Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Ads in Left and Right lower corners of browser windows

  1. #1
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default Ads in Left and Right lower corners of browser windows

    Any suggestions for how to get rid of it? Here are the logs. Thanks!

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by Paolo at 16:30:31 on 2012-12-28
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1536 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\SysWOW64\NlsSrv32.exe
    C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Paolo\Desktop\RogueKiller.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\explorer.exe
    C:\Windows\SysWOW64\notepad.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Windows\SysWOW64\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mWinlogon: Userinit = userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 10.0.1.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F} : DHCPNameServer = 10.0.1.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\16262716D637 : DHCPNameServer = 192.168.2.1 208.59.247.45 208.59.247.46
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\25F434B435451425 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\341435549535 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\4586560274F6F63756 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\84F44554C4023514E445F40244F4D49474F4 : DHCPNameServer = 10.10.0.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\84F44554C43514E445F444F4D494E474F4 : DHCPNameServer = 10.10.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
    x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    Hosts: 199.193.118.246 www.google-analytics.com.
    Hosts: 199.193.118.246 ad-emea.doubleclick.net.
    Hosts: 199.193.118.246 www.statcounter.com.
    Hosts: 199.193.118.246 connect.facebook.net.
    Hosts: 93.115.241.27 www.google-analytics.com.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\zgcavgnb.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Paolo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-7-12 24680]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2008-1-11 33400]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2007-9-4 14872]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2011-12-22 482384]
    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Paolo\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-8-28 23208]
    R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-5 1500424]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe --> C:\Windows\System32\NlsSrv32.exe [?]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
    R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
    R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
    R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-21 287232]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-6-25 76912]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-12-22 35008]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-22 54136]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-30 245760]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-12-21 232992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-22 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
    .
    =============== Created Last 30 ================
    .
    2012-12-28 20:54:14 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A113ECAE-1C11-4340-863E-DBB7E1B61BB9}\mpengine.dll
    2012-12-28 20:38:33 -------- d-----w- C:\2af7b4aad8de03f831b03b
    2012-12-27 18:38:53 9125352 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-12-27 17:57:42 959976 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-12-27 17:57:41 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-12-27 17:57:25 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-12-27 16:44:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-12-27 16:44:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-12-26 17:38:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-26 17:38:15 -------- d-----w- C:\Program Files\iTunes
    2012-12-26 17:38:15 -------- d-----w- C:\Program Files\iPod
    2012-12-26 17:38:15 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-12-08 17:08:39 -------- d-----r- C:\Program Files (x86)\Skype
    2012-12-07 04:11:43 -------- d-----w- C:\Users\Paolo\AppData\Roaming\System
    .
    ==================== Find3M ====================
    .
    2012-12-27 16:15:50 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-27 16:15:49 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-30 00:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 16:32:20.69 ===============



    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-12-28 16:44:35
    -----------------------------
    16:44:35.589 OS Version: Windows x64 6.1.7601 Service Pack 1
    16:44:35.589 Number of processors: 4 586 0x2505
    16:44:35.600 ComputerName: PAOLO-PC UserName: Paolo
    16:44:38.433 Initialze error C000010E - driver not loaded
    16:44:38.653 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
    16:45:16.771 AVAST engine defs: 12122800
    16:46:57.797 The log file has been saved successfully to "C:\Users\Paolo\Desktop\aswMBR.txt"

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please post contents of attach.txt from DDS run too
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/21/2011 1:15:39 PM
    System Uptime: 12/28/2012 3:43:14 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz | CPU | 1190/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 455 GiB total, 250.978 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\TOS1901\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
    Service:
    .
    ==== System Restore Points ===================
    .
    RP174: 12/4/2012 8:56:52 PM - Windows Update
    RP175: 12/9/2012 10:54:08 AM - Windows Update
    RP176: 12/12/2012 8:08:37 PM - Windows Update
    RP177: 12/16/2012 11:44:50 AM - Windows Update
    RP178: 12/19/2012 11:42:56 PM - Windows Update
    RP179: 12/23/2012 11:27:21 AM - Windows Update
    RP180: 12/26/2012 12:54:49 PM - Windows Update
    RP181: 12/27/2012 12:56:16 PM - Installed Java 7 Update 10 (64-bit)
    RP182: 12/28/2012 3:29:19 PM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 199.193.118.246 www.google-analytics.com.
    Hosts: 199.193.118.246 ad-emea.doubleclick.net.
    Hosts: 199.193.118.246 www.statcounter.com.
    Hosts: 199.193.118.246 connect.facebook.net.
    Hosts: 93.115.241.27 www.google-analytics.com.
    Hosts: 93.115.241.27 ad-emea.doubleclick.net.
    Hosts: 93.115.241.27 www.statcounter.com.
    Hosts: 93.115.241.27 connect.facebook.net.
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    7-Zip 9.20
    Adobe AIR
    Adobe Flash Player 11 ActiveX 64-bit
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.1)
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcGIS Desktop 10
    ArcGIS License Manager 10
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Audacity 1.3.13 (Unicode)
    Bonjour
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dragon Age: Origins
    Dropbox
    EA Installer
    EA Shared Game Component: Activation
    ERUNT 1.1j
    GameFly
    Geospatial Toolkit (remove only)
    Google Calendar Sync
    Google Chrome
    Google Earth
    Google Update Helper
    Heroes of Might and Magic V
    HL-2270DW
    iCloud
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Rapid Storage Technology
    Intel® PROSet/Wireless WiMAX Software
    Intel® Wireless Display
    iTunes
    Java 7 Update 10 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 30
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Juniper Networks Network Connect 7.0.0
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    Malwarebytes Anti-Malware version 1.65.1.1000
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2008 Native Client
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 17.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Display Control Panel
    NVIDIA Drivers
    NVIDIA PhysX
    NVIDIA Updatus
    OpenOffice.org 3.3
    Pharos
    QuickTime
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    RegistryKit v2.0
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
    Skype™ 6.0
    Spotify
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    The Elder Scrolls IV - Oblivion Game of the Year Deluxe Edition
    TOSHIBA DVD PLAYER
    TOSHIBA HDD Protection
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Web Camera Application
    trakAxPC
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Wondershare PDF to Word (Build 3.5.0)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2762895).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2761217).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2749655).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2732500).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2732487).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2732059).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2729094).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2661254).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for Windows 7 for x64-based Systems (KB2647753).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Update for User-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685813).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2770660).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2758857).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2753842).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2743555).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2727528).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2706045).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Windows 7 for x64-based Systems (KB2705219).
    12/28/2012 3:46:51 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80071a90: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2729452).
    12/28/2012 3:40:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2739159).
    12/28/2012 3:40:38 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition.
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2779562).
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows 7 for x64-based Systems (KB2763523).
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition.
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Kernel-Mode Driver Framework version 1.11 for Windows 7 for x64-based Systems (KB2685811).
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2779030).
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows 7 for x64-based Systems (KB2724197).
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition.
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition.
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2737019).
    12/28/2012 3:40:26 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2761465).
    12/28/2012 3:40:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for Windows 7 for x64-based Systems (KB2750841).
    12/28/2012 3:40:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Windows Malicious Software Removal Tool x64 - December 2012 (KB890830).
    12/28/2012 3:40:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition.
    12/28/2012 3:40:24 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition.
    12/28/2012 3:29:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2655.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/28/2012 3:29:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2655.0 Update Source: Microsoft Update Server Update Stage: Install Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/28/2012 3:29:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2655.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80240016 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    12/28/2012 3:19:39 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MACINTOSH-2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}. The master browser is stopping or an election is being forced.
