Jump to content

IP blocking on outgoing ports problem - Moldova


Recommended Posts

I have been getting block warnings popping up listing an ip attack from within the Chrome browser. These happen episodically either for a few days at a time followed by weeks of no activity then recurring. They also happen on different ports.

I run scans but each time I do the results report no objects found.

I am concerned that my machine might be infected. Please tell me what you find in the attached reports.

Attach.txt

DDS.txt

Link to post
Share on other sites

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

I will ask that you make separate new replies & Copy & Paste contents of DDS.txt + Attach.txt

Edited by Maurice Naggar
Link to post
Share on other sites

Maurice,

Hi.. I went to eset.com and ran the test. However after running it, I was unable to locate the log file at C:\Program Files\EsetOnlineScanner\log.txt. I then downloaded a trial version of ESET smart security and ran a scan with it. It reports it detected no objects or threats in the scan status display in the application.

However installing it immediately generated a pop up window identifying a covert channel exploit in ICMP packet. That kept adding new events until I disabled the notification as the documentation stated I could. In the eset application window there is a scan logs button but clicking it produces no result. I assume it is not available in the trial version however documentation with the download does not state this. I reran the eset scan a second time with the same result.

Next I ran the securitycheck.exe file you provided me. The checkup.txt file follows here.

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

ESET Smart Security 6.0

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 7 Update 9

Java version out of Date!

Adobe Reader XI

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

MediaMall MediaMallServer.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Please let me know if this helps.

Patrick

Link to post
Share on other sites

Attach.txt file follows here.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 7/11/2012 10:58:19 AM

System Uptime: 1/29/2013 3:17:12 PM (2 hours ago)

.

Motherboard: MSI | | 2AE0

Processor: AMD A10-5700 APU with Radeon HD Graphics | P0 | 3400/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1846 GiB total, 1748.298 GiB free.

D: is FIXED (NTFS) - 17 GiB total, 2.072 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet 4500 G510n-z

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet 4500 G510n-z

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP85: 1/10/2013 3:00:29 AM - Windows Update

RP86: 1/15/2013 9:34:34 AM - Windows Update

RP87: 1/18/2013 6:00:11 PM - Windows Update

RP88: 1/22/2013 12:55:56 PM - Windows Update

RP89: 1/29/2013 6:45:47 AM - Windows Update

.

==== Installed Programs ======================

.

4500_G510nz_Help

4500G510nz

4500G510nz_Software_Min

64 Bit HP CIO Components Installer

802.11n Wireless LAN Card

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 9

Adobe Photoshop.com Inspiration Browser

Adobe Reader XI

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Media Foundation Decoders

AMD Steady Video Plug-In

AMD VISION Engine Control Center

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 3

Belkin Setup and Router Monitor

Belkin USB Print and Storage Center

Blackhawk Striker 2

Blio

Bonjour

BufferChm

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chuzzle Deluxe

Cradle of Rome 2

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DirectX for Managed Code Update (Summer 2004)

DocMgr

DocProc

Dora's World Adventure

Elements 9 Organizer

Elements STI Installer

Facebook

Farm Frenzy

Farmscapes

FATE

Fax

Final Drive Fury

Google Chrome

Google Drive

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.2.0

Hoyle Card Games

HP Application Assistant

HP Auto

HP Calendar

HP Client Services

HP Clock

HP Customer Experience Enhancements

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Games

HP Imaging Device Functions 13.0

HP LinkUp

HP Magic Canvas

HP Magic Canvas Tutorials

HP Notes

HP Odometer

HP Officejet 4500 G510n-z

HP RSS

HP Setup

HP Setup Manager

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Support Assistant

HP Support Information

HP TouchSmart Background - Beats

HP TouchSmart RecipeBox

HP Update

HP Vision Hardware Diagnostics

HP Weather

HPProductAssistant

HPSSupply

iCloud

IDT Audio

Internet Explorer (Enable DEP)

iTunes

Java 7 Update 9

Java Auto Updater

Jewel Match 3

Jewel Quest Mysteries: The Seventh Gate Collector's Edition

John Deere Drive Green

Junk Mail filter update

LabelPrint

Letters from Nowhere 2

Luxor HD

Mah Jong Medley

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Mesh Runtime

Metric Converter

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Mathematics

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_CRT_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

OCR Software by I.R.I.S. 13.0

opensource

PDF Complete Special Edition

Penguins!

Picasa 3

Plants vs. Zombies - Game of the Year

PlayOn

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Poker Superstars III

Polar Bowler

Polar Golfer

Power2Go

Quicken 2011

QuickTime

Recovery Manager

Remote Graphics Receiver

RollerCoaster Tycoon 3: Platinum

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

Spot

Status

Tap Tap Bear

The Treasures of Mystery Island: The Ghost Ship

Toolbox

Torchlight

TrayApp

TSHostedAppLauncher

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wnciper

TurboTax 2011 wrapper

TurboTax Audit Support Center 3.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update Installer for WildTangent Games App

Video Mover

Virtual Villagers 4 - The Tree of Life

VoiceZoneConnect

WebReg

WildTangent Games App (HP Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

Yahoo! Toolbar

Zuma's Revenge

.

==== Event Viewer Messages From Past Week ========

.

1/29/2013 3:18:38 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

1/27/2013 8:22:41 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{5D8C923F-02B3-4C23-8C34-A143B734903C} because another computer on the network has the same name. The server could not start.

.

==== End Of File ===========================

Link to post
Share on other sites

DDS.txt file follows here.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by PB HP at 17:24:57 on 2013-01-29

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.11703.8012 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\MediaMall\MediaMallServer.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\PDF Complete\pdfsvc.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\IDT\WDM\Beats64.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files\Belkin\Belkin USB Print and Storage Center\connect.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\dlnaPlugin.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\splwow64.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\PB HP\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mWinlogon: Userinit = userinit.exe

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [Google Update] "C:\Users\PB HP\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TCP: NameServer = 192.168.2.1

TCP: Interfaces\{5D8C923F-02B3-4C23-8C34-A143B734903C} : DHCPNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec /fu {F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} /qn

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -

x64-Run: [beatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {B34A07DD-C6F7-414A-AE63-01019482EAF0} - msiexec /fu {B34A07DD-C6F7-414A-AE63-01019482EAF0} /qn

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-5-4 82048]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-5-4 42624]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-8-16 55856]

R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-7-9 41704]

R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-4 235520]

R2 Belkin Local Backup Service;Belkin Local Backup Service;C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2012-12-28 181760]

R2 Belkin Network USB Helper;Belkin Network USB Helper;C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2012-12-28 55296]

R2 CalendarSynchService;CalendarSynchService;C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-8-16 16384]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-12 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-12 682344]

R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2012-8-20 3057528]

R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-5-4 1128952]

R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]

R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-5-4 102528]

R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-5-4 219776]

R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-5-4 104048]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-11 24176]

R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-5-4 1582144]

R3 sxuptp;SXUPTP Driver;C:\Windows\System32\drivers\sxuptp.sys [2012-12-28 291352]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-5-4 54400]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-18 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-01-29 11:46:07 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5C411D6-70C8-4474-82E6-FF7E33E4DC3B}\mpengine.dll

2013-01-25 03:23:02 -------- d-----w- C:\ProgramData\Affinegy

2013-01-03 03:18:50 -------- d-----w- C:\Users\PB HP\PIMVLibraries

2013-01-02 19:46:50 -------- d-----w- C:\Users\PB HP\AppData\Local\Programs

.

==================== Find3M ====================

.

2013-01-09 17:33:01 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-01-09 17:33:01 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys

2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe

2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll

2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll

2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll

2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll

2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll

2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll

2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll

2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll

2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

.

============= FINISH: 17:25:20.38 ===============

Link to post
Share on other sites

Older versions of Java pose a security risk. Uninstall Java 7 Update 9

And if you do not need Java for the programs that you use, keep Java off your system .

How to disable Java in various browsers : http://blog.eset.com...r-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

See also Corrine's Security Blog post http://securitygarde...cal-update.html

If you do need Java on your system, see Oracle releases new Java update to close security holes

Step 2

While we are working this case, to minize possible false positives, close & keep closed all instant messenger programs.

IF ESET Security is a "trial", are you saying that before this the system had no installed/active antivirus program?

It is a must to have an antivirus program that is installed, up-to-date & active :excl:

Do you intend to buy ESET ? {a excellent program by-the-way}

I have gone over your initial logs, and I did not see an installed antivirus. That is extremely ill-advised. Going without an antivirus is an open invitation for getting infected. In the modern world, every system must have an A-V.

If cost is an issue, I can recommend some alternative free ones.

Step 3

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 4

To show all files:

  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.

Step 5

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 6

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
    If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Step 7

  • Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
    >> from here <<
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
    For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on Scan button at upper right of screen.
  • Wait until the Status box shows "Scan Finished"
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 8

RE-Enable your antivirus program. :excl:

Then copy/paste the following into your post (in order):

  • the contents of C:\AdwCleaner[R1].txt;
  • the contents of TDSSKILLER log;
  • the contents of RKReport log;

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Maurice,

Once again.. thanks for your help. I have made changes as you suggested adding the ESET 6 program, uninstalling Java (7.13), installing erunt. Erunt failed to run generating consecutive error messages. I do not use IM programs on this machine at all. I was running avast but unistalled it whjen I installed malwarebytes.... my mistake.

