1562dab85d83482fd6e766b73cea330

[bSP] c4f9abca7e80dddf6b58fcf71e9a0ddd : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 228409 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 470855680 | Size: 8565 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Turn off your antivirus program.

Start TDSSKILLER (just like before)

When it shows you a line like this ---->> 09:50:51.0275 5356 \Device\Harddisk0\DR0 ( TDSS File System )

Select to Cure or Delete it.

When done, post the latest RKReport

Then re-enable your antivirus.

Link to post
Share on other sites

Okay, here is the 2nd log. I didn't delete it the 1st time because I wasn't sure. This scan found other things.

10:31:19.0864 6076 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

10:31:20.0582 6076 ============================================================

10:31:20.0582 6076 Current date / time: 2012/08/10 10:31:20.0582

10:31:20.0582 6076 SystemInfo:

10:31:20.0582 6076

10:31:20.0582 6076 OS Version: 6.1.7601 ServicePack: 1.0

10:31:20.0582 6076 Product type: Workstation

10:31:20.0582 6076 ComputerName: JESSICA-PC

10:31:20.0582 6076 UserName: Jessica

10:31:20.0582 6076 Windows directory: C:\windows

10:31:20.0582 6076 System windows directory: C:\windows

10:31:20.0582 6076 Processor architecture: Intel x86

10:31:20.0582 6076 Number of processors: 2

10:31:20.0582 6076 Page size: 0x1000

10:31:20.0582 6076 Boot type: Normal boot

10:31:20.0582 6076 ============================================================

10:31:21.0362 6076 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:31:21.0377 6076 ============================================================

10:31:21.0377 6076 \Device\Harddisk0\DR0:

10:31:21.0393 6076 MBR partitions:

10:31:21.0393 6076 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x1BE1C800

10:31:21.0393 6076 ============================================================

10:31:21.0408 6076 C: <-> \Device\Harddisk0\DR0\Partition0

10:31:21.0408 6076 ============================================================

10:31:21.0408 6076 Initialize success

10:31:21.0408 6076 ============================================================

10:31:28.0756 5992 ============================================================

10:31:28.0756 5992 Scan started

10:31:28.0756 5992 Mode: Manual; SigCheck; TDLFS;

10:31:28.0756 5992 ============================================================

10:31:29.0193 5992 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

10:31:29.0411 5992 1394ohci - ok

10:31:29.0458 5992 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

10:31:29.0489 5992 ACPI - ok

10:31:29.0552 5992 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

10:31:29.0661 5992 AcpiPmi - ok

10:31:29.0770 5992 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

10:31:29.0801 5992 AdobeFlashPlayerUpdateSvc - ok

10:31:29.0879 5992 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

10:31:29.0926 5992 adp94xx - ok

10:31:29.0973 5992 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

10:31:30.0004 5992 adpahci - ok

10:31:30.0051 5992 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

10:31:30.0082 5992 adpu320 - ok

10:31:30.0129 5992 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll

10:31:30.0316 5992 AeLookupSvc - ok

10:31:30.0378 5992 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

10:31:30.0456 5992 AFD - ok

10:31:30.0503 5992 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

10:31:30.0534 5992 agp440 - ok

10:31:30.0581 5992 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

10:31:30.0612 5992 aic78xx - ok

10:31:30.0659 5992 ALG (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe

10:31:30.0737 5992 ALG - ok

10:31:30.0800 5992 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

10:31:30.0815 5992 aliide - ok

10:31:30.0846 5992 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

10:31:30.0878 5992 amdagp - ok

10:31:30.0893 5992 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

10:31:30.0924 5992 amdide - ok

10:31:30.0956 5992 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

10:31:31.0002 5992 AmdK8 - ok

10:31:31.0049 5992 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

10:31:31.0096 5992 AmdPPM - ok

10:31:31.0143 5992 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

10:31:31.0158 5992 amdsata - ok

10:31:31.0205 5992 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

10:31:31.0236 5992 amdsbs - ok

10:31:31.0252 5992 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

10:31:31.0283 5992 amdxata - ok

10:31:31.0330 5992 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

10:31:31.0424 5992 AppID - ok

10:31:31.0470 5992 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll

10:31:31.0548 5992 AppIDSvc - ok

10:31:31.0595 5992 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll

10:31:31.0673 5992 Appinfo - ok

10:31:31.0736 5992 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

10:31:31.0767 5992 arc - ok

10:31:31.0798 5992 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

10:31:31.0829 5992 arcsas - ok

10:31:31.0860 5992 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

10:31:31.0970 5992 AsyncMac - ok

10:31:32.0032 5992 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

10:31:32.0048 5992 atapi - ok

10:31:32.0157 5992 athr (0f4b6b99d6cdc1d93df1fa690796b2f7) C:\windows\system32\DRIVERS\athr.sys

10:31:32.0266 5992 athr - ok

10:31:32.0344 5992 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

10:31:32.0438 5992 AudioEndpointBuilder - ok

10:31:32.0453 5992 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

10:31:32.0531 5992 Audiosrv - ok

10:31:32.0594 5992 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll

10:31:32.0687 5992 AxInstSV - ok

10:31:32.0765 5992 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

10:31:32.0843 5992 b06bdrv - ok

10:31:32.0890 5992 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

10:31:32.0937 5992 b57nd60x - ok

10:31:32.0984 5992 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll

10:31:33.0062 5992 BDESVC - ok

10:31:33.0093 5992 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

10:31:33.0171 5992 Beep - ok

10:31:33.0264 5992 BFE (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll

10:31:33.0374 5992 BFE - ok

10:31:33.0452 5992 BITS (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll

10:31:33.0561 5992 BITS - ok

10:31:33.0592 5992 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

10:31:33.0639 5992 blbdrive - ok

10:31:33.0701 5992 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

10:31:33.0748 5992 bowser - ok

10:31:33.0779 5992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

10:31:33.0842 5992 BrFiltLo - ok

10:31:33.0873 5992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

10:31:33.0920 5992 BrFiltUp - ok

10:31:33.0998 5992 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll

10:31:34.0060 5992 Browser - ok

10:31:34.0107 5992 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

10:31:34.0200 5992 Brserid - ok

10:31:34.0216 5992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

10:31:34.0278 5992 BrSerWdm - ok

10:31:34.0294 5992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

10:31:34.0356 5992 BrUsbMdm - ok

10:31:34.0388 5992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

10:31:34.0434 5992 BrUsbSer - ok

10:31:34.0466 5992 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

10:31:34.0528 5992 BTHMODEM - ok

10:31:34.0590 5992 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll

10:31:34.0668 5992 bthserv - ok

10:31:34.0700 5992 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

10:31:34.0762 5992 cdfs - ok

10:31:34.0824 5992 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

10:31:34.0871 5992 cdrom - ok

10:31:34.0949 5992 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

10:31:35.0012 5992 CertPropSvc - ok

10:31:35.0136 5992 cfWiMAXService (8a9dd5e028a783bcd595f1bb9cdbd65a) C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

10:31:35.0152 5992 cfWiMAXService - ok

10:31:35.0183 5992 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

10:31:35.0246 5992 circlass - ok

10:31:35.0308 5992 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

10:31:35.0355 5992 CLFS - ok

10:31:35.0448 5992 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:31:35.0480 5992 clr_optimization_v2.0.50727_32 - ok

10:31:35.0558 5992 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:31:35.0589 5992 clr_optimization_v4.0.30319_32 - ok

10:31:35.0604 5992 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

10:31:35.0667 5992 CmBatt - ok

10:31:35.0714 5992 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

10:31:35.0729 5992 cmdide - ok

10:31:35.0776 5992 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\windows\system32\Drivers\cng.sys

10:31:35.0854 5992 CNG - ok

10:31:35.0885 5992 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

10:31:35.0916 5992 Compbatt - ok

10:31:35.0963 5992 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

10:31:36.0026 5992 CompositeBus - ok

10:31:36.0041 5992 COMSysApp - ok

10:31:36.0135 5992 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

10:31:36.0150 5992 ConfigFree Service - ok

10:31:36.0182 5992 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

10:31:36.0213 5992 crcdisk - ok

10:31:36.0275 5992 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\windows\system32\cryptsvc.dll

10:31:36.0369 5992 CryptSvc - ok

10:31:36.0431 5992 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

10:31:36.0540 5992 DcomLaunch - ok

10:31:36.0603 5992 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll

10:31:36.0712 5992 defragsvc - ok

10:31:36.0759 5992 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

10:31:36.0852 5992 DfsC - ok

10:31:36.0930 5992 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll

10:31:37.0024 5992 Dhcp - ok

10:31:37.0071 5992 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

10:31:37.0149 5992 discache - ok

10:31:37.0211 5992 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

10:31:37.0242 5992 Disk - ok

10:31:37.0289 5992 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll

10:31:37.0383 5992 Dnscache - ok

10:31:37.0430 5992 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll

10:31:37.0523 5992 dot3svc - ok

10:31:37.0586 5992 Dot4 (b5e479eb83707dd698f66953e922042c) C:\windows\system32\DRIVERS\Dot4.sys

