TechSpot

Multiple iexplore.exe keeps trying to run

Solved
By Dan Oliver
May 25, 2014
  1. Basically I have the same problem as here:
    http://www.techspot.com/community/t...stances-in-task-manager-trojans-found.188465/
    Except the fix for them does not work for me.

    The problem is possibly slightly different, because if I disable IE, then it will create multiple instances of explorer.exe, this probably isn't as bad because I don't think it can use plain explorer to go to the websites it was doing for IE, but still it will keep creating more instances that will eventually hog all CPU and memory. All of it in the background, with no actual windows showing.

    I tried the fix in the URL above and have to say that Avast helps a lot in that it neutralizes the virus by blocking it from running extra IE (or Explorer) processes, BUT it is not able to find and get rid of it.
    The rest of the steps failed to get rid of it, though I was not able to use AdwCleaner or SecurityCheck.exe as those links end up redirecting to compromised sites themselves (maybe they went out of business), though everything else ran ok without errors, just was not able to find and get rid of this virus.
    So to recap:
    Avast blocks it from working but doesn't get rid of it.
    Full scan from MalwareBytes finds nothing.
    RogueKiller found some bad registry stuff, deleted that but problem still there.
    aswMBR found nothing
    ComboFix ran fine with no issues, found some bad stuff, deleted it but problem still there.
    AdwCleaner goes to bad site, so did not use.
    OTL found nothing.
    Fabbar service scanner seems to say all ok.
    Temp File Cleaner found nothing.
    ESET online scanner found nothing.

    In addition I have poked through msconfig, sfc, task manager, downloaded latest IE, delete temp internet files, empty recycle bin and even searched for all files edited on a certain date (around when I got the virus) and tried deleting some I thought could be possible in causing this.


    I should mention that all the while, the virus keeps trying to launch iexplore or explorer which I can see constantly getting blocked by Avast in popups, but this makes me wonder how any anti-malware program can work on it because if the virus is always running, then in Windows wouldn't you get delete permission errors in trying to remove it?
    Anyone ever heard of this problem before with multiple iexplore (and failing that multiple explorer.exe)?
    How can I find and remove this virus? Any other suggestions of what I can run?
    Maybe I should retry everything in safe mode so that the virus does not even try to run?

    Thanks,
    Dan
     
  2. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Hi and thanks. Here are the logs from MalwareBytes and dds. MalwareBytes found no problem, it also did not ask for a restart, should I have restarted? For DDS, dds.txt was never created, just attach.txt was.

    MalwareBytes log
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 5/26/2014
    Scan Time: 12:19:24 AM
    Logfile: malwarebytes.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.05.25.08
    Rootkit Database: v2014.05.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: User

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 298580
    Time Elapsed: 8 min, 34 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)




    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/1/2013 11:15:49 PM
    System Uptime: 5/25/2014 8:40:34 PM (10 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | uFC-PGA Socket | 2531/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 170.514 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82567LM Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_00011179&REV_03\3&21436425&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82567LM Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_00011179&REV_03\3&21436425&0&C8
    Service: e1yexpress
    .
    Class GUID:
    Description:
    Device ID: ACPI\TOS6208\2&DABA3FF&2
    Manufacturer:
    Name:
    PNP Device ID: ACPI\TOS6208\2&DABA3FF&2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP45: 5/21/2014 12:46:10 AM - Scheduled Checkpoint
    RP46: 5/23/2014 7:15:39 AM - Removed Bonjour
    RP47: 5/23/2014 9:12:07 AM - Removed Snagit 11
    RP48: 5/25/2014 12:42:11 PM - Windows Modules Installer
    RP49: 5/25/2014 12:55:58 PM - Windows Modules Installer
    RP50: 5/25/2014 1:43:19 PM - BadVirusExplorer
    RP51: 5/25/2014 2:24:06 PM - Windows Modules Installer
    RP52: 5/25/2014 2:35:20 PM - avast! antivirus system restore point
    RP53: 5/25/2014 2:48:16 PM - Windows Modules Installer
    RP54: 5/25/2014 4:42:51 PM - Windows Modules Installer
    RP55: 5/25/2014 7:00:09 PM - BeforeComboFix
    .
    ==== Image File Execution Options =============
    .
    .
    ==== Installed Programs ======================
    .
    .
    ==== End Of File ===========================

     
  4. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Ok done, it required a reboot and when it came back it showed a really scary message I've never seen before about me not having a genuine copy of Windows. Even now in the bottom right corner of the desktop it says:
    "Windows 7
    Build 7601
    This copy of Windows is not genuine"
    The whole desktop is black with black background and black explorer bar at bottom. Did that program do this? Should I fix it?

    On the bright side, I don't seem to see the message popups from Avast that keep telling me it is blocking iexplore.exe and explorer.exe from starting, so maybe that is gone?