My desktop does not have a computer icon.. I assume this drive c:, my primary hard drive. I will change the file settings there.

I did install the adw cleaner and ran it. It detected no registry problems. I ran the kapersky killer which detected no threats.

I installed rouge killer and it did detect two registry entries it flagged... see below for an excerpt from the log. I did click on any fix buttons

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

The three logs you requested follow this post. Please advise next steps...

Patrick

Link to post
Share on other sites

# AdwCleaner v2.111 - Logfile created 02/09/2013 at 06:53:55

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : PB HP - PBHP-HP

# Boot Mode : Normal

# Running from : C:\Users\PB HP\Downloads\adwcleaner (1).exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\PB HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1668 octets] - [09/02/2013 06:53:55]

########## EOF - C:\AdwCleaner[R1].txt - [1728 octets] ##########

Link to post
Share on other sites

07:33:31.0118 5912 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35

07:33:31.0593 5912 ============================================================

07:33:31.0593 5912 Current date / time: 2013/02/09 07:33:31.0593

07:33:31.0593 5912 SystemInfo:

07:33:31.0593 5912

07:33:31.0593 5912 OS Version: 6.1.7601 ServicePack: 1.0

07:33:31.0593 5912 Product type: Workstation

07:33:31.0593 5912 ComputerName: PBHP-HP

07:33:31.0593 5912 UserName: PB HP

07:33:31.0593 5912 Windows directory: C:\Windows

07:33:31.0593 5912 System windows directory: C:\Windows

07:33:31.0593 5912 Running under WOW64

07:33:31.0593 5912 Processor architecture: Intel x64

07:33:31.0593 5912 Number of processors: 4

07:33:31.0593 5912 Page size: 0x1000

07:33:31.0593 5912 Boot type: Normal boot

07:33:31.0593 5912 ============================================================

07:33:31.0941 5912 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:33:31.0962 5912 ============================================================

07:33:31.0962 5912 \Device\Harddisk0\DR0:

07:33:31.0962 5912 MBR partitions:

07:33:31.0962 5912 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

07:33:31.0962 5912 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE6CA7000

07:33:31.0962 5912 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xE6CD9800, BlocksNum 0x212E800

07:33:31.0962 5912 ============================================================

07:33:31.0982 5912 C: <-> \Device\Harddisk0\DR0\Partition2

07:33:32.0029 5912 D: <-> \Device\Harddisk0\DR0\Partition3

07:33:32.0029 5912 ============================================================

07:33:32.0029 5912 Initialize success

07:33:32.0029 5912 ============================================================

07:33:33.0304 4840 ============================================================

07:33:33.0304 4840 Scan started

07:33:33.0304 4840 Mode: Manual;

07:33:33.0304 4840 ============================================================

07:33:33.0536 4840 ================ Scan system memory ========================

07:33:33.0536 4840 System memory - ok

07:33:33.0536 4840 ================ Scan services =============================

07:33:33.0671 4840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

07:33:33.0678 4840 1394ohci - ok

07:33:33.0716 4840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

07:33:33.0719 4840 ACPI - ok

07:33:33.0750 4840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

07:33:33.0751 4840 AcpiPmi - ok

07:33:33.0839 4840 [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe

07:33:33.0840 4840 AdobeActiveFileMonitor9.0 - ok

07:33:33.0917 4840 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

07:33:33.0919 4840 AdobeARMservice - ok

07:33:34.0024 4840 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

07:33:34.0028 4840 AdobeFlashPlayerUpdateSvc - ok

07:33:34.0059 4840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

07:33:34.0064 4840 adp94xx - ok

07:33:34.0085 4840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

07:33:34.0088 4840 adpahci - ok

07:33:34.0104 4840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

07:33:34.0105 4840 adpu320 - ok

07:33:34.0127 4840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

07:33:34.0129 4840 AeLookupSvc - ok

07:33:34.0166 4840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

07:33:34.0170 4840 AFD - ok

07:33:34.0218 4840 [ 91B76D91C781E9DD49D9D03A2AB3E8C3 ] AffinegyService C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

07:33:34.0222 4840 AffinegyService - ok

07:33:34.0239 4840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

07:33:34.0239 4840 agp440 - ok

07:33:34.0251 4840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

07:33:34.0252 4840 ALG - ok

07:33:34.0262 4840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

07:33:34.0263 4840 aliide - ok

07:33:34.0288 4840 [ BA7DEAEF1066F1FD31FD1D719FC98204 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

07:33:34.0289 4840 AMD External Events Utility - ok

07:33:34.0311 4840 [ 2EF1BA6D5DC79FCE5E9216C8C2D3F193 ] amdhub30 C:\Windows\system32\drivers\amdhub30.sys

07:33:34.0312 4840 amdhub30 - ok

07:33:34.0331 4840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

07:33:34.0331 4840 amdide - ok

07:33:34.0353 4840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

07:33:34.0354 4840 AmdK8 - ok

07:33:34.0489 4840 [ 0DB247E7D8EE52176E4FCCF00911608D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

07:33:34.0543 4840 amdkmdag - ok

07:33:34.0559 4840 [ FC57F1D151DA79BABD7E790E621BA525 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

07:33:34.0562 4840 amdkmdap - ok

07:33:34.0581 4840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

07:33:34.0582 4840 AmdPPM - ok

07:33:34.0606 4840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

07:33:34.0607 4840 amdsata - ok

07:33:34.0620 4840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

07:33:34.0621 4840 amdsbs - ok

07:33:34.0644 4840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

07:33:34.0645 4840 amdxata - ok

07:33:34.0665 4840 [ 541A6C49C792ED71FB3EFF8C815CFE60 ] amdxhc C:\Windows\system32\drivers\amdxhc.sys

07:33:34.0666 4840 amdxhc - ok

07:33:34.0676 4840 [ A1434F35B7B171CB697D74D33F7D029F ] amd_sata C:\Windows\system32\drivers\amd_sata.sys

07:33:34.0677 4840 amd_sata - ok

07:33:34.0691 4840 [ E9B5A82FA268BB2D1B012030D5F4E096 ] amd_xata C:\Windows\system32\drivers\amd_xata.sys

07:33:34.0691 4840 amd_xata - ok

07:33:34.0716 4840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

07:33:34.0718 4840 AppID - ok

07:33:34.0734 4840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

07:33:34.0735 4840 AppIDSvc - ok

07:33:34.0748 4840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

07:33:34.0749 4840 Appinfo - ok

07:33:34.0809 4840 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:33:34.0811 4840 Apple Mobile Device - ok

07:33:34.0822 4840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

07:33:34.0824 4840 arc - ok

07:33:34.0842 4840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

07:33:34.0844 4840 arcsas - ok

07:33:34.0899 4840 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

07:33:34.0901 4840 aspnet_state - ok

07:33:34.0936 4840 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys

07:33:34.0938 4840 aswMonFlt - ok

07:33:34.0960 4840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

07:33:34.0962 4840 AsyncMac - ok

07:33:34.0987 4840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

07:33:34.0988 4840 atapi - ok

07:33:35.0009 4840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

07:33:35.0015 4840 AudioEndpointBuilder - ok

07:33:35.0025 4840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

07:33:35.0028 4840 AudioSrv - ok

07:33:35.0093 4840 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe

07:33:35.0094 4840 avast! Antivirus - ok

07:33:35.0119 4840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

07:33:35.0123 4840 AxInstSV - ok

07:33:35.0161 4840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

07:33:35.0168 4840 b06bdrv - ok

07:33:35.0186 4840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

07:33:35.0190 4840 b57nd60a - ok

07:33:35.0217 4840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

07:33:35.0220 4840 BDESVC - ok

07:33:35.0229 4840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

07:33:35.0231 4840 Beep - ok

07:33:35.0256 4840 [ 299E54DB3638A18E47BD3A2D2EF499F7 ] Belkin Local Backup Service C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe

07:33:35.0259 4840 Belkin Local Backup Service - ok

07:33:35.0273 4840 [ E62A04D615A8CAC83601E1F07C010D3C ] Belkin Network USB Helper C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe

07:33:35.0274 4840 Belkin Network USB Helper - ok

07:33:35.0307 4840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

07:33:35.0311 4840 BFE - ok

07:33:35.0342 4840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

07:33:35.0347 4840 BITS - ok

07:33:35.0361 4840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys

07:33:35.0362 4840 blbdrive - ok

07:33:35.0389 4840 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

07:33:35.0392 4840 Bonjour Service - ok

07:33:35.0432 4840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

07:33:35.0433 4840 bowser - ok

07:33:35.0462 4840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

07:33:35.0462 4840 BrFiltLo - ok

07:33:35.0475 4840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

07:33:35.0476 4840 BrFiltUp - ok

07:33:35.0514 4840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

07:33:35.0517 4840 Browser - ok

07:33:35.0543 4840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

07:33:35.0545 4840 Brserid - ok

07:33:35.0557 4840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

07:33:35.0557 4840 BrSerWdm - ok

07:33:35.0568 4840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

07:33:35.0568 4840 BrUsbMdm - ok

07:33:35.0580 4840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

07:33:35.0580 4840 BrUsbSer - ok

07:33:35.0594 4840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

07:33:35.0595 4840 BTHMODEM - ok

07:33:35.0618 4840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

07:33:35.0619 4840 bthserv - ok

07:33:35.0680 4840 [ A3AD13CA2747953DDD4C9AE4FB925BEC ] CalendarSynchService C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

