stpatrick Posted January 29, 2013 ID:641006 Share Posted January 29, 2013 I have been getting block warnings popping up listing an ip attack from within the Chrome browser. These happen episodically either for a few days at a time followed by weeks of no activity then recurring. They also happen on different ports. I run scans but each time I do the results report no objects found. I am concerned that my machine might be infected. Please tell me what you find in the attached reports.Attach.txtDDS.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 2, 2013 ID:642572 Share Posted February 2, 2013 (edited) Hi,Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick Scan Wait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from hereSave it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.I will ask that you make separate new replies & Copy & Paste contents of DDS.txt + Attach.txt Edited February 2, 2013 by Maurice Naggar Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 5, 2013 ID:643765 Share Posted February 5, 2013 {{{ ping }}} Are you still with us ? Link to post Share on other sites More sharing options...
stpatrick Posted February 6, 2013 Author ID:644127 Share Posted February 6, 2013 Maurice,Hi.. I went to eset.com and ran the test. However after running it, I was unable to locate the log file at C:\Program Files\EsetOnlineScanner\log.txt. I then downloaded a trial version of ESET smart security and ran a scan with it. It reports it detected no objects or threats in the scan status display in the application.However installing it immediately generated a pop up window identifying a covert channel exploit in ICMP packet. That kept adding new events until I disabled the notification as the documentation stated I could. In the eset application window there is a scan logs button but clicking it produces no result. I assume it is not available in the trial version however documentation with the download does not state this. I reran the eset scan a second time with the same result. Next I ran the securitycheck.exe file you provided me. The checkup.txt file follows here. Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Smart Security 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Java 7 Update 9 Java version out of Date! Adobe Reader XI Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe MediaMall MediaMallServer.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Please let me know if this helps.Patrick Link to post Share on other sites More sharing options...
stpatrick Posted February 6, 2013 Author ID:644129 Share Posted February 6, 2013 Attach.txt file follows here..UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 7/11/2012 10:58:19 AMSystem Uptime: 1/29/2013 3:17:12 PM (2 hours ago).Motherboard: MSI | | 2AE0Processor: AMD A10-5700 APU with Radeon HD Graphics | P0 | 3400/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 1846 GiB total, 1748.298 GiB free.D: is FIXED (NTFS) - 17 GiB total, 2.072 GiB free.E: is CDROM ()F: is RemovableG: is RemovableH: is RemovableI: is RemovableJ: is Removable.==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 4500 G510n-zDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet 4500 G510n-zPNP Device ID: ROOT\MULTIFUNCTION\0000Service: .==== System Restore Points ===================.RP85: 1/10/2013 3:00:29 AM - Windows UpdateRP86: 1/15/2013 9:34:34 AM - Windows UpdateRP87: 1/18/2013 6:00:11 PM - Windows UpdateRP88: 1/22/2013 12:55:56 PM - Windows UpdateRP89: 1/29/2013 6:45:47 AM - Windows Update.==== Installed Programs ======================.4500_G510nz_Help4500G510nz4500G510nz_Software_Min64 Bit HP CIO Components Installer802.11n Wireless LAN CardAdobe AIRAdobe Community HelpAdobe Flash Player 11 ActiveXAdobe Photoshop Elements 9Adobe Photoshop.com Inspiration BrowserAdobe Reader XIAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD Media Foundation DecodersAMD Steady Video Plug-In AMD VISION Engine Control CenterAnswerWorks 5.0 English RuntimeApple Application SupportApple Mobile Device SupportApple Software UpdateBejeweled 3Belkin Setup and Router MonitorBelkin USB Print and Storage CenterBlackhawk Striker 2BlioBonjourBufferChmCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChuzzle DeluxeCradle of Rome 2D3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDirectX for Managed Code Update (Summer 2004)DocMgrDocProcDora's World AdventureElements 9 OrganizerElements STI InstallerFacebookFarm FrenzyFarmscapesFATEFaxFinal Drive FuryGoogle ChromeGoogle DriveGoogle Update HelperGPBaseService2Hewlett-Packard ACLM.NET v1.1.2.0Hoyle Card GamesHP Application AssistantHP AutoHP CalendarHP Client ServicesHP ClockHP Customer Experience EnhancementsHP Customer Participation Program 13.0HP Document Manager 2.0HP GamesHP Imaging Device Functions 13.0HP LinkUpHP Magic CanvasHP Magic Canvas TutorialsHP NotesHP OdometerHP Officejet 4500 G510n-zHP RSSHP SetupHP Setup ManagerHP Smart Web Printing 4.5HP Solution Center 13.0HP Support AssistantHP Support InformationHP TouchSmart Background - BeatsHP TouchSmart RecipeBoxHP UpdateHP Vision Hardware DiagnosticsHP WeatherHPProductAssistantHPSSupplyiCloudIDT AudioInternet Explorer (Enable DEP)iTunesJava 7 Update 9Java Auto UpdaterJewel Match 3Jewel Quest Mysteries: The Seventh Gate Collector's EditionJohn Deere Drive GreenJunk Mail filter updateLabelPrintLetters from Nowhere 2Luxor HDMah Jong MedleyMalwarebytes Anti-Malware version 1.70.0.1100MarketResearchMesh RuntimeMetric ConverterMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft MathematicsMicrosoft Office 2010Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft_VC80_CRT_x86Microsoft_VC80_MFC_x86Microsoft_VC80_MFCLOC_x86Microsoft_VC90_CRT_x86MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Network64OCR Software by I.R.I.S. 13.0opensourcePDF Complete Special EditionPenguins!Picasa 3Plants vs. Zombies - Game of the YearPlayOnPlayReady PC Runtime amd64PlayReady PC Runtime x86Poker Superstars IIIPolar BowlerPolar GolferPower2GoQuicken 2011QuickTimeRecovery ManagerRemote Graphics ReceiverRollerCoaster Tycoon 3: PlatinumScanSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionShop for HP SuppliesSmartWebPrintingSolutionCenterSpotStatusTap Tap BearThe Treasures of Mystery Island: The Ghost ShipToolboxTorchlightTrayAppTSHostedAppLauncherTurboTax 2011TurboTax 2011 WinPerFedFormsetTurboTax 2011 WinPerReleaseEngineTurboTax 2011 WinPerTaxSupportTurboTax 2011 wnciperTurboTax 2011 wrapperTurboTax Audit Support Center 3.0Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionUpdate Installer for WildTangent Games AppVideo MoverVirtual Villagers 4 - The Tree of LifeVoiceZoneConnectWebRegWildTangent Games App (HP Games)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Media Player Firefox PluginYahoo! ToolbarZuma's Revenge.==== Event Viewer Messages From Past Week ========.1/29/2013 3:18:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.1/27/2013 8:22:41 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5D8C923F-02B3-4C23-8C34-A143B734903C} because another computer on the network has the same name. The server could not start..==== End Of File =========================== Link to post Share on other sites More sharing options...
stpatrick Posted February 6, 2013 Author ID:644130 Share Posted February 6, 2013 DDS.txt file follows here.DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2Run by PB HP at 17:24:57 on 2013-01-29Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.11703.8012 [GMT -5:00].SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exeC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exeC:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\MediaMall\MediaMallServer.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\PDF Complete\pdfsvc.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\svchost.exe -k HPServiceC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\IDT\WDM\Beats64.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeC:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exeC:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exec:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exeC:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exeC:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exeC:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exeC:\Windows\System32\svchost.exe -k secsvcsC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Internet Explorer\IELowutil.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEC:\Windows\splwow64.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXEC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXEC:\Windows\SysWOW64\NOTEPAD.EXEC:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uSearch Bar = PreserveuURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllmWinlogon: Userinit = userinit.exeBHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllBHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [Google Update] "C:\Users\PB HP\AppData\Local\Google\Update\GoogleUpdate.exe" /cuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exeuRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exemRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startupStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTCP: NameServer = 192.168.2.1TCP: Interfaces\{5D8C923F-02B3-4C23-8C34-A143B734903C} : DHCPNameServer = 192.168.2.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLFilter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllFilter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qnx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dllx64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-5-4 82048]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-5-4 42624]R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-16 55856]R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-9 41704]R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-4 235520]R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-12-28 181760]R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-12-28 55296]R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 398184]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 682344]R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-8-20 3057528]R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-4 1128952]R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-5-4 102528]R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-5-4 219776]R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-4 104048]R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-11 24176]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-4 1582144]R3 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2012-12-28 291352]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-4 54400]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-18 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2013-01-29 11:46:07 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5C411D6-70C8-4474-82E6-FF7E33E4DC3B}\mpengine.dll2013-01-25 03:23:02 -------- d-----w- C:\ProgramData\Affinegy2013-01-03 03:18:50 -------- d-----w- C:\Users\PB HP\PIMVLibraries2013-01-02 19:46:50 -------- d-----w- C:\Users\PB HP\AppData\Local\Programs.==================== Find3M ====================.2013-01-09 17:33:01 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-09 17:33:01 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll.============= FINISH: 17:25:20.38 =============== Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 6, 2013 ID:644176 Share Posted February 6, 2013 Older versions of Java pose a security risk. Uninstall Java 7 Update 9And if you do not need Java for the programs that you use, keep Java off your system .How to disable Java in various browsers : http://blog.eset.com...r-way-to-browseAlso see No, Seriously, Just Disable Java in Your Browser Right NowSee also Corrine's Security Blog post http://securitygarde...cal-update.htmlIf you do need Java on your system, see Oracle releases new Java update to close security holes Step 2While we are working this case, to minize possible false positives, close & keep closed all instant messenger programs.IF ESET Security is a "trial", are you saying that before this the system had no installed/active antivirus program?It is a must to have an antivirus program that is installed, up-to-date & active Do you intend to buy ESET ? {a excellent program by-the-way}I have gone over your initial logs, and I did not see an installed antivirus. That is extremely ill-advised. Going without an antivirus is an open invitation for getting infected. In the modern world, every system must have an A-V.If cost is an issue, I can recommend some alternative free ones.Step 31. Go >> Here << and download ERUNT(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)2. Install ERUNT by following the prompts(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)3. Start ERUNT(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)4. Choose a location for the backup(the default location is C:\WINDOWS\ERDNT which is acceptable).5. Make sure that at least the first two check boxes are ticked6. Press OK7. Press YES to create the folder.Step 4To show all files:Go to your DesktopDouble-Click the Computer icon.From the menu options, Select Tools, then Folder Options.Next click the View tab.Locate and uncheck Hide file extensions for known file types.Locate and uncheck Hide protected operating system files (Recommended).Locate and click Show hidden files and folders and drives.Click Apply > OK.Step 5Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsFor directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsDo NOT turn off the firewallPlease download AdwCleaner © Xplode from >>here<< and save it on your Desktop.If your are running Windows XP, double click adwcleaner.exe to start it.Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.Now click on the Search tab.Please post the contents of the log-file created in your next post.Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.Step 6Please read carefully and follow these steps.Download TDSSKiller and save it to your Desktop.Double-Click on TDSSKiller.exe to run the application, then on Start Scan.If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIt may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.Step 7Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or>> from here <<Quit all programs that you may have started.Please disconnect any USB or external drives from the computer before you run this scan!For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.For Windows XP, double-click to start.Wait until Prescan has finished ...Then Click on Scan button at upper right of screen.Wait until the Status box shows "Scan Finished"Click on Report and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKillerDo NOT click any FIX buttons !Step 8RE-Enable your antivirus program. Then copy/paste the following into your post (in order):the contents of C:\AdwCleaner[R1].txt;the contents of TDSSKILLER log;the contents of RKReport log;Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply. Link to post Share on other sites More sharing options...