    Log is below:
    19:17:23.0663 0x0c90 TDSS rootkit removing tool 3.0.0.35 May 23 2014 07:32:03
    19:17:28.0392 0x0c90 ============================================================
    19:17:28.0392 0x0c90 Current date / time: 2014/05/26 19:17:28.0392
    19:17:28.0392 0x0c90 SystemInfo:
    19:17:28.0392 0x0c90
    19:17:28.0392 0x0c90 OS Version: 6.1.7601 ServicePack: 1.0
    19:17:28.0392 0x0c90 Product type: Workstation
    19:17:28.0393 0x0c90 ComputerName: USER-PC
    19:17:28.0393 0x0c90 UserName: User
    19:17:28.0393 0x0c90 Windows directory: C:\Windows
    19:17:28.0393 0x0c90 System windows directory: C:\Windows
    19:17:28.0393 0x0c90 Running under WOW64
    19:17:28.0393 0x0c90 Processor architecture: Intel x64
    19:17:28.0393 0x0c90 Number of processors: 2
    19:17:28.0393 0x0c90 Page size: 0x1000
    19:17:28.0393 0x0c90 Boot type: Normal boot
    19:17:28.0393 0x0c90 ============================================================
    19:17:30.0820 0x0c90 KLMD registered as C:\Windows\system32\drivers\38485338.sys
    19:17:31.0122 0x0c90 System UUID: {F948599E-9F2F-6D0C-4FDC-2F6ABE95A16E}
    19:17:32.0499 0x0c90 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:17:32.0588 0x0c90 ============================================================
    19:17:32.0588 0x0c90 \Device\Harddisk0\DR0:
    19:17:32.0599 0x0c90 MBR partitions:
    19:17:32.0599 0x0c90 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
    19:17:32.0599 0x0c90 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800
    19:17:32.0599 0x0c90 ============================================================
    19:17:32.0624 0x0c90 C: <-> \Device\Harddisk0\DR0\Partition2
    19:17:32.0624 0x0c90 ============================================================
    19:17:32.0624 0x0c90 Initialize success
    19:17:32.0624 0x0c90 ============================================================
    19:17:54.0770 0x11a4 ============================================================
    19:17:54.0771 0x11a4 Scan started
    19:17:54.0771 0x11a4 Mode: Manual;
    19:17:54.0771 0x11a4 ============================================================
    19:17:54.0771 0x11a4 KSN ping started
    19:17:58.0739 0x11a4 KSN ping finished: true
    19:17:59.0284 0x11a4 ================ Scan system memory ========================
    19:17:59.0284 0x11a4 System memory - ok
    19:17:59.0288 0x11a4 ================ Scan services =============================
    19:17:59.0609 0x11a4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
    19:17:59.0617 0x11a4 1394ohci - ok
    19:17:59.0703 0x11a4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:17:59.0714 0x11a4 ACPI - ok
    19:17:59.0738 0x11a4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:17:59.0740 0x11a4 AcpiPmi - ok
    19:17:59.0832 0x11a4 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:17:59.0837 0x11a4 AdobeARMservice - ok
    19:17:59.0924 0x11a4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    19:17:59.0955 0x11a4 adp94xx - ok
    19:18:00.0003 0x11a4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
    19:18:00.0015 0x11a4 adpahci - ok
    19:18:00.0066 0x11a4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    19:18:00.0073 0x11a4 adpu320 - ok
    19:18:00.0099 0x11a4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:18:00.0102 0x11a4 AeLookupSvc - ok
    19:18:00.0168 0x11a4 [ 314C17917AC8523EC77A710215012A65, 725CF2D5F63C06F7704C24FE0CFA696215DADC6C0EC445D9671E82F8E23E56AD ] AFD C:\Windows\system32\drivers\afd.sys
    19:18:00.0191 0x11a4 AFD - ok
    19:18:00.0285 0x11a4 [ B65F8DBA54F251906BBE8611B5A0E7AB, 9ADE347CB4E7C33D668DAC79A316C97C78D94D296B158F481F3E32F9DA4D647E ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
    19:18:00.0289 0x11a4 AgereModemAudio - ok
    19:18:00.0351 0x11a4 [ C98356D813B581E9C425B42A5D146CE0, F78919616CB275008FFF2DB57C03F86132C52A257C4ED00FF289C57035A89CE7 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    19:18:00.0377 0x11a4 AgereSoftModem - ok
    19:18:00.0405 0x11a4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:18:00.0408 0x11a4 agp440 - ok
    19:18:00.0444 0x11a4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
    19:18:00.0447 0x11a4 ALG - ok
    19:18:00.0482 0x11a4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:18:00.0483 0x11a4 aliide - ok
    19:18:00.0501 0x11a4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
    19:18:00.0503 0x11a4 amdide - ok
    19:18:00.0512 0x11a4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    19:18:00.0515 0x11a4 AmdK8 - ok
    19:18:00.0521 0x11a4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
    19:18:00.0523 0x11a4 AmdPPM - ok
    19:18:00.0548 0x11a4 [ 6EC6D772EAE38DC17C14AED9B178D24B, B4FB936B31B1265B8CC6B426C64965C34D0CCF1638E645ACD65E88F4AFFC57A6 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:18:00.0551 0x11a4 amdsata - ok
    19:18:00.0571 0x11a4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    19:18:00.0576 0x11a4 amdsbs - ok
    19:18:00.0607 0x11a4 [ 1142A21DB581A84EA5597B03A26EBAA0, F94EB140D0CD068760D7EB081FF75154C75DAC75E5E24B6DE4E4F9CE65A70343 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:18:00.0608 0x11a4 amdxata - ok
    19:18:00.0655 0x11a4 [ 19B93A45C4428419E60FE840014407E7, 36E55DDF0091A8662D34BA151FB74DCCD6CFB8FFB9C6CE403042B5519F6512C0 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
    19:18:00.0660 0x11a4 ApfiltrService - ok
    19:18:00.0734 0x11a4 [ 59D01FA91962C9C1E9B4022B2D3B46DB, 3A111588538B77F010B5C900FB8425DDE55A08DBAC308CA7FB7BD9FCCCDEC69F ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
    19:18:00.0739 0x11a4 AppHostSvc - ok
    19:18:00.0779 0x11a4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
    19:18:00.0783 0x11a4 AppID - ok
    19:18:00.0810 0x11a4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:18:00.0812 0x11a4 AppIDSvc - ok
    19:18:00.0823 0x11a4 [ 3977D4A871CA0D4F2ED1E7DB46829731, 2AF1C3225994769C3FD25CD7E9603964B035576F25B0B6D91545566E0722FFAA ] Appinfo C:\Windows\System32\appinfo.dll
    19:18:00.0825 0x11a4 Appinfo - ok
    19:18:00.0901 0x11a4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
    19:18:00.0914 0x11a4 AppMgmt - ok
    19:18:00.0950 0x11a4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
    19:18:00.0958 0x11a4 arc - ok
    19:18:00.0992 0x11a4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
    19:18:00.0996 0x11a4 arcsas - ok
    19:18:01.0110 0x11a4 [ 9217D874131AE6FF8F642F124F00A555, BE2923D5AA7748FDAAED73AF567D015517B36F1C739C6E5637DD15112EFDF495 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    19:18:01.0111 0x11a4 aspnet_state - ok
    19:18:01.0164 0x11a4 [ 340B0467E98A8C92697D73034DB4BCB7, 342572B566747A05DA5391CFC027A6703AECCE29C3D288428884D8641A35D0F5 ] aswHwid C:\Windows\system32\drivers\aswHwid.sys
    19:18:01.0167 0x11a4 aswHwid - ok
    19:18:01.0196 0x11a4 [ ED5B09937D559FFA53FC988D20031E98, EC9E50C9BC2184AE93944EA3115A25BADF5FFB91D11776498EBC9A0D60029A84 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
    19:18:01.0200 0x11a4 aswMonFlt - ok
    19:18:01.0230 0x11a4 [ 33C77DCB0AEC76E26BD6352A1A5281BB, CEA7BB3407C1F900DE5CB09F42AF7734811F86B7DE0085FADC7AAE8178D59665 ] aswRdr C:\Windows\system32\drivers\aswRdr2.sys
    19:18:01.0234 0x11a4 aswRdr - ok
    19:18:01.0263 0x11a4 [ BF5B9E9E97CED45208E498D9FA73688F, BCB2CC516EAD040573D80599C2306ECB26FCCB16A97B940327CD3A3CE9077877 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
    19:18:01.0266 0x11a4 aswRvrt - ok
    19:18:01.0365 0x11a4 [ F88CE00A7736C349ED1414D7ECDC9BED, 8C0783CE32968874065C2F46088B34F9C872F26C98AB8E8BA895D84CCB25E534 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
    19:18:01.0387 0x11a4 aswSnx - ok
    19:18:01.0411 0x11a4 [ 3AE912B08E2A1ABB2B63F3C56BED95C2, BE99BA3A74427444FEE5D47D70BDBA631DBBF50D80B0483C0675F87119926765 ] aswSP C:\Windows\system32\drivers\aswSP.sys
    19:18:01.0420 0x11a4 aswSP - ok
    19:18:01.0459 0x11a4 [ A7115ED31675BB823CFA9FE571C25676, DEEBB3920934DCDDD488DCFCB1E6F4C7EFDD3C79F31E41D59E292C3CF9400E95 ] aswStm C:\Windows\system32\drivers\aswStm.sys
    19:18:01.0466 0x11a4 aswStm - ok
    19:18:01.0514 0x11a4 [ 47CBD3F64E412FFAFD93404580A3C7B9, F9B02E232416BAFC21BCBCDC0A3D9E5E855BFAF11F29ED2C4C469692E6688278 ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
    19:18:01.0521 0x11a4 aswVmm - ok
    19:18:01.0555 0x11a4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:18:01.0557 0x11a4 AsyncMac - ok
    19:18:01.0574 0x11a4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
    19:18:01.0576 0x11a4 atapi - ok
    19:18:01.0657 0x11a4 [ 9DF1005B0D666665490636CD6E71C0C6, BDE29013CB7C45F0A993CE836B5CC19823C21CBFBD076CDF0AE1A05D0440A7E8 ] ATSwpWDF C:\Windows\system32\DRIVERS\ATSwpWDF.sys
    19:18:01.0681 0x11a4 ATSwpWDF - ok
    19:18:01.0730 0x11a4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:18:01.0745 0x11a4 AudioEndpointBuilder - ok
    19:18:01.0764 0x11a4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:18:01.0777 0x11a4 AudioSrv - ok
    19:18:01.0870 0x11a4 [ 37D17AE2936867F88EB3C4CBCBC6B8A1, E1F4D288CE1E5482A5594C8F9EEDE1E8134466F5E0C7DA32D88985497CD8588B ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    19:18:01.0875 0x11a4 avast! Antivirus - ok
    19:18:01.0919 0x11a4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:18:01.0929 0x11a4 AxInstSV - ok
    19:18:01.0994 0x11a4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    19:18:02.0010 0x11a4 b06bdrv - ok
    19:18:02.0056 0x11a4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:18:02.0065 0x11a4 b57nd60a - ok
    19:18:02.0117 0x11a4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:18:02.0121 0x11a4 BDESVC - ok
    19:18:02.0147 0x11a4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:18:02.0148 0x11a4 Beep - ok
    19:18:02.0213 0x11a4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
    19:18:02.0236 0x11a4 BFE - ok
    19:18:02.0297 0x11a4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
    19:18:02.0320 0x11a4 BITS - ok
    19:18:02.0348 0x11a4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:18:02.0350 0x11a4 blbdrive - ok
    19:18:02.0363 0x11a4 Bonjour Service - ok
    19:18:02.0394 0x11a4 [ 91CE0D3DC57DD377E690A2D324022B08, 61874463956C0BCA5139522F34E974E5F638A092E0FD5C59DD30DE61D9AB8B0E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:18:02.0396 0x11a4 bowser - ok
    19:18:02.0420 0x11a4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    19:18:02.0421 0x11a4 BrFiltLo - ok
    19:18:02.0425 0x11a4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    19:18:02.0426 0x11a4 BrFiltUp - ok
    19:18:02.0457 0x11a4 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
    19:18:02.0460 0x11a4 BridgeMP - ok
    19:18:02.0481 0x11a4 [ 8EF0D5C41EC907751B8429162B1239ED, 9CC25F1F93FACA6F6CE23F78EB58590C39A2E3C8A3ACDF400E8A9DE0757EADAE ] Browser C:\Windows\System32\browser.dll
    19:18:02.0485 0x11a4 Browser - ok
    19:18:02.0509 0x11a4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:18:02.0516 0x11a4 Brserid - ok
    19:18:02.0532 0x11a4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:18:02.0534 0x11a4 BrSerWdm - ok
    19:18:02.0554 0x11a4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:18:02.0555 0x11a4 BrUsbMdm - ok
    19:18:02.0559 0x11a4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:18:02.0560 0x11a4 BrUsbSer - ok
    19:18:02.0565 0x11a4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    19:18:02.0568 0x11a4 BTHMODEM - ok
    19:18:02.0602 0x11a4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
    19:18:02.0605 0x11a4 bthserv - ok
    19:18:02.0776 0x11a4 [ 72551A9AE5F68905DFC3CBA0D5242566, 15C273519C3AD1B2AF68F669125AFE607A86A60D680E299631D5E893C3CAA7E7 ] c2cautoupdatesvc C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    19:18:02.0809 0x11a4 c2cautoupdatesvc - ok
    19:18:02.0913 0x11a4 [ 6B669A00A431FF6CDCE67458933F5F0F, 81419EB18BB4EB96E48C99A1D45B0267E779E135427B3AEC872A1A5DD810B23F ] c2cpnrsvc C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    19:18:02.0953 0x11a4 c2cpnrsvc - ok
    19:18:02.0991 0x11a4 catchme - ok
    19:18:03.0028 0x11a4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:18:03.0031 0x11a4 cdfs - ok
    19:18:03.0073 0x11a4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    19:18:03.0077 0x11a4 cdrom - ok
    19:18:03.0137 0x11a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
    19:18:03.0140 0x11a4 CertPropSvc - ok
    19:18:03.0215 0x11a4 [ ADBDC69A0C25361870A1AC009D29F960, 3A4042DC5DB2A0A1AC4A94D6894E556F15E747AA11C25DEF1A8C2CDC5FF7A5EA ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    19:18:03.0231 0x11a4 cfWiMAXService - ok
    19:18:03.0266 0x11a4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
    19:18:03.0269 0x11a4 circlass - ok
    19:18:03.0300 0x11a4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
    19:18:03.0309 0x11a4 CLFS - ok
    19:18:03.0377 0x11a4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:18:03.0385 0x11a4 clr_optimization_v2.0.50727_32 - ok
    19:18:03.0433 0x11a4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:18:03.0441 0x11a4 clr_optimization_v2.0.50727_64 - ok
    19:18:03.0519 0x11a4 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:18:03.0529 0x11a4 clr_optimization_v4.0.30319_32 - ok
    19:18:03.0560 0x11a4 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:18:03.0571 0x11a4 clr_optimization_v4.0.30319_64 - ok
    19:18:03.0597 0x11a4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:18:03.0599 0x11a4 CmBatt - ok
    19:18:03.0626 0x11a4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:18:03.0628 0x11a4 cmdide - ok
    19:18:03.0667 0x11a4 [ D5FEA92400F12412B3922087C09DA6A5, C8CD9215D26D3295FE487C96A4FC3F4C8AFED764AE9445D9858D7489823A8A2B ] CNG C:\Windows\system32\Drivers\cng.sys
    19:18:03.0690 0x11a4 CNG - ok
    19:18:03.0722 0x11a4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:18:03.0724 0x11a4 Compbatt - ok
    19:18:03.0750 0x11a4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
    19:18:03.0753 0x11a4 CompositeBus - ok
    19:18:03.0771 0x11a4 COMSysApp - ok
    19:18:03.0805 0x11a4 [ CAB0EEAF5295FC96DDD3E19DCE27E131, 87BCAC18D920153322D325AA5B93BB0B447577D67261FDCC01C5B60643CEA792 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    19:18:03.0807 0x11a4 ConfigFree Service - ok
    19:18:03.0819 0x11a4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    19:18:03.0821 0x11a4 crcdisk - ok
    19:18:03.0871 0x11a4 [ 15597883FBE9B056F276ADA3AD87D9AF, B347E0B11228E38313C59C8ED984253A8A1FF482ED137CF5F488C4AFD6B08857 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:18:03.0878 0x11a4 CryptSvc - ok
    19:18:03.0927 0x11a4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
    19:18:03.0945 0x11a4 CSC - ok
    19:18:03.0996 0x11a4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
    19:18:04.0012 0x11a4 CscService - ok
    19:18:04.0068 0x11a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:18:04.0080 0x11a4 DcomLaunch - ok
    19:18:04.0125 0x11a4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
    19:18:04.0132 0x11a4 defragsvc - ok
    19:18:04.0173 0x11a4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:18:04.0176 0x11a4 DfsC - ok
    19:18:04.0206 0x11a4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:18:04.0214 0x11a4 Dhcp - ok
    19:18:04.0229 0x11a4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
    19:18:04.0230 0x11a4 discache - ok
    19:18:04.0278 0x11a4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
    19:18:04.0284 0x11a4 Disk - ok
    19:18:04.0309 0x11a4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
    19:18:04.0311 0x11a4 dmvsc - ok
    19:18:04.0356 0x11a4 [ CD55F5355D8F55D44C9F4ED875705BD6, 321C26E3CD9F376D30F05FBDF00E96399512ED705D867E8B14793D9CE69A1C1F ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:18:04.0361 0x11a4 Dnscache - ok
    19:18:04.0394 0x11a4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:18:04.0401 0x11a4 dot3svc - ok
    19:18:04.0432 0x11a4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
    19:18:04.0437 0x11a4 DPS - ok
    19:18:04.0482 0x11a4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:18:04.0495 0x11a4 drmkaud - ok
    19:18:04.0541 0x11a4 [ F5BEE30450E18E6B83A5012C100616FD, 44D0577D159FC2BDF4EAD1DC2C7FD14925D075225EF97608CAC52DEE405B08FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:18:04.0607 0x11a4 DXGKrnl - ok
    19:18:04.0656 0x11a4 [ 50AD8FC1DC800FF36087994C8F7FDFF2, E3DA8DCE76599E0E1F0D80AA1483D6BECFE0F7242147D986A6AF3A4362FC2C80 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
    19:18:04.0663 0x11a4 e1yexpress - ok
    19:18:04.0712 0x11a4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
    19:18:04.0724 0x11a4 EapHost - ok
    19:18:04.0875 0x11a4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
    19:18:05.0008 0x11a4 ebdrv - ok
    19:18:05.0045 0x11a4 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] EFS C:\Windows\System32\lsass.exe
    19:18:05.0047 0x11a4 EFS - ok
    19:18:05.0126 0x11a4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:18:05.0165 0x11a4 ehRecvr - ok
    19:18:05.0196 0x11a4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
    19:18:05.0200 0x11a4 ehSched - ok
    19:18:05.0262 0x11a4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    19:18:05.0288 0x11a4 elxstor - ok
    19:18:05.0309 0x11a4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:18:05.0310 0x11a4 ErrDev - ok
    19:18:05.0366 0x11a4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
    19:18:05.0374 0x11a4 EventSystem - ok
    19:18:05.0394 0x11a4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
    19:18:05.0399 0x11a4 exfat - ok
    19:18:05.0417 0x11a4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:18:05.0422 0x11a4 fastfat - ok
    19:18:05.0508 0x11a4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
    19:18:05.0551 0x11a4 Fax - ok
    19:18:05.0585 0x11a4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
    19:18:05.0587 0x11a4 fdc - ok
    19:18:05.0618 0x11a4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
    19:18:05.0620 0x11a4 fdPHost - ok
    19:18:05.0634 0x11a4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:18:05.0636 0x11a4 FDResPub - ok
    19:18:05.0665 0x11a4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:18:05.0668 0x11a4 FileInfo - ok
    19:18:05.0682 0x11a4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:18:05.0684 0x11a4 Filetrace - ok
    19:18:05.0688 0x11a4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    19:18:05.0690 0x11a4 flpydisk - ok
    19:18:05.0718 0x11a4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:18:05.0724 0x11a4 FltMgr - ok
    19:18:05.0822 0x11a4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
    19:18:05.0868 0x11a4 FontCache - ok
    19:18:05.0930 0x11a4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:18:05.0935 0x11a4 FontCache3.0.0.0 - ok
    19:18:06.0017 0x11a4 [ 6D3AC271F8018BC88C6BF559247DFCD2, C321574C3824E66CBF84E9C9302D0BDCFCE85532620AAB1FBB0645B2889D822F ] FPLService C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    19:18:06.0028 0x11a4 FPLService - ok
    19:18:06.0039 0x11a4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:18:06.0042 0x11a4 FsDepends - ok
    19:18:06.0076 0x11a4 [ E95EF8547DE20CF0603557C0CF7A9462, 55540B06B7B380CA2DA6EEE2D76C6CD6131ADB02B2D0B172A36536863A0C57B6 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:18:06.0078 0x11a4 Fs_Rec - ok
    19:18:06.0115 0x11a4 [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:18:06.0123 0x11a4 fvevol - ok
    19:18:06.0146 0x11a4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    19:18:06.0149 0x11a4 gagp30kx - ok
    19:18:06.0199 0x11a4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
    19:18:06.0233 0x11a4 gpsvc - ok
    19:18:06.0305 0x11a4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:18:06.0312 0x11a4 gupdate - ok
    19:18:06.0325 0x11a4 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:18:06.0329 0x11a4 gupdatem - ok
    19:18:06.0380 0x11a4 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:18:06.0385 0x11a4 gusvc - ok
    19:18:06.0418 0x11a4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:18:06.0419 0x11a4 hcw85cir - ok
    19:18:06.0477 0x11a4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:18:06.0489 0x11a4 HdAudAddService - ok
    19:18:06.0517 0x11a4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:18:06.0521 0x11a4 HDAudBus - ok
    19:18:06.0549 0x11a4 [ 15C9789470B8855AC2F54FDF96802D13, 5375BBA13219456DA87023F206732BF76F934DC04C8E298C7C5E94944CC268D4 ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
    19:18:06.0552 0x11a4 HECIx64 - ok
    19:18:06.0566 0x11a4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    19:18:06.0569 0x11a4 HidBatt - ok
    19:18:06.0585 0x11a4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    19:18:06.0590 0x11a4 HidBth - ok
    19:18:06.0611 0x11a4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
    19:18:06.0614 0x11a4 HidIr - ok
    19:18:06.0644 0x11a4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
    19:18:06.0647 0x11a4 hidserv - ok
    19:18:06.0673 0x11a4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:18:06.0675 0x11a4 HidUsb - ok
     