07:33:35.0681 4840 CalendarSynchService - ok

07:33:35.0695 4840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

07:33:35.0697 4840 cdfs - ok

07:33:35.0716 4840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

07:33:35.0719 4840 cdrom - ok

07:33:35.0728 4840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

07:33:35.0731 4840 CertPropSvc - ok

07:33:35.0753 4840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

07:33:35.0754 4840 circlass - ok

07:33:35.0772 4840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

07:33:35.0775 4840 CLFS - ok

07:33:35.0806 4840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:33:35.0807 4840 clr_optimization_v2.0.50727_32 - ok

07:33:35.0835 4840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

07:33:35.0836 4840 clr_optimization_v2.0.50727_64 - ok

07:33:35.0886 4840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:33:35.0887 4840 clr_optimization_v4.0.30319_32 - ok

07:33:35.0897 4840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

07:33:35.0899 4840 clr_optimization_v4.0.30319_64 - ok

07:33:35.0912 4840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

07:33:35.0913 4840 CmBatt - ok

07:33:35.0938 4840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

07:33:35.0938 4840 cmdide - ok

07:33:35.0957 4840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

07:33:35.0961 4840 CNG - ok

07:33:35.0974 4840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

07:33:35.0975 4840 Compbatt - ok

07:33:35.0997 4840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

07:33:35.0997 4840 CompositeBus - ok

07:33:36.0005 4840 COMSysApp - ok

07:33:36.0025 4840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

07:33:36.0026 4840 crcdisk - ok

07:33:36.0055 4840 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

07:33:36.0057 4840 CryptSvc - ok

07:33:36.0084 4840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

07:33:36.0087 4840 DcomLaunch - ok

07:33:36.0111 4840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

07:33:36.0113 4840 defragsvc - ok

07:33:36.0119 4840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

07:33:36.0120 4840 DfsC - ok

07:33:36.0129 4840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

07:33:36.0132 4840 Dhcp - ok

07:33:36.0142 4840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

07:33:36.0143 4840 discache - ok

07:33:36.0147 4840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

07:33:36.0148 4840 Disk - ok

07:33:36.0161 4840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

07:33:36.0163 4840 Dnscache - ok

07:33:36.0176 4840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

07:33:36.0178 4840 dot3svc - ok

07:33:36.0186 4840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

07:33:36.0188 4840 DPS - ok

07:33:36.0207 4840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

07:33:36.0208 4840 drmkaud - ok

07:33:36.0234 4840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

07:33:36.0240 4840 DXGKrnl - ok

07:33:36.0278 4840 [ 78A3903702B7535154F56685CA1517D4 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys

07:33:36.0279 4840 eamonm - ok

07:33:36.0290 4840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

07:33:36.0292 4840 EapHost - ok

07:33:36.0341 4840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

07:33:36.0357 4840 ebdrv - ok

07:33:36.0382 4840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

07:33:36.0383 4840 EFS - ok

07:33:36.0415 4840 [ 9E39134330C18CBAC0F24C1283701D7E ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys

07:33:36.0416 4840 ehdrv - ok

07:33:36.0461 4840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

07:33:36.0465 4840 ehRecvr - ok

07:33:36.0473 4840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

07:33:36.0474 4840 ehSched - ok

07:33:36.0540 4840 [ 501C1787CA4FAC7F6E9F585E96EB2FAC ] ekrn C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

07:33:36.0555 4840 ekrn - ok

07:33:36.0579 4840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

07:33:36.0583 4840 elxstor - ok

07:33:36.0597 4840 [ 392EC4EA0C265F5BC50D057BEAA593CD ] epfw C:\Windows\system32\DRIVERS\epfw.sys

07:33:36.0599 4840 epfw - ok

07:33:36.0611 4840 [ 0C9EC63C5BAE9506161F14B8A5C10280 ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys

07:33:36.0612 4840 EpfwLWF - ok

07:33:36.0624 4840 [ 1EBAB3F7C53C13C7601D931ACDED544E ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys

07:33:36.0625 4840 epfwwfp - ok

07:33:36.0634 4840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

07:33:36.0635 4840 ErrDev - ok

07:33:36.0657 4840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

07:33:36.0661 4840 EventSystem - ok

07:33:36.0680 4840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

07:33:36.0682 4840 exfat - ok

07:33:36.0698 4840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

07:33:36.0705 4840 fastfat - ok

07:33:36.0737 4840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

07:33:36.0743 4840 Fax - ok

07:33:36.0757 4840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

07:33:36.0758 4840 fdc - ok

07:33:36.0770 4840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

07:33:36.0771 4840 fdPHost - ok

07:33:36.0776 4840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

07:33:36.0777 4840 FDResPub - ok

07:33:36.0787 4840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

07:33:36.0788 4840 FileInfo - ok

07:33:36.0798 4840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

07:33:36.0799 4840 Filetrace - ok

07:33:36.0811 4840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

07:33:36.0811 4840 flpydisk - ok

07:33:36.0830 4840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

07:33:36.0832 4840 FltMgr - ok

07:33:36.0854 4840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

07:33:36.0861 4840 FontCache - ok

07:33:36.0899 4840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

07:33:36.0900 4840 FontCache3.0.0.0 - ok

07:33:36.0911 4840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

07:33:36.0912 4840 FsDepends - ok

07:33:36.0933 4840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

07:33:36.0934 4840 Fs_Rec - ok

07:33:36.0947 4840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

07:33:36.0949 4840 fvevol - ok

07:33:36.0966 4840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

07:33:36.0967 4840 gagp30kx - ok

07:33:37.0002 4840 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

07:33:37.0004 4840 GamesAppService - ok

07:33:37.0027 4840 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

07:33:37.0028 4840 GEARAspiWDM - ok

07:33:37.0042 4840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

07:33:37.0046 4840 gpsvc - ok

07:33:37.0098 4840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:33:37.0101 4840 gupdate - ok

07:33:37.0107 4840 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:33:37.0109 4840 gupdatem - ok

07:33:37.0141 4840 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

07:33:37.0144 4840 gusvc - ok

07:33:37.0156 4840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

07:33:37.0157 4840 hcw85cir - ok

07:33:37.0188 4840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

07:33:37.0193 4840 HdAudAddService - ok

07:33:37.0223 4840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

07:33:37.0226 4840 HDAudBus - ok

07:33:37.0242 4840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

07:33:37.0244 4840 HidBatt - ok

07:33:37.0259 4840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

07:33:37.0261 4840 HidBth - ok

07:33:37.0275 4840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

07:33:37.0276 4840 HidIr - ok

07:33:37.0285 4840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

07:33:37.0287 4840 hidserv - ok

07:33:37.0303 4840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

07:33:37.0304 4840 HidUsb - ok

07:33:37.0320 4840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

07:33:37.0323 4840 hkmsvc - ok

07:33:37.0334 4840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

07:33:37.0337 4840 HomeGroupListener - ok

07:33:37.0361 4840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

07:33:37.0365 4840 HomeGroupProvider - ok

07:33:37.0391 4840 [ 13BB1114451C63BFB41BA7DAA4D70A29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

07:33:37.0392 4840 HP Support Assistant Service - ok

07:33:37.0435 4840 [ 6A181452D4E240B8ECC7614B9A19BDE9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

07:33:37.0438 4840 HPClientSvc - ok

07:33:37.0458 4840 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

07:33:37.0459 4840 HPDrvMntSvc.exe - ok

07:33:37.0546 4840 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

07:33:37.0548 4840 hpqcxs08 - ok

07:33:37.0565 4840 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

07:33:37.0566 4840 hpqddsvc - ok

07:33:37.0583 4840 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

07:33:37.0587 4840 hpqwmiex - ok

07:33:37.0600 4840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

07:33:37.0601 4840 HpSAMD - ok

07:33:37.0624 4840 [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

07:33:37.0629 4840 HPSLPSVC - ok

07:33:37.0657 4840 [ BBC89DA4065BDCE34257BE95B2F636EE ] HssDRV6 C:\Windows\system32\DRIVERS\hssdrv6.sys

07:33:37.0658 4840 HssDRV6 - ok

07:33:37.0682 4840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

07:33:37.0693 4840 HTTP - ok

07:33:37.0700 4840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

07:33:37.0701 4840 hwpolicy - ok

07:33:37.0714 4840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

07:33:37.0715 4840 i8042prt - ok

07:33:37.0736 4840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

07:33:37.0739 4840 iaStorV - ok

07:33:37.0794 4840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

07:33:37.0806 4840 idsvc - ok

07:33:37.0917 4840 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

07:33:37.0951 4840 igfx - ok

07:33:37.0967 4840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

07:33:37.0968 4840 iirsp - ok

07:33:37.0993 4840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

07:33:37.0998 4840 IKEEXT - ok

07:33:38.0016 4840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

07:33:38.0017 4840 intelide - ok

07:33:38.0028 4840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys

07:33:38.0029 4840 intelppm - ok

07:33:38.0110 4840 [ 1663A135865F0BA6E853353E98E67F2A ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