stpatrick Posted February 9, 2013 Author ID:645296 Share Posted February 9, 2013 Maurice,Once again.. thanks for your help. I have made changes as you suggested adding the ESET 6 program, uninstalling Java (7.13), installing erunt. Erunt failed to run generating consecutive error messages. I do not use IM programs on this machine at all. I was running avast but unistalled it whjen I installed malwarebytes.... my mistake. My desktop does not have a computer icon.. I assume this drive c:, my primary hard drive. I will change the file settings there.I did install the adw cleaner and ran it. It detected no registry problems. I ran the kapersky killer which detected no threats.I installed rouge killer and it did detect two registry entries it flagged... see below for an excerpt from the log. I did click on any fix buttons¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUNDThe three logs you requested follow this post. Please advise next steps... Patrick Link to post Share on other sites More sharing options...
stpatrick Posted February 9, 2013 Author ID:645297 Share Posted February 9, 2013 # AdwCleaner v2.111 - Logfile created 02/09/2013 at 06:53:55# Updated 05/02/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : PB HP - PBHP-HP# Boot Mode : Normal# Running from : C:\Users\PB HP\Downloads\adwcleaner (1).exe# Option [search]***** [services] ********** [Files / Folders] ********** [Registry] *****Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}***** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16457[OK] Registry is clean.-\\ Google Chrome v24.0.1312.57File : C:\Users\PB HP\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R1].txt - [1668 octets] - [09/02/2013 06:53:55]########## EOF - C:\AdwCleaner[R1].txt - [1728 octets] ########## Link to post Share on other sites More sharing options...
stpatrick Posted February 9, 2013 Author ID:645300 Share Posted February 9, 2013 07:33:31.0118 5912 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:3507:33:31.0593 5912 ============================================================07:33:31.0593 5912 Current date / time: 2013/02/09 07:33:31.059307:33:31.0593 5912 SystemInfo:07:33:31.0593 5912 07:33:31.0593 5912 OS Version: 6.1.7601 ServicePack: 1.007:33:31.0593 5912 Product type: Workstation07:33:31.0593 5912 ComputerName: PBHP-HP07:33:31.0593 5912 UserName: PB HP07:33:31.0593 5912 Windows directory: C:\Windows07:33:31.0593 5912 System windows directory: C:\Windows07:33:31.0593 5912 Running under WOW6407:33:31.0593 5912 Processor architecture: Intel x6407:33:31.0593 5912 Number of processors: 407:33:31.0593 5912 Page size: 0x100007:33:31.0593 5912 Boot type: Normal boot07:33:31.0593 5912 ============================================================07:33:31.0941 5912 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004007:33:31.0962 5912 ============================================================07:33:31.0962 5912 \Device\Harddisk0\DR0:07:33:31.0962 5912 MBR partitions:07:33:31.0962 5912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3200007:33:31.0962 5912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE6CA700007:33:31.0962 5912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE6CD9800, BlocksNum 0x212E80007:33:31.0962 5912 ============================================================07:33:31.0982 5912 C: <-> \Device\Harddisk0\DR0\Partition207:33:32.0029 5912 D: <-> \Device\Harddisk0\DR0\Partition307:33:32.0029 5912 ============================================================07:33:32.0029 5912 Initialize success07:33:32.0029 5912 ============================================================07:33:33.0304 4840 ============================================================07:33:33.0304 4840 Scan started07:33:33.0304 4840 Mode: Manual; 07:33:33.0304 4840 ============================================================07:33:33.0536 4840 ================ Scan system memory ========================07:33:33.0536 4840 System memory - ok07:33:33.0536 4840 ================ Scan services =============================07:33:33.0671 4840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys07:33:33.0678 4840 1394ohci - ok07:33:33.0716 4840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys07:33:33.0719 4840 ACPI - ok07:33:33.0750 4840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys07:33:33.0751 4840 AcpiPmi - ok07:33:33.0839 4840 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe07:33:33.0840 4840 AdobeActiveFileMonitor9.0 - ok07:33:33.0917 4840 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe07:33:33.0919 4840 AdobeARMservice - ok07:33:34.0024 4840 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe07:33:34.0028 4840 AdobeFlashPlayerUpdateSvc - ok07:33:34.0059 4840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys07:33:34.0064 4840 adp94xx - ok07:33:34.0085 4840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys07:33:34.0088 4840 adpahci - ok07:33:34.0104 4840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys07:33:34.0105 4840 adpu320 - ok07:33:34.0127 4840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll07:33:34.0129 4840 AeLookupSvc - ok07:33:34.0166 4840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys07:33:34.0170 4840 AFD - ok07:33:34.0218 4840 [ 91B76D91C781E9DD49D9D03A2AB3E8C3 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe07:33:34.0222 4840 AffinegyService - ok07:33:34.0239 4840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys07:33:34.0239 4840 agp440 - ok07:33:34.0251 4840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe07:33:34.0252 4840 ALG - ok07:33:34.0262 4840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys07:33:34.0263 4840 aliide - ok07:33:34.0288 4840 [ BA7DEAEF1066F1FD31FD1D719FC98204 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe07:33:34.0289 4840 AMD External Events Utility - ok07:33:34.0311 4840 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\drivers\amdhub30.sys07:33:34.0312 4840 amdhub30 - ok07:33:34.0331 4840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys07:33:34.0331 4840 amdide - ok07:33:34.0353 4840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys07:33:34.0354 4840 AmdK8 - ok07:33:34.0489 4840 [ 0DB247E7D8EE52176E4FCCF00911608D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys07:33:34.0543 4840 amdkmdag - ok07:33:34.0559 4840 [ FC57F1D151DA79BABD7E790E621BA525 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys07:33:34.0562 4840 amdkmdap - ok07:33:34.0581 4840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys07:33:34.0582 4840 AmdPPM - ok07:33:34.0606 4840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys07:33:34.0607 4840 amdsata - ok07:33:34.0620 4840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys07:33:34.0621 4840 amdsbs - ok07:33:34.0644 4840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys07:33:34.0645 4840 amdxata - ok07:33:34.0665 4840 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\drivers\amdxhc.sys07:33:34.0666 4840 amdxhc - ok07:33:34.0676 4840 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys07:33:34.0677 4840 amd_sata - ok07:33:34.0691 4840 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys07:33:34.0691 4840 amd_xata - ok07:33:34.0716 4840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys07:33:34.0718 4840 AppID - ok07:33:34.0734 4840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll07:33:34.0735 4840 AppIDSvc - ok07:33:34.0748 4840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll07:33:34.0749 4840 Appinfo - ok07:33:34.0809 4840 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe07:33:34.0811 4840 Apple Mobile Device - ok07:33:34.0822 4840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys07:33:34.0824 4840 arc - ok07:33:34.0842 4840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys07:33:34.0844 4840 arcsas - ok07:33:34.0899 4840 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe07:33:34.0901 4840 aspnet_state - ok07:33:34.0936 4840 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys07:33:34.0938 4840 aswMonFlt - ok07:33:34.0960 4840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys07:33:34.0962 4840 AsyncMac - ok07:33:34.0987 4840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys07:33:34.0988 4840 atapi - ok07:33:35.0009 4840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll07:33:35.0015 4840 AudioEndpointBuilder - ok07:33:35.0025 4840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll07:33:35.0028 4840 AudioSrv - ok07:33:35.0093 4840 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe07:33:35.0094 4840 avast! Antivirus - ok07:33:35.0119 4840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll07:33:35.0123 4840 AxInstSV - ok07:33:35.0161 4840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys07:33:35.0168 4840 b06bdrv - ok07:33:35.0186 4840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys07:33:35.0190 4840 b57nd60a - ok07:33:35.0217 4840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll07:33:35.0220 4840 BDESVC - ok07:33:35.0229 4840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys07:33:35.0231 4840 Beep - ok07:33:35.0256 4840 [ 299E54DB3638A18E47BD3A2D2EF499F7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe07:33:35.0259 4840 Belkin Local Backup Service - ok07:33:35.0273 4840 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe07:33:35.0274 4840 Belkin Network USB Helper - ok07:33:35.0307 4840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll07:33:35.0311 4840 BFE - ok07:33:35.0342 4840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll07:33:35.0347 4840 BITS - ok07:33:35.0361 4840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys07:33:35.0362 4840 blbdrive - ok07:33:35.0389 4840 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe07:33:35.0392 4840 Bonjour Service - ok07:33:35.0432 4840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys07:33:35.0433 4840 bowser - ok07:33:35.0462 4840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys07:33:35.0462 4840 BrFiltLo - ok07:33:35.0475 4840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys07:33:35.0476 4840 BrFiltUp - ok07:33:35.0514 4840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll07:33:35.0517 4840 Browser - ok07:33:35.0543 4840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys07:33:35.0545 4840 Brserid - ok07:33:35.0557 4840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys07:33:35.0557 4840 BrSerWdm - ok07:33:35.0568 4840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys07:33:35.0568 