10:31:37.0648 5992 Dot4 - ok

10:31:37.0710 5992 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\windows\system32\drivers\Dot4Prt.sys

10:31:37.0757 5992 Dot4Print - ok

10:31:37.0820 5992 dot4usb (cf491ff38d62143203c065260567e2f7) C:\windows\system32\DRIVERS\dot4usb.sys

10:31:37.0882 5992 dot4usb - ok

10:31:37.0929 5992 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll

10:31:38.0038 5992 DPS - ok

10:31:38.0085 5992 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

10:31:38.0132 5992 drmkaud - ok

10:31:38.0225 5992 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

10:31:38.0288 5992 DXGKrnl - ok

10:31:38.0334 5992 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll

10:31:38.0428 5992 EapHost - ok

10:31:38.0662 5992 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

10:31:38.0771 5992 ebdrv - ok

10:31:38.0880 5992 EFS (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe

10:31:38.0974 5992 EFS - ok

10:31:39.0052 5992 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

10:31:39.0099 5992 elxstor - ok

10:31:39.0130 5992 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

10:31:39.0177 5992 ErrDev - ok

10:31:39.0270 5992 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll

10:31:39.0380 5992 EventSystem - ok

10:31:39.0426 5992 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

10:31:39.0504 5992 exfat - ok

10:31:39.0520 5992 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

10:31:39.0629 5992 fastfat - ok

10:31:39.0707 5992 Fax (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe

10:31:39.0801 5992 Fax - ok

10:31:39.0832 5992 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

10:31:39.0894 5992 fdc - ok

10:31:39.0941 5992 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll

10:31:40.0019 5992 fdPHost - ok

10:31:40.0050 5992 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll

10:31:40.0160 5992 FDResPub - ok

10:31:40.0175 5992 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

10:31:40.0206 5992 FileInfo - ok

10:31:40.0238 5992 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

10:31:40.0300 5992 Filetrace - ok

10:31:40.0331 5992 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

10:31:40.0378 5992 flpydisk - ok

10:31:40.0425 5992 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

10:31:40.0456 5992 FltMgr - ok

10:31:40.0550 5992 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll

10:31:40.0643 5992 FontCache - ok

10:31:40.0706 5992 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

10:31:40.0737 5992 FontCache3.0.0.0 - ok

10:31:40.0768 5992 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

10:31:40.0784 5992 FsDepends - ok

10:31:40.0830 5992 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys

10:31:40.0846 5992 Fs_Rec - ok

10:31:40.0908 5992 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

10:31:40.0955 5992 fvevol - ok

10:31:41.0002 5992 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

10:31:41.0033 5992 gagp30kx - ok

10:31:41.0142 5992 GameConsoleService (4fbccbdd99a75c9efbc90392cf32af61) C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe

10:31:41.0189 5992 GameConsoleService - ok

10:31:41.0252 5992 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll

10:31:41.0376 5992 gpsvc - ok

10:31:41.0454 5992 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

10:31:41.0486 5992 gusvc - ok

10:31:41.0517 5992 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

10:31:41.0610 5992 hcw85cir - ok

10:31:41.0673 5992 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

10:31:41.0751 5992 HdAudAddService - ok

10:31:41.0798 5992 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

10:31:41.0860 5992 HDAudBus - ok

10:31:41.0891 5992 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

10:31:41.0954 5992 HidBatt - ok

10:31:41.0985 5992 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

10:31:42.0032 5992 HidBth - ok

10:31:42.0047 5992 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

10:31:42.0094 5992 HidIr - ok

10:31:42.0141 5992 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll

10:31:42.0234 5992 hidserv - ok

10:31:42.0281 5992 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys

10:31:42.0344 5992 HidUsb - ok

10:31:42.0375 5992 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll

10:31:42.0468 5992 hkmsvc - ok

10:31:42.0515 5992 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll

10:31:42.0609 5992 HomeGroupListener - ok

10:31:42.0656 5992 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll

10:31:42.0734 5992 HomeGroupProvider - ok

10:31:42.0780 5992 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

10:31:42.0812 5992 HpSAMD - ok

10:31:42.0890 5992 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

10:31:42.0999 5992 HTTP - ok

10:31:43.0030 5992 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

10:31:43.0061 5992 hwpolicy - ok

10:31:43.0124 5992 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

10:31:43.0170 5992 i8042prt - ok

10:31:43.0233 5992 iaStor (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

10:31:43.0295 5992 iaStor - ok

10:31:43.0358 5992 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

10:31:43.0389 5992 iaStorV - ok

10:31:43.0514 5992 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:31:43.0576 5992 idsvc - ok

10:31:43.0904 5992 igfx (e21a74a91f7aa3bb2e985c4cddca63f2) C:\windows\system32\DRIVERS\igdkmd32.sys

10:31:44.0091 5992 igfx - ok

10:31:44.0231 5992 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

10:31:44.0262 5992 iirsp - ok

10:31:44.0356 5992 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll

10:31:44.0465 5992 IKEEXT - ok

10:31:44.0715 5992 IntcAzAudAddService (0a0e3c041c20c4175e1cc6580138ca38) C:\windows\system32\drivers\RTKVHDA.sys

10:31:44.0886 5992 IntcAzAudAddService - ok

10:31:45.0011 5992 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

10:31:45.0042 5992 intelide - ok

10:31:45.0074 5992 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

10:31:45.0136 5992 intelppm - ok

10:31:45.0167 5992 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll

10:31:45.0261 5992 IPBusEnum - ok

10:31:45.0308 5992 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

10:31:45.0386 5992 IpFilterDriver - ok

10:31:45.0479 5992 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll

10:31:45.0573 5992 iphlpsvc - ok

10:31:45.0604 5992 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

10:31:45.0666 5992 IPMIDRV - ok

10:31:45.0698 5992 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

10:31:45.0791 5992 IPNAT - ok

10:31:45.0838 5992 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

10:31:45.0916 5992 IRENUM - ok

10:31:45.0947 5992 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

10:31:45.0978 5992 isapnp - ok

10:31:46.0041 5992 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

10:31:46.0088 5992 iScsiPrt - ok

10:31:46.0119 5992 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

10:31:46.0150 5992 kbdclass - ok

10:31:46.0197 5992 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

10:31:46.0244 5992 kbdhid - ok

10:31:46.0290 5992 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:31:46.0322 5992 KeyIso - ok

10:31:46.0337 5992 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\windows\system32\Drivers\ksecdd.sys

10:31:46.0368 5992 KSecDD - ok

10:31:46.0415 5992 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\windows\system32\Drivers\ksecpkg.sys

10:31:46.0462 5992 KSecPkg - ok

10:31:46.0524 5992 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll

10:31:46.0634 5992 KtmRm - ok

10:31:46.0696 5992 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll

10:31:46.0805 5992 LanmanServer - ok

10:31:46.0852 5992 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll

10:31:46.0946 5992 LanmanWorkstation - ok

10:31:47.0024 5992 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

10:31:47.0117 5992 lltdio - ok

10:31:47.0180 5992 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll

10:31:47.0273 5992 lltdsvc - ok

10:31:47.0304 5992 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll

10:31:47.0382 5992 lmhosts - ok

10:31:47.0445 5992 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\windows\system32\DRIVERS\LPCFilter.sys

10:31:47.0460 5992 LPCFilter - ok

10:31:47.0507 5992 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

10:31:47.0538 5992 LSI_FC - ok

10:31:47.0570 5992 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

10:31:47.0601 5992 LSI_SAS - ok

10:31:47.0632 5992 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

10:31:47.0663 5992 LSI_SAS2 - ok

10:31:47.0694 5992 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

10:31:47.0726 5992 LSI_SCSI - ok

10:31:47.0772 5992 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

10:31:47.0866 5992 luafv - ok

10:31:47.0913 5992 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\windows\system32\drivers\mbam.sys

10:31:47.0944 5992 MBAMProtector - ok

10:31:48.0038 5992 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

10:31:48.0084 5992 MBAMService - ok

10:31:48.0116 5992 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

10:31:48.0147 5992 megasas - ok

10:31:48.0178 5992 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

10:31:48.0225 5992 MegaSR - ok

10:31:48.0272 5992 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

10:31:48.0365 5992 MMCSS - ok

10:31:48.0396 5992 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

10:31:48.0490 5992 Modem - ok

10:31:48.0537 5992 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

10:31:48.0599 5992 monitor - ok

10:31:48.0662 5992 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

10:31:48.0693 5992 mouclass - ok

10:31:48.0740 5992 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

10:31:48.0771 5992 mouhid - ok

10:31:48.0802 5992 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

10:31:48.0833 5992 mountmgr - ok

10:31:48.0911 5992 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

10:31:48.0958 5992 MozillaMaintenance - ok

10:31:49.0020 5992 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\windows\system32\DRIVERS\MpFilter.sys