07:33:38.0111 4840 IntuitUpdateServiceV4 - ok

07:33:38.0127 4840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

07:33:38.0131 4840 IPBusEnum - ok

07:33:38.0147 4840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:33:38.0150 4840 IpFilterDriver - ok

07:33:38.0184 4840 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

07:33:38.0194 4840 iphlpsvc - ok

07:33:38.0219 4840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

07:33:38.0220 4840 IPMIDRV - ok

07:33:38.0231 4840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

07:33:38.0235 4840 IPNAT - ok

07:33:38.0289 4840 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

07:33:38.0297 4840 iPod Service - ok

07:33:38.0312 4840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

07:33:38.0314 4840 IRENUM - ok

07:33:38.0340 4840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

07:33:38.0340 4840 isapnp - ok

07:33:38.0345 4840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

07:33:38.0347 4840 iScsiPrt - ok

07:33:38.0362 4840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

07:33:38.0362 4840 kbdclass - ok

07:33:38.0368 4840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

07:33:38.0369 4840 kbdhid - ok

07:33:38.0381 4840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

07:33:38.0383 4840 KeyIso - ok

07:33:38.0400 4840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

07:33:38.0402 4840 KSecDD - ok

07:33:38.0409 4840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

07:33:38.0411 4840 KSecPkg - ok

07:33:38.0417 4840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

07:33:38.0418 4840 ksthunk - ok

07:33:38.0442 4840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

07:33:38.0445 4840 KtmRm - ok

07:33:38.0462 4840 [ BD56BAE4403497E31727096CEBC42956 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys

07:33:38.0463 4840 L1C - ok

07:33:38.0488 4840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

07:33:38.0491 4840 LanmanServer - ok

07:33:38.0504 4840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

07:33:38.0506 4840 LanmanWorkstation - ok

07:33:38.0521 4840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

07:33:38.0523 4840 lltdio - ok

07:33:38.0536 4840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

07:33:38.0539 4840 lltdsvc - ok

07:33:38.0546 4840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

07:33:38.0547 4840 lmhosts - ok

07:33:38.0571 4840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

07:33:38.0572 4840 LSI_FC - ok

07:33:38.0585 4840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

07:33:38.0586 4840 LSI_SAS - ok

07:33:38.0599 4840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

07:33:38.0600 4840 LSI_SAS2 - ok

07:33:38.0611 4840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

07:33:38.0612 4840 LSI_SCSI - ok

07:33:38.0625 4840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

07:33:38.0627 4840 luafv - ok

07:33:38.0732 4840 [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys

07:33:38.0761 4840 LVUVC64 - ok

07:33:38.0793 4840 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

07:33:38.0794 4840 MBAMProtector - ok

07:33:38.0836 4840 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

07:33:38.0841 4840 MBAMScheduler - ok

07:33:38.0866 4840 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

07:33:38.0874 4840 MBAMService - ok

07:33:38.0892 4840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

07:33:38.0895 4840 Mcx2Svc - ok

07:33:38.0955 4840 [ 165C8881EFC3AE4EA01CCCE7735BE68E ] MediaMall Server C:\Program Files (x86)\MediaMall\MediaMallServer.exe

07:33:38.0973 4840 MediaMall Server - ok

07:33:38.0988 4840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

07:33:38.0989 4840 megasas - ok

07:33:39.0013 4840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

07:33:39.0018 4840 MegaSR - ok

07:33:39.0044 4840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

07:33:39.0048 4840 MMCSS - ok

07:33:39.0060 4840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

07:33:39.0063 4840 Modem - ok

07:33:39.0080 4840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

07:33:39.0081 4840 monitor - ok

07:33:39.0094 4840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

07:33:39.0095 4840 mouclass - ok

07:33:39.0106 4840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

07:33:39.0107 4840 mouhid - ok

07:33:39.0118 4840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

07:33:39.0120 4840 mountmgr - ok

07:33:39.0137 4840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

07:33:39.0139 4840 mpio - ok

07:33:39.0149 4840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

07:33:39.0150 4840 mpsdrv - ok

07:33:39.0186 4840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

07:33:39.0191 4840 MpsSvc - ok

07:33:39.0203 4840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

07:33:39.0205 4840 MRxDAV - ok

07:33:39.0226 4840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

07:33:39.0227 4840 mrxsmb - ok

07:33:39.0240 4840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:33:39.0242 4840 mrxsmb10 - ok

07:33:39.0253 4840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:33:39.0254 4840 mrxsmb20 - ok

07:33:39.0274 4840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

07:33:39.0274 4840 msahci - ok

07:33:39.0284 4840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

07:33:39.0285 4840 msdsm - ok

07:33:39.0297 4840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

07:33:39.0299 4840 MSDTC - ok

07:33:39.0311 4840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

07:33:39.0312 4840 Msfs - ok

07:33:39.0319 4840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

07:33:39.0320 4840 mshidkmdf - ok

07:33:39.0330 4840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

07:33:39.0331 4840 msisadrv - ok

07:33:39.0354 4840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

07:33:39.0356 4840 MSiSCSI - ok

07:33:39.0359 4840 msiserver - ok

07:33:39.0370 4840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

07:33:39.0371 4840 MSKSSRV - ok

07:33:39.0389 4840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

07:33:39.0390 4840 MSPCLOCK - ok

07:33:39.0395 4840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

07:33:39.0396 4840 MSPQM - ok

07:33:39.0407 4840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

07:33:39.0410 4840 MsRPC - ok

07:33:39.0417 4840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

07:33:39.0418 4840 mssmbios - ok

07:33:39.0425 4840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

07:33:39.0428 4840 MSTEE - ok

07:33:39.0488 4840 [ C83829C280F0207677B7AAA151EF9C4D ] msvad_simple C:\Windows\system32\drivers\povrtdev.sys

07:33:39.0489 4840 msvad_simple - ok

07:33:39.0508 4840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

07:33:39.0509 4840 MTConfig - ok

07:33:39.0528 4840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

07:33:39.0531 4840 Mup - ok

07:33:39.0558 4840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

07:33:39.0567 4840 napagent - ok

07:33:39.0587 4840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

07:33:39.0590 4840 NativeWifiP - ok

07:33:39.0633 4840 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

07:33:39.0640 4840 NDIS - ok

07:33:39.0658 4840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

07:33:39.0660 4840 NdisCap - ok

07:33:39.0669 4840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

07:33:39.0670 4840 NdisTapi - ok

07:33:39.0683 4840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

07:33:39.0684 4840 Ndisuio - ok

07:33:39.0688 4840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

07:33:39.0690 4840 NdisWan - ok

07:33:39.0696 4840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

07:33:39.0697 4840 NDProxy - ok

07:33:39.0728 4840 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

07:33:39.0729 4840 Net Driver HPZ12 - ok

07:33:39.0741 4840 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys

07:33:39.0742 4840 Netaapl - ok

07:33:39.0752 4840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

07:33:39.0753 4840 NetBIOS - ok

07:33:39.0766 4840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

07:33:39.0768 4840 NetBT - ok

07:33:39.0772 4840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

07:33:39.0773 4840 Netlogon - ok

07:33:39.0790 4840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

07:33:39.0794 4840 Netman - ok

07:33:39.0813 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:33:39.0814 4840 NetMsmqActivator - ok

07:33:39.0817 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:33:39.0818 4840 NetPipeActivator - ok

07:33:39.0831 4840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

07:33:39.0834 4840 netprofm - ok

07:33:39.0862 4840 [ 570813483F26B5C8D984BCA5BB70B50D ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys

07:33:39.0870 4840 netr28x - ok

07:33:39.0874 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:33:39.0875 4840 NetTcpActivator - ok

07:33:39.0878 4840 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:33:39.0879 4840 NetTcpPortSharing - ok

07:33:39.0893 4840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

07:33:39.0894 4840 nfrd960 - ok

07:33:39.0911 4840 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

07:33:39.0914 4840 NlaSvc - ok

07:33:39.0923 4840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

07:33:39.0924 4840 Npfs - ok

07:33:39.0931 4840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

07:33:39.0933 4840 nsi - ok

07:33:39.0938 4840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

07:33:39.0938 4840 nsiproxy - ok

07:33:39.0995 4840 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

07:33:40.0011 4840 Ntfs - ok

07:33:40.0016 4840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

07:33:40.0017 4840 Null - ok

07:33:40.0031 4840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

07:33:40.0033 4840 nvraid - ok

07:33:40.0060 4840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

07:33:40.0062 4840 nvstor - ok

07:33:40.0091 4840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

07:33:40.0093 4840 nv_agp - ok

07:33:40.0102 4840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

07:33:40.0104 4840 ohci1394 - ok

07:33:40.0139 4840 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:33:40.0141 4840 ose - ok

