Jump to content

Malwarebytes does not open, Chameleon stuck at updating


Recommended Posts

I have a Toshiba 64-bit Windows 7 Home Premium SP1.

 

Lately my laptop has been getting weird, and IE frequently crashed especially while watching YouTube.

I remember one "memory dump" error (I do not fully recall the name).

Yesterday, Word crashed, so I finally decided to run Malwarebytes(free vers.), but nothing came up.

I deleted the old copy and reinstalled and launched, to no avail.

However, if I launch Task Manager after double-clicking Malwarebytes, TM lists Malwarebytes under one of the running processes.

However the program does not actually launch for me to use.

So I've run all Chameleon tests, and each of them gets stuck at "Trying to update Malwarebytes... please wait".

I should also point out that I ran CCleaner right before reinstalling Malwarebytes (probably should not have done that?).

Neither DDS.scr nor DDS.com launches; they each show "NSIS error; Error launching installer."

I'm not sure if you want a HijackThis log...

I really need help. Thanks.

Link to post
Share on other sites

First of all, I have another open topic concerning the same problem open at:

http://forums.malwarebytes.org/index.php?showtopic=128071.

I have come to realize that I did not adequately describe the problem at hand, and I really cannot wait much for help, so I am forced to open another topic. Moderators and Administrators, I sincerely apologize for breaking rules, but I felt that this was necessary to get the appropriate help in time. Could you close the old topic to avoid any confusion? Thank you so much.

 

So here is a rundown of what has happened.

 

I have a Windows 7 Home Premium SP1 64-bit Toshiba laptop.

 

Since about a week ago I noticed the laptop had slowed down a bit.

IE froze up frequently when I was on YouTube, displaying "memory" errors and "long script" errors.

However, being the tech idiot that I am, I failed to take action.

Yesterday, Microsoft Word failed to launch properly, and I finally decided to do something.

I ran CCleaner and attempted to launch Malwarebytes.

However, when I double-clicked on the Malwarebytes icon, nothing appeared.

Task Manager neverthelessly listed Malwarebytes as a running process.

Still, the Malwarebytes window itself did not launch.

I uninstalled and reinstalled Malwarebytes and attempted to launch it again, but the condition did not change.

Then, I ran all 12 Chameleon tests, but each of them got stuck in the "attempting to update" stage (I let them run up to 2 hours).

I did some research and downloaded and ran rkill.exe, which did not seem to do anything. (Logs did not shut down any malware)

 

Today my computer's state has gotten worse. 

Computer freezes more frequently and for longer periods of time. I have had to use the power button to shut the computer down because the regular shutdown would refuse to work. The laptop also shut down and rebooted by itself once.

IE functionality seems to come and go. Sometimes it will not even launch, and other times it works quite well. After some struggles I have managed to run the DDS tests. I chose the "extend search period" and "Force scan all domains" but did not choose "Disable whitelist" as it was not recommended.

*My older brother also sometimes uses this laptop, and he has not taken great care of it hardware-wise.. could that be a problem?

Here is the attach.txt

 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/25/2012 7:59:22 PM
System Uptime: 6/20/2013 9:30:36 PM (1 hours ago)
.
Motherboard: TOSHIBA |  | POQAA
Processor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU 1 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 682 GiB total, 481.549 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP115: 6/20/2013 8:51:25 PM - Removed Facebook Messenger 2.0.4447.0
.
==== Installed Programs ======================
.
Active@ ISO Burner
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0
avast! Free Antivirus
Bonjour
CCleaner
Cisco WebEx Meetings
D3DX10
Daum ActiveX 컨트롤 - Daum ?? ?????
Finale NotePad 2012
FormatFactory 2.90
GeoGebra 4.2
Google Chrome
Google Talk Plugin
Google Update Helper
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® WiDi
Intel® Wireless Display
iTunes
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1
JMicron Flash Media Controller Driver
Junk Mail filter update
LAME v3.99.3 (for Windows)
Magic DVD Copier V6.1.0
Magic DVD Ripper V6.1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mathematica Extras 9.0 (4055459)
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office Professional Plus 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Movie Maker 6.0 for Windows 7 (64-bit)
Mp3tag v2.51
MSVCRT
MSVCRT_amd64
Network Recording Player
Olympus Digital Wave Player
PhotoScape
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
SoftCamp Secure KeyStroke 4.0
Speccy
Subtitle Edit 3.2.8
swMSM
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless Display Monitor
TOSHIBARegistration
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Utility Common Driver
VLC media player 2.0.6
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wolfram Mathematica 9 (M-WIN-L 9.0.1 4055652)
XecureWeb Control
.
==== Event Viewer Messages From Past Week ========
.
6/20/2013 7:47:38 PM, Error: ACPI [13]  - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
6/20/2013 7:08:20 PM, Error: Service Control Manager [7034]  - The TOSHIBA HDD Protection service terminated unexpectedly.  It has done this 1 time(s).
6/20/2013 6:01:58 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service.
6/20/2013 2:17:30 PM, Error: volsnap [14]  - The shadow copies of volume C: were aborted because of an IO failure on volume C:.
6/16/2013 4:55:37 AM, Error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
6/14/2013 9:44:10 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
.
==== End Of File ===========================

 

 

and here is the DDS.txt

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611  BrowserJavaVersion: 10.21.2
Run by Jonathan at 22:44:04 on 2013-06-20
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.4010 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\igfxext.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Jonathan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Google Update] "C:\Users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: ieside.com








DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

TCP: NameServer = 192.168.1.254
TCP: Interfaces\{389047F3-C987-4F69-B661-B5FEAEA899EB} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{389047F3-C987-4F69-B661-B5FEAEA899EB}\144545238383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{389047F3-C987-4F69-B661-B5FEAEA899EB}\2375942554037383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{389047F3-C987-4F69-B661-B5FEAEA899EB}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.2.0.1
TCP: Interfaces\{389047F3-C987-4F69-B661-B5FEAEA899EB}\55E63756365727564602E454945502F40756E602143636563737 : DHCPNameServer = 66.99.13.78 66.99.13.79 66.99.13.80
TCP: Interfaces\{389047F3-C987-4F69-B661-B5FEAEA899EB}\E416075627E45647 : DHCPNameServer = 10.103.24.1 8.8.8.8
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\windows\System32\drivers\aswRvrt.sys [2013-3-8 65336]
R0 aswVmm;aswVmm;C:\windows\System32\drivers\aswVmm.sys [2013-3-8 189936]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\drivers\thpdrv.sys [2011-3-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2012-2-20 482384]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2012-10-25 1025808]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2012-10-25 378432]
R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2012-10-25 33400]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-10-25 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-28 46808]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-20 701512]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-20 2656280]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\drivers\CeKbFilter.sys [2012-2-20 20592]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-8-5 25496]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-6-20 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-20 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-20 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-8-5 34200]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2011-1-31 174168]
S3 mbamchameleon;mbamchameleon;C:\windows\System32\drivers\mbamchameleon.sys [2013-6-20 36680]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-1 340240]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-26 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 60 ================
.
2013-06-21 01:48:59 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2013-06-20 17:10:52 36680 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2013-06-20 17:00:41 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-06-20 17:00:41 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-12 08:01:45 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 07:59:05 751104 ----a-w- C:\windows\System32\win32spl.dll
2013-06-12 07:59:05 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-06-12 07:59:04 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-05-24 23:56:50 -------- d-----w- C:\Users\Jonathan\AppData\Local\Unity
2013-05-24 23:56:32 -------- d-----w- C:\Users\Jonathan\AppData\Local\Deployment
2013-05-24 23:56:32 -------- d-----w- C:\Users\Jonathan\AppData\Local\Apps
2013-05-18 03:45:20 -------- d-----w- C:\Program Files\iPod
2013-05-18 03:45:19 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-18 03:45:19 -------- d-----w- C:\Program Files\iTunes
2013-05-18 03:45:19 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-15 04:08:16 983400 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-05-15 04:08:16 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
2013-05-15 04:08:16 144384 ----a-w- C:\windows\System32\cdd.dll
2013-05-15 04:07:54 1930752 ----a-w- C:\windows\System32\authui.dll
2013-05-15 04:07:51 70144 ----a-w- C:\windows\System32\appinfo.dll
2013-05-15 04:07:51 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-05-15 04:07:51 111448 ----a-w- C:\windows\System32\consent.exe
2013-05-15 04:07:48 48640 ----a-w- C:\windows\System32\wwanprotdim.dll
2013-05-15 04:07:48 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-05-15 04:07:48 230400 ----a-w- C:\windows\System32\wwansvc.dll
2013-05-04 00:56:34 -------- d-----w- C:\Program Files (x86)\GeoGebra 4.2
2013-04-24 17:26:23 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
2013-04-22 21:44:59 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
.
==================== Find6M  ====================
.
2013-06-12 08:01:28 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:01:28 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-06-08 11:13:19 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-17 01:25:57 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-05-17 01:25:27 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-05-17 01:25:26 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-05-17 01:25:26 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-05-17 00:58:10 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-05-17 00:58:08 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-05-17 00:58:08 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-05-14 12:23:25 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07 72016 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\windows\avastSS.scr
2013-04-25 23:30:32 1505280 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-04-17 07:02:06 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-04-04 10:35:05 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-31 22:52:16 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-03-19 06:04:06 5550424 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\windows\System32\smss.exe
2013-03-14 05:37:25 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-03-14 05:37:25 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-02-15 06:08:40 44032 ----a-w- C:\windows\System32\tsgqec.dll
2013-02-15 06:06:11 3717632 ----a-w- C:\windows\System32\mstscax.dll
2013-02-15 06:02:26 158720 ----a-w- C:\windows\System32\aaclient.dll
2013-02-15 04:37:10 3217408 ----a-w- C:\windows\SysWow64\mstscax.dll
2013-02-15 04:34:10 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2013-02-15 03:25:51 36864 ----a-w- C:\windows\SysWow64\tsgqec.dll
2013-02-12 04:12:05 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-01-25 00:54:40 360752 ----a-w- C:\windows\SysWow64\mltcpip32.mlp
2013-01-25 00:54:38 95536 ----a-w- C:\windows\SysWow64\mltcp32.mlp
2013-01-25 00:54:36 88368 ----a-w- C:\windows\SysWow64\mlshm32.mlp
2013-01-25 00:54:34 173360 ----a-w- C:\windows\SysWow64\mlmodule32.dll
2013-01-25 00:54:32 78128 ----a-w- C:\windows\SysWow64\mlmap32.mlp
2013-01-25 00:54:30 369968 ----a-w- C:\windows\SysWow64\ml32i3.dll
2013-01-25 00:54:28 258864 ----a-w- C:\windows\SysWow64\ml32i2.dll
2013-01-25 00:54:26 252720 ----a-w- C:\windows\SysWow64\ml32i1.dll
2013-01-25 00:53:14 426288 ----a-w- C:\windows\System32\mltcpip64.mlp
2013-01-25 00:53:12 104240 ----a-w- C:\windows\System32\mltcp64.mlp
2013-01-25 00:53:10 99632 ----a-w- C:\windows\System32\mlshm64.mlp
2013-01-25 00:53:08 181040 ----a-w- C:\windows\System32\mlmodule64.dll
2013-01-25 00:53:06 437552 ----a-w- C:\windows\System32\ml64i3.dll
2013-01-25 00:53:04 303408 ----a-w- C:\windows\System32\ml64i2.dll
2013-01-24 06:01:01 223752 ----a-w- C:\windows\System32\drivers\fvevol.sys
2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll
.
============= FINISH: 22:44:34.98 ===============
 

Admins and Moderators, I again apologize for the inconvenience I have caused.. however, I really need this laptop fixed so I had to do this. I'm very sorry.

Link to post
Share on other sites

  • Root Admin

I've merged your posts. I'm sorry but this is not a Drive Through like McDonalds. Malware removal can sometimes takes days to clean. If you don't have time then you may wish to take the computer into a local repair shop to have it repaired.

If you do want to spend the time and clean the computer then please follow the directions below.

Please download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

Thank you again for the reply. MBAR says no malware is found. The first scan was interrupted by a sudden reboot, but the second attempt went all the way.

 

MBAR Log could not be attached for some reason so I am just copy-and-pasting this.

SystemLog is attached.

 

Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.20.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Jonathan :: THEMACHINE [administrator]

6/20/2013 11:17:11 PM
mbar-log-2013-06-20 (23-17-11).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 231265
Time elapsed: 32 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

system-log.txt

Link to post
Share on other sites

  • Root Admin

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Link to post
Share on other sites

I still chose the two additional options.

 