    12/28/2012 12:57:46 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 12:57:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/28/2012 12:57:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/28/2012 12:57:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/28/2012 12:57:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/28/2012 12:57:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/28/2012 12:57:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/28/2012 12:57:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/28/2012 12:57:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    12/26/2012 9:46:38 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
    12/26/2012 12:36:05 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.
    12/26/2012 12:35:05 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/26/2012 12:34:49 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    12/21/2012 6:36:22 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.141.2263.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9002.0 Error code: 0x80244019 Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    .
    ==== End Of File ===========================

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select skip and click Continue.
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    Here it is. I guess last time it was too long, and I didn't realize it hadn't posted.

    18:59:33.0041 2784 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    18:59:33.0371 2784 ============================================================
    18:59:33.0381 2784 Current date / time: 2013/01/02 18:59:33.0371
    18:59:33.0381 2784 SystemInfo:
    18:59:33.0381 2784
    18:59:33.0381 2784 OS Version: 6.1.7601 ServicePack: 1.0
    18:59:33.0381 2784 Product type: Workstation
    18:59:33.0381 2784 ComputerName: PAOLO-PC
    18:59:33.0381 2784 UserName: Paolo
    18:59:33.0381 2784 Windows directory: C:\Windows
    18:59:33.0381 2784 System windows directory: C:\Windows
    18:59:33.0381 2784 Running under WOW64
    18:59:33.0381 2784 Processor architecture: Intel x64
    18:59:33.0381 2784 Number of processors: 4
    18:59:33.0381 2784 Page size: 0x1000
    18:59:33.0381 2784 Boot type: Normal boot
    18:59:33.0381 2784 ============================================================
    18:59:34.0221 2784 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:59:34.0231 2784 ============================================================
    18:59:34.0231 2784 \Device\Harddisk0\DR0:
    18:59:34.0231 2784 MBR partitions:
    18:59:34.0231 2784 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38DEB800
    18:59:34.0231 2784 ============================================================
    18:59:34.0241 2784 C: <-> \Device\Harddisk0\DR0\Partition1
    18:59:34.0241 2784 ============================================================
    18:59:34.0241 2784 Initialize success
    18:59:34.0241 2784 ============================================================
    18:59:35.0711 4804 ============================================================
    18:59:35.0711 4804 Scan started
    18:59:35.0711 4804 Mode: Manual;
    18:59:35.0711 4804 ============================================================
    18:59:35.0841 4804 ================ Scan system memory ========================
    18:59:35.0841 4804 System memory - ok
    18:59:35.0841 4804 ================ Scan services =============================
    18:59:36.0051 4804 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    18:59:36.0051 4804 1394ohci - ok
    18:59:36.0361 4804 [ 3044D0F3FEB9FFE8BC953D8F34B5B504 ] A2DDA C:\Users\Paolo\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys
    18:59:36.0371 4804 A2DDA - ok
    18:59:36.0411 4804 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    18:59:36.0411 4804 ACPI - ok
    18:59:36.0461 4804 [ 12C5274CD87449A2A37A607CDB321922 ] acpials C:\Windows\system32\DRIVERS\acpials.sys
    18:59:36.0461 4804 acpials - ok
    18:59:36.0491 4804 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    18:59:36.0491 4804 AcpiPmi - ok
    18:59:36.0581 4804 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    18:59:36.0581 4804 AdobeARMservice - ok
    18:59:36.0661 4804 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    18:59:36.0671 4804 adp94xx - ok
    18:59:36.0731 4804 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    18:59:36.0731 4804 adpahci - ok
    18:59:36.0761 4804 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    18:59:36.0761 4804 adpu320 - ok
    18:59:36.0791 4804 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    18:59:36.0791 4804 AeLookupSvc - ok
    18:59:36.0831 4804 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    18:59:36.0841 4804 AFD - ok
    18:59:36.0891 4804 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    18:59:36.0891 4804 agp440 - ok
    18:59:36.0921 4804 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    18:59:36.0931 4804 ALG - ok
    18:59:36.0941 4804 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    18:59:36.0941 4804 aliide - ok
    18:59:36.0971 4804 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    18:59:36.0971 4804 amdide - ok
    18:59:37.0011 4804 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    18:59:37.0011 4804 AmdK8 - ok
    18:59:37.0031 4804 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    18:59:37.0031 4804 AmdPPM - ok
    18:59:37.0051 4804 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    18:59:37.0061 4804 amdsata - ok
    18:59:37.0091 4804 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    18:59:37.0111 4804 amdsbs - ok
    18:59:37.0121 4804 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    18:59:37.0121 4804 amdxata - ok
    18:59:37.0171 4804 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    18:59:37.0171 4804 AppID - ok
    18:59:37.0221 4804 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    18:59:37.0221 4804 AppIDSvc - ok
    18:59:37.0251 4804 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    18:59:37.0251 4804 Appinfo - ok
    18:59:37.0321 4804 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:59:37.0331 4804 Apple Mobile Device - ok
    18:59:37.0361 4804 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    18:59:37.0361 4804 arc - ok
    18:59:37.0461 4804 [ A1BA9E0F78AD9356AF750063197F4BDF ] ArcGIS License Manager C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
    18:59:37.0481 4804 ArcGIS License Manager - ok
    18:59:37.0501 4804 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    18:59:37.0511 4804 arcsas - ok
    18:59:37.0541 4804 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    18:59:37.0541 4804 AsyncMac - ok
    18:59:37.0571 4804 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    18:59:37.0581 4804 atapi - ok
    18:59:37.0631 4804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    18:59:37.0641 4804 AudioEndpointBuilder - ok
    18:59:37.0661 4804 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    18:59:37.0661 4804 AudioSrv - ok
    18:59:37.0711 4804 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    18:59:37.0711 4804 AxInstSV - ok
    18:59:37.0751 4804 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    18:59:37.0761 4804 b06bdrv - ok
    18:59:37.0781 4804 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    18:59:37.0791 4804 b57nd60a - ok
    18:59:37.0831 4804 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    18:59:37.0831 4804 BDESVC - ok
    18:59:37.0881 4804 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    18:59:37.0881 4804 Beep - ok
    18:59:37.0941 4804 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    18:59:37.0951 4804 BFE - ok
    18:59:38.0001 4804 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    18:59:38.0011 4804 BITS - ok
    18:59:38.0031 4804 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    18:59:38.0031 4804 blbdrive - ok
    18:59:38.0111 4804 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:59:38.0121 4804 Bonjour Service - ok
    18:59:38.0151 4804 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    18:59:38.0151 4804 bowser - ok
    18:59:38.0201 4804 [ F46DD257FAD7D2D097EF32E72220A06C ] bpenum C:\Windows\system32\DRIVERS\bpenum.sys
    18:59:38.0201 4804 bpenum - ok
    18:59:38.0221 4804 [ E82060AED0F28ED8909F2B07FA276185 ] bpmp C:\Windows\system32\DRIVERS\bpmp.sys
    18:59:38.0221 4804 bpmp - ok
    18:59:38.0261 4804 [ FC6313A5A45C1AE53D0491F0057D5A4D ] bpusb C:\Windows\system32\Drivers\bpusb.sys
    18:59:38.0271 4804 bpusb - ok
    18:59:38.0301 4804 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    18:59:38.0301 4804 BrFiltLo - ok
    18:59:38.0301 4804 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    18:59:38.0301 4804 BrFiltUp - ok
    18:59:38.0361 4804 [ 8EF0D5C41EC907751B8429162B1239ED ] Browser C:\Windows\System32\browser.dll
    18:59:38.0371 4804 Browser - ok
    18:59:38.0391 4804 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    18:59:38.0401 4804 Brserid - ok