07:33:40.0250 4840 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

07:33:40.0278 4840 osppsvc - ok

07:33:40.0293 4840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

07:33:40.0296 4840 p2pimsvc - ok

07:33:40.0315 4840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

07:33:40.0318 4840 p2psvc - ok

07:33:40.0344 4840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

07:33:40.0345 4840 Parport - ok

07:33:40.0361 4840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

07:33:40.0362 4840 partmgr - ok

07:33:40.0375 4840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

07:33:40.0378 4840 PcaSvc - ok

07:33:40.0389 4840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

07:33:40.0390 4840 pci - ok

07:33:40.0404 4840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

07:33:40.0405 4840 pciide - ok

07:33:40.0418 4840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

07:33:40.0419 4840 pcmcia - ok

07:33:40.0433 4840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

07:33:40.0434 4840 pcw - ok

07:33:40.0453 4840 pdfcDispatcher - ok

07:33:40.0470 4840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

07:33:40.0474 4840 PEAUTH - ok

07:33:40.0537 4840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

07:33:40.0540 4840 PerfHost - ok

07:33:40.0584 4840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

07:33:40.0597 4840 pla - ok

07:33:40.0638 4840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

07:33:40.0647 4840 PlugPlay - ok

07:33:40.0688 4840 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

07:33:40.0691 4840 Pml Driver HPZ12 - ok

07:33:40.0705 4840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

07:33:40.0709 4840 PNRPAutoReg - ok

07:33:40.0720 4840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

07:33:40.0725 4840 PNRPsvc - ok

07:33:40.0741 4840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

07:33:40.0746 4840 PolicyAgent - ok

07:33:40.0766 4840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

07:33:40.0769 4840 Power - ok

07:33:40.0779 4840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

07:33:40.0780 4840 PptpMiniport - ok

07:33:40.0794 4840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

07:33:40.0794 4840 Processor - ok

07:33:40.0826 4840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

07:33:40.0828 4840 ProfSvc - ok

07:33:40.0840 4840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

07:33:40.0842 4840 ProtectedStorage - ok

07:33:40.0856 4840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

07:33:40.0858 4840 Psched - ok

07:33:40.0878 4840 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys

07:33:40.0878 4840 PxHlpa64 - ok

07:33:40.0919 4840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

07:33:40.0935 4840 ql2300 - ok

07:33:40.0946 4840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

07:33:40.0948 4840 ql40xx - ok

07:33:40.0962 4840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

07:33:40.0964 4840 QWAVE - ok

07:33:40.0985 4840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

07:33:40.0986 4840 QWAVEdrv - ok

07:33:40.0994 4840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

07:33:40.0995 4840 RasAcd - ok

07:33:41.0007 4840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

07:33:41.0008 4840 RasAgileVpn - ok

07:33:41.0019 4840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

07:33:41.0021 4840 RasAuto - ok

07:33:41.0029 4840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

07:33:41.0030 4840 Rasl2tp - ok

07:33:41.0042 4840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

07:33:41.0045 4840 RasMan - ok

07:33:41.0057 4840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

07:33:41.0058 4840 RasPppoe - ok

07:33:41.0062 4840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

07:33:41.0064 4840 RasSstp - ok

07:33:41.0080 4840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

07:33:41.0082 4840 rdbss - ok

07:33:41.0091 4840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

07:33:41.0092 4840 rdpbus - ok

07:33:41.0104 4840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

07:33:41.0104 4840 RDPCDD - ok

07:33:41.0118 4840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

07:33:41.0119 4840 RDPENCDD - ok

07:33:41.0131 4840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

07:33:41.0132 4840 RDPREFMP - ok

07:33:41.0152 4840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

07:33:41.0153 4840 RDPWD - ok

07:33:41.0165 4840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

07:33:41.0166 4840 rdyboost - ok

07:33:41.0176 4840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

07:33:41.0178 4840 RemoteAccess - ok

07:33:41.0191 4840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

07:33:41.0194 4840 RemoteRegistry - ok

07:33:41.0203 4840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

07:33:41.0205 4840 RpcEptMapper - ok

07:33:41.0208 4840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

07:33:41.0210 4840 RpcLocator - ok

07:33:41.0225 4840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

07:33:41.0230 4840 RpcSs - ok

07:33:41.0238 4840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

07:33:41.0239 4840 rspndr - ok

07:33:41.0243 4840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

07:33:41.0244 4840 SamSs - ok

07:33:41.0255 4840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

07:33:41.0256 4840 sbp2port - ok

07:33:41.0269 4840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

07:33:41.0271 4840 SCardSvr - ok

07:33:41.0277 4840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

07:33:41.0278 4840 scfilter - ok

07:33:41.0298 4840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

07:33:41.0305 4840 Schedule - ok

07:33:41.0319 4840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

07:33:41.0320 4840 SCPolicySvc - ok

07:33:41.0333 4840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

07:33:41.0335 4840 SDRSVC - ok

07:33:41.0345 4840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

07:33:41.0346 4840 secdrv - ok

07:33:41.0349 4840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

07:33:41.0351 4840 seclogon - ok

07:33:41.0362 4840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

07:33:41.0365 4840 SENS - ok

07:33:41.0382 4840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

07:33:41.0384 4840 SensrSvc - ok

07:33:41.0400 4840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys

07:33:41.0400 4840 Serenum - ok

07:33:41.0411 4840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

07:33:41.0412 4840 Serial - ok

07:33:41.0425 4840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

07:33:41.0426 4840 sermouse - ok

07:33:41.0451 4840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

07:33:41.0453 4840 SessionEnv - ok

07:33:41.0469 4840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

07:33:41.0469 4840 sffdisk - ok

07:33:41.0483 4840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

07:33:41.0483 4840 sffp_mmc - ok

07:33:41.0494 4840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

07:33:41.0495 4840 sffp_sd - ok

07:33:41.0518 4840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

07:33:41.0518 4840 sfloppy - ok

07:33:41.0552 4840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

07:33:41.0559 4840 SharedAccess - ok

07:33:41.0590 4840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

07:33:41.0598 4840 ShellHWDetection - ok

07:33:41.0614 4840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

07:33:41.0615 4840 SiSRaid2 - ok

07:33:41.0635 4840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

07:33:41.0636 4840 SiSRaid4 - ok

07:33:41.0649 4840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

07:33:41.0651 4840 Smb - ok

07:33:41.0667 4840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

07:33:41.0669 4840 SNMPTRAP - ok

07:33:41.0681 4840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

07:33:41.0682 4840 spldr - ok

07:33:41.0713 4840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

07:33:41.0717 4840 Spooler - ok

07:33:41.0766 4840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

07:33:41.0784 4840 sppsvc - ok

07:33:41.0790 4840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

07:33:41.0791 4840 sppuinotify - ok

07:33:41.0810 4840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

07:33:41.0813 4840 srv - ok

07:33:41.0827 4840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

07:33:41.0830 4840 srv2 - ok

07:33:41.0838 4840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

07:33:41.0839 4840 srvnet - ok

07:33:41.0858 4840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

07:33:41.0860 4840 SSDPSRV - ok

07:33:41.0877 4840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

07:33:41.0879 4840 SstpSvc - ok

07:33:41.0932 4840 [ 4B1D0B5B6D043AAF45AE89EABAB7B865 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe

07:33:41.0933 4840 STacSV - ok

07:33:41.0947 4840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

07:33:41.0948 4840 stexstor - ok

07:33:41.0971 4840 [ 542BDF7E9256189ABBC68935FA8116A4 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

07:33:41.0974 4840 STHDA - ok

07:33:41.0999 4840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

07:33:42.0003 4840 stisvc - ok

07:33:42.0022 4840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

07:33:42.0023 4840 swenum - ok

07:33:42.0037 4840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

07:33:42.0041 4840 swprv - ok

07:33:42.0073 4840 [ 52EB25BD8AB4E331028C48B178441B36 ] sxuptp C:\Windows\system32\DRIVERS\sxuptp.sys

07:33:42.0075 4840 sxuptp - ok

07:33:42.0102 4840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

07:33:42.0112 4840 SysMain - ok

07:33:42.0120 4840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

07:33:42.0123 4840 TabletInputService - ok

07:33:42.0155 4840 [ B70DF208E97536CA9F29289E609F5B16 ] taphss C:\Windows\system32\DRIVERS\taphss.sys