10:31:49.0067 5992 MpFilter - ok

10:31:49.0114 5992 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

10:31:49.0145 5992 mpio - ok

10:31:49.0176 5992 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

10:31:49.0254 5992 mpsdrv - ok

10:31:49.0332 5992 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll

10:31:49.0457 5992 MpsSvc - ok

10:31:49.0504 5992 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

10:31:49.0566 5992 MRxDAV - ok

10:31:49.0629 5992 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

10:31:49.0707 5992 mrxsmb - ok

10:31:49.0769 5992 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

10:31:49.0816 5992 mrxsmb10 - ok

10:31:49.0847 5992 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

10:31:49.0910 5992 mrxsmb20 - ok

10:31:49.0941 5992 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

10:31:49.0972 5992 msahci - ok

10:31:50.0019 5992 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

10:31:50.0050 5992 msdsm - ok

10:31:50.0097 5992 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe

10:31:50.0159 5992 MSDTC - ok

10:31:50.0237 5992 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

10:31:50.0300 5992 Msfs - ok

10:31:50.0331 5992 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

10:31:50.0409 5992 mshidkmdf - ok

10:31:50.0456 5992 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

10:31:50.0487 5992 msisadrv - ok

10:31:50.0534 5992 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll

10:31:50.0643 5992 MSiSCSI - ok

10:31:50.0643 5992 msiserver - ok

10:31:50.0705 5992 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

10:31:50.0783 5992 MSKSSRV - ok

10:31:50.0877 5992 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe

10:31:50.0908 5992 MsMpSvc - ok

10:31:50.0939 5992 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

10:31:51.0033 5992 MSPCLOCK - ok

10:31:51.0048 5992 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

10:31:51.0126 5992 MSPQM - ok

10:31:51.0158 5992 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

10:31:51.0204 5992 MsRPC - ok

10:31:51.0251 5992 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

10:31:51.0282 5992 mssmbios - ok

10:31:51.0329 5992 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

10:31:51.0392 5992 MSTEE - ok

10:31:51.0407 5992 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

10:31:51.0470 5992 MTConfig - ok

10:31:51.0501 5992 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

10:31:51.0532 5992 Mup - ok

10:31:51.0594 5992 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll

10:31:51.0704 5992 napagent - ok

10:31:51.0766 5992 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

10:31:51.0844 5992 NativeWifiP - ok

10:31:51.0938 5992 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

10:31:52.0000 5992 NDIS - ok

10:31:52.0047 5992 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

10:31:52.0125 5992 NdisCap - ok

10:31:52.0172 5992 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

10:31:52.0250 5992 NdisTapi - ok

10:31:52.0312 5992 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

10:31:52.0406 5992 Ndisuio - ok

10:31:52.0452 5992 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

10:31:52.0530 5992 NdisWan - ok

10:31:52.0546 5992 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

10:31:52.0608 5992 NDProxy - ok

10:31:52.0655 5992 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

10:31:52.0749 5992 NetBIOS - ok

10:31:52.0811 5992 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

10:31:52.0905 5992 NetBT - ok

10:31:52.0952 5992 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:31:52.0983 5992 Netlogon - ok

10:31:53.0030 5992 Netman (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll

10:31:53.0123 5992 Netman - ok

10:31:53.0170 5992 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll

10:31:53.0279 5992 netprofm - ok

10:31:53.0373 5992 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:31:53.0404 5992 NetTcpPortSharing - ok

10:31:53.0451 5992 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

10:31:53.0482 5992 nfrd960 - ok

10:31:53.0529 5992 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\windows\system32\DRIVERS\NisDrvWFP.sys

10:31:53.0560 5992 NisDrv - ok

10:31:53.0654 5992 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe

10:31:53.0700 5992 NisSrv - ok

10:31:53.0763 5992 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll

10:31:53.0856 5992 NlaSvc - ok

10:31:53.0903 5992 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

10:31:53.0997 5992 Npfs - ok

10:31:54.0044 5992 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll

10:31:54.0106 5992 nsi - ok

10:31:54.0122 5992 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

10:31:54.0215 5992 nsiproxy - ok

10:31:54.0340 5992 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

10:31:54.0434 5992 Ntfs - ok

10:31:54.0465 5992 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

10:31:54.0558 5992 Null - ok

10:31:54.0621 5992 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

10:31:54.0652 5992 nvraid - ok

10:31:54.0683 5992 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

10:31:54.0746 5992 nvstor - ok

10:31:54.0777 5992 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

10:31:54.0824 5992 nv_agp - ok

10:31:54.0933 5992 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:31:54.0995 5992 odserv - ok

10:31:55.0042 5992 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

10:31:55.0104 5992 ohci1394 - ok

10:31:55.0167 5992 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:31:55.0214 5992 ose - ok

10:31:55.0245 5992 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

10:31:55.0323 5992 p2pimsvc - ok

10:31:55.0370 5992 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll

10:31:55.0432 5992 p2psvc - ok

10:31:55.0479 5992 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

10:31:55.0541 5992 Parport - ok

10:31:55.0572 5992 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys

10:31:55.0604 5992 partmgr - ok

10:31:55.0635 5992 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

10:31:55.0682 5992 Parvdm - ok

10:31:55.0728 5992 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll

10:31:55.0791 5992 PcaSvc - ok

10:31:55.0838 5992 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

10:31:55.0884 5992 pci - ok

10:31:55.0916 5992 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

10:31:55.0931 5992 pciide - ok

10:31:55.0978 5992 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

10:31:56.0025 5992 pcmcia - ok

10:31:56.0040 5992 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

10:31:56.0072 5992 pcw - ok

10:31:56.0150 5992 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

10:31:56.0259 5992 PEAUTH - ok

10:31:56.0337 5992 PGEffect (1b5011dd8d57f53aed31ff0f7d635802) C:\windows\system32\DRIVERS\pgeffect.sys

10:31:56.0399 5992 PGEffect - ok

10:31:56.0524 5992 pla (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll

10:31:56.0664 5992 pla - ok

10:31:56.0820 5992 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll

10:31:56.0898 5992 PlugPlay - ok

10:31:56.0930 5992 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll

10:31:56.0992 5992 PNRPAutoReg - ok

10:31:57.0039 5992 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

10:31:57.0070 5992 PNRPsvc - ok

10:31:57.0132 5992 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll

10:31:57.0242 5992 PolicyAgent - ok

10:31:57.0304 5992 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll

10:31:57.0398 5992 Power - ok

10:31:57.0460 5992 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

10:31:57.0554 5992 PptpMiniport - ok

10:31:57.0600 5992 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

10:31:57.0663 5992 Processor - ok

10:31:57.0725 5992 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\windows\system32\profsvc.dll

10:31:57.0819 5992 ProfSvc - ok

10:31:57.0850 5992 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:31:57.0881 5992 ProtectedStorage - ok

10:31:57.0928 5992 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

10:31:58.0022 5992 Psched - ok

10:31:58.0131 5992 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

10:31:58.0240 5992 ql2300 - ok

10:31:58.0396 5992 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

10:31:58.0427 5992 ql40xx - ok

10:31:58.0474 5992 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll

10:31:58.0552 5992 QWAVE - ok

10:31:58.0599 5992 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

10:31:58.0661 5992 QWAVEdrv - ok

10:31:58.0692 5992 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

10:31:58.0786 5992 RasAcd - ok

10:31:58.0848 5992 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

10:31:58.0926 5992 RasAgileVpn - ok

10:31:58.0973 5992 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll

10:31:59.0067 5992 RasAuto - ok

10:31:59.0098 5992 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

10:31:59.0192 5992 Rasl2tp - ok

10:31:59.0254 5992 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll

10:31:59.0379 5992 RasMan - ok

10:31:59.0426 5992 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

10:31:59.0504 5992 RasPppoe - ok

10:31:59.0535 5992 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

10:31:59.0628 5992 RasSstp - ok

10:31:59.0691 5992 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

10:31:59.0784 5992 rdbss - ok

10:31:59.0831 5992 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

10:31:59.0878 5992 rdpbus - ok

10:31:59.0925 5992 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

10:32:00.0018 5992 RDPCDD - ok

10:32:00.0050 5992 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

10:32:00.0143 5992 RDPENCDD - ok

10:32:00.0174 5992 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

10:32:00.0237 5992 RDPREFMP - ok

10:32:00.0284 5992 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\windows\system32\drivers\RDPWD.sys