    18:59:38.0411 4804 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    18:59:38.0411 4804 BrSerWdm - ok
    18:59:38.0411 4804 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    18:59:38.0421 4804 BrUsbMdm - ok
    18:59:38.0421 4804 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    18:59:38.0441 4804 BrUsbSer - ok
    18:59:38.0531 4804 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
    18:59:38.0711 4804 BrYNSvc - ok
    18:59:38.0721 4804 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    18:59:38.0721 4804 BTHMODEM - ok
    18:59:38.0761 4804 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    18:59:38.0761 4804 bthserv - ok
    18:59:38.0791 4804 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    18:59:38.0791 4804 cdfs - ok
    18:59:38.0832 4804 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    18:59:38.0832 4804 cdrom - ok
    18:59:38.0862 4804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    18:59:38.0862 4804 CertPropSvc - ok
    18:59:38.0892 4804 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    18:59:38.0892 4804 circlass - ok
    18:59:38.0932 4804 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    18:59:38.0942 4804 CLFS - ok
    18:59:39.0012 4804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:59:39.0012 4804 clr_optimization_v2.0.50727_32 - ok
    18:59:39.0052 4804 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:59:39.0062 4804 clr_optimization_v2.0.50727_64 - ok
    18:59:39.0142 4804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:59:39.0202 4804 clr_optimization_v4.0.30319_32 - ok
    18:59:39.0242 4804 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:59:39.0242 4804 clr_optimization_v4.0.30319_64 - ok
    18:59:39.0262 4804 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    18:59:39.0262 4804 CmBatt - ok
    18:59:39.0302 4804 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    18:59:39.0302 4804 cmdide - ok
    18:59:39.0352 4804 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    18:59:39.0362 4804 CNG - ok
    18:59:39.0392 4804 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    18:59:39.0392 4804 Compbatt - ok
    18:59:39.0432 4804 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    18:59:39.0432 4804 CompositeBus - ok
    18:59:39.0442 4804 COMSysApp - ok
    18:59:39.0492 4804 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    18:59:39.0492 4804 crcdisk - ok
    18:59:39.0532 4804 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    18:59:39.0532 4804 CryptSvc - ok
    18:59:39.0592 4804 [ 914A7156B0C0F10BE645A02E13F576B2 ] DAUpdaterSvc C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    18:59:39.0592 4804 DAUpdaterSvc - ok
    18:59:39.0652 4804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    18:59:39.0662 4804 DcomLaunch - ok
    18:59:39.0692 4804 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    18:59:39.0692 4804 defragsvc - ok
    18:59:39.0722 4804 dfg - ok
    18:59:39.0762 4804 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    18:59:39.0762 4804 DfsC - ok
    18:59:39.0792 4804 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    18:59:39.0802 4804 Dhcp - ok
    18:59:39.0832 4804 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    18:59:39.0832 4804 discache - ok
    18:59:39.0872 4804 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    18:59:39.0872 4804 Disk - ok
    18:59:39.0932 4804 [ 61458C120CDDFE7514E2DB125568CA59 ] DMAgent C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    18:59:39.0962 4804 DMAgent - ok
    18:59:39.0992 4804 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    18:59:40.0002 4804 Dnscache - ok
    18:59:40.0032 4804 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    18:59:40.0032 4804 dot3svc - ok
    18:59:40.0072 4804 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    18:59:40.0072 4804 DPS - ok
    18:59:40.0102 4804 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    18:59:40.0102 4804 drmkaud - ok
    18:59:40.0142 4804 [ 3EEF0B3489EDBF725564E17C77CABAFD ] dsNcAdpt C:\Windows\system32\DRIVERS\dsNcAdpt.sys
    18:59:40.0142 4804 dsNcAdpt - ok
    18:59:40.0202 4804 [ 54E2CB6EFFEA0E0180FF07268A0F8B4D ] dsNcService C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    18:59:40.0212 4804 dsNcService - ok
    18:59:40.0252 4804 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    18:59:40.0262 4804 DXGKrnl - ok
    18:59:40.0302 4804 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    18:59:40.0302 4804 EapHost - ok
    18:59:40.0392 4804 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    18:59:40.0482 4804 ebdrv - ok
    18:59:40.0532 4804 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    18:59:40.0532 4804 EFS - ok
    18:59:40.0602 4804 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    18:59:40.0612 4804 ehRecvr - ok
    18:59:40.0632 4804 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    18:59:40.0642 4804 ehSched - ok
    18:59:40.0682 4804 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    18:59:40.0692 4804 elxstor - ok
    18:59:40.0722 4804 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    18:59:40.0722 4804 ErrDev - ok
    18:59:40.0772 4804 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    18:59:40.0772 4804 EventSystem - ok
    18:59:40.0802 4804 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    18:59:40.0812 4804 exfat - ok
    18:59:40.0822 4804 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    18:59:40.0832 4804 fastfat - ok
    18:59:40.0882 4804 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    18:59:40.0892 4804 Fax - ok
    18:59:40.0922 4804 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    18:59:40.0922 4804 fdc - ok
    18:59:40.0962 4804 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    18:59:40.0962 4804 fdPHost - ok
    18:59:40.0992 4804 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    18:59:40.0992 4804 FDResPub - ok
    18:59:41.0012 4804 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    18:59:41.0022 4804 FileInfo - ok
    18:59:41.0042 4804 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    18:59:41.0052 4804 Filetrace - ok
    18:59:41.0152 4804 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    18:59:41.0162 4804 FLEXnet Licensing Service - ok
    18:59:41.0172 4804 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    18:59:41.0182 4804 flpydisk - ok
    18:59:41.0212 4804 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    18:59:41.0222 4804 FltMgr - ok
    18:59:41.0262 4804 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    18:59:41.0282 4804 FontCache - ok
    18:59:41.0342 4804 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:59:41.0352 4804 FontCache3.0.0.0 - ok
    18:59:41.0382 4804 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    18:59:41.0382 4804 FsDepends - ok
    18:59:41.0422 4804 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    18:59:41.0422 4804 Fs_Rec - ok
    18:59:41.0462 4804 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    18:59:41.0462 4804 fvevol - ok
    18:59:41.0502 4804 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    18:59:41.0502 4804 gagp30kx - ok
    18:59:41.0552 4804 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    18:59:41.0552 4804 GEARAspiWDM - ok
    18:59:41.0602 4804 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    18:59:41.0612 4804 gpsvc - ok
    18:59:41.0712 4804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:59:41.0712 4804 gupdate - ok
    18:59:41.0722 4804 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:59:41.0722 4804 gupdatem - ok
    18:59:41.0742 4804 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    18:59:41.0742 4804 hcw85cir - ok
    18:59:41.0802 4804 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    18:59:41.0802 4804 HdAudAddService - ok
    18:59:41.0832 4804 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    18:59:41.0842 4804 HDAudBus - ok
    18:59:41.0862 4804 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    18:59:41.0862 4804 HECIx64 - ok
    18:59:41.0882 4804 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    18:59:41.0882 4804 HidBatt - ok
    18:59:41.0892 4804 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    18:59:41.0892 4804 HidBth - ok
    18:59:41.0912 4804 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    18:59:41.0912 4804 HidIr - ok
    18:59:41.0942 4804 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    18:59:41.0942 4804 hidserv - ok
    18:59:41.0982 4804 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
    18:59:41.0992 4804 HidUsb - ok
    18:59:42.0022 4804 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    18:59:42.0022 4804 hkmsvc - ok
    18:59:42.0042 4804 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    18:59:42.0052 4804 HomeGroupListener - ok
    18:59:42.0082 4804 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    18:59:42.0082 4804 HomeGroupProvider - ok
    18:59:42.0122 4804 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    18:59:42.0142 4804 HpSAMD - ok