  6. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Part 2 of 3 of the log
    19:18:06.0699 0x11a4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:18:06.0704 0x11a4 hkmsvc - ok
    19:18:06.0726 0x11a4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:18:06.0733 0x11a4 HomeGroupListener - ok
    19:18:06.0774 0x11a4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:18:06.0794 0x11a4 HomeGroupProvider - ok
    19:18:06.0828 0x11a4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:18:06.0832 0x11a4 HpSAMD - ok
    19:18:06.0898 0x11a4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:18:06.0919 0x11a4 HTTP - ok
    19:18:06.0934 0x11a4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:18:06.0935 0x11a4 hwpolicy - ok
    19:18:06.0955 0x11a4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    19:18:06.0958 0x11a4 i8042prt - ok
    19:18:07.0004 0x11a4 [ 3DF4395A7CF8B7A72A5F4606366B8C2D, 483588B8FC6E05488ED631C4E1CFC398553FEBFA2CD2BB527B4DF12D19774F80 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:18:07.0014 0x11a4 iaStorV - ok
    19:18:07.0102 0x11a4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:18:07.0128 0x11a4 idsvc - ok
    19:18:07.0151 0x11a4 IEEtwCollectorService - ok
    19:18:07.0194 0x11a4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    19:18:07.0196 0x11a4 iirsp - ok
    19:18:07.0218 0x11a4 [ AB55B8A9B13130F638546881CE4425F8, 8427E67BE02ECABAA3F0C48BD4205BCBD4C978B48AE4E7336DA5821DFC49029E ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
    19:18:07.0219 0x11a4 IISADMIN - ok
    19:18:07.0274 0x11a4 [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT C:\Windows\System32\ikeext.dll
    19:18:07.0294 0x11a4 IKEEXT - ok
    19:18:07.0398 0x11a4 [ 0C3CF4B3BAE28E121A1689E3538F8712, 1599785D54E8306872A1DDD8546D316C9B193A85C5AEB37CF956B8C4077B8792 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
    19:18:07.0441 0x11a4 IntcAzAudAddService - ok
    19:18:07.0457 0x11a4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
    19:18:07.0459 0x11a4 intelide - ok
    19:18:07.0496 0x11a4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:18:07.0498 0x11a4 intelppm - ok
    19:18:07.0517 0x11a4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:18:07.0521 0x11a4 IPBusEnum - ok
    19:18:07.0539 0x11a4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:18:07.0542 0x11a4 IpFilterDriver - ok
    19:18:07.0582 0x11a4 [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    19:18:07.0596 0x11a4 iphlpsvc - ok
    19:18:07.0602 0x11a4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:18:07.0605 0x11a4 IPMIDRV - ok
    19:18:07.0618 0x11a4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:18:07.0622 0x11a4 IPNAT - ok
    19:18:07.0634 0x11a4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:18:07.0636 0x11a4 IRENUM - ok
    19:18:07.0654 0x11a4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:18:07.0656 0x11a4 isapnp - ok
    19:18:07.0674 0x11a4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:18:07.0681 0x11a4 iScsiPrt - ok
    19:18:07.0708 0x11a4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    19:18:07.0710 0x11a4 kbdclass - ok
    19:18:07.0737 0x11a4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    19:18:07.0739 0x11a4 kbdhid - ok
    19:18:07.0756 0x11a4 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] KeyIso C:\Windows\system32\lsass.exe
    19:18:07.0758 0x11a4 KeyIso - ok
    19:18:07.0788 0x11a4 [ CCD53B5BD33CE0C889E830D839C8B66E, 51B7556DA7DAA0BC75E00E53099776016A55FAA115D5A4E6830E12A0A0869C10 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:18:07.0791 0x11a4 KSecDD - ok
    19:18:07.0806 0x11a4 [ 9FF918A261752C12639E8AD4208D2C2F, B60F7A730C92F2BF7E85A6CA14DD7671AEECEE154CEC83B1E23EF268C25C9E5E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:18:07.0810 0x11a4 KSecPkg - ok
    19:18:07.0828 0x11a4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:18:07.0830 0x11a4 ksthunk - ok
    19:18:07.0858 0x11a4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:18:07.0868 0x11a4 KtmRm - ok
    19:18:07.0925 0x11a4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
    19:18:07.0942 0x11a4 LanmanServer - ok
    19:18:07.0989 0x11a4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:18:07.0998 0x11a4 LanmanWorkstation - ok
    19:18:08.0041 0x11a4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:18:08.0044 0x11a4 lltdio - ok
    19:18:08.0086 0x11a4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:18:08.0099 0x11a4 lltdsvc - ok
    19:18:08.0132 0x11a4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:18:08.0137 0x11a4 lmhosts - ok
    19:18:08.0191 0x11a4 [ 7580851AD46E80EDEE2A6098EB1BEE29, FBD9E7B5CAB9288CBB38763C7EC5C709AB33D9EC88C58F33017E7322F2E0CF3B ] LMS C:\Program Files (x86)\Intel\AMT\LMS.exe
    19:18:08.0203 0x11a4 LMS - ok
    19:18:08.0239 0x11a4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    19:18:08.0244 0x11a4 LSI_FC - ok
    19:18:08.0286 0x11a4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    19:18:08.0291 0x11a4 LSI_SAS - ok
    19:18:08.0312 0x11a4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    19:18:08.0315 0x11a4 LSI_SAS2 - ok
    19:18:08.0341 0x11a4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    19:18:08.0346 0x11a4 LSI_SCSI - ok
    19:18:08.0381 0x11a4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
    19:18:08.0384 0x11a4 luafv - ok
    19:18:08.0461 0x11a4 [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    19:18:08.0463 0x11a4 MBAMProtector - ok
    19:18:08.0572 0x11a4 [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    19:18:08.0610 0x11a4 MBAMScheduler - ok
    19:18:08.0697 0x11a4 [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    19:18:08.0721 0x11a4 MBAMService - ok
    19:18:08.0731 0x11a4 [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
    19:18:08.0735 0x11a4 MBAMSwissArmy - ok
    19:18:08.0766 0x11a4 [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
    19:18:08.0769 0x11a4 MBAMWebAccessControl - ok
    19:18:08.0836 0x11a4 [ F55DC86CC087421F7105966C1A5C0372, 5F28FABAF5A2A91104588BF595B5DA98503E16DAB2F31179B59FAD947770276E ] McAfee SiteAdvisor Service c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    19:18:08.0842 0x11a4 McAfee SiteAdvisor Service - ok
    19:18:08.0873 0x11a4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:18:08.0879 0x11a4 Mcx2Svc - ok
    19:18:08.0902 0x11a4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
    19:18:08.0904 0x11a4 megasas - ok
    19:18:08.0936 0x11a4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    19:18:08.0947 0x11a4 MegaSR - ok
    19:18:08.0978 0x11a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
    19:18:08.0984 0x11a4 MMCSS - ok
    19:18:08.0992 0x11a4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
    19:18:08.0994 0x11a4 Modem - ok
    19:18:09.0027 0x11a4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:18:09.0028 0x11a4 monitor - ok
    19:18:09.0047 0x11a4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    19:18:09.0050 0x11a4 mouclass - ok
    19:18:09.0085 0x11a4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:18:09.0087 0x11a4 mouhid - ok
    19:18:09.0104 0x11a4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:18:09.0107 0x11a4 mountmgr - ok
    19:18:09.0197 0x11a4 [ E1B6FCAE82474FC071155263E2841D54, 341E2CEB1A86586730130311C4FAF86851151D5F08EF915A5F89B6C4094AE1F4 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    19:18:09.0201 0x11a4 MozillaMaintenance - ok
    19:18:09.0231 0x11a4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:18:09.0237 0x11a4 mpio - ok
    19:18:09.0264 0x11a4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:18:09.0268 0x11a4 mpsdrv - ok
    19:18:09.0329 0x11a4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:18:09.0354 0x11a4 MpsSvc - ok
    19:18:09.0370 0x11a4 [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:18:09.0374 0x11a4 MRxDAV - ok
    19:18:09.0395 0x11a4 [ FAF015B07E3A2874A790A39B7D2C579F, C614B0E80B38EBF7C670EEB833F5E476B33042097DA07206D6C5EE3E52B9A427 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:18:09.0399 0x11a4 mrxsmb - ok
    19:18:09.0423 0x11a4 [ 08E2345DF129082BCDFFDC1440F9C00D, 2ADF69F49DF8C43D4440B6C8A62085C51518CA895A88D37264C60A0B4B1EC55F ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:18:09.0429 0x11a4 mrxsmb10 - ok
    19:18:09.0450 0x11a4 [ 108D87409C5812EF47D81E22843E8C9D, CAE9B91B6BD1DF1552463BD63A06288F5D3E0B81B040BC1C7EC0C2A0119CCECA ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:18:09.0453 0x11a4 mrxsmb20 - ok
    19:18:09.0466 0x11a4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:18:09.0467 0x11a4 msahci - ok
    19:18:09.0491 0x11a4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:18:09.0495 0x11a4 msdsm - ok
    19:18:09.0517 0x11a4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
    19:18:09.0542 0x11a4 MSDTC - ok
    19:18:09.0662 0x11a4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:18:09.0666 0x11a4 Msfs - ok
    19:18:09.0716 0x11a4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:18:09.0720 0x11a4 mshidkmdf - ok
    19:18:09.0738 0x11a4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:18:09.0741 0x11a4 msisadrv - ok
    19:18:09.0785 0x11a4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:18:09.0808 0x11a4 MSiSCSI - ok
    19:18:09.0818 0x11a4 msiserver - ok
    19:18:09.0844 0x11a4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:18:09.0846 0x11a4 MSKSSRV - ok
    19:18:09.0859 0x11a4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:18:09.0861 0x11a4 MSPCLOCK - ok
    19:18:09.0870 0x11a4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:18:09.0872 0x11a4 MSPQM - ok
    19:18:09.0903 0x11a4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:18:09.0916 0x11a4 MsRPC - ok
    19:18:09.0929 0x11a4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
    19:18:09.0930 0x11a4 mssmbios - ok
    19:18:09.0953 0x11a4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:18:09.0955 0x11a4 MSTEE - ok
    19:18:09.0982 0x11a4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    19:18:09.0985 0x11a4 MTConfig - ok
    19:18:10.0000 0x11a4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
    19:18:10.0003 0x11a4 Mup - ok
    19:18:10.0048 0x11a4 MySQL56 - ok
    19:18:10.0091 0x11a4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
    19:18:10.0125 0x11a4 napagent - ok
    19:18:10.0186 0x11a4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:18:10.0197 0x11a4 NativeWifiP - ok
    19:18:10.0292 0x11a4 [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:18:10.0337 0x11a4 NDIS - ok
    19:18:10.0366 0x11a4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:18:10.0368 0x11a4 NdisCap - ok
    19:18:10.0407 0x11a4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:18:10.0409 0x11a4 NdisTapi - ok
    19:18:10.0426 0x11a4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:18:10.0428 0x11a4 Ndisuio - ok
    19:18:10.0447 0x11a4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:18:10.0451 0x11a4 NdisWan - ok
    19:18:10.0466 0x11a4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:18:10.0469 0x11a4 NDProxy - ok
    19:18:10.0490 0x11a4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:18:10.0492 0x11a4 NetBIOS - ok
    19:18:10.0528 0x11a4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:18:10.0534 0x11a4 NetBT - ok
    19:18:10.0544 0x11a4 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] Netlogon C:\Windows\system32\lsass.exe
    19:18:10.0547 0x11a4 Netlogon - ok
    19:18:10.0586 0x11a4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
    19:18:10.0596 0x11a4 Netman - ok
    19:18:10.0641 0x11a4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:18:10.0650 0x11a4 NetMsmqActivator - ok
    19:18:10.0664 0x11a4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:18:10.0667 0x11a4 NetPipeActivator - ok
    19:18:10.0696 0x11a4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
    19:18:10.0706 0x11a4 netprofm - ok
    19:18:10.0712 0x11a4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:18:10.0715 0x11a4 NetTcpActivator - ok
    19:18:10.0720 0x11a4 [ D22CD77D4F0D63D1169BB35911BFF12D, 85B1FDFA02E1B8EA4FCB9B7EEB687C5C448697FC7EC9D178C5A2F64D2C9CFEE8 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    19:18:10.0723 0x11a4 NetTcpPortSharing - ok
    19:18:10.0977 0x11a4 [ 705283C02177809CA9FA7CC58A4F1E77, EA723588AA706F3D1E6007B300119AF6A99D1E4FB6B454751F48519191DE26E5 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    19:18:11.0321 0x11a4 netw5v64 - ok
    19:18:11.0368 0x11a4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    19:18:11.0370 0x11a4 nfrd960 - ok
    19:18:11.0410 0x11a4 [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:18:11.0419 0x11a4 NlaSvc - ok
    19:18:11.0427 0x11a4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:18:11.0429 0x11a4 Npfs - ok
    19:18:11.0439 0x11a4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
    19:18:11.0442 0x11a4 nsi - ok
    19:18:11.0458 0x11a4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:18:11.0459 0x11a4 nsiproxy - ok
    19:18:11.0522 0x11a4 [ 05D78AA5CB5F3F5C31160BDB955D0B7C, E3CD3FAF52ED11A8FB96D667510F1EDCA49053705AA3A13F560F8F6EC995CA45 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:18:11.0559 0x11a4 Ntfs - ok
    19:18:11.0577 0x11a4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
    19:18:11.0579 0x11a4 Null - ok