10:32:00.0362 5992 RDPWD - ok

10:32:00.0424 5992 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

10:32:00.0471 5992 rdyboost - ok

10:32:00.0518 5992 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll

10:32:00.0580 5992 RemoteAccess - ok

10:32:00.0627 5992 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll

10:32:00.0720 5992 RemoteRegistry - ok

10:32:00.0767 5992 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll

10:32:00.0876 5992 RpcEptMapper - ok

10:32:00.0923 5992 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe

10:32:00.0970 5992 RpcLocator - ok

10:32:01.0032 5992 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

10:32:01.0110 5992 RpcSs - ok

10:32:01.0157 5992 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

10:32:01.0235 5992 rspndr - ok

10:32:01.0298 5992 RSUSBSTOR (ef8b2afc3c0751c5e5a59983c8893260) C:\windows\system32\Drivers\RtsUStor.sys

10:32:01.0391 5992 RSUSBSTOR - ok

10:32:01.0438 5992 RTL8167 (bcebd5d1aabce4efb7597635e347c44b) C:\windows\system32\DRIVERS\Rt86win7.sys

10:32:01.0563 5992 RTL8167 - ok

10:32:01.0594 5992 RtsUIR - ok

10:32:01.0641 5992 SamSs (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:32:01.0688 5992 SamSs - ok

10:32:01.0734 5992 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

10:32:01.0766 5992 sbp2port - ok

10:32:01.0797 5992 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll

10:32:01.0906 5992 SCardSvr - ok

10:32:01.0953 5992 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

10:32:02.0031 5992 scfilter - ok

10:32:02.0124 5992 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll

10:32:02.0234 5992 Schedule - ok

10:32:02.0280 5992 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

10:32:02.0343 5992 SCPolicySvc - ok

10:32:02.0390 5992 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll

10:32:02.0468 5992 SDRSVC - ok

10:32:02.0514 5992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

10:32:02.0592 5992 secdrv - ok

10:32:02.0655 5992 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll

10:32:02.0748 5992 seclogon - ok

10:32:02.0780 5992 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll

10:32:02.0858 5992 SENS - ok

10:32:02.0904 5992 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

10:32:02.0936 5992 Serenum - ok

10:32:02.0967 5992 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

10:32:03.0045 5992 Serial - ok

10:32:03.0092 5992 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

10:32:03.0138 5992 sermouse - ok

10:32:03.0216 5992 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll

10:32:03.0310 5992 SessionEnv - ok

10:32:03.0357 5992 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

10:32:03.0419 5992 sffdisk - ok

10:32:03.0450 5992 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

10:32:03.0513 5992 sffp_mmc - ok

10:32:03.0544 5992 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

10:32:03.0591 5992 sffp_sd - ok

10:32:03.0622 5992 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

10:32:03.0669 5992 sfloppy - ok

10:32:03.0731 5992 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll

10:32:03.0840 5992 SharedAccess - ok

10:32:03.0903 5992 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll

10:32:03.0996 5992 ShellHWDetection - ok

10:32:04.0043 5992 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

10:32:04.0074 5992 sisagp - ok

10:32:04.0121 5992 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

10:32:04.0152 5992 SiSRaid2 - ok

10:32:04.0184 5992 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

10:32:04.0215 5992 SiSRaid4 - ok

10:32:04.0262 5992 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

10:32:04.0340 5992 Smb - ok

10:32:04.0386 5992 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe

10:32:04.0433 5992 SNMPTRAP - ok

10:32:04.0464 5992 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

10:32:04.0480 5992 spldr - ok

10:32:04.0558 5992 Spooler (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe

10:32:04.0636 5992 Spooler - ok

10:32:04.0854 5992 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe

10:32:05.0073 5992 sppsvc - ok

10:32:05.0213 5992 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll

10:32:05.0291 5992 sppuinotify - ok

10:32:05.0369 5992 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

10:32:05.0463 5992 srv - ok

10:32:05.0494 5992 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

10:32:05.0556 5992 srv2 - ok

10:32:05.0572 5992 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

10:32:05.0619 5992 srvnet - ok

10:32:05.0666 5992 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll

10:32:05.0759 5992 SSDPSRV - ok

10:32:05.0775 5992 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll

10:32:05.0868 5992 SstpSvc - ok

10:32:05.0915 5992 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

10:32:05.0962 5992 stexstor - ok

10:32:06.0040 5992 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll

10:32:06.0134 5992 StiSvc - ok

10:32:06.0180 5992 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

10:32:06.0212 5992 swenum - ok

10:32:06.0258 5992 swprv (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll

10:32:06.0368 5992 swprv - ok

10:32:06.0430 5992 SynTP (6da97d6b6de6326eba8ab8291ab41a09) C:\windows\system32\DRIVERS\SynTP.sys

10:32:06.0477 5992 SynTP - ok

10:32:06.0570 5992 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll

10:32:06.0680 5992 SysMain - ok

10:32:06.0742 5992 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll

10:32:06.0820 5992 TabletInputService - ok

10:32:06.0867 5992 TapiSrv (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll

10:32:06.0976 5992 TapiSrv - ok

10:32:07.0023 5992 TBS (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll

10:32:07.0132 5992 TBS - ok

10:32:07.0288 5992 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys

10:32:07.0382 5992 Tcpip - ok

10:32:07.0428 5992 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys

10:32:07.0506 5992 TCPIP6 - ok

10:32:07.0569 5992 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

10:32:07.0647 5992 tcpipreg - ok

10:32:07.0709 5992 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\windows\system32\DRIVERS\tdcmdpst.sys

10:32:07.0725 5992 tdcmdpst - ok

10:32:07.0756 5992 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

10:32:07.0834 5992 TDPIPE - ok

10:32:07.0865 5992 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys

10:32:07.0896 5992 TDTCP - ok

10:32:07.0943 5992 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

10:32:08.0037 5992 tdx - ok

10:32:08.0084 5992 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

10:32:08.0115 5992 TermDD - ok

10:32:08.0177 5992 TermService (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll

10:32:08.0286 5992 TermService - ok

10:32:08.0318 5992 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll

10:32:08.0380 5992 Themes - ok

10:32:08.0427 5992 Thpdrv (9528f2a39cb660a49f0592d57127f370) C:\windows\system32\DRIVERS\thpdrv.sys

10:32:08.0442 5992 Thpdrv - ok

10:32:08.0458 5992 Thpevm (e17dcde74ff00ca802643b4a9a4a4a5c) C:\windows\system32\DRIVERS\Thpevm.SYS

10:32:08.0489 5992 Thpevm - ok

10:32:08.0552 5992 Thpsrv (32c625d61d2c7cb1eaac3f094d0887c1) C:\windows\system32\ThpSrv.exe

10:32:08.0583 5992 Thpsrv - ok

10:32:08.0630 5992 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

10:32:08.0708 5992 THREADORDER - ok

10:32:08.0770 5992 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

10:32:08.0801 5992 TMachInfo - ok

10:32:08.0848 5992 TODDSrv (fe65d33b7d4ff07dd1d29526a48df810) C:\Windows\system32\TODDSrv.exe

10:32:08.0879 5992 TODDSrv - ok

10:32:08.0942 5992 TosCoSrv (451b09ba1a0d019ba0b5a27229559d55) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

10:32:08.0973 5992 TosCoSrv - ok

10:32:09.0020 5992 TOSHIBA eco Utility Service (cdd03ce0c0060d1a6f0e2dc65de5350a) C:\Program Files\TOSHIBA\TECO\TecoService.exe

10:32:09.0051 5992 TOSHIBA eco Utility Service - ok

10:32:09.0113 5992 TOSHIBA HDD SSD Alert Service (67c1da40d78c92622081a3e780c926b2) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

10:32:09.0144 5992 TOSHIBA HDD SSD Alert Service - ok

10:32:09.0207 5992 TPCHSrv (4aa4e09a213ed1376d494a6c9b71e462) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

10:32:09.0254 5992 TPCHSrv - ok

10:32:09.0378 5992 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll

10:32:09.0488 5992 TrkWks - ok

10:32:09.0566 5992 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe

10:32:09.0644 5992 TrustedInstaller - ok

10:32:09.0675 5992 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

10:32:09.0768 5992 tssecsrv - ok

10:32:09.0846 5992 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

10:32:09.0924 5992 TsUsbFlt - ok

10:32:09.0971 5992 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

10:32:10.0065 5992 tunnel - ok

10:32:10.0096 5992 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\windows\system32\DRIVERS\TVALZ_O.SYS

10:32:10.0127 5992 TVALZ - ok

10:32:10.0158 5992 TVALZFL (866462f5ae3f375ef83ef9dce436031c) C:\windows\system32\DRIVERS\TVALZFL.sys