    18:59:42.0202 4804 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    18:59:42.0212 4804 HTTP - ok
    18:59:42.0232 4804 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    18:59:42.0232 4804 hwpolicy - ok
    18:59:42.0262 4804 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    18:59:42.0262 4804 i8042prt - ok
    18:59:42.0312 4804 [ A5F72BB0D024E7E463344105BE613AE4 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
    18:59:42.0312 4804 iaStor - ok
    18:59:42.0362 4804 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    18:59:42.0362 4804 iaStorV - ok
    18:59:42.0422 4804 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:59:42.0432 4804 idsvc - ok
    18:59:42.0662 4804 [ 1BE8D9CA4F2363B8E8015621878E0043 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    18:59:42.0902 4804 igfx - ok
    18:59:42.0932 4804 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    18:59:42.0932 4804 iirsp - ok
    18:59:42.0972 4804 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    18:59:42.0982 4804 IKEEXT - ok
    18:59:43.0022 4804 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
    18:59:43.0022 4804 Impcd - ok
    18:59:43.0112 4804 [ 450BEC18B45BCCFDC923E11F856DBDA7 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    18:59:43.0142 4804 IntcAzAudAddService - ok
    18:59:43.0192 4804 [ 03C74719D48056A1078F3A51CEB76BAA ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
    18:59:43.0202 4804 IntcDAud - ok
    18:59:43.0222 4804 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    18:59:43.0232 4804 intelide - ok
    18:59:43.0262 4804 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    18:59:43.0262 4804 intelppm - ok
    18:59:43.0292 4804 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    18:59:43.0292 4804 IPBusEnum - ok
    18:59:43.0312 4804 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    18:59:43.0312 4804 IpFilterDriver - ok
    18:59:43.0372 4804 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    18:59:43.0382 4804 iphlpsvc - ok
    18:59:43.0412 4804 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    18:59:43.0422 4804 IPMIDRV - ok
    18:59:43.0452 4804 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    18:59:43.0462 4804 IPNAT - ok
    18:59:43.0522 4804 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:59:43.0532 4804 iPod Service - ok
    18:59:43.0562 4804 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    18:59:43.0562 4804 IRENUM - ok
    18:59:43.0582 4804 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    18:59:43.0582 4804 isapnp - ok
    18:59:43.0622 4804 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    18:59:43.0632 4804 iScsiPrt - ok
    18:59:43.0662 4804 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    18:59:43.0662 4804 kbdclass - ok
    18:59:43.0682 4804 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    18:59:43.0682 4804 kbdhid - ok
    18:59:43.0712 4804 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    18:59:43.0712 4804 KeyIso - ok
    18:59:43.0752 4804 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    18:59:43.0752 4804 KSecDD - ok
    18:59:43.0762 4804 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    18:59:43.0762 4804 KSecPkg - ok
    18:59:43.0792 4804 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    18:59:43.0792 4804 ksthunk - ok
    18:59:43.0832 4804 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    18:59:43.0832 4804 KtmRm - ok
    18:59:43.0872 4804 [ 32980B4E711D2EF7128C44DC2CF85706 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
    18:59:43.0882 4804 L1C - ok
    18:59:43.0912 4804 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    18:59:43.0922 4804 LanmanServer - ok
    18:59:43.0942 4804 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    18:59:43.0952 4804 LanmanWorkstation - ok
    18:59:43.0992 4804 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    18:59:43.0992 4804 lltdio - ok
    18:59:44.0022 4804 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    18:59:44.0032 4804 lltdsvc - ok
    18:59:44.0062 4804 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    18:59:44.0062 4804 lmhosts - ok
    18:59:44.0102 4804 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    18:59:44.0102 4804 LSI_FC - ok
    18:59:44.0132 4804 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    18:59:44.0132 4804 LSI_SAS - ok
    18:59:44.0142 4804 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    18:59:44.0142 4804 LSI_SAS2 - ok
    18:59:44.0162 4804 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    18:59:44.0162 4804 LSI_SCSI - ok
    18:59:44.0182 4804 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    18:59:44.0182 4804 luafv - ok
    18:59:44.0222 4804 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    18:59:44.0242 4804 Mcx2Svc - ok
    18:59:44.0252 4804 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    18:59:44.0252 4804 megasas - ok
    18:59:44.0312 4804 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    18:59:44.0312 4804 MegaSR - ok
    18:59:44.0392 4804 Microsoft SharePoint Workspace Audit Service - ok
    18:59:44.0422 4804 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    18:59:44.0422 4804 MMCSS - ok
    18:59:44.0442 4804 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    18:59:44.0442 4804 Modem - ok
    18:59:44.0472 4804 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    18:59:44.0472 4804 monitor - ok
    18:59:44.0502 4804 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    18:59:44.0512 4804 mouclass - ok
    18:59:44.0522 4804 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    18:59:44.0522 4804 mouhid - ok
    18:59:44.0562 4804 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    18:59:44.0572 4804 mountmgr - ok
    18:59:44.0642 4804 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    18:59:44.0642 4804 MozillaMaintenance - ok
    18:59:44.0682 4804 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    18:59:44.0692 4804 MpFilter - ok
    18:59:44.0722 4804 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    18:59:44.0732 4804 mpio - ok
    18:59:44.0752 4804 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    18:59:44.0752 4804 mpsdrv - ok
    18:59:44.0792 4804 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    18:59:44.0802 4804 MpsSvc - ok
    18:59:44.0822 4804 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    18:59:44.0832 4804 MRxDAV - ok
    18:59:44.0862 4804 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    18:59:44.0872 4804 mrxsmb - ok
    18:59:44.0882 4804 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    18:59:44.0882 4804 mrxsmb10 - ok
    18:59:44.0912 4804 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    18:59:44.0922 4804 mrxsmb20 - ok
    18:59:44.0952 4804 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    18:59:44.0952 4804 msahci - ok
    18:59:44.0992 4804 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    18:59:45.0002 4804 msdsm - ok
    18:59:45.0022 4804 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    18:59:45.0032 4804 MSDTC - ok
    18:59:45.0072 4804 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    18:59:45.0072 4804 Msfs - ok
    18:59:45.0092 4804 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    18:59:45.0092 4804 mshidkmdf - ok
    18:59:45.0122 4804 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    18:59:45.0122 4804 msisadrv - ok
    18:59:45.0142 4804 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    18:59:45.0152 4804 MSiSCSI - ok
    18:59:45.0152 4804 msiserver - ok
    18:59:45.0192 4804 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    18:59:45.0192 4804 MSKSSRV - ok
    18:59:45.0242 4804 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    18:59:45.0242 4804 MsMpSvc - ok
    18:59:45.0252 4804 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    18:59:45.0252 4804 MSPCLOCK - ok
    18:59:45.0292 4804 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    18:59:45.0292 4804 MSPQM - ok
    18:59:45.0332 4804 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    18:59:45.0342 4804 MsRPC - ok
    18:59:45.0372 4804 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    18:59:45.0372 4804 mssmbios - ok
    18:59:45.0402 4804 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    18:59:45.0402 4804 MSTEE - ok
    18:59:45.0412 4804 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    18:59:45.0412 4804 MTConfig - ok
    18:59:45.0432 4804 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    18:59:45.0432 4804 Mup - ok
    18:59:45.0452 4804 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    18:59:45.0462 4804 napagent - ok
    18:59:45.0522 4804 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    18:59:45.0522 4804 NativeWifiP - ok
    18:59:45.0572 4804 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    18:59:45.0582 4804 NDIS - ok