    19:18:12.0028 0x11a4 [ 7A0FA5FE8B2904CDF3E375F45C23A858, 56AD0860C03EAAC435AC8E46B76E4BFD2BDD6ED673A6ACFEF00766E54ACF8695 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
    19:18:12.0451 0x11a4 nvlddmkm - ok
    19:18:12.0512 0x11a4 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48, 7738785DE8B50D69993F4408498B812D0283FEE5C04FF5B89C20F149B44E9737 ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:18:12.0516 0x11a4 nvraid - ok
    19:18:12.0544 0x11a4 [ F7CD50FE7139F07E77DA8AC8033D1832, DA96F4B15C8165E6AE1D00E03A062C66CA3A3089E4FF0E9E11CE00B154DD12EC ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:18:12.0548 0x11a4 nvstor - ok
    19:18:12.0597 0x11a4 [ 52B23E481F9C31BD0B431A323CF93668, 40994F6B0B1D68112B6BA759204DD722DE66C7D860BE012560EA1E191724B182 ] nvsvc C:\Windows\system32\nvvsvc.exe
    19:18:12.0608 0x11a4 nvsvc - ok
    19:18:12.0633 0x11a4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:18:12.0637 0x11a4 nv_agp - ok
    19:18:12.0642 0x11a4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:18:12.0644 0x11a4 ohci1394 - ok
    19:18:12.0704 0x11a4 [ B9C125314A025127FE562C116D614AA3, 79C46C0BACEBBB5B8E1C162766B21587365A100BBAD01171C77B995C514BC7D6 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:18:12.0708 0x11a4 ose64 - ok
    19:18:12.0959 0x11a4 [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    19:18:13.0048 0x11a4 osppsvc - ok
    19:18:13.0126 0x11a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:18:13.0152 0x11a4 p2pimsvc - ok
    19:18:13.0180 0x11a4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
    19:18:13.0198 0x11a4 p2psvc - ok
    19:18:13.0223 0x11a4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
    19:18:13.0226 0x11a4 Parport - ok
    19:18:13.0238 0x11a4 [ 871EADAC56B0A4C6512BBE32753CCF79, F9FD9DBA55274BB72B897550988DCDFD0F2D9367BE641DFDE07D240052DDC180 ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:18:13.0241 0x11a4 partmgr - ok
    19:18:13.0274 0x11a4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:18:13.0281 0x11a4 PcaSvc - ok
    19:18:13.0297 0x11a4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
    19:18:13.0302 0x11a4 pci - ok
    19:18:13.0326 0x11a4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
    19:18:13.0327 0x11a4 pciide - ok
    19:18:13.0354 0x11a4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:18:13.0359 0x11a4 pcmcia - ok
    19:18:13.0376 0x11a4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:18:13.0377 0x11a4 pcw - ok
    19:18:13.0409 0x11a4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:18:13.0432 0x11a4 PEAUTH - ok
    19:18:13.0532 0x11a4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
    19:18:13.0596 0x11a4 PeerDistSvc - ok
    19:18:13.0668 0x11a4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:18:13.0676 0x11a4 PerfHost - ok
    19:18:13.0787 0x11a4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
    19:18:13.0841 0x11a4 pla - ok
    19:18:13.0885 0x11a4 [ B806E50427511BCF4AD8E8239C3E25FA, AB89B48ECCF90F701B314D18BE531CDA5ABE1636C17B994A5E4BE5AAC136B4E3 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:18:13.0907 0x11a4 PlugPlay - ok
    19:18:13.0930 0x11a4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:18:13.0934 0x11a4 PNRPAutoReg - ok
    19:18:13.0961 0x11a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:18:13.0969 0x11a4 PNRPsvc - ok


    19:18:14.0017 0x11a4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:18:14.0040 0x11a4 PolicyAgent - ok
    19:18:14.0086 0x11a4 postgresql-x64-9.2 - ok
    19:18:14.0119 0x11a4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
    19:18:14.0129 0x11a4 Power - ok
    19:18:14.0176 0x11a4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:18:14.0180 0x11a4 PptpMiniport - ok
    19:18:14.0194 0x11a4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
    19:18:14.0198 0x11a4 Processor - ok
    19:18:14.0249 0x11a4 [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc C:\Windows\system32\profsvc.dll
    19:18:14.0260 0x11a4 ProfSvc - ok
    19:18:14.0279 0x11a4 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:18:14.0283 0x11a4 ProtectedStorage - ok
    19:18:14.0323 0x11a4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:18:14.0328 0x11a4 Psched - ok
    19:18:14.0461 0x11a4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    19:18:14.0509 0x11a4 ql2300 - ok
    19:18:14.0541 0x11a4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    19:18:14.0545 0x11a4 ql40xx - ok
    19:18:14.0582 0x11a4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
    19:18:14.0591 0x11a4 QWAVE - ok
    19:18:14.0607 0x11a4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:18:14.0609 0x11a4 QWAVEdrv - ok
    19:18:14.0622 0x11a4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:18:14.0623 0x11a4 RasAcd - ok
    19:18:14.0663 0x11a4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:18:14.0666 0x11a4 RasAgileVpn - ok
    19:18:14.0697 0x11a4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
    19:18:14.0702 0x11a4 RasAuto - ok
    19:18:14.0720 0x11a4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:18:14.0724 0x11a4 Rasl2tp - ok
    19:18:14.0745 0x11a4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
    19:18:14.0755 0x11a4 RasMan - ok
    19:18:14.0789 0x11a4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:18:14.0792 0x11a4 RasPppoe - ok
    19:18:14.0809 0x11a4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:18:14.0812 0x11a4 RasSstp - ok
    19:18:14.0849 0x11a4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:18:14.0856 0x11a4 rdbss - ok
    19:18:14.0872 0x11a4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:18:14.0873 0x11a4 rdpbus - ok
    19:18:14.0899 0x11a4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:18:14.0901 0x11a4 RDPCDD - ok
    19:18:14.0932 0x11a4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
    19:18:14.0937 0x11a4 RDPDR - ok
    19:18:14.0952 0x11a4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:18:14.0954 0x11a4 RDPENCDD - ok
    19:18:14.0964 0x11a4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:18:14.0965 0x11a4 RDPREFMP - ok
    19:18:14.0985 0x11a4 [ 15B66C206B5CB095BAB980553F38ED23, 3CA50786A8D3D6BAF145AFD22C1ED92C2EB39F5D6AF4F6B09B69610FDE0C5B24 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:18:14.0990 0x11a4 RDPWD - ok
    19:18:15.0032 0x11a4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:18:15.0037 0x11a4 rdyboost - ok
    19:18:15.0063 0x11a4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:18:15.0067 0x11a4 RemoteAccess - ok
    19:18:15.0101 0x11a4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:18:15.0108 0x11a4 RemoteRegistry - ok
    19:18:15.0140 0x11a4 [ F45D6E12EB99A668F52201637C67C8F5, B89F8F80A46C30C22FE5593E67FC42D5166F84429A3393ADB4B0BE71CA5513B1 ] rimmptsk C:\Windows\system32\DRIVERS\rimmpx64.sys
    19:18:15.0143 0x11a4 rimmptsk - ok
    19:18:15.0176 0x11a4 [ 67F50C31713106FD1B0F286F86AA2B2E, 8E1CAAA442C749396DBCE63F2A9D1C44AE84C48B8DD7EE400E24AA4AE041495E ] rimsptsk C:\Windows\system32\DRIVERS\rimspx64.sys
    19:18:15.0178 0x11a4 rimsptsk - ok
    19:18:15.0191 0x11a4 [ 4D7EF3D46346EC4C58784DB964B365DE, 17AEE03C051998C5B50476AF43A95DC0A90AC08D07CED1172BEB2DD910762E19 ] rismxdp C:\Windows\system32\DRIVERS\rixdpx64.sys
    19:18:15.0194 0x11a4 rismxdp - ok
    19:18:15.0231 0x11a4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:18:15.0245 0x11a4 RpcEptMapper - ok
    19:18:15.0282 0x11a4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
    19:18:15.0285 0x11a4 RpcLocator - ok
    19:18:15.0313 0x11a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
    19:18:15.0333 0x11a4 RpcSs - ok
    19:18:15.0376 0x11a4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:18:15.0378 0x11a4 rspndr - ok
    19:18:15.0400 0x11a4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
    19:18:15.0401 0x11a4 s3cap - ok
    19:18:15.0412 0x11a4 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] SamSs C:\Windows\system32\lsass.exe
    19:18:15.0414 0x11a4 SamSs - ok
    19:18:15.0432 0x11a4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:18:15.0435 0x11a4 sbp2port - ok
    19:18:15.0467 0x11a4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:18:15.0475 0x11a4 SCardSvr - ok
    19:18:15.0482 0x11a4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:18:15.0484 0x11a4 scfilter - ok
    19:18:15.0533 0x11a4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
    19:18:15.0579 0x11a4 Schedule - ok
    19:18:15.0604 0x11a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:18:15.0606 0x11a4 SCPolicySvc - ok
    19:18:15.0639 0x11a4 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    19:18:15.0642 0x11a4 sdbus - ok
    19:18:15.0684 0x11a4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:18:15.0713 0x11a4 SDRSVC - ok
    19:18:15.0739 0x11a4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:18:15.0742 0x11a4 secdrv - ok
    19:18:15.0769 0x11a4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
    19:18:15.0776 0x11a4 seclogon - ok
     