10:32:10.0190 5992 TVALZFL - ok

10:32:10.0221 5992 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

10:32:10.0252 5992 uagp35 - ok

10:32:10.0314 5992 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

10:32:10.0408 5992 udfs - ok

10:32:10.0455 5992 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe

10:32:10.0533 5992 UI0Detect - ok

10:32:10.0580 5992 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

10:32:10.0611 5992 uliagpkx - ok

10:32:10.0658 5992 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

10:32:10.0689 5992 umbus - ok

10:32:10.0720 5992 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

10:32:10.0767 5992 UmPass - ok

10:32:10.0829 5992 upnphost (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll

10:32:10.0923 5992 upnphost - ok

10:32:10.0970 5992 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

10:32:11.0032 5992 usbccgp - ok

10:32:11.0048 5992 USBCCID - ok

10:32:11.0079 5992 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

10:32:11.0110 5992 usbcir - ok

10:32:11.0126 5992 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

10:32:11.0157 5992 usbehci - ok

10:32:11.0204 5992 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

10:32:11.0266 5992 usbhub - ok

10:32:11.0313 5992 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

10:32:11.0360 5992 usbohci - ok

10:32:11.0406 5992 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

10:32:11.0453 5992 usbprint - ok

10:32:11.0500 5992 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\windows\system32\DRIVERS\usbscan.sys

10:32:11.0562 5992 usbscan - ok

10:32:11.0609 5992 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\drivers\USBSTOR.SYS

10:32:11.0672 5992 USBSTOR - ok

10:32:11.0703 5992 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

10:32:11.0734 5992 usbuhci - ok

10:32:11.0812 5992 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

10:32:11.0874 5992 usbvideo - ok

10:32:11.0921 5992 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll

10:32:11.0999 5992 UxSms - ok

10:32:12.0030 5992 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:32:12.0062 5992 VaultSvc - ok

10:32:12.0124 5992 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

10:32:12.0140 5992 vdrvroot - ok

10:32:12.0202 5992 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe

10:32:12.0311 5992 vds - ok

10:32:12.0342 5992 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

10:32:12.0405 5992 vga - ok

10:32:12.0452 5992 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

10:32:12.0545 5992 VgaSave - ok

10:32:12.0592 5992 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

10:32:12.0623 5992 vhdmp - ok

10:32:12.0670 5992 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

10:32:12.0701 5992 viaagp - ok

10:32:12.0732 5992 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

10:32:12.0779 5992 ViaC7 - ok

10:32:12.0826 5992 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

10:32:12.0842 5992 viaide - ok

10:32:12.0873 5992 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

10:32:12.0904 5992 volmgr - ok

10:32:12.0935 5992 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

10:32:12.0982 5992 volmgrx - ok

10:32:13.0044 5992 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

10:32:13.0076 5992 volsnap - ok

10:32:13.0122 5992 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

10:32:13.0154 5992 vsmraid - ok

10:32:13.0263 5992 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe

10:32:13.0372 5992 VSS - ok

10:32:13.0403 5992 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

10:32:13.0450 5992 vwifibus - ok

10:32:13.0497 5992 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

10:32:13.0544 5992 vwififlt - ok

10:32:13.0590 5992 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll

10:32:13.0684 5992 W32Time - ok

10:32:13.0715 5992 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

10:32:13.0778 5992 WacomPen - ok

10:32:13.0824 5992 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

10:32:13.0902 5992 WANARP - ok

10:32:13.0902 5992 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

10:32:13.0980 5992 Wanarpv6 - ok

10:32:14.0074 5992 wbengine (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe

10:32:14.0152 5992 wbengine - ok

10:32:14.0199 5992 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll

10:32:14.0277 5992 WbioSrvc - ok

10:32:14.0339 5992 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll

10:32:14.0402 5992 wcncsvc - ok

10:32:14.0433 5992 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll

10:32:14.0511 5992 WcsPlugInService - ok

10:32:14.0573 5992 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

10:32:14.0604 5992 Wd - ok

10:32:14.0651 5992 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

10:32:14.0698 5992 Wdf01000 - ok

10:32:14.0729 5992 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

10:32:14.0823 5992 WdiServiceHost - ok

10:32:14.0823 5992 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

10:32:14.0870 5992 WdiSystemHost - ok

10:32:14.0932 5992 WebClient (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll

10:32:15.0010 5992 WebClient - ok

10:32:15.0057 5992 Wecsvc (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll

10:32:15.0150 5992 Wecsvc - ok

10:32:15.0166 5992 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll

10:32:15.0275 5992 wercplsupport - ok

10:32:15.0338 5992 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll

10:32:15.0416 5992 WerSvc - ok

10:32:15.0447 5992 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

10:32:15.0525 5992 WfpLwf - ok

10:32:15.0556 5992 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

10:32:15.0587 5992 WIMMount - ok

10:32:15.0696 5992 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

10:32:15.0790 5992 WinDefend - ok

10:32:15.0806 5992 WinHttpAutoProxySvc - ok

10:32:15.0884 5992 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll

10:32:15.0962 5992 Winmgmt - ok

10:32:16.0071 5992 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll

10:32:16.0227 5992 WinRM - ok

10:32:16.0352 5992 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll

10:32:16.0430 5992 Wlansvc - ok

10:32:16.0492 5992 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

10:32:16.0539 5992 WmiAcpi - ok

10:32:16.0617 5992 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe

10:32:16.0679 5992 wmiApSrv - ok

10:32:16.0835 5992 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

10:32:16.0913 5992 WMPNetworkSvc - ok

10:32:16.0960 5992 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll

10:32:17.0038 5992 WPCSvc - ok

10:32:17.0085 5992 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll

10:32:17.0178 5992 WPDBusEnum - ok

10:32:17.0225 5992 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

10:32:17.0319 5992 ws2ifsl - ok

10:32:17.0366 5992 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll

10:32:17.0444 5992 wscsvc - ok

10:32:17.0459 5992 WSearch - ok

10:32:17.0631 5992 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\windows\system32\wuaueng.dll

10:32:17.0756 5992 wuauserv - ok

10:32:17.0880 5992 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

10:32:17.0943 5992 WudfPf - ok

10:32:17.0990 5992 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

10:32:18.0068 5992 WUDFRd - ok

10:32:18.0130 5992 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll

10:32:18.0208 5992 wudfsvc - ok

10:32:18.0255 5992 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll

10:32:18.0317 5992 WwanSvc - ok

10:32:18.0489 5992 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

10:32:18.0536 5992 YahooAUService - ok

10:32:18.0567 5992 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0

10:32:18.0863 5992 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

10:32:18.0863 5992 \Device\Harddisk0\DR0 - detected TDSS File System (1)

10:32:18.0910 5992 Boot (0x1200) (7754d01fb3ff45522fd1ad26abd51a0b) \Device\Harddisk0\DR0\Partition0

10:32:18.0910 5992 \Device\Harddisk0\DR0\Partition0 - ok

10:32:18.0910 5992 ============================================================

10:32:18.0910 5992 Scan finished

10:32:18.0910 5992 ============================================================

10:32:18.0941 0952 Detected object count: 1

10:32:18.0941 0952 Actual detected object count: 1

10:32:26.0882 0952 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

10:32:26.0913 0952 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

10:32:26.0928 0952 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

10:32:26.0928 0952 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

10:32:26.0944 0952 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

10:32:26.0944 0952 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

10:32:26.0960 0952 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

10:32:26.0960 0952 \Device\Harddisk0\DR0\TDLFS - deleted

10:32:26.0960 0952 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

10:32:55.0437 5488 Deinitialize success

Link to post
Share on other sites

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on

For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Re-enable your antivirus program. There will be more to do later :excl:

Link to post
Share on other sites

OTL logfile created on: 8/10/2012 11:33:26 AM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Jessica\Desktop

Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 385.96 Mb Available Physical Memory | 38.08% Memory free

1.99 Gb Paging File | 1.05 Gb Available in Paging File | 52.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 223.06 Gb Total Space | 190.79 Gb Free Space | 85.54% Space Free | Partition Type: NTFS

Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 11:30:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe

PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010/11/20 06:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2009/10/30 14:48:42 | 000,583,024 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

PRC - [2009/10/30 14:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

PRC - [2009/10/28 22:02:38 | 000,029,528 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

PRC - [2009/10/28 21:13:44 | 000,467,304 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe

PRC - [2009/10/28 13:15:10 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

PRC - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe

PRC - [2009/10/26 13:29:56 | 000,253,312 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe

PRC - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\ThpSrv.exe

PRC - [2009/10/06 11:23:12 | 001,294,136 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

PRC - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

PRC - [2009/09/28 16:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe

PRC - [2009/09/28 16:30:32 | 001,328,480 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TECO\Teco.exe

PRC - [2009/09/17 17:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

PRC - [2009/09/17 17:36:58 | 001,021,272 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