07:33:42.0156 4840 taphss - ok

07:33:42.0173 4840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

07:33:42.0176 4840 TapiSrv - ok

07:33:42.0191 4840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

07:33:42.0193 4840 TBS - ok

07:33:42.0244 4840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

07:33:42.0253 4840 Tcpip - ok

07:33:42.0280 4840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

07:33:42.0290 4840 TCPIP6 - ok

07:33:42.0303 4840 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

07:33:42.0304 4840 tcpipreg - ok

07:33:42.0315 4840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

07:33:42.0316 4840 TDPIPE - ok

07:33:42.0336 4840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

07:33:42.0337 4840 TDTCP - ok

07:33:42.0354 4840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

07:33:42.0356 4840 tdx - ok

07:33:42.0373 4840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

07:33:42.0373 4840 TermDD - ok

07:33:42.0393 4840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

07:33:42.0398 4840 TermService - ok

07:33:42.0409 4840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

07:33:42.0412 4840 Themes - ok

07:33:42.0427 4840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

07:33:42.0429 4840 THREADORDER - ok

07:33:42.0441 4840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

07:33:42.0444 4840 TrkWks - ok

07:33:42.0473 4840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

07:33:42.0474 4840 TrustedInstaller - ok

07:33:42.0489 4840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

07:33:42.0489 4840 tssecsrv - ok

07:33:42.0500 4840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

07:33:42.0501 4840 TsUsbFlt - ok

07:33:42.0514 4840 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

07:33:42.0514 4840 TsUsbGD - ok

07:33:42.0536 4840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

07:33:42.0537 4840 tunnel - ok

07:33:42.0548 4840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

07:33:42.0549 4840 uagp35 - ok

07:33:42.0562 4840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

07:33:42.0564 4840 udfs - ok

07:33:42.0580 4840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

07:33:42.0582 4840 UI0Detect - ok

07:33:42.0601 4840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

07:33:42.0602 4840 uliagpkx - ok

07:33:42.0618 4840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

07:33:42.0618 4840 umbus - ok

07:33:42.0630 4840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

07:33:42.0631 4840 UmPass - ok

07:33:42.0666 4840 [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

07:33:42.0669 4840 UMVPFSrv - ok

07:33:42.0684 4840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

07:33:42.0687 4840 upnphost - ok

07:33:42.0712 4840 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

07:33:42.0713 4840 USBAAPL64 - ok

07:33:42.0737 4840 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

07:33:42.0738 4840 usbaudio - ok

07:33:42.0749 4840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

07:33:42.0751 4840 usbccgp - ok

07:33:42.0779 4840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

07:33:42.0780 4840 usbcir - ok

07:33:42.0788 4840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

07:33:42.0788 4840 usbehci - ok

07:33:42.0795 4840 [ 87B0382F0713C8D70D4382806492E864 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys

07:33:42.0795 4840 usbfilter - ok

07:33:42.0811 4840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys

07:33:42.0813 4840 usbhub - ok

07:33:42.0823 4840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

07:33:42.0824 4840 usbohci - ok

07:33:42.0838 4840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

07:33:42.0838 4840 usbprint - ok

07:33:42.0849 4840 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

07:33:42.0850 4840 usbscan - ok

07:33:42.0861 4840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:33:42.0862 4840 USBSTOR - ok

07:33:42.0865 4840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

07:33:42.0866 4840 usbuhci - ok

07:33:42.0888 4840 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

07:33:42.0889 4840 usbvideo - ok

07:33:42.0900 4840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

07:33:42.0901 4840 UxSms - ok

07:33:42.0907 4840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

07:33:42.0908 4840 VaultSvc - ok

07:33:42.0918 4840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

07:33:42.0919 4840 vdrvroot - ok

07:33:42.0937 4840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

07:33:42.0941 4840 vds - ok

07:33:42.0955 4840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

07:33:42.0956 4840 vga - ok

07:33:42.0974 4840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

07:33:42.0975 4840 VgaSave - ok

07:33:42.0994 4840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

07:33:42.0995 4840 vhdmp - ok

07:33:43.0018 4840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

07:33:43.0019 4840 viaide - ok

07:33:43.0042 4840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

07:33:43.0043 4840 volmgr - ok

07:33:43.0063 4840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

07:33:43.0065 4840 volmgrx - ok

07:33:43.0073 4840 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\Windows\system32\drivers\volsnap.sys

07:33:43.0075 4840 volsnap - ok

07:33:43.0085 4840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

07:33:43.0086 4840 vsmraid - ok

07:33:43.0114 4840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

07:33:43.0123 4840 VSS - ok

07:33:43.0127 4840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

07:33:43.0128 4840 vwifibus - ok

07:33:43.0133 4840 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

07:33:43.0134 4840 vwififlt - ok

07:33:43.0150 4840 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

07:33:43.0151 4840 vwifimp - ok

07:33:43.0164 4840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

07:33:43.0168 4840 W32Time - ok

07:33:43.0185 4840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

07:33:43.0185 4840 WacomPen - ok

07:33:43.0211 4840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

07:33:43.0212 4840 WANARP - ok

07:33:43.0214 4840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

07:33:43.0216 4840 Wanarpv6 - ok

07:33:43.0266 4840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

07:33:43.0273 4840 WatAdminSvc - ok

07:33:43.0305 4840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

07:33:43.0314 4840 wbengine - ok

07:33:43.0326 4840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

07:33:43.0329 4840 WbioSrvc - ok

07:33:43.0338 4840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

07:33:43.0342 4840 wcncsvc - ok

07:33:43.0353 4840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

07:33:43.0355 4840 WcsPlugInService - ok

07:33:43.0366 4840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

07:33:43.0366 4840 Wd - ok

07:33:43.0395 4840 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

07:33:43.0400 4840 Wdf01000 - ok

07:33:43.0405 4840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

07:33:43.0408 4840 WdiServiceHost - ok

07:33:43.0411 4840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

07:33:43.0413 4840 WdiSystemHost - ok

07:33:43.0421 4840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

07:33:43.0425 4840 WebClient - ok

07:33:43.0454 4840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

07:33:43.0457 4840 Wecsvc - ok

07:33:43.0470 4840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

07:33:43.0472 4840 wercplsupport - ok

07:33:43.0499 4840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

07:33:43.0501 4840 WerSvc - ok

07:33:43.0538 4840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

07:33:43.0539 4840 WfpLwf - ok

07:33:43.0580 4840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

07:33:43.0581 4840 WIMMount - ok

07:33:43.0593 4840 WinDefend - ok

07:33:43.0599 4840 WinHttpAutoProxySvc - ok

07:33:43.0631 4840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

07:33:43.0633 4840 Winmgmt - ok

07:33:43.0666 4840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

07:33:43.0677 4840 WinRM - ok

07:33:43.0707 4840 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

07:33:43.0708 4840 WinUsb - ok

07:33:43.0734 4840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

07:33:43.0740 4840 Wlansvc - ok

07:33:43.0764 4840 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

07:33:43.0765 4840 wlcrasvc - ok

07:33:43.0822 4840 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

07:33:43.0834 4840 wlidsvc - ok

07:33:43.0852 4840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

07:33:43.0852 4840 WmiAcpi - ok

07:33:43.0869 4840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

07:33:43.0871 4840 wmiApSrv - ok

07:33:43.0883 4840 WMPNetworkSvc - ok

07:33:43.0891 4840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

07:33:43.0893 4840 WPCSvc - ok

07:33:43.0902 4840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

07:33:43.0905 4840 WPDBusEnum - ok

07:33:43.0913 4840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

07:33:43.0914 4840 ws2ifsl - ok

07:33:43.0927 4840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

07:33:43.0930 4840 wscsvc - ok

07:33:43.0950 4840 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys

07:33:43.0951 4840 WSDPrintDevice - ok

07:33:43.0953 4840 WSearch - ok

07:33:43.0998 4840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

07:33:44.0012 4840 wuauserv - ok

07:33:44.0041 4840 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

07:33:44.0042 4840 WudfPf - ok

07:33:44.0059 4840 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

07:33:44.0061 4840 WUDFRd - ok

07:33:44.0075 4840 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

07:33:44.0077 4840 wudfsvc - ok

07:33:44.0096 4840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

07:33:44.0099 4840 WwanSvc - ok

07:33:44.0109 4840 ================ Scan global ===============================

07:33:44.0132 4840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

07:33:44.0158 4840 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

07:33:44.0164 4840 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll

07:33:44.0183 4840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

07:33:44.0191 4840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

07:33:44.0194 4840 [Global] - ok

07:33:44.0195 4840 ================ Scan MBR ==================================

07:33:44.0207 4840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

07:33:44.0372 4840 \Device\Harddisk0\DR0 - ok

07:33:44.0373 4840 ================ Scan VBR ==================================

07:33:44.0378 4840 [ EE4D33D536430345F534E733A388F135 ] \Device\Harddisk0\DR0\Partition1

07:33:44.0381 4840 \Device\Harddisk0\DR0\Partition1 - ok

07:33:44.0394 4840 [ 4349196C443623C421CF74553A1914A3 ] \Device\Harddisk0\DR0\Partition2

07:33:44.0395 4840 \Device\Harddisk0\DR0\Partition2 - ok

07:33:44.0426 4840 [ 65D9BABC913482206B872A711A3BCB90 ] \Device\Harddisk0\DR0\Partition3

07:33:44.0428 4840 \Device\Harddisk0\DR0\Partition3 - ok

07:33:44.0428 4840 ============================================================

07:33:44.0428 4840 Scan finished

07:33:44.0428 4840 ============================================================

07:33:44.0485 1260 Detected object count: 0

07:33:44.0485 1260 Actual detected object count: 0

Link to post
Share on other sites

RogueKiller V8.5.0 [Feb 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : PB HP [Admin rights]

Mode : Scan -- Date : 02/09/2013 07:18:38

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS723020BLA642 SATA Disk Device +++++

--- User ---

[MBR] 8de979cb11eb55a8d598a3a82efdaf48

[bSP] 91e707c018452af0149e7f3919fd4e38 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 1890638 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3872233472 | Size: 16989 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 544140867009d35863369aaef2f85288

[bSP] b1c8619cd906f5ed3f7c16aee5bd484a : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 226125824 | Size: 300 Mo

Finished : << RKreport[1]_S_02092013_02d0718.txt >>

RKreport[1]_S_02092013_02d0718.txt

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member stpatrick only. If you are a casual viewer, do NOT try this on your system!