    18:59:45.0622 4804 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    18:59:45.0622 4804 NdisCap - ok
    18:59:45.0642 4804 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    18:59:45.0642 4804 NdisTapi - ok
    18:59:45.0672 4804 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    18:59:45.0672 4804 Ndisuio - ok
    18:59:45.0702 4804 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    18:59:45.0712 4804 NdisWan - ok
    18:59:45.0752 4804 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    18:59:45.0752 4804 NDProxy - ok
    18:59:45.0792 4804 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    18:59:45.0792 4804 Net Driver HPZ12 - ok
    18:59:45.0832 4804 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    18:59:45.0832 4804 NetBIOS - ok
    18:59:45.0882 4804 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    18:59:45.0882 4804 NetBT - ok
    18:59:45.0902 4804 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    18:59:45.0902 4804 Netlogon - ok
    18:59:45.0952 4804 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    18:59:45.0952 4804 Netman - ok
    18:59:45.0982 4804 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    18:59:45.0982 4804 netprofm - ok
    18:59:46.0012 4804 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    18:59:46.0012 4804 NetTcpPortSharing - ok
    18:59:46.0202 4804 [ EB43840BABF5589E33186D094DE7381D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
    18:59:46.0402 4804 NETwNs64 - ok
    18:59:46.0432 4804 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    18:59:46.0432 4804 nfrd960 - ok
    18:59:46.0472 4804 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    18:59:46.0472 4804 NisDrv - ok
    18:59:46.0502 4804 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    18:59:46.0502 4804 NisSrv - ok
    18:59:46.0542 4804 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    18:59:46.0552 4804 NlaSvc - ok
    18:59:46.0582 4804 nlsX86cc - ok
    18:59:46.0612 4804 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    18:59:46.0612 4804 Npfs - ok
    18:59:46.0662 4804 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    18:59:46.0662 4804 nsi - ok
    18:59:46.0692 4804 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    18:59:46.0692 4804 nsiproxy - ok
    18:59:46.0762 4804 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    18:59:46.0782 4804 Ntfs - ok
    18:59:46.0812 4804 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    18:59:46.0812 4804 Null - ok
    18:59:47.0092 4804 [ 14C777444E3B0A01BE0FF48F1F3F1F42 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    18:59:47.0322 4804 nvlddmkm - ok
    18:59:47.0362 4804 [ 3CBCDB9D73DBAB26744B01BE7732FC42 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
    18:59:47.0362 4804 nvpciflt - ok
    18:59:47.0392 4804 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    18:59:47.0402 4804 nvraid - ok
    18:59:47.0422 4804 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    18:59:47.0422 4804 nvstor - ok
    18:59:47.0462 4804 [ FAA8605D93ACDA06FC5D77F0E637885B ] nvsvc C:\Windows\system32\nvvsvc.exe
    18:59:47.0462 4804 nvsvc - ok
    18:59:47.0542 4804 [ 25CDB34CACC78903C8F0EC649F924A8A ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    18:59:47.0552 4804 nvUpdatusService - ok
    18:59:47.0592 4804 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    18:59:47.0592 4804 nv_agp - ok
    18:59:47.0632 4804 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    18:59:47.0632 4804 ohci1394 - ok
    18:59:47.0702 4804 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:59:47.0702 4804 ose - ok
    18:59:47.0843 4804 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:59:47.0943 4804 osppsvc - ok
    18:59:47.0973 4804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    18:59:47.0973 4804 p2pimsvc - ok
    18:59:48.0053 4804 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    18:59:48.0063 4804 p2psvc - ok
    18:59:48.0093 4804 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    18:59:48.0093 4804 Parport - ok
    18:59:48.0133 4804 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    18:59:48.0133 4804 partmgr - ok
    18:59:48.0173 4804 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    18:59:48.0173 4804 PcaSvc - ok
    18:59:48.0213 4804 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    18:59:48.0213 4804 pci - ok
    18:59:48.0243 4804 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    18:59:48.0243 4804 pciide - ok
    18:59:48.0273 4804 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    18:59:48.0283 4804 pcmcia - ok
    18:59:48.0303 4804 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    18:59:48.0303 4804 pcw - ok
    18:59:48.0323 4804 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    18:59:48.0333 4804 PEAUTH - ok
    18:59:48.0433 4804 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    18:59:48.0433 4804 PerfHost - ok
    18:59:48.0453 4804 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
    18:59:48.0453 4804 PGEffect - ok
    18:59:48.0533 4804 [ 99F2DABC45056BAC7D714C04296B1CC3 ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
    18:59:48.0653 4804 Pharos Systems ComTaskMaster - ok
    18:59:48.0713 4804 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    18:59:48.0733 4804 pla - ok
    18:59:48.0793 4804 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    18:59:48.0803 4804 PlugPlay - ok
    18:59:48.0823 4804 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    18:59:48.0823 4804 Pml Driver HPZ12 - ok
    18:59:48.0833 4804 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    18:59:48.0833 4804 PNRPAutoReg - ok
    18:59:48.0873 4804 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    18:59:48.0873 4804 PNRPsvc - ok
    18:59:48.0923 4804 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    18:59:48.0933 4804 PolicyAgent - ok
    18:59:48.0973 4804 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    18:59:48.0973 4804 Power - ok
    18:59:49.0013 4804 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    18:59:49.0013 4804 PptpMiniport - ok
    18:59:49.0043 4804 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    18:59:49.0043 4804 Processor - ok
    18:59:49.0123 4804 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    18:59:49.0143 4804 ProfSvc - ok
    18:59:49.0163 4804 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    18:59:49.0173 4804 ProtectedStorage - ok
    18:59:49.0213 4804 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    18:59:49.0213 4804 Psched - ok
    18:59:49.0253 4804 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    18:59:49.0273 4804 ql2300 - ok
    18:59:49.0303 4804 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    18:59:49.0303 4804 ql40xx - ok
    18:59:49.0363 4804 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    18:59:49.0363 4804 QWAVE - ok
    18:59:49.0383 4804 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    18:59:49.0383 4804 QWAVEdrv - ok
    18:59:49.0403 4804 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    18:59:49.0403 4804 RasAcd - ok
    18:59:49.0423 4804 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    18:59:49.0433 4804 RasAgileVpn - ok
    18:59:49.0473 4804 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    18:59:49.0473 4804 RasAuto - ok
    18:59:49.0503 4804 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    18:59:49.0523 4804 Rasl2tp - ok
    18:59:49.0573 4804 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    18:59:49.0583 4804 RasMan - ok
    18:59:49.0613 4804 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    18:59:49.0613 4804 RasPppoe - ok
    18:59:49.0633 4804 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    18:59:49.0633 4804 RasSstp - ok
    18:59:49.0663 4804 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    18:59:49.0663 4804 rdbss - ok
    18:59:49.0683 4804 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    18:59:49.0683 4804 rdpbus - ok
    18:59:49.0703 4804 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    18:59:49.0703 4804 RDPCDD - ok
    18:59:49.0713 4804 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    18:59:49.0713 4804 RDPENCDD - ok
    18:59:49.0733 4804 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    18:59:49.0733 4804 RDPREFMP - ok
    18:59:49.0783 4804 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    18:59:49.0793 4804 RDPWD - ok
    18:59:49.0833 4804 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    18:59:49.0833 4804 rdyboost - ok
    18:59:49.0873 4804 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    18:59:49.0873 4804 RemoteAccess - ok
    18:59:49.0923 4804 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    18:59:49.0923 4804 RemoteRegistry - ok
    18:59:49.0943 4804 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    18:59:49.0943 4804 RpcEptMapper - ok
    18:59:49.0953 4804 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    18:59:49.0963 4804 RpcLocator - ok