4840 BrUsbMdm - ok07:33:35.0580 4840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys07:33:35.0580 4840 BrUsbSer - ok07:33:35.0594 4840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys07:33:35.0595 4840 BTHMODEM - ok07:33:35.0618 4840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll07:33:35.0619 4840 bthserv - ok07:33:35.0680 4840 [ A3AD13CA2747953DDD4C9AE4FB925BEC ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe07:33:35.0681 4840 CalendarSynchService - ok07:33:35.0695 4840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys07:33:35.0697 4840 cdfs - ok07:33:35.0716 4840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys07:33:35.0719 4840 cdrom - ok07:33:35.0728 4840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll07:33:35.0731 4840 CertPropSvc - ok07:33:35.0753 4840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys07:33:35.0754 4840 circlass - ok07:33:35.0772 4840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys07:33:35.0775 4840 CLFS - ok07:33:35.0806 4840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe07:33:35.0807 4840 clr_optimization_v2.0.50727_32 - ok07:33:35.0835 4840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe07:33:35.0836 4840 clr_optimization_v2.0.50727_64 - ok07:33:35.0886 4840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe07:33:35.0887 4840 clr_optimization_v4.0.30319_32 - ok07:33:35.0897 4840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe07:33:35.0899 4840 clr_optimization_v4.0.30319_64 - ok07:33:35.0912 4840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys07:33:35.0913 4840 CmBatt - ok07:33:35.0938 4840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys07:33:35.0938 4840 cmdide - ok07:33:35.0957 4840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys07:33:35.0961 4840 CNG - ok07:33:35.0974 4840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys07:33:35.0975 4840 Compbatt - ok07:33:35.0997 4840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys07:33:35.0997 4840 CompositeBus - ok07:33:36.0005 4840 COMSysApp - ok07:33:36.0025 4840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys07:33:36.0026 4840 crcdisk - ok07:33:36.0055 4840 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll07:33:36.0057 4840 CryptSvc - ok07:33:36.0084 4840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll07:33:36.0087 4840 DcomLaunch - ok07:33:36.0111 4840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll07:33:36.0113 4840 defragsvc - ok07:33:36.0119 4840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys07:33:36.0120 4840 DfsC - ok07:33:36.0129 4840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll07:33:36.0132 4840 Dhcp - ok07:33:36.0142 4840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys07:33:36.0143 4840 discache - ok07:33:36.0147 4840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys07:33:36.0148 4840 Disk - ok07:33:36.0161 4840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll07:33:36.0163 4840 Dnscache - ok07:33:36.0176 4840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll07:33:36.0178 4840 dot3svc - ok07:33:36.0186 4840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll07:33:36.0188 4840 DPS - ok07:33:36.0207 4840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys07:33:36.0208 4840 drmkaud - ok07:33:36.0234 4840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys07:33:36.0240 4840 DXGKrnl - ok07:33:36.0278 4840 [ 78A3903702B7535154F56685CA1517D4 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys07:33:36.0279 4840 eamonm - ok07:33:36.0290 4840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll07:33:36.0292 4840 EapHost - ok07:33:36.0341 4840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys07:33:36.0357 4840 ebdrv - ok07:33:36.0382 4840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe07:33:36.0383 4840 EFS - ok07:33:36.0415 4840 [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys07:33:36.0416 4840 ehdrv - ok07:33:36.0461 4840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe07:33:36.0465 4840 ehRecvr - ok07:33:36.0473 4840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe07:33:36.0474 4840 ehSched - ok07:33:36.0540 4840 [ 501C1787CA4FAC7F6E9F585E96EB2FAC ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe07:33:36.0555 4840 ekrn - ok07:33:36.0579 4840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys07:33:36.0583 4840 elxstor - ok07:33:36.0597 4840 [ 392EC4EA0C265F5BC50D057BEAA593CD ] epfw C:\Windows\system32\DRIVERS\epfw.sys07:33:36.0599 4840 epfw - ok07:33:36.0611 4840 [ 0C9EC63C5BAE9506161F14B8A5C10280 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys07:33:36.0612 4840 EpfwLWF - ok07:33:36.0624 4840 [ 1EBAB3F7C53C13C7601D931ACDED544E ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys07:33:36.0625 4840 epfwwfp - ok07:33:36.0634 4840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys07:33:36.0635 4840 ErrDev - ok07:33:36.0657 4840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll07:33:36.0661 4840 EventSystem - ok07:33:36.0680 4840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys07:33:36.0682 4840 exfat - ok07:33:36.0698 4840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys07:33:36.0705 4840 fastfat - ok07:33:36.0737 4840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe07:33:36.0743 4840 Fax - ok07:33:36.0757 4840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys07:33:36.0758 4840 fdc - ok07:33:36.0770 4840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll07:33:36.0771 4840 fdPHost - ok07:33:36.0776 4840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll07:33:36.0777 4840 FDResPub - ok07:33:36.0787 4840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys07:33:36.0788 4840 FileInfo - ok07:33:36.0798 4840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys07:33:36.0799 4840 Filetrace - ok07:33:36.0811 4840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys07:33:36.0811 4840 flpydisk - ok07:33:36.0830 4840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys07:33:36.0832 4840 FltMgr - ok07:33:36.0854 4840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll07:33:36.0861 4840 FontCache - ok07:33:36.0899 4840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe07:33:36.0900 4840 FontCache3.0.0.0 - ok07:33:36.0911 4840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys07:33:36.0912 4840 FsDepends - ok07:33:36.0933 4840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys07:33:36.0934 4840 Fs_Rec - ok07:33:36.0947 4840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys07:33:36.0949 4840 fvevol - ok07:33:36.0966 4840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys07:33:36.0967 4840 gagp30kx - ok07:33:37.0002 4840 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe07:33:37.0004 4840 GamesAppService - ok07:33:37.0027 4840 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys07:33:37.0028 4840 GEARAspiWDM - ok07:33:37.0042 4840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll07:33:37.0046 4840 gpsvc - ok07:33:37.0098 4840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:33:37.0101 4840 gupdate - ok07:33:37.0107 4840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe07:33:37.0109 4840 gupdatem - ok07:33:37.0141 4840 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe07:33:37.0144 4840 gusvc - ok07:33:37.0156 4840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys07:33:37.0157 4840 hcw85cir - ok07:33:37.0188 4840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys07:33:37.0193 4840 HdAudAddService - ok07:33:37.0223 4840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys07:33:37.0226 4840 HDAudBus - ok07:33:37.0242 4840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys07:33:37.0244 4840 HidBatt - ok07:33:37.0259 4840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys07:33:37.0261 4840 HidBth - ok07:33:37.0275 4840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys07:33:37.0276 4840 HidIr - ok07:33:37.0285 4840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll07:33:37.0287 4840 hidserv - ok07:33:37.0303 4840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys07:33:37.0304 4840 HidUsb - ok07:33:37.0320 4840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll07:33:37.0323 4840 hkmsvc - ok07:33:37.0334 4840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll07:33:37.0337 4840 HomeGroupListener - ok07:33:37.0361 4840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll07:33:37.0365 4840 HomeGroupProvider - ok07:33:37.0391 4840 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe07:33:37.0392 4840 HP Support Assistant Service - ok07:33:37.0435 4840 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe07:33:37.0438 4840 HPClientSvc - ok07:33:37.0458 4840 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe07:33:37.0459 4840 HPDrvMntSvc.exe - ok07:33:37.0546 4840 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll07:33:37.0548 4840 hpqcxs08 - ok07:33:37.0565 4840 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll07:33:37.0566 4840 hpqddsvc - ok07:33:37.0583 4840 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe07:33:37.0587 4840 hpqwmiex - ok07:33:37.0600 4840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys07:33:37.0601 4840 HpSAMD - ok07:33:37.0624 4840 [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL07:33:37.0629 4840 HPSLPSVC - ok07:33:37.0657 4840 [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys07:33:37.0658 4840 HssDRV6 - ok07:33:37.0682 4840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys07:33:37.0693 4840 HTTP - ok07:33:37.0700 4840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys07:33:37.0701 4840 hwpolicy - ok07:33:37.0714 4840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys07:33:37.0715 4840 i8042prt - ok07:33:37.0736 4840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys07:33:37.0739 4840 iaStorV - ok07:33:37.0794 4840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe07:33:37.0806 4840 idsvc - ok07:33:37.0917 4840 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys07:33:37.0951 4840 igfx - ok07:33:37.0967 4840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys07:33:37.0968 4840 iirsp - ok07:33:37.0993 4840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll07:33:37.0998 4840 IKEEXT - ok07:33:38.0016 4840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys07:33:38.0017 4840 intelide - ok07:33:38.0028 4840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys07:33:38.0029 