00:16:06.0339 4596  TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
00:16:06.0931 4596  ============================================================
00:16:06.0931 4596  Current date / time: 2013/06/21 00:16:06.0931
00:16:06.0931 4596  SystemInfo:
00:16:06.0947 4596 
00:16:06.0947 4596  OS Version: 6.1.7601 ServicePack: 1.0
00:16:06.0947 4596  Product type: Workstation
00:16:06.0947 4596  ComputerName: THEMACHINE
00:16:06.0947 4596  UserName: Jonathan
00:16:06.0947 4596  Windows directory: C:\windows
00:16:06.0947 4596  System windows directory: C:\windows
00:16:06.0947 4596  Running under WOW64
00:16:06.0947 4596  Processor architecture: Intel x64
00:16:06.0947 4596  Number of processors: 4
00:16:06.0947 4596  Page size: 0x1000
00:16:06.0947 4596  Boot type: Normal boot
00:16:06.0947 4596  ============================================================
00:16:07.0431 4596  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:16:07.0431 4596  ============================================================
00:16:07.0431 4596  \Device\Harddisk0\DR0:
00:16:07.0431 4596  MBR partitions:
00:16:07.0431 4596  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x55436000
00:16:07.0431 4596  ============================================================
00:16:07.0462 4596  C: <-> \Device\Harddisk0\DR0\Partition1
00:16:07.0462 4596  ============================================================
00:16:07.0462 4596  Initialize success
00:16:07.0462 4596  ============================================================
00:21:41.0937 6012  ============================================================
00:21:41.0937 6012  Scan started
00:21:41.0937 6012  Mode: Manual; SigCheck; TDLFS;
00:21:41.0937 6012  ============================================================
00:21:42.0515 6012  ================ Scan system memory ========================
00:21:42.0515 6012  System memory - ok
00:21:42.0515 6012  ================ Scan services =============================
00:21:42.0686 6012  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys
00:21:42.0811 6012  1394ohci - ok
00:21:42.0842 6012  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys
00:21:42.0858 6012  ACPI - ok
00:21:42.0905 6012  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys
00:21:42.0951 6012  AcpiPmi - ok
00:21:43.0076 6012  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:21:43.0107 6012  AdobeARMservice - ok
00:21:43.0248 6012  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:21:43.0295 6012  AdobeFlashPlayerUpdateSvc - ok
00:21:43.0373 6012  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys
00:21:43.0419 6012  adp94xx - ok
00:21:43.0466 6012  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys
00:21:43.0497 6012  adpahci - ok
00:21:43.0513 6012  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys
00:21:43.0544 6012  adpu320 - ok
00:21:43.0575 6012  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll
00:21:43.0731 6012  AeLookupSvc - ok
00:21:43.0778 6012  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys
00:21:43.0809 6012  AFD - ok
00:21:43.0841 6012  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys
00:21:43.0872 6012  agp440 - ok
00:21:43.0903 6012  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe
00:21:43.0934 6012  ALG - ok
00:21:43.0950 6012  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys
00:21:43.0965 6012  aliide - ok
00:21:43.0965 6012  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys
00:21:43.0981 6012  amdide - ok
00:21:44.0012 6012  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys
00:21:44.0043 6012  AmdK8 - ok
00:21:44.0059 6012  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys
00:21:44.0106 6012  AmdPPM - ok
00:21:44.0153 6012  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys
00:21:44.0184 6012  amdsata - ok
00:21:44.0199 6012  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys
00:21:44.0199 6012  amdsbs - ok
00:21:44.0215 6012  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys
00:21:44.0231 6012  amdxata - ok
00:21:44.0262 6012  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys
00:21:44.0324 6012  AppID - ok
00:21:44.0340 6012  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll
00:21:44.0387 6012  AppIDSvc - ok
00:21:44.0465 6012  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\windows\System32\appinfo.dll
00:21:44.0511 6012  Appinfo - ok
00:21:44.0605 6012  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:21:44.0636 6012  Apple Mobile Device - ok
00:21:44.0683 6012  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys
00:21:44.0699 6012  arc - ok
00:21:44.0714 6012  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys
00:21:44.0730 6012  arcsas - ok
00:21:44.0777 6012  [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk        C:\windows\system32\drivers\aswFsBlk.sys
00:21:44.0839 6012  aswFsBlk - ok
00:21:44.0886 6012  [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt       C:\windows\system32\drivers\aswMonFlt.sys
00:21:44.0917 6012  aswMonFlt - ok
00:21:44.0933 6012  [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr          C:\windows\System32\Drivers\aswrdr2.sys
00:21:44.0948 6012  aswRdr - ok
00:21:45.0011 6012  [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt         C:\windows\system32\drivers\aswRvrt.sys
00:21:45.0042 6012  aswRvrt - ok
00:21:45.0089 6012  [ 10ED1CAB84AA65983C41A11F60294C9B ] aswSnx          C:\windows\system32\drivers\aswSnx.sys
00:21:45.0120 6012  aswSnx - ok
00:21:45.0182 6012  [ 00E5253353717D3CA12A0F5A6F9991EC ] aswSP           C:\windows\system32\drivers\aswSP.sys
00:21:45.0213 6012  aswSP - ok
00:21:45.0276 6012  [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi          C:\windows\system32\drivers\aswTdi.sys
00:21:45.0307 6012  aswTdi - ok
00:21:45.0338 6012  [ 6359B99C955DB9F40B653159A0EED261 ] aswVmm          C:\windows\system32\drivers\aswVmm.sys
00:21:45.0369 6012  aswVmm - ok
00:21:45.0416 6012  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys
00:21:45.0494 6012  AsyncMac - ok
00:21:45.0541 6012  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys
00:21:45.0541 6012  atapi - ok
00:21:45.0588 6012  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
00:21:45.0666 6012  AudioEndpointBuilder - ok
00:21:45.0666 6012  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll
00:21:45.0713 6012  AudioSrv - ok
00:21:45.0775 6012  [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
00:21:45.0806 6012  avast! Antivirus - ok
00:21:45.0837 6012  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll
00:21:45.0915 6012  AxInstSV - ok
00:21:45.0947 6012  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys
00:21:45.0993 6012  b06bdrv - ok
00:21:46.0025 6012  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys
00:21:46.0056 6012  b57nd60a - ok
00:21:46.0103 6012  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll
00:21:46.0134 6012  BDESVC - ok
00:21:46.0149 6012  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys
00:21:46.0227 6012  Beep - ok
00:21:46.0290 6012  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll
00:21:46.0368 6012  BFE - ok
00:21:46.0415 6012  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll
00:21:46.0477 6012  BITS - ok
00:21:46.0508 6012  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\drivers\blbdrive.sys
00:21:46.0555 6012  blbdrive - ok
00:21:46.0602 6012  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:21:46.0649 6012  Bonjour Service - ok
00:21:46.0680 6012  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys
00:21:46.0711 6012  bowser - ok
00:21:46.0742 6012  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys
00:21:46.0789 6012  BrFiltLo - ok
00:21:46.0805 6012  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys
00:21:46.0836 6012  BrFiltUp - ok
00:21:46.0883 6012  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll
00:21:46.0914 6012  Browser - ok
00:21:46.0929 6012  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys
00:21:46.0961 6012  Brserid - ok
00:21:46.0992 6012  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys
00:21:47.0039 6012  BrSerWdm - ok
00:21:47.0070 6012  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys
00:21:47.0117 6012  BrUsbMdm - ok
00:21:47.0132 6012  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys
00:21:47.0163 6012  BrUsbSer - ok
00:21:47.0195 6012  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys
00:21:47.0241 6012  BTHMODEM - ok
00:21:47.0273 6012  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll
00:21:47.0335 6012  bthserv - ok
00:21:47.0366 6012  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys
00:21:47.0413 6012  cdfs - ok
00:21:47.0444 6012  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys
00:21:47.0491 6012  cdrom - ok
00:21:47.0569 6012  [ A965B206921C55F2D1481789D609B711 ] CeKbFilter      C:\windows\system32\DRIVERS\CeKbFilter.sys
00:21:47.0600 6012  CeKbFilter - ok
00:21:47.0616 6012  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll
00:21:47.0678 6012  CertPropSvc - ok
00:21:47.0725 6012  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys
00:21:47.0756 6012  circlass - ok
00:21:47.0819 6012  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys
00:21:47.0834 6012  CLFS - ok
00:21:47.0912 6012  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:21:47.0943 6012  clr_optimization_v2.0.50727_32 - ok
00:21:47.0990 6012  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:21:48.0021 6012  clr_optimization_v2.0.50727_64 - ok
00:21:48.0099 6012  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:21:48.0131 6012  clr_optimization_v4.0.30319_32 - ok
00:21:48.0146 6012  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:21:48.0162 6012  clr_optimization_v4.0.30319_64 - ok
00:21:48.0209 6012  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\drivers\CmBatt.sys
00:21:48.0255 6012  CmBatt - ok
00:21:48.0271 6012  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys
00:21:48.0287 6012  cmdide - ok
00:21:48.0318 6012  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\windows\system32\Drivers\cng.sys
00:21:48.0365 6012  CNG - ok
00:21:48.0411 6012  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys
00:21:48.0443 6012  Compbatt - ok
00:21:48.0474 6012  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\drivers\CompositeBus.sys
00:21:48.0505 6012  CompositeBus - ok
00:21:48.0521 6012  COMSysApp - ok
00:21:48.0536 6012  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys
00:21:48.0552 6012  crcdisk - ok
00:21:48.0599 6012  [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc        C:\windows\system32\cryptsvc.dll