    18:59:49.0993 4804 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    18:59:50.0003 4804 RpcSs - ok
    18:59:50.0033 4804 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    18:59:50.0043 4804 rspndr - ok
    18:59:50.0113 4804 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
    18:59:50.0123 4804 RSUSBSTOR - ok
    18:59:50.0133 4804 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    18:59:50.0133 4804 SamSs - ok
    18:59:50.0153 4804 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    18:59:50.0153 4804 sbp2port - ok
    18:59:50.0203 4804 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    18:59:50.0203 4804 SCardSvr - ok
    18:59:50.0233 4804 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    18:59:50.0233 4804 scfilter - ok
    18:59:50.0293 4804 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    18:59:50.0303 4804 Schedule - ok
    18:59:50.0333 4804 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    18:59:50.0333 4804 SCPolicySvc - ok
    18:59:50.0353 4804 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    18:59:50.0353 4804 SDRSVC - ok
    18:59:50.0413 4804 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    18:59:50.0423 4804 secdrv - ok
    18:59:50.0463 4804 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    18:59:50.0473 4804 seclogon - ok
    18:59:50.0503 4804 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    18:59:50.0503 4804 SENS - ok
    18:59:50.0543 4804 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    18:59:50.0543 4804 SensrSvc - ok
    18:59:50.0563 4804 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    18:59:50.0563 4804 Serenum - ok
    18:59:50.0583 4804 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    18:59:50.0593 4804 Serial - ok
    18:59:50.0633 4804 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    18:59:50.0633 4804 sermouse - ok
    18:59:50.0693 4804 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    18:59:50.0703 4804 SessionEnv - ok
    18:59:50.0753 4804 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    18:59:50.0753 4804 sffdisk - ok
    18:59:50.0793 4804 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    18:59:50.0793 4804 sffp_mmc - ok
    18:59:50.0793 4804 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    18:59:50.0803 4804 sffp_sd - ok
    18:59:50.0823 4804 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    18:59:50.0833 4804 sfloppy - ok
    18:59:50.0863 4804 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    18:59:50.0863 4804 SharedAccess - ok
    18:59:50.0893 4804 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    18:59:50.0903 4804 ShellHWDetection - ok
    18:59:50.0923 4804 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    18:59:50.0933 4804 SiSRaid2 - ok
    18:59:50.0943 4804 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    18:59:50.0943 4804 SiSRaid4 - ok
    18:59:51.0003 4804 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    18:59:51.0003 4804 SkypeUpdate - ok
    18:59:51.0033 4804 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    18:59:51.0043 4804 Smb - ok
    18:59:51.0093 4804 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    18:59:51.0093 4804 SNMPTRAP - ok
    18:59:51.0143 4804 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    18:59:51.0143 4804 spldr - ok
    18:59:51.0183 4804 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
    18:59:51.0193 4804 Spooler - ok
    18:59:51.0313 4804 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    18:59:51.0403 4804 sppsvc - ok
    18:59:51.0433 4804 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    18:59:51.0443 4804 sppuinotify - ok
    18:59:51.0493 4804 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    18:59:51.0503 4804 srv - ok
    18:59:51.0523 4804 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    18:59:51.0533 4804 srv2 - ok
    18:59:51.0573 4804 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    18:59:51.0573 4804 srvnet - ok
    18:59:51.0623 4804 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    18:59:51.0633 4804 SSDPSRV - ok
    18:59:51.0633 4804 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    18:59:51.0643 4804 SstpSvc - ok
    18:59:51.0673 4804 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    18:59:51.0683 4804 stexstor - ok
    18:59:51.0733 4804 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    18:59:51.0743 4804 stisvc - ok
    18:59:51.0773 4804 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    18:59:51.0773 4804 swenum - ok
    18:59:51.0844 4804 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    18:59:51.0854 4804 swprv - ok
    18:59:51.0894 4804 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    18:59:51.0904 4804 SynTP - ok
    18:59:51.0974 4804 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    18:59:52.0004 4804 SysMain - ok
    18:59:52.0044 4804 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    18:59:52.0044 4804 TabletInputService - ok
    18:59:52.0054 4804 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    18:59:52.0064 4804 TapiSrv - ok
    18:59:52.0084 4804 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    18:59:52.0094 4804 TBS - ok
    18:59:52.0164 4804 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    18:59:52.0194 4804 Tcpip - ok
    18:59:52.0254 4804 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    18:59:52.0264 4804 TCPIP6 - ok
    18:59:52.0284 4804 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    18:59:52.0294 4804 tcpipreg - ok
    18:59:52.0324 4804 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    18:59:52.0324 4804 TDPIPE - ok
    18:59:52.0354 4804 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    18:59:52.0354 4804 TDTCP - ok
    18:59:52.0394 4804 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    18:59:52.0394 4804 tdx - ok
    18:59:52.0404 4804 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    18:59:52.0404 4804 TermDD - ok
    18:59:52.0434 4804 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    18:59:52.0454 4804 TermService - ok
    18:59:52.0474 4804 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    18:59:52.0484 4804 Themes - ok
    18:59:52.0524 4804 [ DA4084C3D84BC2688A680BFD46A63B87 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys
    18:59:52.0524 4804 Thpdrv - ok
    18:59:52.0554 4804 [ D6704940A79831B4FA271D7A73D291D8 ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS
    18:59:52.0554 4804 Thpevm - ok
    18:59:52.0604 4804 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    18:59:52.0614 4804 THREADORDER - ok
    18:59:52.0694 4804 [ F120967184A27E927052E8DDBB727851 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    18:59:52.0694 4804 TMachInfo - ok
    18:59:52.0754 4804 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8 ] tos_sps64 C:\Windows\system32\DRIVERS\tos_sps64.sys
    18:59:52.0764 4804 tos_sps64 - ok
    18:59:52.0784 4804 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    18:59:52.0794 4804 TrkWks - ok
    18:59:52.0834 4804 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    18:59:52.0834 4804 TrustedInstaller - ok
    18:59:52.0894 4804 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    18:59:52.0894 4804 tssecsrv - ok
    18:59:52.0934 4804 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    18:59:52.0934 4804 TsUsbFlt - ok
    18:59:52.0974 4804 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    18:59:52.0984 4804 tunnel - ok
    18:59:53.0004 4804 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
    18:59:53.0004 4804 TVALZ - ok
    18:59:53.0044 4804 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    18:59:53.0044 4804 uagp35 - ok
    18:59:53.0074 4804 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    18:59:53.0084 4804 udfs - ok
    18:59:53.0114 4804 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    18:59:53.0124 4804 UI0Detect - ok
    18:59:53.0134 4804 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    18:59:53.0144 4804 uliagpkx - ok
    18:59:53.0174 4804 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    18:59:53.0184 4804 umbus - ok
    18:59:53.0214 4804 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    18:59:53.0214 4804 UmPass - ok
    18:59:53.0234 4804 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    18:59:53.0244 4804 upnphost - ok
    18:59:53.0284 4804 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    18:59:53.0284 4804 USBAAPL64 - ok
    18:59:53.0304 4804 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    18:59:53.0304 4804 usbccgp - ok
    18:59:53.0324 4804 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    18:59:53.0324 4804 usbcir - ok
    18:59:53.0344 4804 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
    18:59:53.0344 4804 usbehci - ok
    18:59:53.0374 4804 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    18:59:53.0374 4804 usbhub - ok
    18:59:53.0404 4804 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    18:59:53.0404 4804 usbohci - ok