4840 intelppm - ok07:33:38.0110 4840 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe07:33:38.0111 4840 IntuitUpdateServiceV4 - ok07:33:38.0127 4840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll07:33:38.0131 4840 IPBusEnum - ok07:33:38.0147 4840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys07:33:38.0150 4840 IpFilterDriver - ok07:33:38.0184 4840 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll07:33:38.0194 4840 iphlpsvc - ok07:33:38.0219 4840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys07:33:38.0220 4840 IPMIDRV - ok07:33:38.0231 4840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys07:33:38.0235 4840 IPNAT - ok07:33:38.0289 4840 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe07:33:38.0297 4840 iPod Service - ok07:33:38.0312 4840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys07:33:38.0314 4840 IRENUM - ok07:33:38.0340 4840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys07:33:38.0340 4840 isapnp - ok07:33:38.0345 4840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys07:33:38.0347 4840 iScsiPrt - ok07:33:38.0362 4840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys07:33:38.0362 4840 kbdclass - ok07:33:38.0368 4840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys07:33:38.0369 4840 kbdhid - ok07:33:38.0381 4840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe07:33:38.0383 4840 KeyIso - ok07:33:38.0400 4840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys07:33:38.0402 4840 KSecDD - ok07:33:38.0409 4840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys07:33:38.0411 4840 KSecPkg - ok07:33:38.0417 4840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys07:33:38.0418 4840 ksthunk - ok07:33:38.0442 4840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll07:33:38.0445 4840 KtmRm - ok07:33:38.0462 4840 [ BD56BAE4403497E31727096CEBC42956 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys07:33:38.0463 4840 L1C - ok07:33:38.0488 4840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll07:33:38.0491 4840 LanmanServer - ok07:33:38.0504 4840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll07:33:38.0506 4840 LanmanWorkstation - ok07:33:38.0521 4840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys07:33:38.0523 4840 lltdio - ok07:33:38.0536 4840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll07:33:38.0539 4840 lltdsvc - ok07:33:38.0546 4840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll07:33:38.0547 4840 lmhosts - ok07:33:38.0571 4840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys07:33:38.0572 4840 LSI_FC - ok07:33:38.0585 4840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys07:33:38.0586 4840 LSI_SAS - ok07:33:38.0599 4840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys07:33:38.0600 4840 LSI_SAS2 - ok07:33:38.0611 4840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys07:33:38.0612 4840 LSI_SCSI - ok07:33:38.0625 4840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys07:33:38.0627 4840 luafv - ok07:33:38.0732 4840 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys07:33:38.0761 4840 LVUVC64 - ok07:33:38.0793 4840 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys07:33:38.0794 4840 MBAMProtector - ok07:33:38.0836 4840 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe07:33:38.0841 4840 MBAMScheduler - ok07:33:38.0866 4840 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe07:33:38.0874 4840 MBAMService - ok07:33:38.0892 4840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll07:33:38.0895 4840 Mcx2Svc - ok07:33:38.0955 4840 [ 165C8881EFC3AE4EA01CCCE7735BE68E ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe07:33:38.0973 4840 MediaMall Server - ok07:33:38.0988 4840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys07:33:38.0989 4840 megasas - ok07:33:39.0013 4840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys07:33:39.0018 4840 MegaSR - ok07:33:39.0044 4840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll07:33:39.0048 4840 MMCSS - ok07:33:39.0060 4840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys07:33:39.0063 4840 Modem - ok07:33:39.0080 4840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys07:33:39.0081 4840 monitor - ok07:33:39.0094 4840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys07:33:39.0095 4840 mouclass - ok07:33:39.0106 4840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys07:33:39.0107 4840 mouhid - ok07:33:39.0118 4840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys07:33:39.0120 4840 mountmgr - ok07:33:39.0137 4840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys07:33:39.0139 4840 mpio - ok07:33:39.0149 4840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys07:33:39.0150 4840 mpsdrv - ok07:33:39.0186 4840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll07:33:39.0191 4840 MpsSvc - ok07:33:39.0203 4840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys07:33:39.0205 4840 MRxDAV - ok07:33:39.0226 4840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys07:33:39.0227 4840 mrxsmb - ok07:33:39.0240 4840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys07:33:39.0242 4840 mrxsmb10 - ok07:33:39.0253 4840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys07:33:39.0254 4840 mrxsmb20 - ok07:33:39.0274 4840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys07:33:39.0274 4840 msahci - ok07:33:39.0284 4840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys07:33:39.0285 4840 msdsm - ok07:33:39.0297 4840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe07:33:39.0299 4840 MSDTC - ok07:33:39.0311 4840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys07:33:39.0312 4840 Msfs - ok07:33:39.0319 4840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys07:33:39.0320 4840 mshidkmdf - ok07:33:39.0330 4840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys07:33:39.0331 4840 msisadrv - ok07:33:39.0354 4840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll07:33:39.0356 4840 MSiSCSI - ok07:33:39.0359 4840 msiserver - ok07:33:39.0370 4840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys07:33:39.0371 4840 MSKSSRV - ok07:33:39.0389 4840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys07:33:39.0390 4840 MSPCLOCK - ok07:33:39.0395 4840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys07:33:39.0396 4840 MSPQM - ok07:33:39.0407 4840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys07:33:39.0410 4840 MsRPC - ok07:33:39.0417 4840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys07:33:39.0418 4840 mssmbios - ok07:33:39.0425 4840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys07:33:39.0428 4840 MSTEE - ok07:33:39.0488 4840 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys07:33:39.0489 4840 msvad_simple - ok07:33:39.0508 4840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys07:33:39.0509 4840 MTConfig - ok07:33:39.0528 4840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys07:33:39.0531 4840 Mup - ok07:33:39.0558 4840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll07:33:39.0567 4840 napagent - ok07:33:39.0587 4840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys07:33:39.0590 4840 NativeWifiP - ok07:33:39.0633 4840 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys07:33:39.0640 4840 NDIS - ok07:33:39.0658 4840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys07:33:39.0660 4840 NdisCap - ok07:33:39.0669 4840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys07:33:39.0670 4840 NdisTapi - ok07:33:39.0683 4840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys07:33:39.0684 4840 Ndisuio - ok07:33:39.0688 4840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys07:33:39.0690 4840 NdisWan - ok07:33:39.0696 4840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys07:33:39.0697 4840 NDProxy - ok07:33:39.0728 4840 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll07:33:39.0729 4840 Net Driver HPZ12 - ok07:33:39.0741 4840 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys07:33:39.0742 4840 Netaapl - ok07:33:39.0752 4840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys07:33:39.0753 4840 NetBIOS - ok07:33:39.0766 4840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys07:33:39.0768 4840 NetBT - ok07:33:39.0772 4840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe07:33:39.0773 4840 Netlogon - ok07:33:39.0790 4840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll07:33:39.0794 4840 Netman - ok07:33:39.0813 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:33:39.0814 4840 NetMsmqActivator - ok07:33:39.0817 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:33:39.0818 4840 NetPipeActivator - ok07:33:39.0831 4840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll07:33:39.0834 4840 netprofm - ok07:33:39.0862 4840 [ 570813483F26B5C8D984BCA5BB70B50D ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys07:33:39.0870 4840 netr28x - ok07:33:39.0874 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:33:39.0875 4840 NetTcpActivator - ok07:33:39.0878 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe07:33:39.0879 4840 NetTcpPortSharing - ok07:33:39.0893 4840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys07:33:39.0894 4840 nfrd960 - ok07:33:39.0911 4840 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll07:33:39.0914 4840 NlaSvc - ok07:33:39.0923 4840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys07:33:39.0924 4840 Npfs - ok07:33:39.0931 4840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll07:33:39.0933 4840 nsi - ok07:33:39.0938 4840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys07:33:39.0938 4840 nsiproxy - ok07:33:39.0995 4840 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys07:33:40.0011 4840 Ntfs - ok07:33:40.0016 4840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys07:33:40.0017 4840 Null - ok07:33:40.0031 4840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys07:33:40.0033 4840 nvraid - ok07:33:40.0060 4840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys07:33:40.0062 4840 nvstor - ok07:33:40.0091 4840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys07:33:40.0093 4840 nv_agp - ok07:33:40.0102 4840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys07:33:40.0104 4840 ohci1394 - ok07:33:40.0139 4840 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE07:33:40.0141 4840 ose - ok07:33:40.0250 4840 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE07:33:40.0278 4840 osppsvc - ok07:33:40.0293 4840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll07:33:40.0296 