  7. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Part 3 of 3 of the log
    19:18:15.0794 0x11a4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
    19:18:15.0801 0x11a4 SENS - ok
    19:18:15.0821 0x11a4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:18:15.0827 0x11a4 SensrSvc - ok
    19:18:15.0859 0x11a4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:18:15.0862 0x11a4 Serenum - ok
    19:18:15.0895 0x11a4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:18:15.0900 0x11a4 Serial - ok
    19:18:15.0930 0x11a4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
    19:18:15.0933 0x11a4 sermouse - ok
    19:18:15.0963 0x11a4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
    19:18:15.0972 0x11a4 SessionEnv - ok
    19:18:15.0978 0x11a4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
    19:18:15.0980 0x11a4 sffdisk - ok
    19:18:15.0997 0x11a4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:18:16.0000 0x11a4 sffp_mmc - ok
    19:18:16.0005 0x11a4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
    19:18:16.0006 0x11a4 sffp_sd - ok
    19:18:16.0010 0x11a4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    19:18:16.0011 0x11a4 sfloppy - ok
    19:18:16.0028 0x11a4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:18:16.0038 0x11a4 SharedAccess - ok
    19:18:16.0069 0x11a4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:18:16.0092 0x11a4 ShellHWDetection - ok
    19:18:16.0112 0x11a4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    19:18:16.0114 0x11a4 SiSRaid2 - ok
    19:18:16.0146 0x11a4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    19:18:16.0149 0x11a4 SiSRaid4 - ok
    19:18:16.0260 0x11a4 [ F5BBEDF602C310B00036EB2DBF4348A5, AC2712E639F0C54BCF00EB4E90E805335871EA27AE8A45DFC53EDF28822318C4 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:18:16.0272 0x11a4 SkypeUpdate - ok
    19:18:16.0307 0x11a4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:18:16.0311 0x11a4 Smb - ok
    19:18:16.0368 0x11a4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:18:16.0372 0x11a4 SNMPTRAP - ok
    19:18:16.0394 0x11a4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:18:16.0395 0x11a4 spldr - ok
    19:18:16.0425 0x11a4 [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler C:\Windows\System32\spoolsv.exe
    19:18:16.0440 0x11a4 Spooler - ok
    19:18:16.0583 0x11a4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
    19:18:16.0727 0x11a4 sppsvc - ok
    19:18:16.0752 0x11a4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:18:16.0757 0x11a4 sppuinotify - ok
    19:18:16.0802 0x11a4 [ 2098B8556D1CEC2ACA9A29CD479E3692, D5826407C64F18C16EB36E6F00787CFAFCD9B24B5BD8AD126AD01E6E4134966F ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:18:16.0812 0x11a4 srv - ok
    19:18:16.0838 0x11a4 [ D0F73A42040F21F92FD314B42AC5C9E7, A021C4318C9CFA594305458B2643BB0C22DDE1F3D51C93C9F3E7F7AB75B31278 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:18:16.0848 0x11a4 srv2 - ok
    19:18:16.0860 0x11a4 [ 2BA8F3250828CCDB4204ECF2C6F40B6A, 22C4FBF9A87C46E69C48B681FF733D68D9CB7B7D73FB14C8C2A06E9009F9860E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:18:16.0863 0x11a4 srvnet - ok
    19:18:16.0896 0x11a4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:18:16.0904 0x11a4 SSDPSRV - ok
    19:18:16.0919 0x11a4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:18:16.0924 0x11a4 SstpSvc - ok
    19:18:16.0952 0x11a4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
    19:18:16.0953 0x11a4 stexstor - ok
    19:18:16.0994 0x11a4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
    19:18:17.0011 0x11a4 stisvc - ok
    19:18:17.0041 0x11a4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
    19:18:17.0043 0x11a4 storflt - ok
    19:18:17.0072 0x11a4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
    19:18:17.0076 0x11a4 StorSvc - ok
    19:18:17.0102 0x11a4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
    19:18:17.0104 0x11a4 storvsc - ok
    19:18:17.0129 0x11a4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
    19:18:17.0130 0x11a4 swenum - ok
    19:18:17.0173 0x11a4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
    19:18:17.0186 0x11a4 swprv - ok
    19:18:17.0297 0x11a4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
    19:18:17.0339 0x11a4 SysMain - ok
    19:18:17.0365 0x11a4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:18:17.0371 0x11a4 TabletInputService - ok
    19:18:17.0396 0x11a4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:18:17.0406 0x11a4 TapiSrv - ok
    19:18:17.0422 0x11a4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
    19:18:17.0426 0x11a4 TBS - ok
    19:18:17.0544 0x11a4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:18:17.0601 0x11a4 Tcpip - ok
    19:18:17.0664 0x11a4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:18:17.0698 0x11a4 TCPIP6 - ok
    19:18:17.0732 0x11a4 [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:18:17.0735 0x11a4 tcpipreg - ok
    19:18:17.0750 0x11a4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:18:17.0751 0x11a4 TDPIPE - ok
    19:18:17.0755 0x11a4 [ E4245BDA3190A582D55ED09E137401A9, F59C983882997D68CC7B1B2080AEE9EBE2AE90D478F877559BD2AAA97158A116 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:18:17.0757 0x11a4 TDTCP - ok
    19:18:17.0791 0x11a4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:18:17.0794 0x11a4 tdx - ok
    19:18:17.0803 0x11a4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
    19:18:17.0806 0x11a4 TermDD - ok
    19:18:17.0849 0x11a4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll
    19:18:17.0867 0x11a4 TermService - ok
    19:18:17.0884 0x11a4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
    19:18:17.0888 0x11a4 Themes - ok
    19:18:17.0922 0x11a4 [ C013F6ACAA9761F571BD28DADA7C157D, E57246132B36FE38D4B177AAE3367D25AF28449201CD4D02CB7957C32AF02AC6 ] Thpdrv C:\Windows\system32\DRIVERS\thpdrv.sys
    19:18:17.0924 0x11a4 Thpdrv - ok
    19:18:17.0948 0x11a4 [ B4E609047434ED948AF7BDEF2FA66E38, 353B7A120E532E9CDF0DE91EC39DF5B9B92A1A99B537FF4FB0D1EA13DBE30D17 ] Thpevm C:\Windows\system32\DRIVERS\Thpevm.SYS
    19:18:17.0949 0x11a4 Thpevm - ok
    19:18:18.0017 0x11a4 [ 6146EAC71AE3C9DA17B0E33632082B7B, F1DD588C9A01333A12F89B64959FA27BAE8D17BFB0FB4F63BB85AEE616ADF305 ] Thpsrv C:\Windows\system32\ThpSrv.exe
    19:18:18.0039 0x11a4 Thpsrv - ok
    19:18:18.0056 0x11a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
    19:18:18.0059 0x11a4 THREADORDER - ok
    19:18:18.0132 0x11a4 [ B578F7E7914E7D9EB161032A613DE3BD, 93D5F6F8896C2380A630C876A545B8E726A74B82D787B7CD6979A36D71C5E80D ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    19:18:18.0137 0x11a4 TOSHIBA Bluetooth Service - ok
    19:18:18.0163 0x11a4 [ 8021F63311797085949FA387F7C83583, 7781994B9F06784807D32FD5A93C5406A441908870B1328BBDA9D15C5DD98C1B ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
    19:18:18.0166 0x11a4 tosporte - ok
    19:18:18.0182 0x11a4 [ 1B09357180034639E62CF745E77AC66E, CF8B6FFFB97EE06B3415F0D542C7362CD2B4D9FA8287EC4CE962CC5C4C666B7F ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
    19:18:18.0187 0x11a4 tosrfbd - ok
    19:18:18.0209 0x11a4 [ 62512B5277D88600F8BD4B7AEC43569D, 94724FEF7CD61E8E614921C94B24237E7E7E51DA6B9530E953F37E010F94F504 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
    19:18:18.0211 0x11a4 tosrfbnp - ok
    19:18:18.0248 0x11a4 [ C523A9186C39D65CC9ADEBB2E1B93CCD, B04E73CAFFD8100512686F3487D28FE62AC3538F6A71DBC94AA724824256E2E4 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
    19:18:18.0251 0x11a4 Tosrfcom - ok
    19:18:18.0286 0x11a4 [ 11699D47B3491D86249C168496D55C92, BAE7DC248F44BB036641C1E60103F368B7BFE1AAFDCB4BD25FE9A3A970B3A572 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
    19:18:18.0287 0x11a4 tosrfec - ok
    19:18:18.0319 0x11a4 [ 451B8C1815C6CC39650AF916C2A382CD, 562B90A9D15F728D76E274FD165D82AACED54B29910001C8C7DB1E3DE9386E16 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
    19:18:18.0322 0x11a4 Tosrfhid - ok
    19:18:18.0358 0x11a4 [ B6FDC3C76FFE9C5171EEA9C37EA367C2, 4F8D4E2E37164DB91F396B836BD888CF221010103CF3FBECE00B747155819374 ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
    19:18:18.0360 0x11a4 tosrfnds - ok
    19:18:18.0365 0x11a4 [ E1E045240C1184FA6628F3C7E7FF85D8, ECCC7C3D015D46D36A8BDF463BF274F5FD0A04F391B6576998035FE188CF8853 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
    19:18:18.0368 0x11a4 TosRfSnd - ok
    19:18:18.0384 0x11a4 [ FC88BAF46FF87D2BC80F8B0F0322D84A, CD88C83C7974E31A8D7412BE90F1260CE1DEAC851A08A8EE6C8C9A78C03ABD74 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
    19:18:18.0387 0x11a4 Tosrfusb - ok
    19:18:18.0449 0x11a4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
    19:18:18.0458 0x11a4 TrkWks - ok
    19:18:18.0514 0x11a4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:18:18.0527 0x11a4 TrustedInstaller - ok
    19:18:18.0563 0x11a4 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:18:18.0566 0x11a4 tssecsrv - ok
    19:18:18.0593 0x11a4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:18:18.0596 0x11a4 TsUsbFlt - ok
    19:18:18.0609 0x11a4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    19:18:18.0612 0x11a4 TsUsbGD - ok
    19:18:18.0647 0x11a4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:18:18.0652 0x11a4 tunnel - ok
    19:18:18.0660 0x11a4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    19:18:18.0663 0x11a4 uagp35 - ok
    19:18:18.0690 0x11a4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:18:18.0698 0x11a4 udfs - ok
    19:18:18.0725 0x11a4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:18:18.0729 0x11a4 UI0Detect - ok
    19:18:18.0771 0x11a4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:18:18.0777 0x11a4 uliagpkx - ok
    19:18:18.0810 0x11a4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    19:18:18.0813 0x11a4 umbus - ok
    19:18:18.0819 0x11a4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
    19:18:18.0821 0x11a4 UmPass - ok
    19:18:18.0865 0x11a4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
    19:18:18.0878 0x11a4 UmRdpService - ok
    19:18:19.0056 0x11a4 [ D7E5796A9783968F8EA968E83F196645, CFBF6B4E98247A39A8A5E7E464974E10C390096EE7EB6655D698F2C87670E2E3 ] UNS C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    19:18:19.0101 0x11a4 UNS - ok
    19:18:19.0148 0x11a4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
    19:18:19.0159 0x11a4 upnphost - ok
    19:18:19.0186 0x11a4 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829, 5D6E404FE0AB875202CA1A3E8E9D2F4368DF6ACCFA1C872ECFAF8399CBA3A485 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:18:19.0189 0x11a4 usbccgp - ok
    19:18:19.0222 0x11a4 [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:18:19.0225 0x11a4 usbcir - ok
    19:18:19.0239 0x11a4 [ 74EE782B1D9C241EFE425565854C661C, E8258EA65B0FCAD4E077B176E9D9324646B652D6E651241E397346A39770D065 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    19:18:19.0241 0x11a4 usbehci - ok
    19:18:19.0278 0x11a4 [ DC96BD9CCB8403251BCF25047573558E, 66EBF8A6B3BC0634F32DDCC8BA31F1EB5987E8C6853E1DC26005E3EED0945565 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:18:19.0287 0x11a4 usbhub - ok
    19:18:19.0307 0x11a4 [ 58E546BBAF87664FC57E0F6081E4F609, 1DD99D57369A0069654432AB5325AFD8F7D422D531E053EA05FF664BA6BDAEF9 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    19:18:19.0309 0x11a4 usbohci - ok
    19:18:19.0341 0x11a4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:18:19.0342 0x11a4 usbprint - ok
    19:18:19.0381 0x11a4 [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:18:19.0383 0x11a4 usbscan - ok
    19:18:19.0402 0x11a4 [ D76510CFA0FC09023077F22C2F979D86, 5662281C6D515423255D3C262EA368DBAFC250235E535FBFA3E59D3487695439 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:18:19.0405 0x11a4 USBSTOR - ok
    19:18:19.0432 0x11a4 [ 81FB2216D3A60D1284455D511797DB3D, 121E52B18A1832E775EA0AE2E053BAA53E5A70E9754724B1449AE5992D63B13E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
    19:18:19.0433 0x11a4 usbuhci - ok
    19:18:19.0479 0x11a4 [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    19:18:19.0484 0x11a4 usbvideo - ok
    19:18:19.0517 0x11a4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
    19:18:19.0522 0x11a4 UxSms - ok
    19:18:19.0545 0x11a4 [ 0793F40B9B8A1BDD266296409DBD91EA, 8A383FC9A66A327905C340D06138980F9E489479535A2C2AAE5E8BB14A74826E ] VaultSvc C:\Windows\system32\lsass.exe
    19:18:19.0548 0x11a4 VaultSvc - ok
    19:18:19.0567 0x11a4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:18:19.0569 0x11a4 vdrvroot - ok
    19:18:19.0603 0x11a4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
    19:18:19.0618 0x11a4 vds - ok
    19:18:19.0648 0x11a4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:18:19.0650 0x11a4 vga - ok
    19:18:19.0660 0x11a4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:18:19.0662 0x11a4 VgaSave - ok
    19:18:19.0681 0x11a4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:18:19.0686 0x11a4 vhdmp - ok
    19:18:19.0699 0x11a4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:18:19.0701 0x11a4 viaide - ok
    19:18:19.0757 0x11a4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
    19:18:19.0798 0x11a4 vmbus - ok
    19:18:19.0836 0x11a4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
    19:18:19.0876 0x11a4 VMBusHID - ok
    19:18:19.0911 0x11a4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:18:19.0918 0x11a4 volmgr - ok
    19:18:19.0966 0x11a4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:18:19.0988 0x11a4 volmgrx - ok
    19:18:20.0016 0x11a4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:18:20.0039 0x11a4 volsnap - ok
    19:18:20.0082 0x11a4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    19:18:20.0088 0x11a4 vsmraid - ok
    19:18:20.0670 0x11a4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
    19:18:20.0701 0x11a4 VSS - ok
    19:18:20.0794 0x11a4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
    19:18:20.0804 0x11a4 vwifibus - ok
    19:18:21.0014 0x11a4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
    19:18:21.0064 0x11a4 W32Time - ok
    19:18:21.0551 0x11a4 [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
    19:18:21.0586 0x11a4 W3SVC - ok
    19:18:21.0681 0x11a4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    19:18:21.0711 0x11a4 WacomPen - ok
    19:18:21.0929 0x11a4 [ C8E546516E0BF477DB2AFC46B1065786, E3F5F307245689B8B06F54A61112CBFDDAB60152318D029CF88345A83B45311E ] wampapache c:\wamp\bin\apache\apache2.4.2\bin\httpd.exe
    19:18:21.0935 0x11a4 wampapache - ok
    19:18:21.0997 0x11a4 wampmysqld - ok
    19:18:22.0047 0x11a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:18:22.0055 0x11a4 WANARP - ok
    19:18:22.0066 0x11a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:18:22.0069 0x11a4 Wanarpv6 - ok
    19:18:22.0109 0x11a4 [ B32009DB1972E7F2C227499289C4384A, D491CD90ACE895EC60A5A2F995EAE39F8ED662B71BC548C3FF5BBDBC60054788 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
    19:18:22.0122 0x11a4 WAS - ok
    19:18:22.0191 0x11a4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
    19:18:22.0227 0x11a4 wbengine - ok
    19:18:22.0250 0x11a4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:18:22.0258 0x11a4 WbioSrvc - ok
    19:18:22.0283 0x11a4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:18:22.0295 0x11a4 wcncsvc - ok
    19:18:22.0329 0x11a4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:18:22.0334 0x11a4 WcsPlugInService - ok
    19:18:22.0369 0x11a4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
    19:18:22.0371 0x11a4 Wd - ok
    19:18:22.0408 0x11a4 [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:18:22.0423 0x11a4 Wdf01000 - ok
    19:18:22.0449 0x11a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:18:22.0455 0x11a4 WdiServiceHost - ok
    19:18:22.0459 0x11a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:18:22.0465 0x11a4 WdiSystemHost - ok
    19:18:22.0485 0x11a4 [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient C:\Windows\System32\webclnt.dll
    19:18:22.0495 0x11a4 WebClient - ok
    19:18:22.0529 0x11a4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:18:22.0538 0x11a4 Wecsvc - ok
    19:18:22.0557 0x11a4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:18:22.0562 0x11a4 wercplsupport - ok
    19:18:22.0587 0x11a4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:18:22.0593 0x11a4 WerSvc - ok
    19:18:22.0615 0x11a4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:18:22.0617 0x11a4 WfpLwf - ok
    19:18:22.0641 0x11a4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:18:22.0642 0x11a4 WIMMount - ok
    19:18:22.0656 0x11a4 WinDefend - ok
    19:18:22.0671 0x11a4 WinHttpAutoProxySvc - ok
    19:18:22.0741 0x11a4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:18:22.0757 0x11a4 Winmgmt - ok
    19:18:22.0884 0x11a4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll
    19:18:22.0933 0x11a4 WinRM - ok
    19:18:23.0000 0x11a4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:18:23.0005 0x11a4 WinUsb - ok
    19:18:23.0069 0x11a4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:18:23.0109 0x11a4 Wlansvc - ok
    19:18:23.0261 0x11a4 [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:18:23.0369 0x11a4 wlidsvc - ok
    19:18:23.0388 0x11a4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
    19:18:23.0389 0x11a4 WmiAcpi - ok
    19:18:23.0430 0x11a4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:18:23.0436 0x11a4 wmiApSrv - ok
    19:18:23.0454 0x11a4 WMPNetworkSvc - ok
    19:18:23.0472 0x11a4 [ B5BD872122A2CE82D196ABF2D5D8D80A, 06FD527BA98261905DF6C1D752843DE45987D776EAA075EBBFCFCA4652D6664A ] WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
    19:18:23.0473 0x11a4 WMSVC - ok
    19:18:23.0483 0x11a4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:18:23.0487 0x11a4 WPCSvc - ok
    19:18:23.0504 0x11a4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:18:23.0511 0x11a4 WPDBusEnum - ok
    19:18:23.0540 0x11a4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:18:23.0541 0x11a4 ws2ifsl - ok
    19:18:23.0557 0x11a4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
    19:18:23.0563 0x11a4 wscsvc - ok
    19:18:23.0567 0x11a4 WSearch - ok
    19:18:23.0694 0x11a4 [ 9DF12EDBC698B0BC353B3EF84861E430, 5777972DC6242096EE2D4DAEEFC822DE9077560322DED7B9696BB23B7C240403 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:18:23.0810 0x11a4 wuauserv - ok
    19:18:23.0833 0x11a4 [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:18:23.0837 0x11a4 WudfPf - ok
    19:18:23.0905 0x11a4 [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:18:23.0926 0x11a4 WUDFRd - ok
    19:18:23.0948 0x11a4 [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:18:23.0957 0x11a4 wudfsvc - ok
    19:18:23.0981 0x11a4 [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:18:23.0994 0x11a4 WwanSvc - ok
    19:18:24.0019 0x11a4 ================ Scan global ===============================
    19:18:24.0046 0x11a4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
    19:18:24.0102 0x11a4 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
    19:18:24.0124 0x11a4 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
    19:18:24.0151 0x11a4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
    19:18:24.0188 0x11a4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
    19:18:24.0198 0x11a4 [ Global ] - ok
    19:18:24.0198 0x11a4 ================ Scan MBR ==================================
    19:18:24.0210 0x11a4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
    19:18:24.0678 0x11a4 \Device\Harddisk0\DR0 - ok
    19:18:24.0681 0x11a4 ================ Scan VBR ==================================
    19:18:24.0715 0x11a4 [ DBAA382F72A046C35FC5172E9F68D022 ] \Device\Harddisk0\DR0\Partition1
    19:18:24.0717 0x11a4 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
    19:18:24.0717 0x11a4 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
    19:18:29.0220 0x11a4 [ 4EDFF8A8487A75FC60D06A282DE97327 ] \Device\Harddisk0\DR0\Partition2
    19:18:29.0223 0x11a4 \Device\Harddisk0\DR0\Partition2 - ok
    19:18:29.0224 0x11a4 Waiting for KSN requests completion. In queue: 54
    19:18:30.0225 0x11a4 Waiting for KSN requests completion. In queue: 54
    19:18:31.0351 0x11a4 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2018.391 ), 0x41000 ( enabled : updated )
    19:18:31.0440 0x11a4 Win FW state via NFP2: enabled
    19:18:33.0991 0x11a4 ============================================================
    19:18:33.0991 0x11a4 Scan finished
    19:18:33.0991 0x11a4 ============================================================
    19:18:34.0010 0x06f8 Detected object count: 1
    19:18:34.0010 0x06f8 Actual detected object count: 1
    19:27:51.0431 0x06f8 \Device\Harddisk0\DR0\Partition1 - copied to quarantine
    19:27:51.0434 0x06f8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - will be cured on reboot
    19:27:51.0450 0x06f8 \Device\Harddisk0\DR0\Partition1 - ok
    19:27:51.0450 0x06f8 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - User select action: Cure
    19:27:52.0188 0x06f8 KLMD registered as C:\Windows\system32\drivers\49233323.sys
    19:27:56.0766 0x0e5c Deinitialize success
     
  8. Broni

    Broni Malware Annihilator Posts: 47,019   +255

  9. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Ok, good to know. I went to that link and it just says:
    "
    Sorry, we couldn't find that!