    18:59:53.0444 4804 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    18:59:53.0444 4804 usbprint - ok
    18:59:53.0464 4804 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    18:59:53.0464 4804 USBSTOR - ok
    18:59:53.0484 4804 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    18:59:53.0484 4804 usbuhci - ok
    18:59:53.0524 4804 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    18:59:53.0534 4804 usbvideo - ok
    18:59:53.0564 4804 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    18:59:53.0564 4804 UxSms - ok
    18:59:53.0584 4804 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    18:59:53.0584 4804 VaultSvc - ok
    18:59:53.0624 4804 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    18:59:53.0624 4804 vdrvroot - ok
    18:59:53.0654 4804 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    18:59:53.0664 4804 vds - ok
    18:59:53.0704 4804 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    18:59:53.0704 4804 vga - ok
    18:59:53.0724 4804 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    18:59:53.0724 4804 VgaSave - ok
    18:59:53.0794 4804 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    18:59:53.0794 4804 vhdmp - ok
    18:59:53.0834 4804 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    18:59:53.0834 4804 viaide - ok
    18:59:53.0864 4804 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    18:59:53.0864 4804 volmgr - ok
    18:59:53.0894 4804 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    18:59:53.0904 4804 volmgrx - ok
    18:59:53.0934 4804 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    18:59:53.0944 4804 volsnap - ok
    18:59:53.0994 4804 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    18:59:53.0994 4804 vsmraid - ok
    18:59:54.0064 4804 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    18:59:54.0094 4804 VSS - ok
    18:59:54.0114 4804 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    18:59:54.0124 4804 vwifibus - ok
    18:59:54.0134 4804 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    18:59:54.0134 4804 vwififlt - ok
    18:59:54.0174 4804 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    18:59:54.0184 4804 W32Time - ok
    18:59:54.0214 4804 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    18:59:54.0214 4804 WacomPen - ok
    18:59:54.0244 4804 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    18:59:54.0244 4804 WANARP - ok
    18:59:54.0264 4804 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    18:59:54.0264 4804 Wanarpv6 - ok
    18:59:54.0314 4804 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    18:59:54.0334 4804 WatAdminSvc - ok
    18:59:54.0384 4804 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    18:59:54.0414 4804 wbengine - ok
    18:59:54.0444 4804 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    18:59:54.0444 4804 WbioSrvc - ok
    18:59:54.0474 4804 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    18:59:54.0484 4804 wcncsvc - ok
    18:59:54.0504 4804 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    18:59:54.0504 4804 WcsPlugInService - ok
    18:59:54.0524 4804 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    18:59:54.0524 4804 Wd - ok
    18:59:54.0554 4804 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    18:59:54.0564 4804 Wdf01000 - ok
    18:59:54.0584 4804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    18:59:54.0594 4804 WdiServiceHost - ok
    18:59:54.0594 4804 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    18:59:54.0604 4804 WdiSystemHost - ok
    18:59:54.0624 4804 [ FE31110E39A0B11ABAE1BA43A2DC94F9 ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
    18:59:54.0624 4804 wdkmd - ok
    18:59:54.0664 4804 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    18:59:54.0674 4804 WebClient - ok
    18:59:54.0734 4804 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    18:59:54.0734 4804 Wecsvc - ok
    18:59:54.0754 4804 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    18:59:54.0764 4804 wercplsupport - ok
    18:59:54.0794 4804 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    18:59:54.0794 4804 WerSvc - ok
    18:59:54.0814 4804 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    18:59:54.0824 4804 WfpLwf - ok
    18:59:54.0934 4804 [ 8686E96E13F41AC9806A79CA8004FEEE ] WiMAXAppSrv C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    18:59:55.0054 4804 WiMAXAppSrv - ok
    18:59:55.0164 4804 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    18:59:55.0164 4804 WIMMount - ok
    18:59:55.0184 4804 WinDefend - ok
    18:59:55.0184 4804 WinHttpAutoProxySvc - ok
    18:59:55.0234 4804 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    18:59:55.0244 4804 Winmgmt - ok
    18:59:55.0304 4804 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    18:59:55.0324 4804 WinRM - ok
    18:59:55.0374 4804 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    18:59:55.0374 4804 WinUsb - ok
    18:59:55.0414 4804 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    18:59:55.0434 4804 Wlansvc - ok
    18:59:55.0484 4804 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    18:59:55.0484 4804 WmiAcpi - ok

  6. #6
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    18:59:55.0524 4804 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    18:59:55.0524 4804 wmiApSrv - ok
    18:59:55.0564 4804 WMPNetworkSvc - ok
    18:59:55.0594 4804 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    18:59:55.0594 4804 WPCSvc - ok
    18:59:55.0634 4804 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    18:59:55.0644 4804 WPDBusEnum - ok
    18:59:55.0674 4804 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    18:59:55.0674 4804 ws2ifsl - ok
    18:59:55.0684 4804 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    18:59:55.0694 4804 wscsvc - ok
    18:59:55.0704 4804 WSearch - ok
    18:59:55.0784 4804 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    18:59:55.0814 4804 wuauserv - ok
    18:59:55.0844 4804 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    18:59:55.0854 4804 WudfPf - ok
    18:59:55.0874 4804 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    18:59:55.0874 4804 WUDFRd - ok
    18:59:55.0904 4804 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    18:59:55.0914 4804 wudfsvc - ok
    18:59:55.0944 4804 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    18:59:55.0954 4804 WwanSvc - ok
    18:59:55.0974 4804 ================ Scan global ===============================
    18:59:56.0004 4804 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    18:59:56.0034 4804 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    18:59:56.0044 4804 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
    18:59:56.0064 4804 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    18:59:56.0104 4804 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    18:59:56.0104 4804 [Global] - ok
    18:59:56.0104 4804 ================ Scan MBR ==================================
    18:59:56.0124 4804 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    18:59:56.0354 4804 \Device\Harddisk0\DR0 - ok
    18:59:56.0354 4804 ================ Scan VBR ==================================
    18:59:56.0374 4804 [ 0413B931911C80E8A2494BD3ED2AB58D ] \Device\Harddisk0\DR0\Partition1
    18:59:56.0374 4804 \Device\Harddisk0\DR0\Partition1 - ok
    18:59:56.0374 4804 ============================================================
    18:59:56.0374 4804 Scan finished
    18:59:56.0374 4804 ============================================================
    18:59:56.0394 0280 Detected object count: 0
    18:59:56.0394 0280 Actual detected object count: 0

  7. #7
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  8. #8
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    ComboFix 13-01-03.05 - Paolo 01/03/2013 22:22:02.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1874 [GMT -5:00]
    Running from: c:\users\Paolo\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\ism_0_llatsni.pad
    c:\users\Paolo\Documents\~WRL0003.tmp
    c:\users\Paolo\Documents\~WRL0630.tmp
    c:\users\Paolo\Documents\~WRL1541.tmp
    c:\windows\isRS-000.tmp
    c:\windows\SysWow64\drivers\dfg.sys
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-04 03:28 . 2013-01-04 03:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-01-04 03:28 . 2013-01-04 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-12-28 21:28 . 2012-12-28 21:29 -------- d-----w- c:\program files (x86)\ERUNT
    2012-12-28 20:38 . 2012-12-28 20:39 -------- d-----w- C:\2af7b4aad8de03f831b03b
    2012-12-27 17:57 . 2012-12-27 17:57 959976 ----a-w- c:\windows\system32\deployJava1.dll
    2012-12-27 17:57 . 2012-12-27 17:57 308200 ----a-w- c:\windows\system32\javaws.exe
    2012-12-27 17:57 . 2012-12-27 17:57 1081320 ----a-w- c:\windows\system32\npDeployJava1.dll
    2012-12-27 17:57 . 2012-12-27 17:57 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2012-12-27 17:57 . 2012-12-27 17:57 188392 ----a-w- c:\windows\system32\javaw.exe
    2012-12-27 17:57 . 2012-12-27 17:57 188392 ----a-w- c:\windows\system32\java.exe