4840 p2pimsvc - ok07:33:40.0315 4840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll07:33:40.0318 4840 p2psvc - ok07:33:40.0344 4840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys07:33:40.0345 4840 Parport - ok07:33:40.0361 4840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys07:33:40.0362 4840 partmgr - ok07:33:40.0375 4840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll07:33:40.0378 4840 PcaSvc - ok07:33:40.0389 4840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys07:33:40.0390 4840 pci - ok07:33:40.0404 4840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys07:33:40.0405 4840 pciide - ok07:33:40.0418 4840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys07:33:40.0419 4840 pcmcia - ok07:33:40.0433 4840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys07:33:40.0434 4840 pcw - ok07:33:40.0453 4840 pdfcDispatcher - ok07:33:40.0470 4840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys07:33:40.0474 4840 PEAUTH - ok07:33:40.0537 4840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe07:33:40.0540 4840 PerfHost - ok07:33:40.0584 4840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll07:33:40.0597 4840 pla - ok07:33:40.0638 4840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll07:33:40.0647 4840 PlugPlay - ok07:33:40.0688 4840 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll07:33:40.0691 4840 Pml Driver HPZ12 - ok07:33:40.0705 4840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll07:33:40.0709 4840 PNRPAutoReg - ok07:33:40.0720 4840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll07:33:40.0725 4840 PNRPsvc - ok07:33:40.0741 4840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll07:33:40.0746 4840 PolicyAgent - ok07:33:40.0766 4840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll07:33:40.0769 4840 Power - ok07:33:40.0779 4840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys07:33:40.0780 4840 PptpMiniport - ok07:33:40.0794 4840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys07:33:40.0794 4840 Processor - ok07:33:40.0826 4840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll07:33:40.0828 4840 ProfSvc - ok07:33:40.0840 4840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe07:33:40.0842 4840 ProtectedStorage - ok07:33:40.0856 4840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys07:33:40.0858 4840 Psched - ok07:33:40.0878 4840 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys07:33:40.0878 4840 PxHlpa64 - ok07:33:40.0919 4840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys07:33:40.0935 4840 ql2300 - ok07:33:40.0946 4840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys07:33:40.0948 4840 ql40xx - ok07:33:40.0962 4840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll07:33:40.0964 4840 QWAVE - ok07:33:40.0985 4840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys07:33:40.0986 4840 QWAVEdrv - ok07:33:40.0994 4840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys07:33:40.0995 4840 RasAcd - ok07:33:41.0007 4840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys07:33:41.0008 4840 RasAgileVpn - ok07:33:41.0019 4840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll07:33:41.0021 4840 RasAuto - ok07:33:41.0029 4840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys07:33:41.0030 4840 Rasl2tp - ok07:33:41.0042 4840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll07:33:41.0045 4840 RasMan - ok07:33:41.0057 4840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys07:33:41.0058 4840 RasPppoe - ok07:33:41.0062 4840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys07:33:41.0064 4840 RasSstp - ok07:33:41.0080 4840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys07:33:41.0082 4840 rdbss - ok07:33:41.0091 4840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys07:33:41.0092 4840 rdpbus - ok07:33:41.0104 4840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys07:33:41.0104 4840 RDPCDD - ok07:33:41.0118 4840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys07:33:41.0119 4840 RDPENCDD - ok07:33:41.0131 4840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys07:33:41.0132 4840 RDPREFMP - ok07:33:41.0152 4840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys07:33:41.0153 4840 RDPWD - ok07:33:41.0165 4840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys07:33:41.0166 4840 rdyboost - ok07:33:41.0176 4840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll07:33:41.0178 4840 RemoteAccess - ok07:33:41.0191 4840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll07:33:41.0194 4840 RemoteRegistry - ok07:33:41.0203 4840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll07:33:41.0205 4840 RpcEptMapper - ok07:33:41.0208 4840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe07:33:41.0210 4840 RpcLocator - ok07:33:41.0225 4840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll07:33:41.0230 4840 RpcSs - ok07:33:41.0238 4840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys07:33:41.0239 4840 rspndr - ok07:33:41.0243 4840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe07:33:41.0244 4840 SamSs - ok07:33:41.0255 4840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys07:33:41.0256 4840 sbp2port - ok07:33:41.0269 4840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll07:33:41.0271 4840 SCardSvr - ok07:33:41.0277 4840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys07:33:41.0278 4840 scfilter - ok07:33:41.0298 4840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll07:33:41.0305 4840 Schedule - ok07:33:41.0319 4840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll07:33:41.0320 4840 SCPolicySvc - ok07:33:41.0333 4840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll07:33:41.0335 4840 SDRSVC - ok07:33:41.0345 4840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys07:33:41.0346 4840 secdrv - ok07:33:41.0349 4840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll07:33:41.0351 4840 seclogon - ok07:33:41.0362 4840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll07:33:41.0365 4840 SENS - ok07:33:41.0382 4840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll07:33:41.0384 4840 SensrSvc - ok07:33:41.0400 4840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys07:33:41.0400 4840 Serenum - ok07:33:41.0411 4840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys07:33:41.0412 4840 Serial - ok07:33:41.0425 4840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys07:33:41.0426 4840 sermouse - ok07:33:41.0451 4840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll07:33:41.0453 4840 SessionEnv - ok07:33:41.0469 4840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys07:33:41.0469 4840 sffdisk - ok07:33:41.0483 4840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys07:33:41.0483 4840 sffp_mmc - ok07:33:41.0494 4840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys07:33:41.0495 4840 sffp_sd - ok07:33:41.0518 4840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys07:33:41.0518 4840 sfloppy - ok07:33:41.0552 4840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll07:33:41.0559 4840 SharedAccess - ok07:33:41.0590 4840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll07:33:41.0598 4840 ShellHWDetection - ok07:33:41.0614 4840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys07:33:41.0615 4840 SiSRaid2 - ok07:33:41.0635 4840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys07:33:41.0636 4840 SiSRaid4 - ok07:33:41.0649 4840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys07:33:41.0651 4840 Smb - ok07:33:41.0667 4840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe07:33:41.0669 4840 SNMPTRAP - ok07:33:41.0681 4840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys07:33:41.0682 4840 spldr - ok07:33:41.0713 4840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe07:33:41.0717 4840 Spooler - ok07:33:41.0766 4840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe07:33:41.0784 4840 sppsvc - ok07:33:41.0790 4840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll07:33:41.0791 4840 sppuinotify - ok07:33:41.0810 4840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys07:33:41.0813 4840 srv - ok07:33:41.0827 4840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys07:33:41.0830 4840 srv2 - ok07:33:41.0838 4840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys07:33:41.0839 4840 srvnet - ok07:33:41.0858 4840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll07:33:41.0860 4840 SSDPSRV - ok07:33:41.0877 4840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll07:33:41.0879 4840 SstpSvc - ok07:33:41.0932 4840 [ 4B1D0B5B6D043AAF45AE89EABAB7B865 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe07:33:41.0933 4840 STacSV - ok07:33:41.0947 4840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys07:33:41.0948 4840 stexstor - ok07:33:41.0971 4840 [ 542BDF7E9256189ABBC68935FA8116A4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys07:33:41.0974 4840 STHDA - ok07:33:41.0999 4840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll07:33:42.0003 4840 stisvc - ok07:33:42.0022 4840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys07:33:42.0023 4840 swenum - ok07:33:42.0037 4840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll07:33:42.0041 4840 swprv - ok07:33:42.0073 4840 [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp C:\Windows\system32\DRIVERS\sxuptp.sys07:33:42.0075 4840 sxuptp - ok07:33:42.0102 4840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll07:33:42.0112 4840 SysMain - ok07:33:42.0120 4840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll07:33:42.0123 4840 TabletInputService - ok07:33:42.0155 4840 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys07:33:42.0156 4840 taphss - ok07:33:42.0173 4840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll07:33:42.0176 4840 TapiSrv - ok07:33:42.0191 4840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll07:33:42.0193 4840 TBS - ok07:33:42.0244 4840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys07:33:42.0253 4840 Tcpip - ok07:33:42.0280 4840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys07:33:42.0290 4840 TCPIP6 - ok07:33:42.0303 4840 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys07:33:42.0304 4840 tcpipreg - ok07:33:42.0315 4840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys07:33:42.0316 4840 TDPIPE - ok07:33:42.0336 4840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys07:33:42.0337 4840 TDTCP - ok07:33:42.0354 4840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys07:33:42.0356 4840 tdx - ok07:33:42.0373 4840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys07:33:42.0373 4840 TermDD - ok07:33:42.0393 4840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll07:33:42.0398 4840 TermService - ok07:33:42.0409 4840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll07:33:42.0412 4840 Themes - ok07:33:42.0427 4840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll07:33:42.0429 4840 THREADORDER - ok07:33:42.0441 4840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll07:33:42.0444 4840 TrkWks - ok07:33:42.0473 4840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe07:33:42.0474 4840 TrustedInstaller - ok07:33:42.0489 4840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys07:33:42.0489 4840 tssecsrv - ok07:33:42.0500 4840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys07:33:42.0501 4840 TsUsbFlt - ok07:33:42.0514 4840 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys07:33:42.0514 4840 TsUsbGD - ok07:33:42.0536 4840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys07:33:42.0537 4840 tunnel - ok07:33:42.0548 4840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys07:33:42.0549 4840 uagp35 - ok07:33:42.0562 4840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys07:33:42.0564 4840 udfs - ok07:33:42.0580 4840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe07:33:42.0582 4840 UI0Detect - ok07:33:42.0601 4840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys07:33:42.0602 4840 uliagpkx - ok07:33:42.0618 4840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys07:33:42.0618 4840 umbus - ok07:33:42.0630 4840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys07:33:42.0631 4840 UmPass - ok07:33:42.0666 4840 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe07:33:42.0669 4840 UMVPFSrv - ok07:33:42.0684 4840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll07:33:42.0687 4840 upnphost - ok07:33:42.0712 4840 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys07:33:42.0713 4840 USBAAPL64 - ok07:33:42.0737 4840 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys07:33:42.0738 4840 usbaudio - ok07:33:42.0749 4840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys07:33:42.0751 4840 usbccgp - ok07:33:42.0779 4840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys07:33:42.0780 4840 usbcir - ok07:33:42.0788 4840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys07:33:42.0788 4840 usbehci - ok07:33:42.0795 4840 [ 87B0382F0713C8D70D4382806492E864 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys07:33:42.0795 4840 usbfilter - ok07:33:42.0811 4840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys07:33:42.0813 4840 usbhub - ok07:33:42.0823 4840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys07:33:42.0824 4840 usbohci - ok07:33:42.0838 4840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys07:33:42.0838 4840 usbprint - ok07:33:42.0849 4840 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys07:33:42.0850 4840 usbscan - ok07:33:42.0861 4840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS07:33:42.0862 4840 USBSTOR - ok07:33:42.0865 4840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys07:33:42.0866 4840 usbuhci - ok07:33:42.0888 4840 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys07:33:42.0889 4840 usbvideo - ok07:33:42.0900 4840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll07:33:42.0901 4840 UxSms - ok07:33:42.0907 4840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe07:33:42.0908 4840 VaultSvc - ok07:33:42.0918 4840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys07:33:42.0919 4840 vdrvroot - ok07:33:42.0937 4840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe07:33:42.0941 4840 vds - ok07:33:42.0955 4840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys07:33:42.0956 4840 vga - ok07:33:42.0974 4840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys07:33:42.0975 4840 VgaSave - ok07:33:42.0994 4840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys07:33:42.0995 4840 vhdmp - ok07:33:43.0018 4840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys07:33:43.0019 4840 viaide - ok07:33:43.0042 4840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys07:33:43.0043 4840 volmgr - ok07:33:43.0063 4840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys07:33:43.0065 4840 volmgrx - ok07:33:43.0073 4840 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys07:33:43.0075 4840 volsnap - ok07:33:43.0085 4840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys07:33:43.0086 4840 vsmraid - ok07:33:43.0114 4840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe07:33:43.0123 4840 VSS - ok07:33:43.0127 4840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys07:33:43.0128 4840 vwifibus - ok07:33:43.0133 4840 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys07:33:43.0134 4840 vwififlt - ok07:33:43.0150 4840 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys07:33:43.0151 4840 vwifimp - ok07:33:43.0164 4840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll07:33:43.0168 4840 W32Time - ok07:33:43.0185 4840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys07:33:43.0185 4840 WacomPen - ok07:33:43.0211 4840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys07:33:43.0212 4840 WANARP - ok07:33:43.0214 4840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys07:33:43.0216 4840 Wanarpv6 - ok07:33:43.0266 4840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe07:33:43.0273 4840 WatAdminSvc - ok07:33:43.0305 4840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe07:33:43.0314 4840 wbengine - ok07:33:43.0326 4840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll07:33:43.0329 4840 WbioSrvc - ok07:33:43.0338 4840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll07:33:43.0342 4840 wcncsvc - ok07:33:43.0353 4840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll07:33:43.0355 4840 WcsPlugInService - ok07:33:43.0366 4840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys07:33:43.0366 4840 Wd - ok07:33:43.0395 4840 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys07:33:43.0400 4840 Wdf01000 - ok07:33:43.0405 4840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll07:33:43.0408 4840 WdiServiceHost - ok07:33:43.0411 4840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll07:33:43.0413 4840 WdiSystemHost - ok07:33:43.0421 4840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll07:33:43.0425 4840 WebClient - ok07:33:43.0454 4840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll07:33:43.0457 4840 Wecsvc - ok07:33:43.0470 4840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll07:33:43.0472 4840 wercplsupport - ok07:33:43.0499 4840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll07:33:43.0501 4840 WerSvc - ok07:33:43.0538 4840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys07:33:43.0539 4840 WfpLwf - ok07:33:43.0580 4840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys07:33:43.0581 4840 WIMMount - ok07:33:43.0593 4840 WinDefend - ok07:33:43.0599 4840 WinHttpAutoProxySvc - ok07:33:43.0631 4840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll07:33:43.0633 4840 Winmgmt - ok07:33:43.0666 4840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll07:33:43.0677 4840 WinRM - ok07:33:43.0707 4840 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys07:33:43.0708 4840 WinUsb - ok07:33:43.0734 4840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll07:33:43.0740 4840 Wlansvc - ok07:33:43.0764 4840 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe07:33:43.0765 4840 wlcrasvc - ok07:33:43.0822 4840 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE07:33:43.0834 4840 wlidsvc - ok07:33:43.0852 4840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys07:33:43.0852 4840 WmiAcpi - ok07:33:43.0869 4840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe07:33:43.0871 4840 wmiApSrv - ok07:33:43.0883 4840 WMPNetworkSvc - ok07:33:43.0891 4840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll07:33:43.0893 4840 WPCSvc - ok07:33:43.0902 4840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll07:33:43.0905 4840 WPDBusEnum - ok07:33:43.0913 4840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys07:33:43.0914 4840 ws2ifsl - ok07:33:43.0927 4840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll07:33:43.0930 4840 wscsvc - ok07:33:43.0950 4840 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys07:33:43.0951 4840 WSDPrintDevice - ok07:33:43.0953 4840 WSearch - ok07:33:43.0998 4840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll07:33:44.0012 4840 wuauserv - ok07:33:44.0041 4840 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys07:33:44.0042 4840 WudfPf - ok07:33:44.0059 4840 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys07:33:44.0061 4840 WUDFRd - ok07:33:44.0075 4840 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll07:33:44.0077 4840 wudfsvc - ok07:33:44.0096 4840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll07:33:44.0099 4840 WwanSvc - ok07:33:44.0109 4840 ================ Scan global ===============================07:33:44.0132 4840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll07:33:44.0158 4840 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll07:33:44.0164 4840 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll07:33:44.0183 4840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll07:33:44.0191 4840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe07:33:44.0194 4840 [Global] - ok07:33:44.0195 4840 ================ Scan MBR ==================================07:33:44.0207 4840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR007:33:44.0372 4840 \Device\Harddisk0\DR0 - ok07:33:44.0373 4840 ================ Scan VBR ==================================07:33:44.0378 4840 [ EE4D33D536430345F534E733A388F135 ] \Device\Harddisk0\DR0\Partition107:33:44.0381 4840 \Device\Harddisk0\DR0\Partition1 - ok07:33:44.0394 4840 [ 4349196C443623C421CF74553A1914A3 ] \Device\Harddisk0\DR0\Partition207:33:44.0395 4840 \Device\Harddisk0\DR0\Partition2 - ok07:33:44.0426 4840 [ 65D9BABC913482206B872A711A3BCB90 ] \Device\Harddisk0\DR0\Partition307:33:44.0428 4840 \Device\Harddisk0\DR0\Partition3 - ok07:33:44.0428 4840 ============================================================07:33:44.0428 4840 Scan finished07:33:44.0428 4840 ============================================================07:33:44.0485 1260 Detected object count: 007:33:44.0485 1260 Actual detected object count: 0 Link to post Share on other sites More sharing options...