PRC - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

PRC - [2009/08/05 16:18:08 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

PRC - [2009/08/05 16:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

PRC - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe

PRC - [2009/07/28 16:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

PRC - [2009/01/13 23:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/29 18:07:35 | 000,212,992 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll

MOD - [2012/06/29 18:04:26 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/29 18:03:41 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/04 19:04:37 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/06/04 19:04:07 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/06/04 19:04:02 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/06/04 19:03:20 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

MOD - [2009/12/05 19:58:35 | 008,007,680 | ---- | M] () -- C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

MOD - [2009/09/17 17:36:34 | 000,079,192 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

MOD - [2009/07/16 17:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll

MOD - [2009/07/16 17:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

MOD - [2009/06/22 17:38:40 | 000,015,160 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Assist\NotifyX.dll

MOD - [2009/03/12 21:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\TOSHIBA\PCDiag\NotifyPCD.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/08/02 20:53:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/19 21:33:29 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/10/30 14:48:24 | 000,677,232 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV - [2009/10/27 22:11:56 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)

SRV - [2009/10/21 11:30:34 | 000,518,720 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\ThpSrv.exe -- (Thpsrv)

SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2009/09/28 16:42:24 | 000,185,712 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV - [2009/09/17 17:37:18 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV - [2009/08/27 12:28:00 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)

SRV - [2009/07/13 19:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Jessica\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Jessica\AppData\Local\Temp\aswMBR.sys -- (aswMBR)

DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/11/20 04:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2009/11/06 14:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)

DRV - [2009/07/30 23:02:34 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LPCFilter.sys -- (LPCFilter)

DRV - [2009/07/30 19:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV - [2009/07/30 19:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

DRV - [2009/07/14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ)

DRV - [2009/07/13 17:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)

DRV - [2009/06/29 18:16:22 | 000,013,120 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Thpevm.sys -- (Thpevm)

DRV - [2009/06/29 12:25:24 | 000,030,272 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\thpdrv.sys -- (Thpdrv)

DRV - [2009/06/22 19:04:58 | 000,024,064 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PGEffect.sys -- (PGEffect)

DRV - [2009/06/19 21:31:08 | 000,012,920 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVALZFL.sys -- (TVALZFL)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB

IE - HKLM\..\SearchScopes,DefaultScope = {CCD2DD19-4304-4852-B540-3C5E619B2FD0}

IE - HKLM\..\SearchScopes\{CCD2DD19-4304-4852-B540-3C5E619B2FD0}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNB&bmod=TSNB

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://m.www.yahoo.com/?r624=1264134322

IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

IE - HKCU\..\SearchScopes,DefaultScope = {717D2A37-47DB-4B47-B7E8-2FDE5413E45B}

IE - HKCU\..\SearchScopes\{717D2A37-47DB-4B47-B7E8-2FDE5413E45B}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNB_enUS363US363

IE - HKCU\..\SearchScopes\{CCD2DD19-4304-4852-B540-3C5E619B2FD0}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNB

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.startup.homepage: "www.my.utep.edu"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.5.20110120033202

FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:3.13.0.6

FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 21:33:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/20 19:07:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/19 21:33:30 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/20 19:07:26 | 000,000,000 | ---D | M]

[2010/01/26 11:42:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Extensions

[2012/07/26 21:34:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\extensions

[2012/06/20 19:08:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2012/07/16 23:57:51 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}

[2011/12/05 14:57:56 | 000,000,923 | ---- | M] () -- C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\searchplugins\conduit.xml

[2010/01/26 11:40:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/07/19 21:33:30 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

[2012/06/23 15:01:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/06/23 15:01:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)

O4 - HKLM..\Run: [smoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ThpSrv] C:\windows\System32\thpsrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [TUSBSleepChargeSrv] C:\Program Files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe (TOSHIBA)

O4 - HKLM..\Run: [TWebCamera] C:\Program Files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28AFB986-FB26-422E-8A15-6B184961E142}: DhcpNameServer = 209.18.47.61 209.18.47.62

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{31d6ec7b-bdd6-11df-8a49-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{31d6ec7b-bdd6-11df-8a49-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE

O33 - MountPoints2\{31d6ec7b-bdd6-11df-8a49-806e6f6e6963}\Shell\configure\command - "" = D:\SETUP.EXE

O33 - MountPoints2\{31d6ec7b-bdd6-11df-8a49-806e6f6e6963}\Shell\install\command - "" = D:\SETUP.EXE

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla - File not found

NetSvcs: Ntmssvc - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: SRService - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: LogonHours - File not found

NetSvcs: PCAudit - File not found

NetSvcs: helpsvc - File not found

NetSvcs: uploadmgr - File not found

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootMin: NTDS - File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

ActiveX: >{710E247C-480F-4B59-B549-4691E295D700} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

CLEARALLRESTOREPOINTS

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 11:30:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe

[2012/08/10 09:58:22 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Desktop\RK_Quarantine

[2012/08/10 09:45:22 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jessica\Desktop\tdsskiller.exe

[2012/08/10 09:32:37 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Jessica\Desktop\aswMBR.exe

[2012/08/10 09:26:11 | 000,000,000 | ---D | C] -- C:\windows\ERDNT

[2012/08/10 09:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/08/10 09:21:48 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Jessica\Desktop\erunt-setup.exe

[2012/08/08 11:12:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Jessica\Desktop\dds.scr

[2012/07/22 11:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/07/22 11:51:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2012/07/22 11:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2012/07/22 11:25:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll

[2012/07/16 16:42:17 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb

[2012/07/16 16:42:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll

[2012/07/16 16:42:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieUnatt.exe

[2012/07/16 16:42:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll

[2012/07/16 16:42:09 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript9.dll

[2012/07/16 16:42:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll

[2012/07/16 16:42:04 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl

[2012/07/16 16:30:43 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys

[2012/05/04 18:20:42 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jessica\mbam-setup-1.61.0.1400.exe

[2011/12/13 00:25:33 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Jessica\gotomypc_635.exe

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\Jessica\Desktop\*.tmp files -> C:\Users\Jessica\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 11:30:41 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe

[2012/08/10 10:53:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012/08/10 09:58:07 | 001,552,896 | ---- | M] () -- C:\Users\Jessica\Desktop\RogueKiller.exe

[2012/08/10 09:45:32 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jessica\Desktop\tdsskiller.exe

[2012/08/10 09:41:54 | 000,000,512 | ---- | M] () -- C:\Users\Jessica\Desktop\MBR.dat

[2012/08/10 09:33:15 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Jessica\Desktop\aswMBR.exe

[2012/08/10 09:24:03 | 000,000,905 | ---- | M] () -- C:\Users\Jessica\Desktop\NTREGOPT.lnk

[2012/08/10 09:24:03 | 000,000,886 | ---- | M] () -- C:\Users\Jessica\Desktop\ERUNT.lnk

[2012/08/10 09:22:00 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Jessica\Desktop\erunt-setup.exe

[2012/08/10 09:18:01 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/08/08 11:13:03 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Jessica\Desktop\dds.scr

[2012/08/07 23:12:06 | 000,014,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/07 23:12:06 | 000,014,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/07 23:03:59 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/06 22:21:51 | 000,626,278 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/08/06 22:21:51 | 000,107,522 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/08/02 20:53:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe

[2012/08/02 20:53:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl

[2012/07/22 11:51:01 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif

[2012/07/21 21:50:08 | 000,372,768 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012/07/19 21:33:33 | 000,002,001 | ---- | M] () -- C:\Users\Jessica\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

[1 C:\Users\Jessica\Desktop\*.tmp files -> C:\Users\Jessica\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 09:58:05 | 001,552,896 | ---- | C] () -- C:\Users\Jessica\Desktop\RogueKiller.exe

[2012/08/10 09:41:54 | 000,000,512 | ---- | C] () -- C:\Users\Jessica\Desktop\MBR.dat

[2012/08/10 09:24:03 | 000,000,905 | ---- | C] () -- C:\Users\Jessica\Desktop\NTREGOPT.lnk

[2012/08/10 09:24:03 | 000,000,886 | ---- | C] () -- C:\Users\Jessica\Desktop\ERUNT.lnk

[2012/07/22 11:50:41 | 000,001,926 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2011/10/29 13:43:43 | 000,072,080 | ---- | C] () -- C:\Users\Jessica\g2mdlhlpx.exe

[2010/11/04 00:31:02 | 000,000,110 | ---- | C] () -- C:\Users\Jessica\webct_upload_applet.properties

========== Custom Scans ==========

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %ALLUSERSPROFILE%\Application Data\*.dll /s >

< %APPDATA%\*. >

[2010/01/26 11:39:28 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Adobe

[2010/01/21 18:58:21 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Google

[2010/01/21 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Identities

[2012/02/19 23:43:12 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\InstallShield

[2010/01/21 22:24:22 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Macromedia

[2012/05/29 16:07:00 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Malwarebytes

[2012/06/23 15:00:52 | 000,000,000 | --SD | M] -- C:\Users\Jessica\AppData\Roaming\Microsoft

[2010/01/26 11:42:47 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Mozilla

[2012/05/28 18:01:57 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Toshiba

[2010/02/11 10:58:37 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\WildTangent

[2010/01/21 18:54:09 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\WinBatch

[2010/09/13 09:36:03 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Yahoo!