    [#103139]
    You do not have permission to view this forum."

    So I signed up for an account on the forums but still same message above for that link, so I don't think it's a permission thing, are you sure that is the right URL? If so, could you possibly just cut/paste the contents of that?

    Thanks,
    Dan
     
  10. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Sorry about it...

    1) Click the Start button
    2) Type: CMD.exe in the start search field
    3) Right-Click on CMD.exe and select Run as Administrator
    4) Type: net stop sppsvc (it may ask you if you are sure, select yes)
    5) Type: cd %windir%\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform
    6) Type: rename tokens.dat tokens.bar

    7) Type: cd %windir%\system32

    8) Type: net start sppsvc

    9) Type: slui.exe


    After a couple of seconds Windows Activation dialog will appear. You likely be asked to re-enter your product key and/or re-activate.



    Either key from COA sticker or key obtained from belarc advisor should work.

    If the above doesn't work try this: http://temcam.com/2013/10/25/how-to-fix-windows-7-not-genuine-error/
     
  11. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Ok ran the command, after it would not take my product key and the one from belarc advisor it also rejected because it said the BIOS was not licensed. Anyway, I did what you said with running the instructions at temcam.com and rebooted and now the windows is not genuine message is gone.
    Does this mean all is ok now or anything further to run?

    Thanks,
    Dan
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Good job :)

    Which option from my link did actually solve the issue?
    ‘SLMGR –REARM’ command or uninstalling KB971033?

    [​IMG] Re-run DDS and see if it'll produce the remaining log (DDS.txt).
    If so post it back here.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  13. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Thanks. dds.txt is below:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2
    Run by User at 21:52:19 on 2014-05-27
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4027.1321 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k apphost
    C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files (x86)\Intel\AMT\LMS.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe
    C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\ThpSrv.exe
    C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
    C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
    C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
    C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
    C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe
    C:\Windows\System32\ThpSrv.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySQLNotifier.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
    C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\PHP Designer 2005\phpDesignerPrg.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Notepad++\notepad++.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\putty.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files (x86)\WinSCP\WinSCP.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
    C:\Windows\system32\svchost.exe -k WbioSvcGroup
    C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ca/
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    uRun: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRunOnce: [20140526] C:\Program Files\AVAST Software\Avast\setup\emupdate\8453bb80-eb0b-45d2-9235-67ffa4df9578.exe /check
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn.optelian.com/+CSCOL+/csvrloader32.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{828E410B-F54A-44D0-A598-41B577963B56} : DHCPNameServer = 192.168.175.2 142.166.86.18 142.166.86.19
    TCP: Interfaces\{CBCC3E4F-AA07-4F6D-A607-E06405138901} : DHCPNameServer = 192.168.0.1
    TCP: Interfaces\{CBCC3E4F-AA07-4F6D-A607-E06405138901}\46C696E6B6 : DHCPNameServer = 192.168.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
    x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    x64-Run: [picon] "C:\Program Files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
    x64-Run: [ThpSrv] C:\Windows\System32\thpsrv /logon
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_40-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\90jydydd.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-5-25 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-5-25 208416]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\Windows\System32\drivers\thpdrv.sys [2009-6-29 34880]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2014-5-25 1039096]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-5-25 423240]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-5-25 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-5-25 79184]
    R2 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-5-25 85328]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-5-25 50344]
    R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
    R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-4-11 1764992]
    R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
    R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe [2009-3-10 46448]
    R2 FPLService;TrueSuiteService;C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [2012-4-23 296776]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-26 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-26 860472]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2014-5-23 140424]
    R2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w --> C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2013-10-2 2058776]
    R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2012-1-27 1073200]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-6-23 56344]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-8 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-26 122584]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-26 63704]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-5-14 5435904]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-25 111616]
    S3 MySQL56;MySQL56;"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld" --defaults-file="C:\ProgramData\MySQL\MySQL Server 5.6\my.ini" MySQL56 --> C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld [?]
    S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-13 10752]
    .
    =============== Created Last 30 ================
    .
    2014-05-27 04:16:31 -------- d-----w- C:\Users\User\AppData\Local\CrashDumps
    2014-05-27 04:01:58 -------- d-----w- C:\Program Files (x86)\Belarc
    2014-05-26 23:27:51 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-05-26 04:17:55 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-05-26 04:17:17 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-05-26 04:17:17 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-05-26 04:17:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-26 01:04:39 -------- d-----w- C:\Program Files (x86)\ESET
    2014-05-26 00:07:55 -------- d-sh--w- C:\$RECYCLE.BIN
    2014-05-25 23:51:23 98816 ----a-w- C:\Windows\sed.exe
    2014-05-25 23:51:23 256000 ----a-w- C:\Windows\PEV.exe
    2014-05-25 23:51:23 208896 ----a-w- C:\Windows\MBR.exe
    2014-05-25 20:45:06 878080 ----a-w- C:\Windows\System32\advapi32.dll
    2014-05-25 20:44:00 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-05-25 20:44:00 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2014-05-25 20:44:00 327168 ----a-w- C:\Windows\System32\mswsock.dll
    2014-05-25 20:44:00 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2014-05-25 20:44:00 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
    2014-05-25 20:44:00 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2014-05-25 18:47:33 -------- d-----w- C:\Users\User\AppData\Roaming\Dropbox
    2014-05-25 18:45:44 -------- d-----w- C:\Users\User\AppData\Roaming\AVAST Software
    2014-05-25 18:37:59 85328 ----a-w- C:\Windows\System32\drivers\aswstm.sys
    2014-05-25 18:37:58 208416 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-05-25 18:37:57 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys.1401043504699
    2014-05-25 18:37:57 1039096 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2014-05-25 18:37:56 423240 ----a-w- C:\Windows\System32\drivers\aswsp.sys.1401043504699
    2014-05-25 18:37:54 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-05-25 18:37:53 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-05-25 18:37:51 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2014-05-25 18:37:50 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-05-25 18:37:10 43152 ----a-w- C:\Windows\avastSS.scr
    2014-05-25 18:36:33 -------- d-----w- C:\Program Files\AVAST Software
    2014-05-25 18:29:55 423240 ----a-w- C:\Windows\System32\drivers\jrzpxmnx.sys
    2014-05-25 18:29:40 423240 ----a-w- C:\Windows\System32\drivers\dildpmqz.sys
    2014-05-25 18:29:40 -------- d-----w- C:\ProgramData\AVAST Software
    2014-05-25 17:58:22 -------- d-----w- C:\VirusFix
    2014-05-23 21:24:56 -------- d-----w- C:\Users\User\AppData\Local\ElevatedDiagnostics
    2014-05-23 11:16:35 -------- d-----w- C:\Windows\System32\appmgmt
    2014-05-23 03:13:11 -------- d-----w- C:\Windows\ERUNT
    2014-04-29 22:41:10 -------- d-----w- C:\Users\User\AppData\Local\Skype
    .
    ==================== Find3M ====================
    .
    2014-05-25 20:45:06 859648 ----a-w- C:\Windows\System32\tdh.dll
    2014-05-12 11:25:56 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-04-26 11:38:18 70920536 ----a-w- C:\snagit.exe
    .
    ============= FINISH: 21:53:22.29 ===============
     