stpatrick Posted February 9, 2013 Author ID:645302 Share Posted February 9, 2013 RogueKiller V8.5.0 [Feb 9 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : PB HP [Admin rights]Mode : Scan -- Date : 02/09/2013 07:18:38| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: Hitachi HDS723020BLA642 SATA Disk Device +++++--- User ---[MBR] 8de979cb11eb55a8d598a3a82efdaf48[bSP] 91e707c018452af0149e7f3919fd4e38 : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1890638 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3872233472 | Size: 16989 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] 544140867009d35863369aaef2f85288[bSP] b1c8619cd906f5ed3f7c16aee5bd484a : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 MoFinished : << RKreport[1]_S_02092013_02d0718.txt >>RKreport[1]_S_02092013_02d0718.txt Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 9, 2013 ID:645325 Share Posted February 9, 2013 You will want to print out or copy these instructions to Notepad for offline reference!These steps are for member stpatrick only. If you are a casual viewer, do NOT try this on your system! If you are not stpatrick and have a similar problem, do NOT post here; start your own topicDo not run or start any other programs while these utilities and tools are in use!Do NOT run any other tools on your own or do any fixes other than what is listed here.If you have questions, please ask before you do something on your own.But it is important that you get going on these following steps.=Close any of your open programs while you run these tools.On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.Proceed with the following, doing as much as you can. IF you run into a hitch, make a note for me and go forward with the other steps that follow.Close any open documents/programs & all internet browsers you have running.Please start AdwCleanerClick on Delete button.Confirm each time with OK.Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.Note: You can find the logfile at C:\AdwCleaner[s1] Step 2Please download Junkware Removal Tool to your Desktop.Please close your security software to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.The tool will open and start scanning your system.Please be patient as this can take a while to complete, depending on your system's specifications.On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.Please post the contents of JRT.txt into your reply. And tell me, How is the system now?Re-enable your security software.Step 3Close any/all open internet browsers. Save any open documents you have open & close programs you started.On Windows 7, press Windows-key, then start typing in text box Malwarebytes then select/click Malwarebytes Anti-Malware ChameleonOnce the Help file opens, click on a Chameleon button (starting with #1) If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. at the topPress any key to continue as it says in the window {space-bar will do}If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).Have infinite patience during this processMalwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possibleOnce the update completes and it says your database is updated, click on OK button so that process can continue Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scanA quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove SelectedIf prompted to restart your computer to complete the removal process, click Yes If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threatsStep 4If you have a prior copy of Combofix, delete it now Download Combofix from any of the links below, and SAVE it to your Desktop. Link 1Link 2**Note: It is important that it is saved directly to your Desktop and not run straight away from download **Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsHave infinite patience during the run & scan by Combofix. It has many phases: some 50+ stagesIt will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator". A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. A file will be created at => C:\Combofix.txt. Notes:[1] IF after Combofix reboot you get the message Illegal operation attempted on registry key that has been marked for deletion....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.[2] Do not mouseclick combofix's window nor run any program while Combofix is running.That may cause it to stall.[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?Re-enable your antivirus program. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 11, 2013 ID:646074 Share Posted February 11, 2013 How is it going? Any progress ? Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646084 Share Posted February 11, 2013 Maurice,Again, thank you for all your help. I just completed following all your instructions.First I ran AdwCleaner. The AdwCleaner log will follow this post named with today's date included.Second I ran JRT.exe. The JRT.txt file follows this post as well. The system seemed stable after running this app.Third I ran malwarebytes Chameleon. It executed on button#1. It ran fine and afterwards I ran a Malwarebytes scan. I rebooted and ran malwarebytes a second time. It reported no problems.Next I downloaded Combofix. I ran it and after some time it finished generating the log file, combofix_ log_2.11.13. That file is posted following this post. It didn't reboot automatically so I rebooted the system.Currently the antivirus apps are all running and the system seems normal.Patrick Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646085 Share Posted February 11, 2013 # AdwCleaner v2.112 - Logfile created 02/11/2013 at 07:13:20# Updated 10/02/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : PB HP - PBHP-HP# Boot Mode : Normal# Running from : C:\Users\PB HP\Desktop\adwcleaner (1).exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v9.0.8112.16457[OK] Registry is clean.-\\ Google Chrome v24.0.1312.57File : C:\Users\PB HP\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R2].txt - [846 octets] - [11/02/2013 07:12:30]AdwCleaner[s1].txt - [1871 octets] - [09/02/2013 06:55:09]AdwCleaner[s2].txt - [778 octets] - [11/02/2013 07:13:20]########## EOF - C:\AdwCleaner[s2].txt - [837 octets] ########## Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646086 Share Posted February 11, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 4.6.2 (02.02.2013:2)OS: Windows 7 Home Premium x64Ran by PB HP on Mon 02/11/2013 at 7:21:09.68~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry KeysSuccessfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} ~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\Program Files (x86)\coupons"~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 02/11/2013 at 7:28:03.29End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646087 Share Posted February 11, 2013 Malwarebytes Anti-Malware (PRO) 1.70.0.1100www.malwarebytes.orgDatabase version: v2013.02.11.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421PB HP :: PBHP-HP [administrator]Protection: Disabled2/11/2013 9:04:24 AMmbam-log-2013-02-11 (09-04-24).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 218545Time elapsed: 1 minute(s), 28 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646093 Share Posted February 11, 2013 ComboFix 13-02-07.02 - PB HP 02/11/2013 9:14.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.11703.9349 [GMT -5:00]Running from: c:\users\PB HP\Desktop\ComboFix.exeAV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\PB HP\AppData\Local\Temp\_MEI50562\_ctypes.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\_elementtree.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\_hashlib.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\_socket.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\_ssl.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\pyexpat.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\pysqlite2._sqlite.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\python26.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\pythoncom26.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\PyWinTypes26.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\select.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\unicodedata.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32api.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32com.shell.shell.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32crypt.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32event.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32file.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32inet.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32pdh.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32process.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32profile.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32security.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\win32ts.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\windows._cacheinvalidation.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._controls_.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._core_.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._gdi_.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._html2.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._misc_.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._windows_.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._wizard.pydc:\users\PB HP\AppData\Local\Temp\_MEI50562\wxbase293u_net_vc.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\wxbase293u_vc.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_adv_vc.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_core_vc.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_html_vc.dllc:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_webview_vc.dllc:\users\PB HP\AppData\Local\Temp\1.tmp\F_IN_BOX.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_ctypes.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_elementtree.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_hashlib.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_socket.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_ssl.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\pyexpat.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\pysqlite2._sqlite.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\python26.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\pythoncom26.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\PyWinTypes26.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\select.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\unicodedata.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32api.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32com.shell.shell.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32crypt.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32event.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32file.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32inet.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32pdh.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32process.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32profile.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32security.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32ts.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\windows._cacheinvalidation.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._controls_.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._core_.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._gdi_.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._html2.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._misc_.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._windows_.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._wizard.pydc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxbase293u_net_vc.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxbase293u_vc.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_adv_vc.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_core_vc.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_html_vc.dllc:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_webview_vc.dllc:\users\PBHP~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll..((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))..2013-02-11 14:32 . 2013-02-11 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp2013-02-11 12:21 . 2013-02-11 12:21 -------- d-----w- c:\windows\ERUNT2013-02-11 12:21 . 2013-02-11 12:21 -------- d-----w- C:\JRT2013-02-08 14:54 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7846778E-21DB-4AD4-929C-838DEE62C77D}\mpengine.dll2013-02-06 16:13 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-02-06 16:12 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr2013-02-06 16:12 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe2013-02-05 15:58 . 2013-02-05 15:58 -------- d-----w- c:\users\PB HP\AppData\Local\ESET2013-02-05 15:53 . 2013-02-05 15:53 -------- d-----w- c:\program files\ESET2013-01-25 03:23 . 2013-01-25 03:23 -------- d-----w- c:\programdata\Affinegy...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-02-08 17:32 . 2012-07-11 15:25 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-02-08 17:32 . 2012-05-05 04:54 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-02-06 16:35 . 2012-10-12 16:28 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-02-06 16:35 . 2012-10-12 16:28 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-01-17 06:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe2013-01-10 08:03 . 2012-07-25 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe2012-12-21 18:09 . 2012-12-21 18:09 57904 ----a-w- c:\windows\system32\drivers\epfwwfp.sys2012-12-21 18:09 . 2012-12-21 18:09 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys2012-12-21 18:09 . 2012-12-21 18:09 190232 ----a-w- c:\windows\system32\drivers\epfw.sys2012-12-21 18:08 . 2012-12-21 18:08 150616 ----a-w- c:\windows\system32\drivers\ehdrv.sys2012-12-21 18:08 . 2012-12-21 18:08 213416 ----a-w- c:\windows\system32\drivers\eamonm.sys2012-12-16 17:11 . 2012-12-22 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll2012-12-16 14:45 . 2012-12-22 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll2012-12-16 14:13 . 2012-12-22 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2012-12-16 14:13 . 