If you are not stpatrick and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

Proceed with the following, doing as much as you can. IF you run into a hitch, make a note for me and go forward with the other steps that follow.

  • Close any open documents/programs & all internet browsers you have running.
  • Please start AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  • Note: You can find the logfile at C:\AdwCleaner[s1]

Step 2

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click JRT.exe and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply. And tell me, How is the system now?
  • Re-enable your security software.

Step 3

  1. Close any/all open internet browsers. Save any open documents you have open & close programs you started.
    On Windows 7, press Windows-key, then start typing in text box
    Malwarebytes

    then select/click Malwarebytes Anti-Malware Chameleon

  2. Once the Help file opens, click on a Chameleon button (starting with #1)
  3. If running on Vista, Windows 7, press the Yes button when prompted at the UAC prompt to allow to run.
  4. You should see a black Command-prompt-window that remains open and says MBAM-chameleon ver. at the top
  5. Press any key to continue as it says in the window {space-bar will do}
  6. If the Chameleon button you tried does not work, try the next Chameleon button shown. (There are 12 in all).
  7. Have infinite patience during this process
  8. Malwarebytes Chameleon will proceed to update Malwarebytes Anti-Malware, so ensure that you are connected to the internet if possible
  9. Once the update completes and it says your database is updated, click on OK button so that process can continue :excl:
  10. Malwarebytes Chameleon will then terminate any threats running in memory, which may take a while, so please be patient.
  11. After that, Malwarebytes Anti-Malware will open automatically and perform a Quick scan
  12. A quick scan will take a few minutes, possibly 5 or so minutes. Have infinite patience.
  13. Once the scan is complete, click on Show Results and remove any threats that are found by clicking Remove Selected
  14. If prompted to restart your computer to complete the removal process, click Yes :excl:
  15. If no threats are found, press OK button & press EXIT to end MBAM. Press the space-bar (or another key) to exit the command-prompt-window.
  16. After your computer restarts, open Malwarebytes Anti-Malware and perform one last Quick scan to verify that there are no remaining threats

Step 4

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

Link to post
Share on other sites

Maurice,

Again, thank you for all your help. I just completed following all your instructions.

First I ran AdwCleaner. The AdwCleaner log will follow this post named with today's date included.

Second I ran JRT.exe. The JRT.txt file follows this post as well. The system seemed stable after running this app.

Third I ran malwarebytes Chameleon. It executed on button#1. It ran fine and afterwards I ran a Malwarebytes scan. I rebooted and ran malwarebytes a second time. It reported no problems.

Next I downloaded Combofix. I ran it and after some time it finished generating the log file, combofix_ log_2.11.13. That file is posted following this post. It didn't reboot automatically so I rebooted the system.

Currently the antivirus apps are all running and the system seems normal.

Patrick

Link to post
Share on other sites

# AdwCleaner v2.112 - Logfile created 02/11/2013 at 07:13:20

# Updated 10/02/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : PB HP - PBHP-HP

# Boot Mode : Normal

# Running from : C:\Users\PB HP\Desktop\adwcleaner (1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\PB HP\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R2].txt - [846 octets] - [11/02/2013 07:12:30]

AdwCleaner[s1].txt - [1871 octets] - [09/02/2013 06:55:09]

AdwCleaner[s2].txt - [778 octets] - [11/02/2013 07:13:20]

########## EOF - C:\AdwCleaner[s2].txt - [837 octets] ##########

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.2 (02.02.2013:2)

OS: Windows 7 Home Premium x64

Ran by PB HP on Mon 02/11/2013 at 7:21:09.68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Mon 02/11/2013 at 7:28:03.29

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.11.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

PB HP :: PBHP-HP [administrator]

Protection: Disabled

2/11/2013 9:04:24 AM

mbam-log-2013-02-11 (09-04-24).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 218545

Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

ComboFix 13-02-07.02 - PB HP 02/11/2013 9:14.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.11703.9349 [GMT -5:00]

Running from: c:\users\PB HP\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\PB HP\AppData\Local\Temp\_MEI50562\_ctypes.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\_elementtree.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\_hashlib.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\_socket.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\_ssl.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\pyexpat.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\pysqlite2._sqlite.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\python26.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\pythoncom26.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\PyWinTypes26.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\select.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\unicodedata.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32api.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32com.shell.shell.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32crypt.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32event.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32file.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32inet.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32pdh.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32process.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32profile.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32security.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\win32ts.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\windows._cacheinvalidation.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._controls_.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._core_.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._gdi_.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._html2.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._misc_.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._windows_.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wx._wizard.pyd

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wxbase293u_net_vc.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wxbase293u_vc.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_adv_vc.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_core_vc.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_html_vc.dll

c:\users\PB HP\AppData\Local\Temp\_MEI50562\wxmsw293u_webview_vc.dll

c:\users\PB HP\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_ctypes.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_elementtree.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_hashlib.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_socket.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\_ssl.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\pyexpat.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\pysqlite2._sqlite.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\python26.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\pythoncom26.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\PyWinTypes26.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\select.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\unicodedata.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32api.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32com.shell.shell.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32crypt.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32event.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32file.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32inet.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32pdh.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32process.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32profile.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32security.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\win32ts.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\windows._cacheinvalidation.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._controls_.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._core_.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._gdi_.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._html2.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._misc_.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._windows_.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wx._wizard.pyd

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxbase293u_net_vc.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxbase293u_vc.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_adv_vc.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_core_vc.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_html_vc.dll

c:\users\PBHP~1\AppData\Local\Temp\_MEI50562\wxmsw293u_webview_vc.dll

c:\users\PBHP~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-01-11 to 2013-02-11 )))))))))))))))))))))))))))))))

.

.

2013-02-11 14:32 . 2013-02-11 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-02-11 12:21 . 2013-02-11 12:21 -------- d-----w- c:\windows\ERUNT

2013-02-11 12:21 . 2013-02-11 12:21 -------- d-----w- C:\JRT

2013-02-08 14:54 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7846778E-21DB-4AD4-929C-838DEE62C77D}\mpengine.dll

2013-02-06 16:13 . 2012-10-30 23:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-02-06 16:12 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr

2013-02-06 16:12 . 2012-10-30 23:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2013-02-05 15:58 . 2013-02-05 15:58 -------- d-----w- c:\users\PB HP\AppData\Local\ESET

2013-02-05 15:53 . 2013-02-05 15:53 -------- d-----w- c:\program files\ESET

2013-01-25 03:23 . 2013-01-25 03:23 -------- d-----w- c:\programdata\Affinegy

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-08 17:32 . 2012-07-11 15:25 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-08 17:32 . 2012-05-05 04:54 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-06 16:35 . 2012-10-12 16:28 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-02-06 16:35 . 2012-10-12 16:28 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-01-17 06:28 . 2010-11-21 03:27 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-10 08:03 . 2012-07-25 09:41 67599240 ----a-w- c:\windows\system32\MRT.exe

2012-12-21 18:09 . 2012-12-21 18:09 57904 ----a-w- c:\windows\system32\drivers\epfwwfp.sys

2012-12-21 18:09 . 2012-12-21 18:09 59440 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys

2012-12-21 18:09 . 2012-12-21 18:09 190232 ----a-w- c:\windows\system32\drivers\epfw.sys

2012-12-21 18:08 . 2012-12-21 18:08 150616 ----a-w- c:\windows\system32\drivers\ehdrv.sys

2012-12-21 18:08 . 2012-12-21 18:08 213416 ----a-w- c:\windows\system32\drivers\eamonm.sys

2012-12-16 17:11 . 2012-12-22 08:00 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-22 08:00 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-22 08:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-22 08:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 21:49 . 2012-07-11 17:00 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-07 13:20 . 2013-01-09 14:42 441856 ----a-w- c:\windows\system32\Wpc.dll

2012-12-07 13:15 . 2013-01-09 14:42 2746368 ----a-w- c:\windows\system32\gameux.dll

2012-12-07 12:26 . 2013-01-09 14:42 308736 ----a-w- c:\windows\SysWow64\Wpc.dll

2012-12-07 12:20 . 2013-01-09 14:42 2576384 ----a-w- c:\windows\SysWow64\gameux.dll

2012-12-07 11:20 . 2013-01-09 14:42 30720 ----a-w- c:\windows\system32\usk.rs

2012-12-07 11:20 . 2013-01-09 14:42 43520 ----a-w- c:\windows\system32\csrr.rs

2012-12-07 11:20 . 2013-01-09 14:42 23552 ----a-w- c:\windows\system32\oflc.rs

2012-12-07 11:20 . 2013-01-09 14:42 45568 ----a-w- c:\windows\system32\oflc-nz.rs

2012-12-07 11:20 . 2013-01-09 14:42 44544 ----a-w- c:\windows\system32\pegibbfc.rs

2012-12-07 11:20 . 2013-01-09 14:42 20480 ----a-w- c:\windows\system32\pegi-fi.rs

2012-12-07 11:20 . 2013-01-09 14:42 20480 ----a-w- c:\windows\system32\pegi-pt.rs