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< c:|Fun4IM;true;true;true; /FP >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchn;true;true;true; /FP >

< c:|Searchq;true;true;true; /FP >

< c:|datamngr;true;true;true; /FP >

< c:|iLivid;true;true;true; /FP >

< c:|whitesmoke;true;true;true; /FP >

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %systemroot%\*. /mp /s >

< End of report >

OTL Extras logfile created on: 8/10/2012 11:33:26 AM - Run 1

OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Jessica\Desktop

Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.42 Mb Total Physical Memory | 385.96 Mb Available Physical Memory | 38.08% Memory free

1.99 Gb Paging File | 1.05 Gb Available in Paging File | 52.71% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 223.06 Gb Total Space | 190.79 Gb Free Space | 85.54% Space Free | Partition Type: NTFS

Computer Name: JESSICA-PC | User Name: Jessica | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{30C823EB-6D85-4B8B-934C-A8E354D7A62F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{40651FC9-9FAE-4A5B-AF29-5E2CE015B152}" = lport=137 | protocol=17 | dir=in | app=system |

"{4BE9E92C-A11D-41F9-B29E-7619EA9AE79C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{52B4ECFE-8782-4D2B-BEBE-265261A48861}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{65A3F743-2AF0-4276-9C0B-B5A21D73FD3A}" = lport=139 | protocol=6 | dir=in | app=system |

"{7E5AEBC1-5D1D-4A51-82BE-050F103F7F5F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{8B0C52AE-B892-4110-BAFE-BEA57B4E3C42}" = rport=445 | protocol=6 | dir=out | app=system |

"{9DBA61AD-BCD7-4A27-A53C-2F67E20D7CE4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B7FAC86E-491E-476D-919F-D3DBE8D3F3EE}" = lport=445 | protocol=6 | dir=in | app=system |

"{B816C652-E681-4B12-9C80-D08D36DA4DC1}" = rport=138 | protocol=17 | dir=out | app=system |

"{BCFC0341-9A53-40C2-B7C5-381CD040437B}" = rport=137 | protocol=17 | dir=out | app=system |

"{D9E8D639-F0C8-4055-B806-124BF6D82D58}" = lport=138 | protocol=17 | dir=in | app=system |

"{DE03202F-E2F5-4789-9072-2F7B3F61C0E1}" = rport=139 | protocol=6 | dir=out | app=system |

"{F9F3BFCD-7699-4F75-A733-268EE463F056}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{03E08A0D-D174-4160-B338-3402B1E73A6F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{0A1A0129-2569-4C8F-A519-E9B09545C926}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{0C38B3AE-5967-4B98-B311-D2BD82555819}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{38844766-45D5-48E7-88F5-361AFC665436}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{6927E611-872E-482D-9310-0E39CF2EE2F6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{7EEDABF4-B156-4BAC-A2AF-FA96A1661CEE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{A56ACB77-AD1A-4616-8C73-D10ED66A3CCC}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

"{C1CC8A1D-BB17-4EA5-B7D3-5F786D327079}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{C9012D28-73DA-490F-BFD7-7F30CAE76C0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{D913CDB0-B441-478A-9251-B93027CBD306}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{F48B0C6B-B7D4-42F8-A02F-0059EE2DE299}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0F842B77-56EA-4AAF-8295-81A022350B5E}" = Microsoft Security Client

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration

"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail

"{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}" = TOSHIBA Bulletin Board

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}" = TOSHIBA ReelTime

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application and Driver Installer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup

"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery

"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}" = TOSHIBA USB Sleep and Charge Utility

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"CCleaner" = CCleaner

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ERUNT_is1" = ERUNT 1.1j

"GENEUIDE" = USB Storage Driver

"HDMI" = Intel® Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{53536479-DFB0-47ED-9D10-43F3708C222D}" = TOSHIBA eco Utility

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{6B81F4D9-A640-4081-A01D-7CB37F5DF4A4}" = TOSHIBA Bulletin Board

"InstallShield_{921F22A4-290B-4B6C-9E8E-B50B58F18ED0}" = TOSHIBA ReelTime

"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"TOSHIBA Game Console" = WildTangent ORB Game Console

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite_Wave3" = Windows Live Essentials

"WT078087" = Blackhawk Striker 2

"WT078109" = FATE Undiscovered Realms

"WT078129" = Polar Bowler

"WT078130" = Virtual Families

"WT078308" = Bejeweled 2 Deluxe

"WT078349" = Mystery P.I. - The Vegas Heist

"WT078385" = Virtual Villagers - The Secret City

"WT078491" = Faerie Solitaire

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/14/2011 4:37:52 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:37:52 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:37:53 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:37:53 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:37:56 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:39:29 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:39:31 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:43:29 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:43:29 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 8/14/2011 4:43:34 PM | Computer Name = Jessica-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for "C:\windows\system32\conhost.exe".

Dependent

Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="x86",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"

could not be found. Please use sxstrace.exe for detailed diagnosis.

[ OSession Events ]

Error - 1/23/2012 2:28:43 AM | Computer Name = Jessica-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application

Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6425.1000. This session

lasted 976 seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 4/17/2011 2:13:30 AM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 4/17/2011 2:56:35 PM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/17/2011 11:33:15 PM | Computer Name = Jessica-PC | Source = DCOM | ID = 10010

Description =

Error - 4/19/2011 12:19:59 AM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/19/2011 9:40:50 PM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/19/2011 11:37:12 PM | Computer Name = Jessica-PC | Source = DCOM | ID = 10010

Description =

Error - 4/20/2011 6:40:50 PM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/21/2011 10:37:05 PM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/22/2011 1:01:06 AM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7011

Description = A timeout (30000 milliseconds) was reached while waiting for a transaction

response from the ShellHWDetection service.

Error - 4/22/2011 1:58:17 PM | Computer Name = Jessica-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

< End of report >

Link to post
Share on other sites

Question. When I turned Microsoft Security Essentials back on, I checked the history to see when I last ran a scan. It said it found & quarantined these 3 Trojan files @ 10:58 am. I'm deleting them. Do I need to do anything in particular now?

Trojan:WinNT/Alureon.AA

Trojan:Win32/Alureon.gen!AD

Trojan:Win32/Alureon.FK

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member superwow_rl only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Please download the following program to your Desktop >> Unhide <<

Once the program has been downloaded, double-click on the Unhide.exe icon on your desktop and allow the program to run. This program will remove the +H, or hidden, attribute from all the files on your hard drives.

Step 2

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d6ec7b-bdd6-11df-8a49-806e6f6e6963}]
    :Commands
    [purity]
    [resethosts]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the customFix.png window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button runFixbutton.png.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Step 3

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh !

Reply & COPY & Paste the C:\Combofix.txt log and tell me, How is the system now ? :excl:

Re-enable your antivirus program.

ALSO......In your Firefox, what do you know about "Swag Bucks Customized Web Search" ? Did you agree to having that installed ?

Link to post
Share on other sites

Here is the OTL log:

========== PROCESSES ==========

All processes killed

========== FILES ==========

recycler not found in C:\

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31d6ec7b-bdd6-11df-8a49-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31d6ec7b-bdd6-11df-8a49-806e6f6e6963}\ not found.