  14. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Attach.txt
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/1/2013 11:15:49 PM
    System Uptime: 5/27/2014 12:10:19 AM (21 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz | uFC-PGA Socket | 2531/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 170.382 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82567LM Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_00011179&REV_03\3&21436425&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82567LM Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_10F5&SUBSYS_00011179&REV_03\3&21436425&0&C8
    Service: e1yexpress
    .
    Class GUID:
    Description:
    Device ID: ACPI\TOS6208\2&DABA3FF&2
    Manufacturer:
    Name:
    PNP Device ID: ACPI\TOS6208\2&DABA3FF&2
    Service:
    .
    ==== System Restore Points ===================
    .
    RP45: 5/21/2014 12:46:10 AM - Scheduled Checkpoint
    RP46: 5/23/2014 7:15:39 AM - Removed Bonjour
    RP47: 5/23/2014 9:12:07 AM - Removed Snagit 11
    RP48: 5/25/2014 12:42:11 PM - Windows Modules Installer
    RP49: 5/25/2014 12:55:58 PM - Windows Modules Installer
    RP50: 5/25/2014 1:43:19 PM - BadVirusExplorer
    RP51: 5/25/2014 2:24:06 PM - Windows Modules Installer
    RP52: 5/25/2014 2:35:20 PM - avast! antivirus system restore point
    RP53: 5/25/2014 2:48:16 PM - Windows Modules Installer
    RP54: 5/25/2014 4:42:51 PM - Windows Modules Installer
    RP55: 5/25/2014 7:00:09 PM - BeforeComboFix
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Reader XI (11.0.07)
    Agent Ransack 2010 (64-bit)
    ALPS Touch Pad Driver
    Apple Software Update
    AuthenTec TrueSuite
    avast! Free Antivirus
    Belarc Advisor 8.4
    Beyond Compare 3.3.8
    Bluetooth Stack for Windows by Toshiba
    Bonjour
    D3DX10
    ESET Online Scanner v3
    GIMP 2.8.10
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Management Engine Interface
    Intel® Active Management Technology
    Java 7 Update 40 (64-bit)
    Java 7 Update 45
    Java Auto Updater
    Java SE Development Kit 7 Update 40 (64-bit)
    Java(TM) 6 Update 14
    Java(TM) 6 Update 37 (64-bit)
    Java(TM) SE Development Kit 6 Update 37 (64-bit)
    Junk Mail filter update
    LSI V92 MOH Application
    Malwarebytes Anti-Malware version 2.0.2.1012
    McAfee SiteAdvisor
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Access MUI (English) 2013
    Microsoft Access Setup Metadata MUI (English) 2013
    Microsoft Application Error Reporting
    Microsoft DCF MUI (English) 2013
    Microsoft Excel MUI (English) 2013
    Microsoft Groove MUI (English) 2013
    Microsoft InfoPath MUI (English) 2013
    Microsoft Lync MUI (English) 2013
    Microsoft Office 32-bit Components 2013
    Microsoft Office OSM MUI (English) 2013
    Microsoft Office OSM UX MUI (English) 2013
    Microsoft Office Professional Plus 2013
    Microsoft Office Proofing (English) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Español
    Microsoft Office Shared 32-bit MUI (English) 2013
    Microsoft Office Shared MUI (English) 2013
    Microsoft Office Shared Setup Metadata MUI (English) 2013
    Microsoft OneNote MUI (English) 2013
    Microsoft Outlook MUI (English) 2013
    Microsoft PowerPoint MUI (English) 2013
    Microsoft Publisher MUI (English) 2013
    Microsoft Silverlight
    Microsoft Visio MUI (English) 2013
    Microsoft Visio Professional 2013
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Word MUI (English) 2013
    Mozilla Firefox 29.0.1 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MySQL Connector C++ 1.1.3
    MySQL Connector J
    MySQL Connector Net 6.7.4
    MySQL Connector/ODBC 5.2
    MySQL Documents 5.6
    MySQL Examples and Samples 5.6
    MySQL For Excel 1.1.3
    MySQL Installer
    MySQL Notifier 1.1.4
    MySQL Server 5.6
    MySQL Utilities
    MySQL Workbench 6.0 CE
    Notepad++
    NVIDIA Drivers
    NVIDIA nView Desktop Manager
    Outils de vérification linguistique 2013 de Microsoft Office - Français
    Photo Common
    PHP Designer 2005 3.0.6
    PostgreSQL 9.2
    Realtek High Definition Audio Driver
    RICOH R5U8xx Media Driver ver.3.63.02
    Safari
    Skype Click to Call
    Skype™ 6.11
    TOSHIBA ConfigFree
    TOSHIBA HDD Protection
    TOSHIBA Software Modem
    WampServer 2.2
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinRAR archiver
    WinSCP 5.1.7
    XAMPP
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/27/2014 12:10:55 AM, Error: Service Control Manager [7023] - The Windows Process Activation Service service terminated with the following error: The system cannot find the file specified.
    5/27/2014 12:10:55 AM, Error: Service Control Manager [7001] - The World Wide Web Publishing Service service depends on the Windows Process Activation Service service which failed to start because of the following error: The system cannot find the file specified.
    5/27/2014 12:10:54 AM, Error: Microsoft-Windows-WAS [5188] - The directory specified for the temporary application pool config files is either missing or is not accessible by the Windows Process Activation Service. Please specify an existing directory and/or ensure that it has proper access flags. The data field contains the error number.
    5/27/2014 12:10:54 AM, Error: Microsoft-Windows-WAS [5005] - Windows Process Activation Service (WAS) is stopping because it encountered an error. The data field contains the error number.
    5/27/2014 12:10:50 AM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the file specified.
    5/25/2014 8:04:54 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    5/25/2014 7:59:56 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    5/25/2014 2:27:33 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 2:27:28 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 2:27:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    5/25/2014 2:27:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    5/25/2014 2:27:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    5/25/2014 2:27:16 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    5/25/2014 2:26:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    5/25/2014 2:26:39 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Tosrfcom Wanarpv6
    5/25/2014 12:34:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 12:23:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    5/25/2014 12:23:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Tosrfcom Wanarpv6 WfpLwf
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    5/25/2014 12:23:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    5/23/2014 9:25:46 AM, Error: Service Control Manager [7034] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 9:21:50 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 9:20:15 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 9:16:42 AM, Error: Service Control Manager [7034] - The Skype Click to Call PNR Service service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 9:16:32 AM, Error: Service Control Manager [7034] - The Skype Click to Call Updater service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 9:00:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {0B5A2C52-3EB9-470A-96E2-6C6D4570E40F}
    5/23/2014 8:55:52 AM, Error: Service Control Manager [7023] - The Server service terminated with the following error: The service has not been started.
    5/23/2014 12:24:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    5/23/2014 11:51:48 AM, Error: Service Control Manager [7038] - The nsi service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    5/23/2014 11:51:48 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not start due to a logon failure.
    5/23/2014 11:51:48 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not start due to a logon failure.
    5/23/2014 11:51:45 AM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    5/23/2014 11:51:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network Store Interface Service service to connect.
    5/23/2014 11:51:20 AM, Error: Service Control Manager [7000] - The Network Store Interface Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:49:21 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has not been started.
    5/23/2014 11:49:21 AM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:21 AM, Error: Service Control Manager [7001] - The Base Filtering Engine service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:18 AM, Error: Service Control Manager [7001] - The Function Discovery Resource Publication service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Driver Foundation - User-mode Driver Framework service to connect.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Desktop Window Manager Session Manager service to connect.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7001] - The WLAN AutoConfig service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7001] - The Portable Device Enumerator Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7001] - The Offline Files service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7001] - The Extensible Authentication Protocol service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7001] - The Distributed Link Tracking Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7000] - The Windows Driver Foundation - User-mode Driver Framework service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:49:10 AM, Error: Service Control Manager [7000] - The Desktop Window Manager Session Manager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:49:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Multimedia Class Scheduler service to connect.
    5/23/2014 11:49:04 AM, Error: Service Control Manager [7001] - The User Profile Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:04 AM, Error: Service Control Manager [7001] - The System Event Notification Service service depends on the COM+ Event System service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:04 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:04 AM, Error: Service Control Manager [7001] - The Group Policy Client service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:04 AM, Error: Service Control Manager [7001] - The COM+ Event System service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:49:04 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:52 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:47 AM, Error: Service Control Manager [7031] - The Application Host Helper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    5/23/2014 11:48:41 AM, Error: Service Control Manager [7034] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 5 time(s).
    5/23/2014 11:48:32 AM, Error: Service Control Manager [7034] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 3 time(s).
    5/23/2014 11:48:23 AM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    5/23/2014 11:48:23 AM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    5/23/2014 11:48:15 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.
    5/23/2014 11:48:15 AM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:48:15 AM, Error: Service Control Manager [7001] - The Remote Procedure Call (RPC) service depends on the RPC Endpoint Mapper service which failed to start because of the following error: The service has returned a service-specific error code.
    5/23/2014 11:48:15 AM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:14 AM, Error: Service Control Manager [7034] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 4 time(s).
    5/23/2014 11:48:10 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Audio Endpoint Builder service, but this action failed with the following error: Circular service dependency was specified.
    5/23/2014 11:48:10 AM, Error: Service Control Manager [7019] - The Windows Audio Endpoint Builder service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.
    5/23/2014 11:48:10 AM, Error: Service Control Manager [7017] - Detected circular dependencies demand starting Windows Audio Endpoint Builder. Check the service dependency tree.
    5/23/2014 11:48:10 AM, Error: Service Control Manager [7001] - The Program Compatibility Assistant Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:48:06 AM, Error: Service Control Manager [7034] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 3 time(s).
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Event Log service to connect.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Themes service to connect.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Experience service to connect.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7001] - The Task Scheduler service depends on the Windows Event Log service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7001] - The Background Intelligent Transfer Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7000] - The Windows Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7000] - The Themes service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:04 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:48:02 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:47:52 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:47:52 AM, Error: Service Control Manager [7001] - The Cryptographic Services service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:48 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:48 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:48 AM, Error: Service Control Manager [7001] - The Function Discovery Provider Host service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:30 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    5/23/2014 11:47:21 AM, Error: Service Control Manager [7031] - The IPsec Policy Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:18 AM, Error: Service Control Manager [7031] - The SSDP Discovery service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/23/2014 11:47:18 AM, Error: Service Control Manager [7031] - The Function Discovery Resource Publication service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SSDP Discovery service to connect.
    5/23/2014 11:47:18 AM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Offline Files service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Distributed Link Tracking Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:10 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Font Cache Service service to connect.
    5/23/2014 11:47:07 AM, Error: Service Control Manager [7000] - The Windows Font Cache Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:47:06 AM, Error: Service Control Manager [7001] - The Windows Update service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:06 AM, Error: Service Control Manager [7001] - The Windows Defender service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:06 AM, Error: Service Control Manager [7001] - The Software Protection service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:06 AM, Error: Service Control Manager [7001] - The Security Center service depends on the Windows Management Instrumentation service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:06 AM, Error: Service Control Manager [7001] - The Google Update Service (gupdate) service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:04 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:47:02 AM, Error: Service Control Manager [7023] - The Plug and Play service terminated with the following error: The RPC server is too busy to complete this operation.
    5/23/2014 11:47:02 AM, Error: Service Control Manager [7001] - The Windows Audio service depends on the Remote Procedure Call (RPC) service which failed to start because of the following error: The dependency service or group failed to start.
    5/23/2014 11:47:00 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Remote Procedure Call (RPC) service, but this action failed with the following error: A system shutdown has already been scheduled.
    5/23/2014 11:47:00 AM, Error: Service Control Manager [7031] - The RPC Endpoint Mapper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:47:00 AM, Error: Service Control Manager [7031] - The Remote Procedure Call (RPC) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    5/23/2014 11:46:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
    5/23/2014 11:46:52 AM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:46:52 AM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/23/2014 11:46:52 AM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:46:52 AM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:46:52 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:46:48 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/23/2014 11:46:48 AM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:46:48 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    5/23/2014 11:46:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TCP/IP NetBIOS Helper service to connect.
    5/23/2014 11:46:48 AM, Error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:46:45 AM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    5/23/2014 11:46:41 AM, Error: Service Control Manager [7034] - The World Wide Web Publishing Service service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 11:46:41 AM, Error: Service Control Manager [7031] - The Windows Process Activation Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Run the configured recovery program.
    5/23/2014 11:46:37 AM, Error: Service Control Manager [7034] - The Windows Image Acquisition (WIA) service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 11:46:34 AM, Error: Service Control Manager [7034] - The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 11:46:25 AM, Error: Service Control Manager [7031] - The Windows Error Reporting Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:46:25 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the COM+ Event System service to connect.
    5/23/2014 11:46:25 AM, Error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:46:20 AM, Error: Service Control Manager [7034] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 2 time(s).
    5/23/2014 11:46:20 AM, Error: Service Control Manager [7034] - The Function Discovery Provider Host service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 11:46:20 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    5/23/2014 11:46:20 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/23/2014 11:46:20 AM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    5/23/2014 11:46:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Network List Service service to connect.
    5/23/2014 11:46:20 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:46:19 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
    5/23/2014 11:46:19 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/23/2014 11:46:15 AM, Error: Service Control Manager [7031] - The Windows Firewall service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:46:15 AM, Error: Service Control Manager [7031] - The Diagnostic Policy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:46:15 AM, Error: Service Control Manager [7031] - The Base Filtering Engine service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:46:12 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
    5/23/2014 11:46:12 AM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    5/23/2014 11:46:07 AM, Error: Service Control Manager [7034] - The Diagnostic Service Host service terminated unexpectedly. It has done this 1 time(s).
    5/23/2014 11:46:07 AM, Error: Service Control Manager [7031] - The WinHTTP Web Proxy Auto-Discovery Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    5/23/2014 11:46:07 AM, Error: Service Control Manager [7031] - The Windows Font Cache Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:46:07 AM, Error: Service Control Manager [7031] - The Network Store Interface Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:46:07 AM, Error: Service Control Manager [7031] - The Network List Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/23/2014 11:46:07 AM, Error: Service Control Manager [7031] - The COM+ Event System service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    5/23/2014 11:46:02 AM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:46:02 AM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:46:02 AM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    5/23/2014 11:46:02 AM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/23/2014 11:46:02 AM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    5/23/2014 11:25:52 AM, Error: Service Control Manager [7022] - The Google Update Service (gupdate) service hung on starting.
    5/23/2014 10:12:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    5/23/2014 10:07:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McAfee SiteAdvisor Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    5/22/2014 9:54:30 PM, Error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).
    5/22/2014 11:55:16 PM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    5/22/2014 11:55:16 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
    .
    ==== End Of File ===========================
     
  15. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    RogueKiller log
    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Remove -- Date : 05/27/2014 22:19:01
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2565GSXN ATA Device +++++
    --- User ---
    [MBR] a285c9c5a1c3dba96d7eeb168df56ad8
    [BSP] 4fdd531d62896756a2c44be53c42b89b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_05272014_221901.txt >>
    RKreport[0]_S_05272014_221732.txt
     
  16. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Other RogueKiller log:
    RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : User [Admin rights]
    Mode : Scan -- Date : 05/27/2014 22:17:32
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK2565GSXN ATA Device +++++
    --- User ---
    [MBR] a285c9c5a1c3dba96d7eeb168df56ad8
    [BSP] 4fdd531d62896756a2c44be53c42b89b : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 MB
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_05272014_221732.txt >>
     
  17. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    MalwareBytes rootkit found no problems, here are logs:
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.05.28.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    User :: USER-PC [administrator]

    5/27/2014 11:01:26 PM
    mbar-log-2014-05-27 (23-01-26).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 296140
    Time elapsed: 8 minute(s), 25 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)



    -------------------------------------------------------------------

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16428

    Java version: 1.6.0_14

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.527000 GHz
    Memory total: 4222853120, free: 2063011840

    Downloaded database version: v2014.05.28.01
    Downloaded database version: v2014.05.21.01
    Initializing...
    ======================
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 64B5CA91

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 488187904

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 250059350016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-488377168-488397168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  18. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  19. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Ok ComboFix done, ComboFix.txt log below:

    ComboFix 14-05-27.02 - User 05/28/2014 21:14:57.2.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4027.2650 [GMT -4:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-04-28 to 2014-05-29 )))))))))))))))))))))))))))))))
    .
    .
    2014-05-29 01:22 . 2014-05-29 01:22 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-05-28 03:01 . 2014-05-28 03:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-05-27 04:16 . 2014-05-27 04:16 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
    2014-05-27 04:01 . 2014-05-27 04:01 -------- d-----w- c:\program files (x86)\Belarc
    2014-05-26 23:27 . 2014-05-26 23:27 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-05-26 04:17 . 2014-05-28 22:57 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-26 04:17 . 2014-05-28 02:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-26 04:17 . 2014-05-26 04:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-05-26 04:17 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-26 01:04 . 2014-05-26 01:04 -------- d-----w- c:\program files (x86)\ESET
    2014-05-25 20:45 . 2014-05-25 20:45 878080 ----a-w- c:\windows\system32\advapi32.dll
    2014-05-25 20:44 . 2014-05-25 20:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-05-25 20:44 . 2014-05-25 20:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-05-25 20:44 . 2014-05-25 20:44 327168 ----a-w- c:\windows\system32\mswsock.dll
    2014-05-25 20:44 . 2014-05-25 20:44 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2014-05-25 20:44 . 2014-05-25 20:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
    2014-05-25 20:44 . 2014-05-25 20:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-05-25 18:47 . 2014-05-25 18:50 -------- d-----w- c:\users\User\AppData\Roaming\Dropbox
    2014-05-25 18:45 . 2014-05-25 18:45 -------- d-----w- c:\users\User\AppData\Roaming\AVAST Software
    2014-05-25 18:37 . 2014-05-25 18:45 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-05-25 18:37 . 2014-05-25 18:37 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-05-25 18:37 . 2014-05-25 18:45 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-05-25 18:37 . 2014-05-25 18:45 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-05-25 18:37 . 2014-05-25 18:37 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-05-25 18:37 . 2014-05-25 18:37 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-25 18:37 . 2014-05-25 18:37 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-05-25 18:37 . 2014-05-25 18:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-05-25 18:37 . 2014-05-25 18:37 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-05-25 18:37 . 2014-05-25 18:37 43152 ----a-w- c:\windows\avastSS.scr
    2014-05-25 18:36 . 2014-05-25 18:36 -------- d-----w- c:\program files\AVAST Software
    2014-05-25 18:29 . 2014-05-25 18:29 423240 ----a-w- c:\windows\system32\drivers\jrzpxmnx.sys
    2014-05-25 18:29 . 2014-05-25 18:33 -------- d-----w- c:\programdata\AVAST Software
    2014-05-25 18:29 . 2014-05-25 18:29 423240 ----a-w- c:\windows\system32\drivers\dildpmqz.sys
    2014-05-25 17:58 . 2014-05-26 11:17 -------- d-----w- C:\VirusFix
    2014-05-23 21:24 . 2014-05-23 21:24 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics
    2014-05-23 16:30 . 2014-05-23 16:31 -------- d-----w- c:\users\Dan
    2014-05-23 11:16 . 2014-05-23 11:16 -------- d-----w- c:\windows\system32\appmgmt
    2014-05-23 03:13 . 2014-05-23 16:04 -------- d-----w- c:\windows\ERUNT
    2014-04-29 22:41 . 2014-05-23 16:35 -------- d-----w- c:\users\User\AppData\Local\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-25 20:45 . 2014-05-25 20:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-05-12 11:25 . 2013-11-08 20:01 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-04-26 11:38 . 2014-04-26 11:26 70920536 ----a-w- C:\snagit.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe" [2013-07-05 762368]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-11-02 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-26 3888648]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-05-23 20:38 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 12:03]
    .
    2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 12:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-25 18:37 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}"
    [HKEY_CLASSES_ROOT\CLSID\{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}]
    2011-10-21 19:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{93BB455E-3D52-4fba-9733-E5103B30FC12}"
    [HKEY_CLASSES_ROOT\CLSID\{93BB455E-3D52-4fba-9733-E5103B30FC12}]
    2011-10-21 19:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 238592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
    "picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn.optelian.com/+CSCOL+/csvrloader32.cab
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\90jydydd.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    SafeBoot-87220390.sys
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
    "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
    "ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
    "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
    "ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3350918055-2160733641-3793535056-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3350918055-2160733641-3793535056-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-05-28 21:24:50
    ComboFix-quarantined-files.txt 2014-05-29 01:24
    ComboFix2.txt 2014-05-26 00:07
    .
    Pre-Run: 184,122,933,248 bytes free
    Post-Run: 184,077,041,664 bytes free
    .
    - - End Of File - - 25BFC7F5BE2CFF261E4053CE9236C18E
    A36C5E4F47E84449FF07ED3517B43A31
     