00:21:48.0645 6012  CryptSvc - ok
00:21:48.0661 6012  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll
00:21:48.0739 6012  DcomLaunch - ok
00:21:48.0770 6012  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll
00:21:48.0817 6012  defragsvc - ok
00:21:48.0848 6012  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys
00:21:48.0911 6012  DfsC - ok
00:21:48.0957 6012  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll
00:21:49.0020 6012  Dhcp - ok
00:21:49.0051 6012  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys
00:21:49.0129 6012  discache - ok
00:21:49.0145 6012  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys
00:21:49.0160 6012  Disk - ok
00:21:49.0191 6012  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll
00:21:49.0238 6012  Dnscache - ok
00:21:49.0269 6012  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll
00:21:49.0316 6012  dot3svc - ok
00:21:49.0332 6012  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll
00:21:49.0379 6012  DPS - ok
00:21:49.0410 6012  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys
00:21:49.0441 6012  drmkaud - ok
00:21:49.0503 6012  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys
00:21:49.0566 6012  DXGKrnl - ok
00:21:49.0597 6012  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll
00:21:49.0644 6012  EapHost - ok
00:21:49.0737 6012  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys
00:21:49.0800 6012  ebdrv - ok
00:21:49.0815 6012  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe
00:21:49.0862 6012  EFS - ok
00:21:49.0940 6012  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe
00:21:49.0987 6012  ehRecvr - ok
00:21:50.0003 6012  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe
00:21:50.0018 6012  ehSched - ok
00:21:50.0049 6012  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys
00:21:50.0065 6012  elxstor - ok
00:21:50.0081 6012  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys
00:21:50.0096 6012  ErrDev - ok
00:21:50.0143 6012  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll
00:21:50.0237 6012  EventSystem - ok
00:21:50.0361 6012  [ 57E61DC4F7980D57C0B162FC5B9F0B38 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
00:21:50.0424 6012  EvtEng - ok
00:21:50.0439 6012  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys
00:21:50.0486 6012  exfat - ok
00:21:50.0502 6012  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys
00:21:50.0549 6012  fastfat - ok
00:21:50.0595 6012  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe
00:21:50.0642 6012  Fax - ok
00:21:50.0658 6012  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys
00:21:50.0705 6012  fdc - ok
00:21:50.0736 6012  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll
00:21:50.0814 6012  fdPHost - ok
00:21:50.0829 6012  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll
00:21:50.0876 6012  FDResPub - ok
00:21:50.0907 6012  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys
00:21:50.0907 6012  FileInfo - ok
00:21:50.0923 6012  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys
00:21:50.0970 6012  Filetrace - ok
00:21:50.0985 6012  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys
00:21:51.0001 6012  flpydisk - ok
00:21:51.0017 6012  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys
00:21:51.0032 6012  FltMgr - ok
00:21:51.0141 6012  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\windows\system32\FntCache.dll
00:21:51.0188 6012  FontCache - ok
00:21:51.0219 6012  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:21:51.0235 6012  FontCache3.0.0.0 - ok
00:21:51.0251 6012  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys
00:21:51.0266 6012  FsDepends - ok
00:21:51.0297 6012  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys
00:21:51.0313 6012  Fs_Rec - ok
00:21:51.0344 6012  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys
00:21:51.0375 6012  fvevol - ok
00:21:51.0391 6012  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys
00:21:51.0391 6012  gagp30kx - ok
00:21:51.0422 6012  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\windows\system32\DRIVERS\GEARAspiWDM.sys
00:21:51.0453 6012  GEARAspiWDM - ok
00:21:51.0500 6012  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll
00:21:51.0594 6012  gpsvc - ok
00:21:51.0656 6012  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:21:51.0687 6012  gupdate - ok
00:21:51.0687 6012  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:21:51.0703 6012  gupdatem - ok
00:21:51.0734 6012  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys
00:21:51.0765 6012  hcw85cir - ok
00:21:51.0797 6012  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
00:21:51.0843 6012  HdAudAddService - ok
00:21:51.0875 6012  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\drivers\HDAudBus.sys
00:21:51.0921 6012  HDAudBus - ok
00:21:51.0937 6012  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys
00:21:51.0953 6012  HidBatt - ok
00:21:51.0984 6012  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys
00:21:52.0015 6012  HidBth - ok
00:21:52.0015 6012  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys
00:21:52.0031 6012  HidIr - ok
00:21:52.0062 6012  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll
00:21:52.0140 6012  hidserv - ok
00:21:52.0171 6012  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys
00:21:52.0202 6012  HidUsb - ok
00:21:52.0233 6012  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll
00:21:52.0311 6012  hkmsvc - ok
00:21:52.0327 6012  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
00:21:52.0374 6012  HomeGroupListener - ok
00:21:52.0405 6012  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
00:21:52.0452 6012  HomeGroupProvider - ok
00:21:52.0467 6012  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys
00:21:52.0483 6012  HpSAMD - ok
00:21:52.0530 6012  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys
00:21:52.0608 6012  HTTP - ok
00:21:52.0623 6012  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys
00:21:52.0623 6012  hwpolicy - ok
00:21:52.0670 6012  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\drivers\i8042prt.sys
00:21:52.0701 6012  i8042prt - ok
00:21:52.0765 6012  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys
00:21:52.0796 6012  iaStor - ok
00:21:52.0827 6012  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys
00:21:52.0843 6012  iaStorV - ok
00:21:52.0890 6012  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:21:52.0936 6012  idsvc - ok
00:21:53.0170 6012  [ 93C8115D4BAEB1BD047AB0A9B265EE7A ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys
00:21:53.0451 6012  igfx - ok
00:21:53.0482 6012  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys
00:21:53.0482 6012  iirsp - ok
00:21:53.0529 6012  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll
00:21:53.0592 6012  IKEEXT - ok
00:21:53.0623 6012  [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\windows\system32\drivers\intelaud.sys
00:21:53.0654 6012  intaud_WaveExtensible - ok
00:21:53.0748 6012  [ AC9AAFD18E4D52084C4AA8A38795B7E4 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
00:21:53.0810 6012  IntcAzAudAddService - ok
00:21:53.0841 6012  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys
00:21:53.0872 6012  IntcDAud - ok
00:21:53.0888 6012  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys
00:21:53.0904 6012  intelide - ok
00:21:53.0935 6012  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys
00:21:53.0982 6012  intelppm - ok
00:21:54.0028 6012  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll
00:21:54.0106 6012  IPBusEnum - ok
00:21:54.0122 6012  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys
00:21:54.0169 6012  IpFilterDriver - ok
00:21:54.0216 6012  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll
00:21:54.0247 6012  iphlpsvc - ok
00:21:54.0262 6012  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys
00:21:54.0278 6012  IPMIDRV - ok
00:21:54.0309 6012  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys
00:21:54.0356 6012  IPNAT - ok
00:21:54.0434 6012  [ 2872B90D57C8310194A78A9787406467 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:21:54.0496 6012  iPod Service - ok
00:21:54.0512 6012  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys
00:21:54.0528 6012  IRENUM - ok
00:21:54.0559 6012  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys
00:21:54.0559 6012  isapnp - ok
00:21:54.0574 6012  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys
00:21:54.0590 6012  iScsiPrt - ok
00:21:54.0621 6012  [ 716F66336F10885D935B08174DC54242 ] iwdbus          C:\windows\system32\DRIVERS\iwdbus.sys
00:21:54.0652 6012  iwdbus - ok
00:21:54.0668 6012  [ 0B44199365A69696109AB9A5855E0841 ] JMCR            C:\windows\system32\DRIVERS\jmcr.sys
00:21:54.0684 6012  JMCR - ok
00:21:54.0715 6012  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\drivers\kbdclass.sys
00:21:54.0715 6012  kbdclass - ok
00:21:54.0762 6012  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\drivers\kbdhid.sys
00:21:54.0793 6012  kbdhid - ok
00:21:54.0824 6012  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe
00:21:54.0840 6012  KeyIso - ok
00:21:54.0871 6012  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys
00:21:54.0886 6012  KSecDD - ok
00:21:54.0918 6012  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys
00:21:54.0933 6012  KSecPkg - ok
00:21:54.0980 6012  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys
00:21:55.0042 6012  ksthunk - ok
00:21:55.0074 6012  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll
00:21:55.0120 6012  KtmRm - ok
00:21:55.0136 6012  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll
00:21:55.0198 6012  LanmanServer - ok
00:21:55.0230 6012  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
00:21:55.0276 6012  LanmanWorkstation - ok
00:21:55.0308 6012  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys
00:21:55.0354 6012  lltdio - ok
00:21:55.0495 6012  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll
00:21:55.0573 6012  lltdsvc - ok
00:21:55.0588 6012  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll
00:21:55.0620 6012  lmhosts - ok
00:21:55.0698 6012  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:21:55.0729 6012  LMS - ok
00:21:55.0760 6012  [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter       C:\windows\system32\DRIVERS\LPCFilter.sys
00:21:55.0776 6012  LPCFilter - ok
00:21:55.0791 6012  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys
00:21:55.0807 6012  LSI_FC - ok
00:21:55.0854 6012  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys
00:21:55.0885 6012  LSI_SAS - ok
00:21:55.0900 6012  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys
00:21:55.0916 6012  LSI_SAS2 - ok
00:21:55.0932 6012  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys
00:21:55.0947 6012  LSI_SCSI - ok
00:21:55.0978 6012  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys
00:21:56.0041 6012  luafv - ok
00:21:56.0088 6012  [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys
00:21:56.0119 6012  MBAMProtector - ok
00:21:56.0181 6012  [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:21:56.0212 6012  MBAMScheduler - ok
00:21:56.0244 6012  [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:21:56.0259 6012  MBAMService - ok
00:21:56.0290 6012  mbamswissarmy - ok
00:21:56.0306 6012  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll
00:21:56.0322 6012  Mcx2Svc - ok
00:21:56.0353 6012  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys
00:21:56.0368 6012  megasas - ok
00:21:56.0384 6012  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys
00:21:56.0400 6012  MegaSR - ok
00:21:56.0446 6012  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys
00:21:56.0446 6012  MEIx64 - ok
00:21:56.0509 6012  Microsoft SharePoint Workspace Audit Service - ok
00:21:56.0540 6012  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll
00:21:56.0587 6012  MMCSS - ok
00:21:56.0587 6012  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys
00:21:56.0649 6012  Modem - ok
00:21:56.0680 6012  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys
00:21:56.0727 6012  monitor - ok
00:21:56.0758 6012  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys
00:21:56.0774 6012  mouclass - ok
00:21:56.0790 6012  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys
00:21:56.0805 6012  mouhid - ok
00:21:56.0836 6012  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys
00:21:56.0852 6012  mountmgr - ok
00:21:56.0868 6012  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys
00:21:56.0883 6012  mpio - ok
00:21:56.0899 6012  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys
00:21:56.0930 6012  mpsdrv - ok
00:21:56.0961 6012  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll
00:21:57.0024 6012  MpsSvc - ok
00:21:57.0055 6012  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys
00:21:57.0070 6012  MRxDAV - ok
00:21:57.0102 6012  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys
00:21:57.0117 6012  mrxsmb - ok
00:21:57.0148 6012  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys
00:21:57.0164 6012  mrxsmb10 - ok
00:21:57.0180 6012  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys
00:21:57.0195 6012  mrxsmb20 - ok
00:21:57.0195 6012  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\DRIVERS\msahci.sys
00:21:57.0211 6012  msahci - ok
00:21:57.0226 6012  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys
00:21:57.0242 6012  msdsm - ok
00:21:57.0258 6012  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe
00:21:57.0289 6012  MSDTC - ok
00:21:57.0320 6012  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys
00:21:57.0351 6012  Msfs - ok
00:21:57.0382 6012  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys
00:21:57.0429 6012  mshidkmdf - ok
00:21:57.0445 6012  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys
00:21:57.0460 6012  msisadrv - ok
00:21:57.0476 6012  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll
00:21:57.0523 6012  MSiSCSI - ok
00:21:57.0523 6012  msiserver - ok
00:21:57.0554 6012  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys
00:21:57.0601 6012  MSKSSRV - ok
00:21:57.0616 6012  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys
00:21:57.0648 6012  MSPCLOCK - ok
00:21:57.0663 6012  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys
00:21:57.0710 6012  MSPQM - ok
00:21:57.0726 6012  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys
00:21:57.0741 6012  MsRPC - ok
00:21:57.0757 6012  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\drivers\mssmbios.sys
00:21:57.0772 6012  mssmbios - ok
00:21:57.0788 6012  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys
00:21:57.0835 6012  MSTEE - ok
00:21:57.0850 6012  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys
00:21:57.0866 6012  MTConfig - ok
00:21:57.0866 6012  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys
00:21:57.0882 6012  Mup - ok
00:21:57.0913 6012  [ 50B99D53BC013458381C6476D790C9F3 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
00:21:57.0944 6012  MyWiFiDHCPDNS - ok
00:21:57.0975 6012  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll
00:21:58.0022 6012  napagent - ok
00:21:58.0084 6012  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys
00:21:58.0147 6012  NativeWifiP - ok
00:21:58.0225 6012  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys
00:21:58.0256 6012  NDIS - ok
00:21:58.0303 6012  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys
00:21:58.0334 6012  NdisCap - ok
00:21:58.0365 6012  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys
00:21:58.0396 6012  NdisTapi - ok
00:21:58.0412 6012  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys
00:21:58.0459 6012  Ndisuio - ok
00:21:58.0474 6012  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys
00:21:58.0521 6012  NdisWan - ok
00:21:58.0537 6012  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys
00:21:58.0568 6012  NDProxy - ok
00:21:58.0584 6012  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys
00:21:58.0630 6012  NetBIOS - ok
00:21:58.0646 6012  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys
00:21:58.0677 6012  NetBT - ok
00:21:58.0708 6012  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe
00:21:58.0724 6012  Netlogon - ok
00:21:58.0771 6012  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll
00:21:58.0864 6012  Netman - ok
00:21:58.0880 6012  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll
00:21:58.0942 6012  netprofm - ok
00:21:58.0958 6012  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:21:58.0958 6012  NetTcpPortSharing - ok
00:21:59.0130 6012  [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64        C:\windows\system32\DRIVERS\NETwNs64.sys
00:21:59.0332 6012  NETwNs64 - ok
00:21:59.0364 6012  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys
00:21:59.0364 6012  nfrd960 - ok
00:21:59.0395 6012  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\windows\System32\nlasvc.dll
00:21:59.0426 6012  NlaSvc - ok
00:21:59.0442 6012  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys
00:21:59.0473 6012  Npfs - ok
00:21:59.0504 6012  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll
00:21:59.0551 6012  nsi - ok
00:21:59.0566 6012  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys
00:21:59.0613 6012  nsiproxy - ok
00:21:59.0691 6012  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys
00:21:59.0738 6012  Ntfs - ok
00:21:59.0769 6012  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys
00:21:59.0801 6012  Null - ok
00:21:59.0816 6012  [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub        C:\windows\system32\DRIVERS\nusb3hub.sys
00:21:59.0832 6012  nusb3hub - ok
00:21:59.0847 6012  [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc        C:\windows\system32\DRIVERS\nusb3xhc.sys
00:21:59.0863 6012  nusb3xhc - ok
00:21:59.0894 6012  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys
00:21:59.0941 6012  nvraid - ok
00:21:59.0972 6012  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys
00:22:00.0003 6012  nvstor - ok
00:22:00.0035 6012  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys
00:22:00.0050 6012  nv_agp - ok
00:22:00.0050 6012  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys
00:22:00.0066 6012  ohci1394 - ok
00:22:00.0113 6012  [ 4965B005492CBA7719E82B71E3245495 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:22:00.0144 6012  ose64 - ok
00:22:00.0284 6012  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:22:00.0440 6012  osppsvc - ok
00:22:00.0487 6012  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll
00:22:00.0534 6012  p2pimsvc - ok
00:22:00.0549 6012  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll
00:22:00.0565 6012  p2psvc - ok
00:22:00.0596 6012  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys
00:22:00.0612 6012  Parport - ok
00:22:00.0627 6012  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys
00:22:00.0643 6012  partmgr - ok
00:22:00.0674 6012  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll
00:22:00.0721 6012  PcaSvc - ok
00:22:00.0752 6012  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys
00:22:00.0768 6012  pci - ok
00:22:00.0768 6012  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\DRIVERS\pciide.sys
00:22:00.0783 6012  pciide - ok
00:22:00.0799 6012  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys
00:22:00.0815 6012  pcmcia - ok
00:22:00.0830 6012  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys
00:22:00.0830 6012  pcw - ok
00:22:00.0846 6012  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys
00:22:00.0908 6012  PEAUTH - ok
00:22:00.0986 6012  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe
00:22:01.0033 6012  PerfHost - ok
00:22:01.0095 6012  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\windows\system32\DRIVERS\pgeffect.sys
00:22:01.0095 6012  PGEffect - ok
00:22:01.0142 6012  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll
00:22:01.0220 6012  pla - ok
00:22:01.0251 6012  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll
00:22:01.0283 6012  PlugPlay - ok
00:22:01.0314 6012  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll
00:22:01.0345 6012  PNRPAutoReg - ok
00:22:01.0361 6012  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll
00:22:01.0376 6012  PNRPsvc - ok
00:22:01.0407 6012  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll
00:22:01.0454 6012  PolicyAgent - ok
00:22:01.0485 6012  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll
00:22:01.0563 6012  Power - ok
00:22:01.0610 6012  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys
00:22:01.0688 6012  PptpMiniport - ok
00:22:01.0704 6012  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys
00:22:01.0751 6012  Processor - ok
00:22:01.0797 6012  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll
00:22:01.0844 6012  ProfSvc - ok
00:22:01.0860 6012  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
00:22:01.0875 6012  ProtectedStorage - ok
00:22:01.0907 6012  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys
00:22:01.0969 6012  Psched - ok
00:22:02.0016 6012  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys
00:22:02.0063 6012  ql2300 - ok
00:22:02.0078 6012  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys
00:22:02.0094 6012  ql40xx - ok
00:22:02.0125 6012  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll
00:22:02.0141 6012  QWAVE - ok
00:22:02.0172 6012  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys
00:22:02.0219 6012  QWAVEdrv - ok
00:22:02.0219 6012  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys
00:22:02.0265 6012  RasAcd - ok
00:22:02.0297 6012  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys
00:22:02.0328 6012  RasAgileVpn - ok
00:22:02.0359 6012  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll
00:22:02.0406 6012  RasAuto - ok
00:22:02.0421 6012  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys
00:22:02.0484 6012  Rasl2tp - ok
00:22:02.0515 6012  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll
00:22:02.0562 6012  RasMan - ok
00:22:02.0593 6012  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys
00:22:02.0640 6012  RasPppoe - ok
00:22:02.0655 6012  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys
00:22:02.0702 6012  RasSstp - ok
00:22:02.0718 6012  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys
00:22:02.0765 6012  rdbss - ok
00:22:02.0780 6012  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys
00:22:02.0811 6012  rdpbus - ok
00:22:02.0827 6012  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys
00:22:02.0858 6012  RDPCDD - ok
00:22:02.0874 6012  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys
00:22:02.0952 6012  RDPENCDD - ok
00:22:02.0952 6012  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys
00:22:02.0999 6012  RDPREFMP - ok
00:22:03.0030 6012  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys
00:22:03.0045 6012  RDPWD - ok
00:22:03.0077 6012  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys
00:22:03.0108 6012  rdyboost - ok
00:22:03.0170 6012  [ 18505D90FEE940EE9EAE4C5B421F22B4 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
00:22:03.0233 6012  RegSrvc - ok
00:22:03.0264 6012  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll
00:22:03.0326 6012  RemoteAccess - ok
00:22:03.0373 6012  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll
00:22:03.0404 6012  RemoteRegistry - ok
00:22:03.0420 6012  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll
00:22:03.0467 6012  RpcEptMapper - ok
00:22:03.0498 6012  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe
00:22:03.0498 6012  RpcLocator - ok
00:22:03.0529 6012  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll
00:22:03.0560 6012  RpcSs - ok
00:22:03.0607 6012  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys
00:22:03.0654 6012  rspndr - ok
00:22:03.0716 6012  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys
00:22:03.0732 6012  RTL8167 - ok
00:22:03.0747 6012  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe
00:22:03.0763 6012  SamSs - ok
00:22:03.0779 6012  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys
00:22:03.0794 6012  sbp2port - ok
00:22:03.0825 6012  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll
00:22:03.0857 6012  SCardSvr - ok
00:22:03.0888 6012  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys
00:22:03.0966 6012  scfilter - ok
00:22:03.0997 6012  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll
00:22:04.0059 6012  Schedule - ok
00:22:04.0091 6012  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll
00:22:04.0122 6012  SCPolicySvc - ok
00:22:04.0169 6012  [ 408DF925E1B39300363A1A3758083825 ] scsk5           C:\windows\syswow64\drivers\scsk5.sys
00:22:04.0200 6012  scsk5 - ok
00:22:04.0215 6012  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\windows\system32\DRIVERS\sdbus.sys
00:22:04.0262 6012  sdbus - ok
00:22:04.0293 6012  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll
00:22:04.0325 6012  SDRSVC - ok
00:22:04.0356 6012  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys
00:22:04.0403 6012  secdrv - ok
00:22:04.0418 6012  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll
00:22:04.0449 6012  seclogon - ok
00:22:04.0496 6012  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll
00:22:04.0574 6012  SENS - ok
00:22:04.0590 6012  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll
00:22:04.0621 6012  SensrSvc - ok
00:22:04.0637 6012  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys
00:22:04.0683 6012  Serenum - ok
00:22:04.0715 6012  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys
00:22:04.0746 6012  Serial - ok
00:22:04.0777 6012  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys
00:22:04.0839 6012  sermouse - ok
00:22:04.0886 6012  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll
00:22:04.0964 6012  SessionEnv - ok
00:22:04.0980 6012  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys
00:22:04.0995 6012  sffdisk - ok
00:22:05.0027 6012  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys
00:22:05.0073 6012  sffp_mmc - ok
00:22:05.0089 6012  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys
00:22:05.0120 6012  sffp_sd - ok
00:22:05.0136 6012  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys
00:22:05.0167 6012  sfloppy - ok
00:22:05.0214 6012  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll
00:22:05.0292 6012  SharedAccess - ok
00:22:05.0323 6012  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
00:22:05.0385 6012  ShellHWDetection - ok
00:22:05.0385 6012  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys
00:22:05.0401 6012  SiSRaid2 - ok
00:22:05.0432 6012  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys
00:22:05.0448 6012  SiSRaid4 - ok
00:22:05.0479 6012  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys
00:22:05.0526 6012  Smb - ok
00:22:05.0557 6012  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe
00:22:05.0588 6012  SNMPTRAP - ok
00:22:05.0619 6012  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys
00:22:05.0635 6012  spldr - ok
00:22:05.0666 6012  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe
00:22:05.0729 6012  Spooler - ok
00:22:05.0791 6012  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe
00:22:05.0900 6012  sppsvc - ok
00:22:05.0916 6012  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll
00:22:05.0947 6012  sppuinotify - ok
00:22:05.0994 6012  [ 602884696850C86434530790B110E8EB ] sptd            C:\windows\system32\Drivers\sptd.sys
00:22:06.0009 6012  Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
00:22:06.0009 6012  sptd ( LockedFile.Multi.Generic ) - warning
00:22:06.0009 6012  sptd - detected LockedFile.Multi.Generic (1)
00:22:06.0056 6012  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys
00:22:06.0103 6012  srv - ok
00:22:06.0119 6012  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys
00:22:06.0165 6012  srv2 - ok
00:22:06.0181 6012  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys
00:22:06.0197 6012  srvnet - ok
00:22:06.0243 6012  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll
00:22:06.0306 6012  SSDPSRV - ok
00:22:06.0321 6012  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll
00:22:06.0368 6012  SstpSvc - ok
00:22:06.0384 6012  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys
00:22:06.0384 6012  stexstor - ok
00:22:06.0446 6012  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll
00:22:06.0493 6012  stisvc - ok
00:22:06.0509 6012  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\drivers\swenum.sys
00:22:06.0524 6012  swenum - ok
00:22:06.0555 6012  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll
00:22:06.0618 6012  swprv - ok
00:22:06.0665 6012  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys
00:22:06.0696 6012  SynTP - ok
00:22:06.0758 6012  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll
00:22:06.0852 6012  SysMain - ok
00:22:06.0883 6012  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
00:22:06.0914 6012  TabletInputService - ok
00:22:06.0945 6012  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll
00:22:07.0039 6012  TapiSrv - ok
00:22:07.0055 6012  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll
00:22:07.0086 6012  TBS - ok
00:22:07.0179 6012  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip           C:\windows\system32\drivers\tcpip.sys
00:22:07.0242 6012  Tcpip - ok
00:22:07.0273 6012  [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys
00:22:07.0304 6012  TCPIP6 - ok
00:22:07.0335 6012  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys
00:22:07.0351 6012  tcpipreg - ok
00:22:07.0398 6012  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\windows\system32\DRIVERS\tdcmdpst.sys
00:22:07.0413 6012  tdcmdpst - ok
00:22:07.0445 6012  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys
00:22:07.0476 6012  TDPIPE - ok
00:22:07.0491 6012  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys
00:22:07.0523 6012  TDTCP - ok
00:22:07.0538 6012  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys
00:22:07.0585 6012  tdx - ok
00:22:07.0601 6012  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\drivers\termdd.sys
00:22:07.0616 6012  TermDD - ok
00:22:07.0647 6012  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll
00:22:07.0710 6012  TermService - ok
00:22:07.0725 6012  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll
00:22:07.0741 6012  Themes - ok
00:22:07.0788 6012  [ 7F35CA8296A52C7161088EB1D952E8ED ] Thpdrv          C:\windows\system32\DRIVERS\thpdrv.sys
00:22:07.0819 6012  Thpdrv - ok
00:22:07.0835 6012  [ B4E609047434ED948AF7BDEF2FA66E38 ] Thpevm          C:\windows\system32\DRIVERS\Thpevm.SYS
00:22:07.0866 6012  Thpevm - ok
00:22:07.0897 6012  [ 0B4734AE9EC70B843DF02E7B1C056377 ] Thpsrv          C:\windows\system32\ThpSrv.exe
00:22:07.0928 6012  Thpsrv ( UnsignedFile.Multi.Generic ) - warning
00:22:07.0928 6012  Thpsrv - detected UnsignedFile.Multi.Generic (1)
00:22:07.0928 6012  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll
00:22:07.0975 6012  THREADORDER - ok
00:22:08.0037 6012  [ 521C21E7F6EAB98679F90CA4E135FB95 ] TMachInfo       C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:22:08.0053 6012  TMachInfo - ok
00:22:08.0115 6012  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv         C:\windows\system32\TODDSrv.exe
00:22:08.0131 6012  TODDSrv - ok
00:22:08.0178 6012  [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:22:08.0209 6012  TosCoSrv - ok
00:22:08.0271 6012  [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
00:22:08.0303 6012  TOSHIBA eco Utility Service - ok
00:22:08.0334 6012  [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:22:08.0349 6012  TOSHIBA HDD SSD Alert Service - ok
00:22:08.0381 6012  [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64       C:\windows\system32\DRIVERS\tos_sps64.sys
00:22:08.0412 6012  tos_sps64 - ok
00:22:08.0459 6012  [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv         C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