2012-12-22 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2012-12-14 21:49 . 2012-07-11 17:00 24176 ----a-w- c:\windows\system32\drivers\mbam.sys2012-12-07 13:20 . 2013-01-09 14:42 441856 ----a-w- c:\windows\system32\Wpc.dll2012-12-07 13:15 . 2013-01-09 14:42 2746368 ----a-w- c:\windows\system32\gameux.dll2012-12-07 12:26 . 2013-01-09 14:42 308736 ----a-w- c:\windows\SysWow64\Wpc.dll2012-12-07 12:20 . 2013-01-09 14:42 2576384 ----a-w- c:\windows\SysWow64\gameux.dll2012-12-07 11:20 . 2013-01-09 14:42 30720 ----a-w- c:\windows\system32\usk.rs2012-12-07 11:20 . 2013-01-09 14:42 43520 ----a-w- c:\windows\system32\csrr.rs2012-12-07 11:20 . 2013-01-09 14:42 23552 ----a-w- c:\windows\system32\oflc.rs2012-12-07 11:20 . 2013-01-09 14:42 45568 ----a-w- c:\windows\system32\oflc-nz.rs2012-12-07 11:20 . 2013-01-09 14:42 44544 ----a-w- c:\windows\system32\pegibbfc.rs2012-12-07 11:20 . 2013-01-09 14:42 20480 ----a-w- c:\windows\system32\pegi-fi.rs2012-12-07 11:20 . 2013-01-09 14:42 20480 ----a-w- c:\windows\system32\pegi-pt.rs2012-12-07 11:19 . 2013-01-09 14:42 20480 ----a-w- c:\windows\system32\pegi.rs2012-12-07 11:19 . 2013-01-09 14:42 46592 ----a-w- c:\windows\system32\fpb.rs2012-12-07 11:19 . 2013-01-09 14:42 40960 ----a-w- c:\windows\system32\cob-au.rs2012-12-07 11:19 . 2013-01-09 14:42 21504 ----a-w- c:\windows\system32\grb.rs2012-12-07 11:19 . 2013-01-09 14:42 15360 ----a-w- c:\windows\system32\djctq.rs2012-12-07 11:19 . 2013-01-09 14:42 55296 ----a-w- c:\windows\system32\cero.rs2012-12-07 11:19 . 2013-01-09 14:42 51712 ----a-w- c:\windows\system32\esrb.rs2012-12-07 10:46 . 2013-01-09 14:42 43520 ----a-w- c:\windows\SysWow64\csrr.rs2012-12-07 10:46 . 2013-01-09 14:42 30720 ----a-w- c:\windows\SysWow64\usk.rs2012-12-07 10:46 . 2013-01-09 14:42 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs2012-12-07 10:46 . 2013-01-09 14:42 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs2012-12-07 10:46 . 2013-01-09 14:42 23552 ----a-w- c:\windows\SysWow64\oflc.rs2012-12-07 10:46 . 2013-01-09 14:42 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs2012-12-07 10:46 . 2013-01-09 14:42 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs2012-12-07 10:46 . 2013-01-09 14:42 46592 ----a-w- c:\windows\SysWow64\fpb.rs2012-12-07 10:46 . 2013-01-09 14:42 20480 ----a-w- c:\windows\SysWow64\pegi.rs2012-12-07 10:46 . 2013-01-09 14:42 21504 ----a-w- c:\windows\SysWow64\grb.rs2012-12-07 10:46 . 2013-01-09 14:42 40960 ----a-w- c:\windows\SysWow64\cob-au.rs2012-12-07 10:46 . 2013-01-09 14:42 15360 ----a-w- c:\windows\SysWow64\djctq.rs2012-12-07 10:46 . 2013-01-09 14:42 55296 ----a-w- c:\windows\SysWow64\cero.rs2012-12-07 10:46 . 2013-01-09 14:42 51712 ----a-w- c:\windows\SysWow64\esrb.rs2012-11-30 05:45 . 2013-01-09 14:42 362496 ----a-w- c:\windows\system32\wow64win.dll2012-11-30 05:45 . 2013-01-09 14:42 243200 ----a-w- c:\windows\system32\wow64.dll2012-11-30 05:45 . 2013-01-09 14:42 13312 ----a-w- c:\windows\system32\wow64cpu.dll2012-11-30 05:45 . 2013-01-09 14:42 215040 ----a-w- c:\windows\system32\winsrv.dll2012-11-30 05:43 . 2013-01-09 14:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll2012-11-30 05:41 . 2013-01-09 14:42 424448 ----a-w- c:\windows\system32\KernelBase.dll2012-11-30 05:41 . 2013-01-09 14:42 1161216 ----a-w- c:\windows\system32\kernel32.dll2012-11-30 05:38 . 2013-01-09 14:42 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll2012-11-30 04:54 . 2013-01-09 14:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll2012-11-30 04:53 . 2013-01-09 14:42 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll2012-11-30 04:45 . 2013-01-09 14:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll2012-11-30 04:45 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-21 630912]"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-18 1255736]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-01-16 82048]S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-01-16 42624]S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-12-21 57904]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-12-21 213416]S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-12-21 150616]S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-12-21 59440]S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-10 235520]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-12-21 1333424]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2012-09-10 3057528]S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-01-11 102528]S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-01-11 219776]S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-30 104048]S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-08-11 1582144]S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-12-28 54400]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc.Contents of the 'Scheduled Tasks' folder.2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 17:32].2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 03:08].2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 03:08].2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2550544784-621779235-3328205503-1000Core.job- c:\users\PB HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 15:19].2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2550544784-621779235-3328205503-1000UA.job- c:\users\PB HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 15:19].2013-02-08 c:\windows\Tasks\HPCeeScheduleForPB HP.job- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-13 37888]"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-13 1425408]"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-12-21 6326448].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105Trusted Zone: intuit.com\ttlcTCP: DhcpNameServer = 192.168.2.1.- - - - ORPHANS REMOVED - - - -.Wow6432Node-HKLM-Run-<NO NAME> - (no file)HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexecAddRemove-Coupon Printer for Windows5.0.0.2 - c:\program files (x86)\Coupons\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exec:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe.**************************************************************************.Completion time: 2013-02-11 09:51:31 - machine was rebootedComboFix-quarantined-files.txt 2013-02-11 14:51.Pre-Run: 1,874,849,112,064 bytes freePost-Run: 1,876,513,734,656 bytes free.- - End Of File - - 65740D71B48F651315CDBD7519179150 Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 11, 2013 ID:646116 Share Posted February 11, 2013 OK, very good.I want to re-remind you that ESET Internet Security is an excellent product. You do NOT need, nor should you have AVAST installed, even if you have it disabled.It is not needed, and at some point will cause a conflict.Uninstall it and then restart the system fresh.Do these next: Step 1Download TFC by OldTimer to your desktop Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).It will close all programs when run, so make sure you have saved all your work before you begin.Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.IF prompted to Reboot, reply "Yes".Step 2Download Dr.Web CureIt to the desktop. The download is nearly 104.6 MB in sizeTurn OFF your antivirus program.How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware ProgramsTurn off any other add-on security app {if you have them} like MBAM File System Protection.If this system is Windows 8/7 or VISTA, then Right-click on drweb-cureit.exe and select Run as Administrator.Otherwise, on Windows XP, doubleclick on drweb-cureit.exe file to start the tool.You will see a screen similar to this:Click the checkbox to participate, and then click on Continue button.NextClick on Select onjects for scanningNextPut a checkmark by clicking on the boxes as shown.Do not select Temporary files or System Restore points.Then click on Start scanning buttonThe scan in progress will be shown like thisIF something is detected, you will see a screen similar to thisFor each item "detected", click on the Action column down arrow, like thisYour options will be Cure or IgnoreIF you see an item that you are very sure is ok, then un-check the checkbox for that item.Typically, you will keep the Cute default.Then click on the Neutralize button.When the actions are completed, you will see thisClick on the green Open Report line. It will pop-up the report in NOTEPAD.Save the report to your desktop. The report will be called Cureit.logWhile in NOTEPAD, do a CTRL+A to Copy all to clipboard.You should be able to get back to your forum topic, start a new reply,click 1 time in the boxand do a CTRL+V (Paste}into reply.Close Dr.Web Cureit. Reboot your computer to allow files that were in use to be moved/deleted during reboot. After reboot, post the contents of the log from Cureit.log you saved previously in your next reply. ONLY if the log is too large, then you may "attach" it. Re-Enable your antivirus program when all done. Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646144 Share Posted February 11, 2013 Maurice,I removed the Avast application from the PC system. I then downloaded Drwebcureit. I turned off the antivirus app's malwarebytes and ESET and then ran the application as an administrator. It completed and reported no objects found. I didn't download the log file... thinking it was not needed since there were no reported objects. Nor did I do a reboot. Let me know if I missed executing correctly.Patrick Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 11, 2013 ID:646162 Share Posted February 11, 2013 If Dr Web Cure-It found nothing, then I am pleased. I need for you to do a new run with SecurityCheck.exe which should be on your Desktop.Run it, then Copy paste the latest Checkup.txt for review.I think we can wrap this up on the next pass. Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646164 Share Posted February 11, 2013 Maurice,Don't know if you know the song but it goes something like, "What a long strange trip it's been" Keep Trucking On. I ran security check and will post the log following this. I can't tell you how much the help you given me to clean this machine up except to say it is much appreciated. I have another question for you about this. There is another user account on the machine that I did not place there. The user name is gibberish. "tnbwksmhlko" I removed it once a week or so again but i has reappeared. I am going to remove it and reboot after I post here. Is that something I should be concerned about?Patrick Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646165 Share Posted February 11, 2013 Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET Smart Security 6.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 Adobe Reader XI Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe MediaMall MediaMallServer.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
stpatrick Posted February 11, 2013 Author ID:646168 Share Posted February 11, 2013 Maurice,I just removed the rogue account, then rebooted the system. The only user account now came up as mine. Link to post Share on other sites More sharing options...
Maurice Naggar Posted February 11, 2013 ID:646220 Share Posted February 11, 2013 IF the "rogue account" shows up again, yes, you need to be concerned. IF it shows in the next day or two, make a new post back here.For now, with the good report from Security Check, plus Dr Web, MBAM, etc .....we can proceed to cleanup the tools we used.If you have a problem with these steps, or something does not quite work here, do let me know.The following few steps will remove tools we used. Advise me after you have completed the cleanups.We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ), put that name in the RUN box stated just below. The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.Note the space before the slash mark.The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.Highlight the line in this CODEBOX.Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)c:\users\PB HP\Desktop\ComboFix.exe /uninstall Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.Then tap EnterIF in the case Combofix un-install has an issue, skip that step.NEXTDownload OTC to your desktop and run itClick Yes to beginning the Cleanup process and remove these components, including this application.You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.ERUNT you should keep and use periodically to backup Windows registry.Delete the following if still present:Tdsskiller.exeRoguekiller.exeadwcleaner.exeJrt.exeDr Web Cure-ItSecuritycheck.exeSafer practices & malware preventionHave a hardware router between the incoming internet-modem and your computer.Use a Standard user account rather than an administrator-rights account when "surfing" the web. Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.Check in at Windows Update and install any Important Updates offered.Make certain that Automatic Updates is enabled.How to configure and use Automatic Updates in Windowshttp://support.microsoft.com/kb/306525Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.See How to detect vulnerable and out-dated programs using Secunia Personal Software InspectorDownload, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and MalwareI'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm That would help to keep your browser away from known spyware/malware sites. Make regular backups of your system to removable media: DVD, USB external hard drive, etc.Having a total image backup of your system stored on DVD/CD is highly important.Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.aspor Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.htmlConsider using Web of Trust WOT add-on for your browser(s)http://www.mywot.com/en/downloadhttp://www.mywot.com/en/faq/add-onTake extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}Don't plug in an unknown flash/thumb drive into your PC.IF you must do so, hold down the SHIFT-key when you insert the drive.Scan any file with your Antivirus prior to opening or using.On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:ESET Online ScannerBitDefender Quickscan Trend Micro HousecallF-Secure Online ScannerMicrosoft Safety ScannerPanda ActiveScanSee Six tips to help you stay safer online Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe ! Link to post Share on other sites More sharing options...
Recommended Posts