2012-12-07 11:19 . 2013-01-09 14:42 20480 ----a-w- c:\windows\system32\pegi.rs

2012-12-07 11:19 . 2013-01-09 14:42 46592 ----a-w- c:\windows\system32\fpb.rs

2012-12-07 11:19 . 2013-01-09 14:42 40960 ----a-w- c:\windows\system32\cob-au.rs

2012-12-07 11:19 . 2013-01-09 14:42 21504 ----a-w- c:\windows\system32\grb.rs

2012-12-07 11:19 . 2013-01-09 14:42 15360 ----a-w- c:\windows\system32\djctq.rs

2012-12-07 11:19 . 2013-01-09 14:42 55296 ----a-w- c:\windows\system32\cero.rs

2012-12-07 11:19 . 2013-01-09 14:42 51712 ----a-w- c:\windows\system32\esrb.rs

2012-12-07 10:46 . 2013-01-09 14:42 43520 ----a-w- c:\windows\SysWow64\csrr.rs

2012-12-07 10:46 . 2013-01-09 14:42 30720 ----a-w- c:\windows\SysWow64\usk.rs

2012-12-07 10:46 . 2013-01-09 14:42 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs

2012-12-07 10:46 . 2013-01-09 14:42 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs

2012-12-07 10:46 . 2013-01-09 14:42 23552 ----a-w- c:\windows\SysWow64\oflc.rs

2012-12-07 10:46 . 2013-01-09 14:42 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs

2012-12-07 10:46 . 2013-01-09 14:42 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs

2012-12-07 10:46 . 2013-01-09 14:42 46592 ----a-w- c:\windows\SysWow64\fpb.rs

2012-12-07 10:46 . 2013-01-09 14:42 20480 ----a-w- c:\windows\SysWow64\pegi.rs

2012-12-07 10:46 . 2013-01-09 14:42 21504 ----a-w- c:\windows\SysWow64\grb.rs

2012-12-07 10:46 . 2013-01-09 14:42 40960 ----a-w- c:\windows\SysWow64\cob-au.rs

2012-12-07 10:46 . 2013-01-09 14:42 15360 ----a-w- c:\windows\SysWow64\djctq.rs

2012-12-07 10:46 . 2013-01-09 14:42 55296 ----a-w- c:\windows\SysWow64\cero.rs

2012-12-07 10:46 . 2013-01-09 14:42 51712 ----a-w- c:\windows\SysWow64\esrb.rs

2012-11-30 05:45 . 2013-01-09 14:42 362496 ----a-w- c:\windows\system32\wow64win.dll

2012-11-30 05:45 . 2013-01-09 14:42 243200 ----a-w- c:\windows\system32\wow64.dll

2012-11-30 05:45 . 2013-01-09 14:42 13312 ----a-w- c:\windows\system32\wow64cpu.dll

2012-11-30 05:45 . 2013-01-09 14:42 215040 ----a-w- c:\windows\system32\winsrv.dll

2012-11-30 05:43 . 2013-01-09 14:42 16384 ----a-w- c:\windows\system32\ntvdm64.dll

2012-11-30 05:41 . 2013-01-09 14:42 424448 ----a-w- c:\windows\system32\KernelBase.dll

2012-11-30 05:41 . 2013-01-09 14:42 1161216 ----a-w- c:\windows\system32\kernel32.dll

2012-11-30 05:38 . 2013-01-09 14:42 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-11-30 05:38 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-11-30 04:54 . 2013-01-09 14:42 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2012-11-30 04:53 . 2013-01-09 14:42 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll

2012-11-30 04:45 . 2013-01-09 14:42 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-11-30 04:45 . 2013-01-09 14:42 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-12-18 16328976]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-21 630912]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-04-29 1770400]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-18 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-01-16 82048]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-01-16 42624]

S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-12-21 57904]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-12-21 213416]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-12-21 150616]

S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-12-21 59440]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-10 41704]

S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-10 235520]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]

S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 181760]

S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 55296]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]

S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-12-21 1333424]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2012-09-10 3057528]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys [2012-01-11 102528]

S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys [2012-01-11 219776]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-01-30 104048]

S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-08-11 1582144]

S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2009-06-22 291352]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-12-28 54400]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 17:32]

.

2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 03:08]

.

2013-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-11 03:08]

.

2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2550544784-621779235-3328205503-1000Core.job

- c:\users\PB HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 15:19]

.

2013-02-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2550544784-621779235-3328205503-1000UA.job

- c:\users\PB HP\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-11 15:19]

.

2013-02-08 c:\windows\Tasks\HPCeeScheduleForPB HP.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-12-18 00:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-13 37888]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-13 1425408]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]

"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-12-21 6326448]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com\ttlc

TCP: DhcpNameServer = 192.168.2.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec

AddRemove-Coupon Printer for Windows5.0.0.2 - c:\program files (x86)\Coupons\uninstall.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

.

**************************************************************************

.

Completion time: 2013-02-11 09:51:31 - machine was rebooted

ComboFix-quarantined-files.txt 2013-02-11 14:51

.

Pre-Run: 1,874,849,112,064 bytes free

Post-Run: 1,876,513,734,656 bytes free

.

- - End Of File - - 65740D71B48F651315CDBD7519179150

Link to post
Share on other sites

OK, very good.

I want to re-remind you that ESET Internet Security is an excellent product. You do NOT need, nor should you have AVAST installed, even if you have it disabled.

It is not needed, and at some point will cause a conflict.

Uninstall it and then restart the system fresh.

Do these next: Step 1

Download TFC by OldTimer to your desktop

  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • IF prompted to Reboot, reply "Yes".

Step 2

Download Dr.Web CureIt to the desktop.

The download is nearly 104.6 MB in size

  • Turn OFF your antivirus program.
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  • Turn off any other add-on security app {if you have them} like MBAM File System Protection.
  • If this system is Windows 8/7 or VISTA, then Right-click on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe and select Run as Administrator.
  • Otherwise, on Windows XP, doubleclick on Drweb-cureit-9_zpsa6b7b265.gifdrweb-cureit.exe file to start the tool.
  • You will see a screen similar to this:
    Drweb-cureit-1_zps34a2f747.gif
    Click the checkbox to participate, and then click on Continue button.
  • Next
    Drweb-cureit-2_zpsee7bdcb6.gif
    Click on Select onjects for scanning
  • Next
    Drweb-cureit-3_zps137b4332.gif
    Put a checkmark by clicking on the boxes as shown.
    Do not select Temporary files or System Restore points.
    Then click on Start scanning button
  • The scan in progress will be shown like this
    Drweb-cureit-4_zps211037d0.gif
  • IF something is detected, you will see a screen similar to this
    Drweb-cureit-5_zpsd7be6acf.gif
    For each item "detected", click on the Action column down arrow, like this
    Drweb-cureit-8_zpsb099f9d5.gif
    Your options will be Cure or Ignore
    IF you see an item that you are very sure is ok, then un-check the checkbox for that item.
    Typically, you will keep the Cute default.
    Then click on the Neutralize button.
  • When the actions are completed, you will see this
    Drweb-cureit-7_zpsd290a127.gif
  • Click on the green Open Report line. It will pop-up the report in NOTEPAD.
    Save the report to your desktop. The report will be called Cureit.log
  • While in NOTEPAD, do a CTRL+A to Copy all to clipboard.
  • You should be able to get back to your forum topic, start a new reply,
    click 1 time in the box
    and do a CTRL+V (Paste}
    into reply.
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Cureit.log you saved previously in your next reply.
    ONLY if the log is too large, then you may "attach" it.

Re-Enable your antivirus program when all done.

Link to post
Share on other sites

Maurice,

I removed the Avast application from the PC system. I then downloaded Drwebcureit. I turned off the antivirus app's malwarebytes and ESET and then ran the application as an administrator. It completed and reported no objects found. I didn't download the log file... thinking it was not needed since there were no reported objects. Nor did I do a reboot. Let me know if I missed executing correctly.

Patrick

Link to post
Share on other sites

Maurice,

Don't know if you know the song but it goes something like, "What a long strange trip it's been" Keep Trucking On. I ran security check and will post the log following this. I can't tell you how much the help you given me to clean this machine up except to say it is much appreciated. I have another question for you about this. There is another user account on the machine that I did not place there. The user name is gibberish. "tnbwksmhlko" I removed it once a week or so again but i has reappeared. I am going to remove it and reboot after I post here. Is that something I should be concerned about?

Patrick

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.57

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

ESET Smart Security 6.0

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Adobe Reader XI

Google Chrome 24.0.1312.56

Google Chrome 24.0.1312.57

Google Chrome plugins...

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe

ESET NOD32 Antivirus ekrn.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

MediaMall MediaMallServer.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

IF the "rogue account" shows up again, yes, you need to be concerned. IF it shows in the next day or two, make a new post back here.

For now, with the good report from Security Check, plus Dr Web, MBAM, etc .....we can proceed to cleanup the tools we used.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix icon_exclaim.gif),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

  • Highlight the line in this CODEBOX.
    Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
    c:\users\PB HP\Desktop\ComboFix.exe /uninstall


  • Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
    Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
    Then tap Enter

IF in the case Combofix un-install has an issue, skip that step.

NEXT

  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

Tdsskiller.exe

Roguekiller.exe

adwcleaner.exe

Jrt.exe

Dr Web Cure-It

Securitycheck.exe

Safer practices & malware prevention

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.