00:22:08.0490 6012  TPCHSrv - ok
00:22:08.0521 6012  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll
00:22:08.0568 6012  TrkWks - ok
00:22:08.0599 6012  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
00:22:08.0630 6012  TrustedInstaller - ok
00:22:08.0661 6012  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys
00:22:08.0708 6012  tssecsrv - ok
00:22:08.0739 6012  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys
00:22:08.0739 6012  TsUsbFlt - ok
00:22:08.0771 6012  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys
00:22:08.0802 6012  TsUsbGD - ok
00:22:08.0817 6012  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys
00:22:08.0880 6012  tunnel - ok
00:22:08.0927 6012  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ           C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:22:08.0942 6012  TVALZ - ok
00:22:08.0989 6012  [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL         C:\windows\system32\DRIVERS\TVALZFL.sys
00:22:09.0005 6012  TVALZFL - ok
00:22:09.0036 6012  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys
00:22:09.0067 6012  uagp35 - ok
00:22:09.0083 6012  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys
00:22:09.0207 6012  udfs - ok
00:22:09.0239 6012  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe
00:22:09.0254 6012  UI0Detect - ok
00:22:09.0285 6012  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys
00:22:09.0301 6012  uliagpkx - ok
00:22:09.0332 6012  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys
00:22:09.0348 6012  umbus - ok
00:22:09.0379 6012  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys
00:22:09.0395 6012  UmPass - ok
00:22:09.0551 6012  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:22:09.0613 6012  UNS - ok
00:22:09.0644 6012  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll
00:22:09.0738 6012  upnphost - ok
00:22:09.0785 6012  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64       C:\windows\system32\Drivers\usbaapl64.sys
00:22:09.0800 6012  USBAAPL64 - ok
00:22:09.0847 6012  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys
00:22:09.0863 6012  usbccgp - ok
00:22:09.0878 6012  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys
00:22:09.0894 6012  usbcir - ok
00:22:09.0925 6012  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys
00:22:09.0941 6012  usbehci - ok
00:22:10.0003 6012  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys
00:22:10.0050 6012  usbhub - ok
00:22:10.0065 6012  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys
00:22:10.0097 6012  usbohci - ok
00:22:10.0112 6012  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys
00:22:10.0143 6012  usbprint - ok
00:22:10.0190 6012  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys
00:22:10.0221 6012  usbscan - ok
00:22:10.0237 6012  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS
00:22:10.0268 6012  USBSTOR - ok
00:22:10.0299 6012  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys
00:22:10.0331 6012  usbuhci - ok
00:22:10.0362 6012  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys
00:22:10.0409 6012  usbvideo - ok
00:22:10.0440 6012  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll
00:22:10.0518 6012  UxSms - ok
00:22:10.0533 6012  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe
00:22:10.0533 6012  VaultSvc - ok
00:22:10.0565 6012  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys
00:22:10.0580 6012  vdrvroot - ok
00:22:10.0596 6012  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe
00:22:10.0643 6012  vds - ok
00:22:10.0674 6012  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys
00:22:10.0689 6012  vga - ok
00:22:10.0689 6012  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys
00:22:10.0736 6012  VgaSave - ok
00:22:10.0752 6012  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys
00:22:10.0767 6012  vhdmp - ok
00:22:10.0783 6012  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys
00:22:10.0799 6012  viaide - ok
00:22:10.0814 6012  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys
00:22:10.0814 6012  volmgr - ok
00:22:10.0861 6012  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys
00:22:10.0877 6012  volmgrx - ok
00:22:10.0892 6012  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap         C:\windows\system32\drivers\volsnap.sys
00:22:10.0908 6012  volsnap - ok
00:22:10.0923 6012  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys
00:22:10.0939 6012  vsmraid - ok
00:22:10.0986 6012  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe
00:22:11.0048 6012  VSS - ok
00:22:11.0064 6012  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys
00:22:11.0095 6012  vwifibus - ok
00:22:11.0126 6012  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys
00:22:11.0157 6012  vwififlt - ok
00:22:11.0189 6012  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys
00:22:11.0204 6012  vwifimp - ok
00:22:11.0251 6012  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll
00:22:11.0282 6012  W32Time - ok
00:22:11.0313 6012  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys
00:22:11.0329 6012  WacomPen - ok
00:22:11.0376 6012  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys
00:22:11.0438 6012  WANARP - ok
00:22:11.0454 6012  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys
00:22:11.0485 6012  Wanarpv6 - ok
00:22:11.0563 6012  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\windows\system32\Wat\WatAdminSvc.exe
00:22:11.0594 6012  WatAdminSvc - ok
00:22:11.0703 6012  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe
00:22:11.0766 6012  wbengine - ok
00:22:11.0781 6012  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll
00:22:11.0813 6012  WbioSrvc - ok
00:22:11.0828 6012  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll
00:22:11.0859 6012  wcncsvc - ok
00:22:11.0891 6012  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
00:22:11.0922 6012  WcsPlugInService - ok
00:22:11.0937 6012  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys
00:22:11.0953 6012  Wd - ok
00:22:12.0000 6012  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys
00:22:12.0062 6012  Wdf01000 - ok
00:22:12.0078 6012  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll
00:22:12.0109 6012  WdiServiceHost - ok
00:22:12.0109 6012  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll
00:22:12.0125 6012  WdiSystemHost - ok
00:22:12.0156 6012  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll
00:22:12.0187 6012  WebClient - ok
00:22:12.0218 6012  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll
00:22:12.0265 6012  Wecsvc - ok
00:22:12.0296 6012  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll
00:22:12.0327 6012  wercplsupport - ok
00:22:12.0374 6012  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll
00:22:12.0468 6012  WerSvc - ok
00:22:12.0499 6012  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys
00:22:12.0530 6012  WfpLwf - ok
00:22:12.0546 6012  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys
00:22:12.0546 6012  WIMMount - ok
00:22:12.0561 6012  WinDefend - ok
00:22:12.0577 6012  WinHttpAutoProxySvc - ok
00:22:12.0624 6012  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll
00:22:12.0686 6012  Winmgmt - ok
00:22:12.0764 6012  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll
00:22:12.0827 6012  WinRM - ok
00:22:12.0873 6012  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys
00:22:12.0889 6012  WinUsb - ok
00:22:12.0920 6012  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll
00:22:12.0967 6012  Wlansvc - ok
00:22:13.0014 6012  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:22:13.0045 6012  wlcrasvc - ok
00:22:13.0139 6012  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:22:13.0201 6012  wlidsvc - ok
00:22:13.0217 6012  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\drivers\wmiacpi.sys
00:22:13.0248 6012  WmiAcpi - ok
00:22:13.0279 6012  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe
00:22:13.0295 6012  wmiApSrv - ok
00:22:13.0326 6012  WMPNetworkSvc - ok
00:22:13.0341 6012  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll
00:22:13.0357 6012  WPCSvc - ok
00:22:13.0373 6012  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll
00:22:13.0404 6012  WPDBusEnum - ok
00:22:13.0419 6012  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys
00:22:13.0451 6012  ws2ifsl - ok
00:22:13.0466 6012  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll
00:22:13.0497 6012  wscsvc - ok
00:22:13.0497 6012  WSearch - ok
00:22:13.0591 6012  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll
00:22:13.0653 6012  wuauserv - ok
00:22:13.0685 6012  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\windows\system32\drivers\WudfPf.sys
00:22:13.0716 6012  WudfPf - ok
00:22:13.0747 6012  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys
00:22:13.0778 6012  WUDFRd - ok
00:22:13.0809 6012  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\windows\System32\WUDFSvc.dll
00:22:13.0841 6012  wudfsvc - ok
00:22:13.0872 6012  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\windows\System32\wwansvc.dll
00:22:13.0903 6012  WwanSvc - ok
00:22:13.0919 6012  ================ Scan global ===============================
00:22:13.0934 6012  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
00:22:13.0965 6012  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
00:22:13.0981 6012  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll
00:22:14.0012 6012  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
00:22:14.0043 6012  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
00:22:14.0043 6012  [Global] - ok
00:22:14.0043 6012  ================ Scan MBR ==================================
00:22:14.0059 6012  [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
00:22:15.0089 6012  \Device\Harddisk0\DR0 - ok
00:22:15.0104 6012  ================ Scan VBR ==================================
00:22:15.0135 6012  [ D4E59C7E3FAA7F07055A690E479E7914 ] \Device\Harddisk0\DR0\Partition1
00:22:15.0135 6012  \Device\Harddisk0\DR0\Partition1 - ok
00:22:15.0135 6012  ============================================================
00:22:15.0135 6012  Scan finished
00:22:15.0135 6012  ============================================================
00:22:15.0151 5336  Detected object count: 2
00:22:15.0151 5336  Actual detected object count: 2
00:22:25.0369 5336  sptd ( LockedFile.Multi.Generic ) - skipped by user
00:22:25.0369 5336  sptd ( LockedFile.Multi.Generic ) - User select action: Skip
00:22:25.0369 5336  Thpsrv ( UnsignedFile.Multi.Generic ) - skipped by user
00:22:25.0369 5336  Thpsrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
 