  20. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\jrzpxmnx.sys
    c:\windows\system32\drivers\dildpmqz.sys
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  21. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Ok redone, it never asked to reboot, new ComboFix.txt log is below:

    ComboFix 14-05-27.02 - User 05/28/2014 22:03:27.3.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4027.2642 [GMT -4:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    Command switches used :: c:\users\User\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\dildpmqz.sys"
    "c:\windows\system32\drivers\jrzpxmnx.sys"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-04-28 to 2014-05-29 )))))))))))))))))))))))))))))))
    .
    .
    2014-05-29 02:10 . 2014-05-29 02:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-05-28 03:01 . 2014-05-28 03:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-05-27 04:16 . 2014-05-27 04:16 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
    2014-05-27 04:01 . 2014-05-27 04:01 -------- d-----w- c:\program files (x86)\Belarc
    2014-05-26 23:27 . 2014-05-26 23:27 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-05-26 04:17 . 2014-05-29 01:47 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-26 04:17 . 2014-05-28 02:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-26 04:17 . 2014-05-26 04:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-05-26 04:17 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-26 01:04 . 2014-05-26 01:04 -------- d-----w- c:\program files (x86)\ESET
    2014-05-25 20:45 . 2014-05-25 20:45 878080 ----a-w- c:\windows\system32\advapi32.dll
    2014-05-25 20:44 . 2014-05-25 20:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-05-25 20:44 . 2014-05-25 20:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-05-25 20:44 . 2014-05-25 20:44 327168 ----a-w- c:\windows\system32\mswsock.dll
    2014-05-25 20:44 . 2014-05-25 20:44 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2014-05-25 20:44 . 2014-05-25 20:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
    2014-05-25 20:44 . 2014-05-25 20:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-05-25 18:47 . 2014-05-25 18:50 -------- d-----w- c:\users\User\AppData\Roaming\Dropbox
    2014-05-25 18:45 . 2014-05-25 18:45 -------- d-----w- c:\users\User\AppData\Roaming\AVAST Software
    2014-05-25 18:37 . 2014-05-25 18:45 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-05-25 18:37 . 2014-05-25 18:37 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-05-25 18:37 . 2014-05-25 18:45 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-05-25 18:37 . 2014-05-25 18:45 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-05-25 18:37 . 2014-05-25 18:37 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-05-25 18:37 . 2014-05-25 18:37 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-25 18:37 . 2014-05-25 18:37 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-05-25 18:37 . 2014-05-25 18:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-05-25 18:37 . 2014-05-25 18:37 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-05-25 18:37 . 2014-05-25 18:37 43152 ----a-w- c:\windows\avastSS.scr
    2014-05-25 18:36 . 2014-05-25 18:36 -------- d-----w- c:\program files\AVAST Software
    2014-05-25 18:29 . 2014-05-25 18:29 423240 ----a-w- c:\windows\system32\drivers\jrzpxmnx.sys
    2014-05-25 18:29 . 2014-05-25 18:33 -------- d-----w- c:\programdata\AVAST Software
    2014-05-25 18:29 . 2014-05-25 18:29 423240 ----a-w- c:\windows\system32\drivers\dildpmqz.sys
    2014-05-25 17:58 . 2014-05-26 11:17 -------- d-----w- C:\VirusFix
    2014-05-23 21:24 . 2014-05-23 21:24 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics
    2014-05-23 16:30 . 2014-05-23 16:31 -------- d-----w- c:\users\Dan
    2014-05-23 11:16 . 2014-05-23 11:16 -------- d-----w- c:\windows\system32\appmgmt
    2014-05-23 03:13 . 2014-05-23 16:04 -------- d-----w- c:\windows\ERUNT
    2014-04-29 22:41 . 2014-05-23 16:35 -------- d-----w- c:\users\User\AppData\Local\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-25 20:45 . 2014-05-25 20:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-05-12 11:25 . 2013-11-08 20:01 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-04-26 11:38 . 2014-04-26 11:26 70920536 ----a-w- C:\snagit.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe" [2013-07-05 762368]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-11-02 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-26 3888648]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-05-23 20:38 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 12:03]
    .
    2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 12:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-25 18:37 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}"
    [HKEY_CLASSES_ROOT\CLSID\{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}]
    2011-10-21 19:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{93BB455E-3D52-4fba-9733-E5103B30FC12}"
    [HKEY_CLASSES_ROOT\CLSID\{93BB455E-3D52-4fba-9733-E5103B30FC12}]
    2011-10-21 19:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 238592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
    "picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn.optelian.com/+CSCOL+/csvrloader32.cab
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\90jydydd.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
    "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
    "ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
    "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
    "ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3350918055-2160733641-3793535056-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3350918055-2160733641-3793535056-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-05-28 22:12:29
    ComboFix-quarantined-files.txt 2014-05-29 02:12
    ComboFix2.txt 2014-05-29 01:24
    ComboFix3.txt 2014-05-26 00:07
    .
    Pre-Run: 184,223,285,248 bytes free
    Post-Run: 183,919,411,200 bytes free
    .
    - - End Of File - - C3DD6DADE4FA81B91676B58CE9BBA8F7
    A36C5E4F47E84449FF07ED3517B43A31
     
  22. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    Let's try one more time...

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\drivers\jrzpxmnx.sys
    c:\windows\system32\drivers\dildpmqz.sys
    
    Folder::
    
    Driver::
    jrzpxmnx
    dildpmqz
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  23. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Ok, here is the new one:

    ComboFix 14-05-27.02 - User 05/29/2014 0:09.4.2 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4027.2593 [GMT -4:00]
    Running from: c:\users\User\Desktop\ComboFix.exe
    Command switches used :: c:\users\User\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\windows\system32\drivers\dildpmqz.sys"
    "c:\windows\system32\drivers\jrzpxmnx.sys"
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-04-28 to 2014-05-29 )))))))))))))))))))))))))))))))
    .
    .
    2014-05-29 04:16 . 2014-05-29 04:16 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-05-28 03:01 . 2014-05-28 03:12 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-05-27 04:16 . 2014-05-27 04:16 -------- d-----w- c:\users\User\AppData\Local\CrashDumps
    2014-05-27 04:01 . 2014-05-27 04:01 -------- d-----w- c:\program files (x86)\Belarc
    2014-05-26 23:27 . 2014-05-26 23:27 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-05-26 04:17 . 2014-05-29 04:02 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-05-26 04:17 . 2014-05-28 02:57 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-05-26 04:17 . 2014-05-26 04:17 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-05-26 04:17 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-05-26 01:04 . 2014-05-26 01:04 -------- d-----w- c:\program files (x86)\ESET
    2014-05-25 20:45 . 2014-05-25 20:45 878080 ----a-w- c:\windows\system32\advapi32.dll
    2014-05-25 20:44 . 2014-05-25 20:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-05-25 20:44 . 2014-05-25 20:44 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-05-25 20:44 . 2014-05-25 20:44 327168 ----a-w- c:\windows\system32\mswsock.dll
    2014-05-25 20:44 . 2014-05-25 20:44 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2014-05-25 20:44 . 2014-05-25 20:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
    2014-05-25 20:44 . 2014-05-25 20:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2014-05-25 18:47 . 2014-05-25 18:50 -------- d-----w- c:\users\User\AppData\Roaming\Dropbox
    2014-05-25 18:45 . 2014-05-25 18:45 -------- d-----w- c:\users\User\AppData\Roaming\AVAST Software
    2014-05-25 18:37 . 2014-05-25 18:45 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-05-25 18:37 . 2014-05-25 18:37 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-05-25 18:37 . 2014-05-25 18:45 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2014-05-25 18:37 . 2014-05-25 18:45 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-05-25 18:37 . 2014-05-25 18:37 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-05-25 18:37 . 2014-05-25 18:37 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-05-25 18:37 . 2014-05-25 18:37 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-05-25 18:37 . 2014-05-25 18:37 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-05-25 18:37 . 2014-05-25 18:37 334648 ----a-w- c:\windows\system32\aswBoot.exe
    2014-05-25 18:37 . 2014-05-25 18:37 43152 ----a-w- c:\windows\avastSS.scr
    2014-05-25 18:36 . 2014-05-25 18:36 -------- d-----w- c:\program files\AVAST Software
    2014-05-25 18:29 . 2014-05-25 18:29 423240 ----a-w- c:\windows\system32\drivers\jrzpxmnx.sys
    2014-05-25 18:29 . 2014-05-25 18:33 -------- d-----w- c:\programdata\AVAST Software
    2014-05-25 18:29 . 2014-05-25 18:29 423240 ----a-w- c:\windows\system32\drivers\dildpmqz.sys
    2014-05-25 17:58 . 2014-05-26 11:17 -------- d-----w- C:\VirusFix
    2014-05-23 21:24 . 2014-05-23 21:24 -------- d-----w- c:\users\User\AppData\Local\ElevatedDiagnostics
    2014-05-23 16:30 . 2014-05-23 16:31 -------- d-----w- c:\users\Dan
    2014-05-23 11:16 . 2014-05-23 11:16 -------- d-----w- c:\windows\system32\appmgmt
    2014-05-23 03:13 . 2014-05-23 16:04 -------- d-----w- c:\windows\ERUNT
    2014-04-29 22:41 . 2014-05-23 16:35 -------- d-----w- c:\users\User\AppData\Local\Skype
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-05-25 20:45 . 2014-05-25 20:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-05-12 11:25 . 2013-11-08 20:01 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-04-26 11:38 . 2014-04-26 11:26 70920536 ----a-w- C:\snagit.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-02 01:38 1720976 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MySQL Notifier"="c:\program files (x86)\MySQL\MySQL Notifier 1.1.4\MySqlNotifier.exe" [2013-07-05 762368]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-11-02 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-26 3888648]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2009-12-8 2717024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MySQL56;MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56;C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld --defaults-file=c:\programdata\MySQL\MySQL Server 5.6\my.ini MySQL56 [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
    S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
    S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
    S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
    S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
    S2 FPLService;TrueSuiteService;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe;c:\program files\AuthenTec TrueSuite\TrueSuiteService.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
    S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [x]
    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys;c:\windows\SYSNATIVE\DRIVERS\ATSwpWDF.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    iissvcs REG_MULTI_SZ w3svc was
    apphost REG_MULTI_SZ apphostsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-05-23 20:38 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 12:03]
    .
    2014-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-03 12:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2012-10-02 01:37 2322576 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-05-25 18:37 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2013-09-11 02:09 164016 ----a-w- c:\users\User\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}"
    [HKEY_CLASSES_ROOT\CLSID\{BC6D10E6-AE59-4cef-83DB-FD4C9BC7B7F2}]
    2011-10-21 19:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{93BB455E-3D52-4fba-9733-E5103B30FC12}"
    [HKEY_CLASSES_ROOT\CLSID\{93BB455E-3D52-4fba-9733-E5103B30FC12}]
    2011-10-21 19:00 4014408 ----a-w- c:\program files\AuthenTec TrueSuite\KeepSafe\fvns.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ThpSrv"="c:\windows\system32\thpsrv" [X]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-03-29 238592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
    "picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-08-04 358424]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.ca/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.0.1
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    DPF: {2AB1C516-6654-4D3A-B3D6-2185BBCEB409} - hxxps://vpn.optelian.com/+CSCOL+/csvrloader32.cab
    FF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\90jydydd.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A110US0&p=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
    "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
    --
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
    "ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL56]
    "ImagePath"="\"C:/Program Files/MySQL/MySQL Server 5.6/bin\mysqld\" --defaults-file=\"c:\programdata\MySQL\MySQL Server 5.6\my.ini\" MySQL56"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-x64-9.2]
    "ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3350918055-2160733641-3793535056-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-3350918055-2160733641-3793535056-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-05-29 00:19:11
    ComboFix-quarantined-files.txt 2014-05-29 04:19
    ComboFix2.txt 2014-05-29 02:12
    ComboFix3.txt 2014-05-29 01:24
    ComboFix4.txt 2014-05-26 00:07
    .
    Pre-Run: 183,998,836,736 bytes free
    Post-Run: 183,929,315,328 bytes free
    .
    - - End Of File - - 0115DBA603F483C08D7FA77191132133
    A36C5E4F47E84449FF07ED3517B43A31
     
  24. Broni

    Broni Malware Annihilator Posts: 47,019   +255

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  25. Dan Oliver

    Dan Oliver TS Rookie Topic Starter Posts: 27

    Adware log
    # AdwCleaner v3.211 - Report created 29/05/2014 at 23:30:10
    # Updated 26/05/2014 by Xplode
    # Operating System : Windows 7 Professional Service Pack 1 (64 bits)
    # Username : User - USER-PC
    # Running from : C:\Users\User\Desktop\adwcleaner_3.211.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKCU\Software\AppDataLow\Software

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16428


    -\\ Mozilla Firefox v29.0.1 (en-GB)

    [ File : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\90jydydd.default\prefs.js ]


    -\\ Google Chrome v35.0.1916.114

    [ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1072 octets] - [29/05/2014 23:24:10]
    AdwCleaner[S0].txt - [1001 octets] - [29/05/2014 23:30:10]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1061 octets] ##########
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.