========== COMMANDS ==========

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Jessica

->Flash cache emptied: 10353 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.56.0 log created on 08102012_124934

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Here is the ComboFix log:

ComboFix 12-08-09.01 - Jessica 08/10/2012 17:27:39.1.2 - x86

Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1013.380 [GMT -6:00]

Running from: c:\users\Jessica\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jessica\g2mdlhlpx.exe

c:\windows\system32\pt

c:\windows\system32\pt\ThpProp.exe.mui

c:\windows\system32\pt\ThpSrv.exe.mui

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 23:43 . 2012-08-10 23:43 -------- d-----w- c:\users\Jessica\AppData\Local\temp

2012-08-10 23:43 . 2012-08-10 23:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-10 18:49 . 2012-08-10 18:49 -------- d-----w- C:\_OTL

2012-08-10 18:02 . 2012-07-16 08:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4F125BC-4619-4C0E-B0D1-A947B18DA94D}\mpengine.dll

2012-08-10 15:23 . 2012-08-10 15:24 -------- d-----w- c:\program files\ERUNT

2012-08-10 05:54 . 2012-07-16 08:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-22 17:57 . 2012-02-09 20:17 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{62CC6C61-68A8-4E0F-ACDD-AC0E20D20D28}\gapaengine.dll

2012-07-22 17:51 . 2012-07-22 17:51 -------- d-----w- c:\program files\Microsoft Silverlight

2012-07-22 17:49 . 2012-07-22 17:50 -------- d-----w- c:\program files\Microsoft Security Client

2012-07-22 17:25 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-07-21 03:50 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6286D3B-05AA-4D09-91B5-8A513B8EFF15}\mpengine.dll

2012-07-16 22:30 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-03 02:53 . 2012-06-23 21:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-03 02:53 . 2012-06-23 21:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-03 19:46 . 2012-05-30 14:38 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-06 05:05 . 2012-07-11 01:10 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05 . 2012-07-11 01:10 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03 . 2012-07-11 01:10 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:19 . 2012-06-21 01:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 01:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 01:18 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 01:18 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-21 01:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-21 01:19 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-21 01:18 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 21:19 . 2012-06-21 01:17 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 21:12 . 2012-06-21 01:17 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45 . 2012-07-11 01:11 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45 . 2012-07-11 01:11 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40 . 2012-07-11 01:11 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40 . 2012-07-11 01:11 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39 . 2012-07-11 01:11 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-31 18:25 . 2010-01-22 00:59 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-05-30 16:32 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-05-30 14:57 . 2012-05-30 14:57 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-07-20 03:33 . 2012-06-21 01:07 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll" [2012-01-12 1517368]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-11 39408]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-05 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-05 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-05 150552]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-29 7862816]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-16 1586472]

"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2009-06-02 425984]

"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2009-01-14 34088]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-05 476512]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616]

"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-09-28 1328480]

"TWebCamera"="c:\program files\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]

"TUSBSleepChargeSrv"="c:\program files\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe" [2009-10-26 253312]

"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]

"TosWaitSrv"="c:\program files\TOSHIBA\TPHM\TosWaitSrv.exe" [2009-10-30 611672]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 611672]

"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2009-10-29 467304]

"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2009-10-29 29528]

"NortonOnlineBackupReminder"="c:\program files\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]

S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 02:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://m.www.yahoo.com/?r624=1264134322

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNB&bmod=TSNB

IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - www.my.utep.edu

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=2&q=

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-10 17:50:12

ComboFix-quarantined-files.txt 2012-08-10 23:50

.

Pre-Run: 204,985,581,568 bytes free

Post-Run: 204,673,527,808 bytes free

.

- - End Of File - - EDDF57EAC8853EAF9D86E8A0B68F5892

Overall, seems to be running fine! I haven't noticed any problems yet but I will let you know. I was planning to do a Microsoft Security Essentials scan, since I haven't done one in a while.......is that okay? I will wait for you to say so.

Yes, both of our computers have the Swagbucks search engine installed. I haven't had any problems with the other computer. It's from the website swagbucks.com, which is a points-earning site, like mypoints.com, where you can earn points for misc things & then get gift cards or PayPal cash, etc.

Link to post
Share on other sites

Anything already in Quarantine folders is out of the way, and not active.

When the MSE scan post a copy of the results. Then exit out of MSE.

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click stinger-icon.gif and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Dr Web Cure-It

Download Dr.Web CureIt to the desktop.

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow drweb.jpg at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Hi! I apologize for the late reply. I haven't been able to use the netbook much to run the scans exactly as you asked.

I ran MSE & found nothing. I couldn't find a log it might have generated.

Here is the log from Stinger. I haven't been able to run the Dr. CureIt scans the way you asked, but once I have, I will post the results. I apologize again for the delay.

McAfee® Labs Stinger Version 10.2.0.736 built on Aug 13 2012

Copyright © 2012 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Aug 13 2012.

Ready to scan for 4839 viruses, trojans and variants.

Scan initiated on Mon Aug 13 14:11:16 2012

Rootkit scan result : Clean

Master Boot Record(s):....1

Possibly Infected:.............0

Boot Sector(s):.................1

Possibly Infected: ............0

Number of clean files: 25370

Link to post
Share on other sites

OK. I note that MSE & Stinger found nothing. I'll look forward to your posting of the DrWeb Cure-It log.

After that is done, get the Java runtime update:

javaicon.gifYour Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

  • Accept the EULA & Download the latest version of >> Windows Offline << from here and save it to your desktop.
  • Get the Offline version that corresponds to your "bit-tedness" of your Windows (32-bit or 64-bit)
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system
  • Close any programs you may have running - especially your web browser(s).
  • Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u6-windows-i586.exe to install the newest version.
    ( jre-7u6-windows-x64.exe if this is a 64-bit Windows o.s.)

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) javaicon.gif
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files

      [*]Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

      [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Link to post
Share on other sites

Here is the Dr CureIt full scan:

cachesection;C:\Documents and Settings\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\270ei18_o;Probably SCRIPT.Virus;Incurable.Moved.;

cachesection;C:\Documents and Settings\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\508ho^h8d6i_5eh;Probably SCRIPT.Virus;Incurable.Moved.;

cachesection;C:\Documents and Settings\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\default;Probably SCRIPT.Virus;Incurable.Moved.;

cachesection;C:\Documents and Settings\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\ikf4hmem_hb_o;Probably SCRIPT.Virus;Incurable.Moved.;

cachesection;C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\270ei18_o;Probably SCRIPT.Virus;Invalid path to file ;

cachesection;C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\508ho^h8d6i_5e;Probably SCRIPT.Virus;Invalid path to file ;

cachesection;C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\default;Probably SCRIPT.Virus;Invalid path to file ;

cachesection;C:\Documents and Settings\Jessica\Application Data\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\ikf4hmem_hb_o;Probably SCRIPT.Virus;Invalid path to file ;

OTL.exe;C:\Documents and Settings\Jessica\Desktop\New folder (2);Trojan.Siggen4.14927;Incurable.Moved.;

OTL.exe;C:\Documents and Settings\Jessica\DoctorWeb\Quarantine;Trojan.Siggen4.14927;Incurable.Moved.;

cachesection;C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\270ei18_o;Probably SCRIPT.Virus;Invalid path to file ;

cachesection;C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\508ho^h8d6i_5eh4l4h_o;Probably SCRIPT.Virus;Invalid path to file ;

cachesection;C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\default;Probably SCRIPT.Virus;Invalid path to file ;

cachesection;C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\xq7kgf30.default\Yahoo! Inc\ytoolbar\ikf4hmem_hb_o;Probably SCRIPT.Virus;Invalid path to file ;

Link to post
Share on other sites

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Start Internet Explorer

Using Internet Explorer browser only, go to BitDefender Quickscan website:

http://quickscan.bitdefender.com

and click "Start Scan".

Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.

Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.

If prompted, reply yes to allow it to run.

Press the Allow button and follow prompts.

Press the "Start Scan" once more.

You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/

and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.

It may seem to stall at moments, but have patience; it will move on.

You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.

The log report will show in your text editor. Save the log.

Do a Select ALL, Copy. Then paste contents into your next reply.

NEXT:

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the MBAM scan log for review.

Then, Tell me, How is the system now :excl:

Link to post
Share on other sites

To me, the computer is slow. Firefox & IE take forever to open up. The owner says it seems like it is working better. I don't know. There's even lag as I'm typing this message, so that doesn't seem okay to me.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.21.13

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jessica :: JESSICA-PC [administrator]

8/21/2012 5:57:20 PM

mbam-log-2012-08-21 (17-57-20).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 188340

Time elapsed: 7 minute(s), 43 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

The MBAM scan detected nothing, and the same with BitDefender online scan.

The message at shutdown would be normal. The person using the system would know what programs they left open.

As for any "slow" issues, I'll refer you and your friend to these articles, for your research and follow-thru.

Here are some recommended articles:

MS Speed up your pc - Win7 / Vista

http://windows.micro...peed-up-your-pc

What to do if your Computer is running slowly

http://www.malwarere...nningslowly.php

See Quietman7's Slow Computer/browser? Check Here First

http://www.bleepingc...topic87058.html

See Miekiemoes' Help! My computer is slow!

http://users.telenet...owcomputer.html

Slow Computer/Browser: Check here first!

http://www.bleepingc...topic44694.html

We can wrap this up now. I see that you are clear of your original issues. The malware hunt is done.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

If you have a problem with these steps, or something does not quite work here, do let me know.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

Highlight the line in this CODEBOX.

Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)

c:\users\Jessica\Desktop\ComboFix.exe /uninstall

Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.

Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.

Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

RogueKiller.exe

TDSSKILLER.exe

UNHIDE.exe

Stinger.exe

Dr Web Cure-It

Go to Control Panel >> Programs and Features

Uninstall BitDefender Online scan

Safer practices & malware prevention

We are finished here. Best regards. cool.gif

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.