Link to post
Share on other sites

  • Root Admin

Okay well that is a bit odd.

Please visit this webpage for instructions on downloading and running ComboFix: How to use ComboFix

Please make sure you disable your security applications before running ComboFix.

Once Combofix has completed it will produce and open a log file. Please attach that log file to your next reply.

If needed the file can be located here: C:\combofix.txt

Link to post
Share on other sites

ComboFix 13-06-21.01 - Jonathan 06/21/2013   0:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.4406 [GMT -5:00]
Running from: c:\users\Jonathan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\IESide
c:\programdata\Roaming
c:\windows\SysWow64\settings.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-21 to 2013-06-21  )))))))))))))))))))))))))))))))
.
.
2013-06-21 06:12 . 2013-06-21 06:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-21 05:36 . 2013-06-21 05:36 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Malwarebytes
2013-06-21 05:35 . 2013-06-21 05:35 -------- d-----w- c:\programdata\Malwarebytes
2013-06-21 05:35 . 2013-06-21 05:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-21 05:35 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-21 04:02 . 2013-06-21 04:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-21 01:49 . 2013-06-21 01:49 -------- d-----w- c:\program files\Common Files\DESIGNER
2013-06-21 01:48 . 2013-06-21 01:48 -------- d-----w- c:\program files\Microsoft Synchronization Services
2013-06-12 08:01 . 2013-05-17 01:25 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-12 07:59 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 07:59 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 07:59 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-24 23:56 . 2013-05-24 23:56 -------- d-----w- c:\users\Jonathan\AppData\Local\Unity
2013-05-24 23:56 . 2013-05-24 23:56 -------- d-----w- c:\users\Jonathan\AppData\Local\Deployment
2013-05-24 23:56 . 2013-05-24 23:56 -------- d-----w- c:\users\Jonathan\AppData\Local\Apps
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 08:23 . 2011-03-29 02:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-12 08:02 . 2012-03-26 19:47 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-12 08:01 . 2012-06-22 23:20 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:01 . 2012-06-22 23:20 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59 . 2013-03-09 04:12 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-09 04:12 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-10-25 23:04 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-10-25 23:04 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-10-25 23:04 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-10-25 23:03 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-10-25 23:04 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-10-25 23:03 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-10-25 23:03 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-10-25 23:03 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-04-22 21:45 . 2013-04-22 21:44 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 04:08 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 04:08 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 04:08 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 04:08 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 04:08 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 04:08 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 17:26 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 04:08 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 04:08 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 04:07 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 10:36 . 2012-06-22 22:16 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-04 10:35 . 2011-11-22 04:31 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-15 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 scsk5;SCSK5 Driver Service;syswow64\drivers\scsk5.sys;syswow64\drivers\scsk5.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-19 18:20 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 08:01]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557119738-1074671890-1450825161-1000Core.job
- c:\users\Jonathan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-26 03:17]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2557119738-1074671890-1450825161-1000UA.job
- c:\users\Jonathan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-03-26 03:17]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 19:52]
.
2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-20 19:52]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557119738-1074671890-1450825161-1000Core.job
- c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 06:05]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2557119738-1074671890-1450825161-1000UA.job
- c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-10 06:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: ieside.com
TCP: DhcpNameServer = 192.168.1.254




.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
AddRemove-SoftcampSCSK - c:\windows\system32\UnSCSK.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\03\01\1a\16\01\17\17"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-21  01:15:28
ComboFix-quarantined-files.txt  2013-06-21 06:15
.
Pre-Run: 516,643,987,456 bytes free
Post-Run: 516,612,845,568 bytes free
.
- - End Of File - - 23D6BFCAE46E49F82E07921EB733D3F2
D41D8CD98F00B204E9800998ECF8427E
 

Link to post
Share on other sites

  • Root Admin

Please backup your Registry and then move on to the next step.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02

Please download AdwCleaner from here and save it on your Desktop.

  • On XP double click on adwcleaner.exe to to launch the application.
  • On Vista or Windows 7 Right-click on adwcleaner.exe and select Run As administrator to launch the application.
  • Now click on the Search button.
  • Please post the contents of the log-file created in your next reply.
  • Note: The log can also be located at root (or top) of the C: volume. C:\AdwCleaner[XX].txt XX <-- Denotes the number of times the application has been run.
Link to post
Share on other sites

  • Root Admin

Scan with aswMBR

Please download aswMBR.exe to your desktop.

  • Double-click the aswMBR.exe to run it
  • When prompted with The application can use the Avast! Free Antivirus for scanning >> select No
  • Now click on the Scan button to start scan
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
Note: There will also be a file on your desktop named MBR.dat(or similir) do not delete this for now it is a actual backup of the MBR(master boot record).

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.