    2012-12-27 17:57 . 2012-12-27 17:57 -------- d-----w- c:\program files\Java
    2012-12-27 16:44 . 2012-12-28 17:52 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2012-12-27 16:44 . 2012-12-27 19:37 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-12-26 17:38 . 2012-12-26 17:38 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-26 17:38 . 2012-12-26 17:38 -------- d-----w- c:\program files\iTunes
    2012-12-26 17:38 . 2012-12-26 17:38 -------- d-----w- c:\program files (x86)\iTunes
    2012-12-26 17:38 . 2012-12-26 17:38 -------- d-----w- c:\program files\iPod
    2012-12-08 17:08 . 2012-12-08 17:08 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2012-12-08 17:08 . 2012-12-08 17:08 -------- d-----r- c:\program files (x86)\Skype
    2012-12-07 04:11 . 2012-12-13 01:15 -------- d-----w- c:\users\Paolo\AppData\Roaming\System
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-27 16:15 . 2012-08-08 12:58 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-12-27 16:15 . 2011-12-21 18:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-14 21:49 . 2011-12-26 20:59 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-28 04:29 . 2012-11-28 04:29 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC780042-D470-4C45-B865-C4DEB92D5CB1}\gapaengine.dll
    2012-10-24 04:08 . 2011-12-21 20:11 65309168 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
    "TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
    R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
    R3 dfg;dfg;c:\windows\system32\DRIVERS\dfg.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-12 24680]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2008-01-12 33400]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2007-09-04 14872]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2010-05-08 482384]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Paolo\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-08-29 23208]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-06 1500424]
    S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-06-07 408576]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\NlsSrv32.exe [x]
    S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-06-07 911872]
    S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]
    S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-05-16 71168]
    S3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-05-16 175104]
    S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-05-16 81920]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-18 56344]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
    S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
    S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 42648523
    *Deregistered* - 42648523
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19 23:37]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-19 23:37]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2124380067-1934746079-1183020800-1000Core.job
    - c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 06:15]
    .
    2013-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2124380067-1934746079-1183020800-1000UA.job
    - c:\users\Paolo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-21 06:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 ----a-w- c:\users\Paolo\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-02 8312352]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\zgcavgnb.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-MSC - c:\program files\Microsoft Security Client\mssecex.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-01-03 22:30:40
    ComboFix-quarantined-files.txt 2013-01-04 03:30
    .
    Pre-Run: 268,877,029,376 bytes free
    Post-Run: 270,524,784,640 bytes free
    .
    - - End Of File - - AEB1E4615390C47C75FBE6B5C926DAB7

  9. #9
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1
    Run by Paolo at 22:35:19 on 2013-01-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1870 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
    C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
    C:\Windows\SysWOW64\NlsSrv32.exe
    C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
    C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
    C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\prevhost.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\PROGRA~2\MICROS~3\Office14\WINWORD.EXE
    C:\Windows\splwow64.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\16262716D637 : DHCPNameServer = 192.168.2.1 208.59.247.45 208.59.247.46
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\341435549535 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\4586560274F6F63756 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\84F44554C4023514E445F40244F4D49474F4 : DHCPNameServer = 10.10.0.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\84F44554C43514E445F444F4D494E474F4 : DHCPNameServer = 10.10.0.1
    TCP: Interfaces\{711EFE1A-449A-4B1A-94E9-FF80F463FD5F}\84F6D6561696270223 : DHCPNameServer = 10.0.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [IntelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
    x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Paolo\AppData\Roaming\Mozilla\Firefox\Profiles\zgcavgnb.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Users\Paolo\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
    FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-7-12 24680]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2008-1-11 33400]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2007-9-4 14872]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\System32\drivers\tos_sps64.sys [2011-12-22 482384]
    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Paolo\Documents\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-8-28 23208]
    R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-5 1500424]
    R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-6-7 408576]
    R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe --> C:\Windows\System32\NlsSrv32.exe [?]
    R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-6-7 911872]
    R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]
    R3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-5-16 71168]
    R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-5-16 175104]
    R3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-5-16 81920]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-27 158976]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-6-21 287232]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-6-25 76912]
    R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-12-22 35008]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-22 54136]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
    S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-12-30 245760]
    S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 128456]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-12-21 232992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-22 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-21 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-01-04 03:19:37 98816 ----a-w- C:\Windows\sed.exe
    2013-01-04 03:19:37 256000 ----a-w- C:\Windows\PEV.exe
    2013-01-04 03:19:37 208896 ----a-w- C:\Windows\MBR.exe
    2013-01-04 02:55:44 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0292F7F-CB5A-4DE8-8939-8249095F83E2}\mpengine.dll
    2013-01-03 00:18:21 9125352 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-01-02 12:33:19 -------- d-----w- C:\Users\Paolo\AppData\Local\Programs
    2012-12-28 20:38:33 -------- d-----w- C:\2af7b4aad8de03f831b03b
    2012-12-27 17:57:42 959976 ----a-w- C:\Windows\System32\deployJava1.dll
    2012-12-27 17:57:41 1081320 ----a-w- C:\Windows\System32\npDeployJava1.dll
    2012-12-27 17:57:25 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2012-12-27 16:44:04 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2012-12-27 16:44:04 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2012-12-26 17:38:15 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2012-12-26 17:38:15 -------- d-----w- C:\Program Files\iTunes
    2012-12-26 17:38:15 -------- d-----w- C:\Program Files\iPod
    2012-12-26 17:38:15 -------- d-----w- C:\Program Files (x86)\iTunes
    2012-12-08 17:08:39 -------- d-----r- C:\Program Files (x86)\Skype
    2012-12-07 04:11:43 -------- d-----w- C:\Users\Paolo\AppData\Roaming\System
    .
    ==================== Find3M ====================
    .
    2012-12-27 16:15:50 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-27 16:15:49 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    .
    ============= FINISH: 22:35:27.84 ===============

  10. #10
    Junior Member
    Join Date
    Dec 2012
    Posts
    7

    Default

    That's what I've got so far. The "attach file says not to post unless requested - want that too?
    Thanks so much for your help so far.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •