TechSpot

Multiple instances of iexplore.exe while running chrome

Solved
By driveman
Feb 11, 2014
  1. I have multiple instances of iexplore.exe running and more open up the longer the pc is on. Total Defense and MBAM have not found anything. Below are the MBAM and DDS logs. Thank you in advance for any help you can offer.

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.02.11.06

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Matthew :: MATTHEW-PC [administrator]

    Protection: Enabled

    2/11/2014 10:30:49 AM
    mbam-log-2014-02-11 (10-30-49).txt

    Scan type: Full scan (C:\|Q:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 387802
    Time elapsed: 2 hour(s), 3 minute(s), 24 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.51.2
    Run by Matthew at 17:05:45 on 2014-02-11
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1360 [GMT -5:00]
    .
    AV: Total Defense Anti-Virus *Enabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
    SP: Total Defense Anti-Virus *Enabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Total Defense Personal Firewall *Enabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k GPSvcGroup
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe
    C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe
    C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\windows\System32\rpcnetp.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\TECO\TecoService.exe
    C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Total Defense\Internet Security Suite\ccEvtMgr.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    C:\Program Files (x86)\Browny02\BrYNSvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\windows\system32\taskmgr.exe
    C:\Program Files\Total Defense\Internet Security Suite\casc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    uProxyOverride = <local>;*.local
    mWinlogon: Userinit = userinit.exe
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll
    mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001051-0002-0051-ABCDEFFEDCBC} - <orphaned>
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: C:\windows\System32\VetRedir.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{FBEB6541-5B38-470F-AD38-2F4FA1020B4D} : DHCPNameServer = 192.168.1.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: PFW - UmxWnp.Dll
    AppInit_DLLs= UmxSbxExw.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Total Defense Anti-Phishing Toolbar Helper: {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
    x64-BHO: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Total Defense Anti-Phishing Toolbar: {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [cctray] "C:\Program Files\Total Defense\Internet Security Suite\casc.exe"
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-Notify: PFW - <no file>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 KmxAMRT;KmxAMRT;C:\windows\System32\drivers\KmxAMRT.sys [2011-10-27 182352]
    R0 KmxFw;KmxFw;C:\windows\System32\drivers\KmxFw.sys [2011-9-6 143824]
    R1 KmxAgent;KmxAgent;C:\windows\System32\drivers\KmxAgent.sys [2011-10-26 113744]
    R1 KmxCfg;KmxCfg;C:\windows\System32\drivers\KmxCfg.sys [2011-9-6 365136]
    R1 KmxFile;KmxFile;C:\windows\System32\drivers\KmxFile.sys [2011-9-6 87120]
    R1 KmxFilter;HIPS Core Filter Driver;C:\windows\System32\drivers\KmxFilter.sys [2011-9-6 99024]
    R2 CAAMSvc;CAAMSvc;C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\CAAMSvc.exe [2013-11-16 313040]
    R2 CAISafe;Total Defense ISafe Service;C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe [2013-11-16 314888]
    R2 ccSchedulerSVC;Total Defense Common Scheduler Service;C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe [2013-11-16 288776]
    R2 KmxCF;KmxCF;C:\windows\System32\drivers\KmxCF.sys [2011-9-6 201936]
    R2 KmxSbx;KmxSbx;C:\windows\System32\drivers\KmxSbx.sys [2011-9-6 81488]
    R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-2-25 252928]
    R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
    R2 UmxEngine;TM Engine;C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe [2011-4-4 920656]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-11-15 2320920]
    R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2013-11-16 266240]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2010-2-27 158976]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-4-20 169584]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-11-15 35008]
    R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
    R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2010-6-18 39832]
    RUnknown rpcnetp;rpcnetp; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
    S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-9-9 332272]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-16 19456]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-11-15 239136]
    S3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-11-15 51512]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
    S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-11-16 57856]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-11-15 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-02-11 21:27:19 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-29 01:19:01 -------- d-----w- C:\windows\Migration
    2014-01-29 00:04:37 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Malwarebytes
    2014-01-29 00:04:31 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-01-29 00:04:30 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-01-29 00:04:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-01-29 00:04:11 -------- d-----w- C:\Users\Matthew\AppData\Local\Programs
    2014-01-15 17:03:55 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
    2014-01-15 17:03:55 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
    2014-01-15 17:03:55 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
    2014-01-15 17:03:55 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
    2014-01-15 17:03:55 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
    2014-01-15 17:03:55 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
    2014-01-15 17:03:55 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
    2014-01-15 17:03:54 3156480 ----a-w- C:\windows\System32\win32k.sys
    2014-01-15 17:03:53 376768 ----a-w- C:\windows\System32\drivers\netio.sys
    2014-01-13 15:45:52 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-13 15:45:52 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    .
    ==================== Find3M ====================
    .
    2014-02-11 18:57:16 17920 ----a-w- C:\windows\SysWow64\rpcnetp.dll
    2014-02-11 18:56:59 17920 ----a-w- C:\windows\SysWow64\rpcnetp.exe
    2014-02-11 18:56:59 17920 ----a-w- C:\windows\System32\rpcnetp.exe
    2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
    2013-11-17 00:28:31 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-11-17 00:01:50 44544 ----a-w- C:\windows\SysWow64\agremove.exe
    2013-11-16 23:27:37 175616 ----a-w- C:\windows\System32\msclmd.dll
    2013-11-16 23:27:37 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
    .
    ============= FINISH: 17:06:52.00 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    Does it happen with IE actually open?

    I still need Attach.txt log from DDS.
     
  3. driveman

    driveman TS Rookie Topic Starter Posts: 44

    It happens while IE is open also, however I rarely use IE. Here is the attach.txt file:

    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/15/2013 12:48:45 AM
    System Uptime: 2/11/2014 3:09:53 PM (2 hours ago)
    .
    Motherboard: Intel Corp. | | Base Board Product Name
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 911/1066mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 454 GiB total, 356.632 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP21: 12/13/2013 11:48:03 AM - Windows Update
    RP22: 12/18/2013 9:22:02 AM - Windows Update
    RP23: 1/16/2014 10:17:43 AM - Windows Update
    RP24: 1/25/2014 9:50:00 PM - Installed Java 7 Update 51
    RP25: 1/28/2014 8:16:12 PM - Windows Update
    RP26: 1/29/2014 1:58:59 PM - Removed Java 7 Update 51
    RP27: 1/29/2014 2:01:35 PM - Installed Java 7 Update 51
    RP28: 2/11/2014 1:53:37 PM - Windows Modules Installer
    RP29: 2/11/2014 4:25:22 PM - Removed Java 7 Update 51
    RP30: 2/11/2014 4:26:53 PM - Installed Java 7 Update 51
    .
    ==== Installed Programs ======================
    .
    64 Bit HP CIO Components Installer
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader 9.3
    Amazon Cloud Player
    Anti-Virus
    APH placeholder
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Best Buy pc app
    Bonjour
    Brother MFL-Pro Suite MFC-J430W
    Conexant HD Audio
    Coupon Printer for Windows
    D3DX10
    DNAMigrator
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HIPS
    Intel PROSet Wireless
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Rapid Storage Technology
    Intel® Wireless Display
    iTunes
    Java 7 Update 51
    Java Auto Updater
    Java(TM) 6 Update 17
    Junk Mail filter update
    Label@Once 1.0
    Malwarebytes Anti-Malware version 1.75.0.1300
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PlayReady PC Runtime amd64
    Realtek USB 2.0 Card Reader
    Synaptics Pointing Device Driver
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA eco Utility
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    TOSHIBA PC Health Monitor
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    ToshibaRegistration
    Total Defense Internet Security Suite
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/11/2014 1:59:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Application Virtualization Client service to connect.
    2/11/2014 1:59:18 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    2/11/2014 1:59:18 PM, Error: Service Control Manager [7000] - The Application Virtualization Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/11/2014 1:58:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) PROSet/Wireless Event Log service to connect.
    2/11/2014 1:58:48 PM, Error: Service Control Manager [7000] - The Intel(R) PROSet/Wireless Event Log service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/11/2014 1:58:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    2/11/2014 1:58:18 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/11/2014 1:57:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
    2/11/2014 1:57:48 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    I need to know if it happens when IE is NOT open.

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. driveman

    driveman TS Rookie Topic Starter Posts: 44

    It is happening when IE is not opened. TDSSKiller didn't find anything. Here is the log.

    18:27:42.0248 0x2394 TDSS rootkit removing tool 3.0.0.23 Feb 10 2014 23:32:41
    18:27:48.0469 0x2394 ============================================================
    18:27:48.0469 0x2394 Current date / time: 2014/02/11 18:27:48.0469
    18:27:48.0469 0x2394 SystemInfo:
    18:27:48.0469 0x2394
    18:27:48.0469 0x2394 OS Version: 6.1.7601 ServicePack: 1.0
    18:27:48.0469 0x2394 Product type: Workstation
    18:27:48.0470 0x2394 ComputerName: MATTHEW-PC
    18:27:48.0471 0x2394 UserName: Matthew
    18:27:48.0471 0x2394 Windows directory: C:\windows
    18:27:48.0471 0x2394 System windows directory: C:\windows
    18:27:48.0471 0x2394 Running under WOW64
    18:27:48.0471 0x2394 Processor architecture: Intel x64
    18:27:48.0471 0x2394 Number of processors: 4
    18:27:48.0471 0x2394 Page size: 0x1000
    18:27:48.0471 0x2394 Boot type: Normal boot
    18:27:48.0471 0x2394 ============================================================
    18:27:48.0666 0x2394 KLMD registered as C:\windows\system32\drivers\22544746.sys
    18:27:48.0828 0x2394 System UUID: {D431AA43-080A-8DB4-791E-8F6B068484B2}
    18:27:49.0381 0x2394 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    18:27:49.0387 0x2394 ============================================================
    18:27:49.0387 0x2394 \Device\Harddisk0\DR0:
    18:27:49.0387 0x2394 MBR partitions:
    18:27:49.0387 0x2394 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38BEB000
    18:27:49.0387 0x2394 ============================================================
    18:27:49.0414 0x2394 C: <-> \Device\Harddisk0\DR0\Partition1
    18:27:49.0414 0x2394 ============================================================
    18:27:49.0415 0x2394 Initialize success
    18:27:49.0415 0x2394 ============================================================
    18:27:51.0841 0x25a4 ============================================================
    18:27:51.0842 0x25a4 Scan started
    18:27:51.0842 0x25a4 Mode: Manual;
    18:27:51.0842 0x25a4 ============================================================
    18:27:51.0842 0x25a4 KSN ping started
    18:27:54.0619 0x25a4 KSN ping finished: true
    18:27:55.0007 0x25a4 ================ Scan system memory ========================
    18:27:55.0007 0x25a4 System memory - ok
    18:27:55.0008 0x25a4 ================ Scan services =============================
    18:27:55.0197 0x25a4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    18:27:55.0220 0x25a4 1394ohci - ok
    18:27:55.0293 0x25a4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
    18:27:55.0304 0x25a4 ACPI - ok
    18:27:55.0322 0x25a4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    18:27:55.0324 0x25a4 AcpiPmi - ok
    18:27:55.0442 0x25a4 [ C8C6C0D659734FDBF63F6F421A5416BC, 11C452D77D0A8A5E430D0D0C9949797FFC03D2E3DADB8FBB9B63EDA868AFF83C ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    18:27:55.0450 0x25a4 AdobeFlashPlayerUpdateSvc - ok
    18:27:55.0519 0x25a4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
    18:27:55.0544 0x25a4 adp94xx - ok
    18:27:55.0558 0x25a4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
    18:27:55.0568 0x25a4 adpahci - ok
    18:27:55.0578 0x25a4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
    18:27:55.0584 0x25a4 adpu320 - ok
    18:27:55.0611 0x25a4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    18:27:55.0615 0x25a4 AeLookupSvc - ok
    18:27:55.0660 0x25a4 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
    18:27:55.0685 0x25a4 AFD - ok
    18:27:55.0714 0x25a4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
    18:27:55.0717 0x25a4 agp440 - ok
    18:27:55.0738 0x25a4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
    18:27:55.0743 0x25a4 ALG - ok
    18:27:55.0783 0x25a4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
    18:27:55.0785 0x25a4 aliide - ok
    18:27:55.0790 0x25a4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
    18:27:55.0793 0x25a4 amdide - ok
    18:27:55.0832 0x25a4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
    18:27:55.0835 0x25a4 AmdK8 - ok
    18:27:55.0842 0x25a4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
    18:27:55.0845 0x25a4 AmdPPM - ok
    18:27:55.0877 0x25a4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
    18:27:55.0881 0x25a4 amdsata - ok
    18:27:55.0892 0x25a4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
    18:27:55.0899 0x25a4 amdsbs - ok
    18:27:55.0926 0x25a4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
    18:27:55.0929 0x25a4 amdxata - ok
    18:27:55.0960 0x25a4 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
    18:27:55.0963 0x25a4 AppID - ok
    18:27:55.0980 0x25a4 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
    18:27:55.0986 0x25a4 AppIDSvc - ok
    18:27:56.0018 0x25a4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
    18:27:56.0026 0x25a4 Appinfo - ok
    18:27:56.0153 0x25a4 [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    18:27:56.0159 0x25a4 Apple Mobile Device - ok
    18:27:56.0201 0x25a4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\DRIVERS\arc.sys
    18:27:56.0207 0x25a4 arc - ok
    18:27:56.0218 0x25a4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
    18:27:56.0223 0x25a4 arcsas - ok
    18:27:56.0469 0x25a4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    18:27:56.0487 0x25a4 aspnet_state - ok
    18:27:56.0500 0x25a4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    18:27:56.0503 0x25a4 AsyncMac - ok
    18:27:56.0540 0x25a4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
    18:27:56.0543 0x25a4 atapi - ok
    18:27:56.0587 0x25a4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    18:27:56.0629 0x25a4 AudioEndpointBuilder - ok
    18:27:56.0657 0x25a4 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
    18:27:56.0675 0x25a4 AudioSrv - ok
    18:27:56.0726 0x25a4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
    18:27:56.0747 0x25a4 AxInstSV - ok
    18:27:56.0819 0x25a4 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
    18:27:56.0877 0x25a4 b06bdrv - ok
    18:27:56.0913 0x25a4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    18:27:56.0922 0x25a4 b57nd60a - ok
    18:27:56.0970 0x25a4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
    18:27:56.0992 0x25a4 BDESVC - ok
    18:27:57.0053 0x25a4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
    18:27:57.0056 0x25a4 Beep - ok
    18:27:57.0128 0x25a4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
    18:27:57.0169 0x25a4 BFE - ok
    18:27:57.0232 0x25a4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
    18:27:57.0324 0x25a4 BITS - ok
    18:27:57.0340 0x25a4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    18:27:57.0342 0x25a4 blbdrive - ok
    18:27:57.0410 0x25a4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    18:27:57.0431 0x25a4 Bonjour Service - ok
    18:27:57.0470 0x25a4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    18:27:57.0475 0x25a4 bowser - ok
    18:27:57.0482 0x25a4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
    18:27:57.0484 0x25a4 BrFiltLo - ok
    18:27:57.0493 0x25a4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
    18:27:57.0495 0x25a4 BrFiltUp - ok
    18:27:57.0532 0x25a4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
    18:27:57.0548 0x25a4 Browser - ok
    18:27:57.0560 0x25a4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
    18:27:57.0568 0x25a4 Brserid - ok
    18:27:57.0578 0x25a4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    18:27:57.0581 0x25a4 BrSerWdm - ok
    18:27:57.0587 0x25a4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    18:27:57.0591 0x25a4 BrUsbMdm - ok
    18:27:57.0597 0x25a4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    18:27:57.0601 0x25a4 BrUsbSer - ok
    18:27:57.0661 0x25a4 [ DB109DA005B6FE2A350C5DD7CA768DFD, 241A0BFAEFB1B165C00EE75E8CA382B5935F5DF447DAD5AE9022B2B78317668E ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
    18:27:57.0667 0x25a4 BrYNSvc - ok
    18:27:57.0673 0x25a4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
    18:27:57.0677 0x25a4 BTHMODEM - ok
    18:27:57.0717 0x25a4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
    18:27:57.0727 0x25a4 bthserv - ok
    18:27:57.0853 0x25a4 [ 375588C579916722D9ECA184CB7649F4, 774AADF0565EF6DFF569DF80E1F1EC89C48EE510F791909F057A0F2A6ED510D6 ] CAAMSvc C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe
    18:27:57.0864 0x25a4 CAAMSvc - ok
    18:27:57.0902 0x25a4 [ 41F6C0F8032592A47BCCAEE85DD0A917, 99E0116F0E324CCE68FF8F5BD216AC706694501283206D4A588C0A63635FA9A2 ] CaCCProvSP C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe
    18:27:57.0913 0x25a4 CaCCProvSP - ok
    18:27:57.0950 0x25a4 [ C865B0D650C2931FD893FFE555CE2DFF, 9B4FBF4351878BC941C1DBB85968BB0721A5FAE736EF4F2A61AE56596E739DBC ] CAISafe C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe
    18:27:57.0957 0x25a4 CAISafe - ok
    18:27:57.0986 0x25a4 [ C890943C6BFA21BC9D0FB30AC0D24BE3, 7D9BBF0D1AA718B6A283767DE390DE75F604D761040E71D5E8FB1C392A965718 ] ccSchedulerSVC C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe
    18:27:57.0993 0x25a4 ccSchedulerSVC - ok
    18:27:58.0005 0x25a4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    18:27:58.0010 0x25a4 cdfs - ok
    18:27:58.0037 0x25a4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\drivers\cdrom.sys
    18:27:58.0043 0x25a4 cdrom - ok
    18:27:58.0071 0x25a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
    18:27:58.0083 0x25a4 CertPropSvc - ok
    18:27:58.0093 0x25a4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\DRIVERS\circlass.sys
    18:27:58.0097 0x25a4 circlass - ok
    18:27:58.0135 0x25a4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
    18:27:58.0185 0x25a4 CLFS - ok
    18:27:58.0260 0x25a4 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    18:27:58.0284 0x25a4 clr_optimization_v2.0.50727_32 - ok
    18:27:58.0333 0x25a4 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    18:27:58.0357 0x25a4 clr_optimization_v2.0.50727_64 - ok
    18:27:58.0547 0x25a4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    18:27:58.0553 0x25a4 clr_optimization_v4.0.30319_32 - ok
    18:27:58.0596 0x25a4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    18:27:58.0602 0x25a4 clr_optimization_v4.0.30319_64 - ok
    18:27:58.0644 0x25a4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    18:27:58.0647 0x25a4 CmBatt - ok
    18:27:58.0664 0x25a4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
    18:27:58.0667 0x25a4 cmdide - ok
    18:27:58.0698 0x25a4 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
    18:27:58.0724 0x25a4 CNG - ok
    18:27:58.0791 0x25a4 [ 25C58EE97BE0416A373E3E4F855206B5, 3AE7CA1E1ED56C2CE4BD11F2F89060DEF480009E4AA2128897C70E9E679E44BB ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
    18:27:58.0817 0x25a4 CnxtHdAudService - ok
    18:27:58.0849 0x25a4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
    18:27:58.0853 0x25a4 Compbatt - ok
    18:27:58.0875 0x25a4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
    18:27:58.0879 0x25a4 CompositeBus - ok
    18:27:58.0888 0x25a4 COMSysApp - ok
    18:27:58.0903 0x25a4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
    18:27:58.0906 0x25a4 crcdisk - ok
    18:27:58.0937 0x25a4 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
    18:27:58.0962 0x25a4 CryptSvc - ok
    18:27:59.0079 0x25a4 [ FD557A50A65E44041CD2FCEF4BEB04DB, 746D5958F7198895D35A23566D3736D993D57726BF59D91421D8091C48926A26 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    18:27:59.0107 0x25a4 cvhsvc - ok
    18:27:59.0152 0x25a4 [ C6E1C081C0849E08FECEC18DF73B10C4, B5E552F4744C91836CBAF3F62CB861C1D9422721870D11B5CCE21B45E384985A ] dc3d C:\windows\system32\DRIVERS\dc3d.sys
    18:27:59.0157 0x25a4 dc3d - ok
    18:27:59.0200 0x25a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
    18:27:59.0327 0x25a4 DcomLaunch - ok
    18:27:59.0383 0x25a4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
    18:27:59.0441 0x25a4 defragsvc - ok
    18:27:59.0458 0x25a4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
    18:27:59.0463 0x25a4 DfsC - ok
    18:27:59.0491 0x25a4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
    18:27:59.0535 0x25a4 Dhcp - ok
    18:27:59.0575 0x25a4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
    18:27:59.0579 0x25a4 discache - ok
    18:27:59.0601 0x25a4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\DRIVERS\disk.sys
    18:27:59.0606 0x25a4 Disk - ok
    18:27:59.0648 0x25a4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
    18:27:59.0690 0x25a4 Dnscache - ok
    18:27:59.0726 0x25a4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
    18:27:59.0759 0x25a4 dot3svc - ok
    18:27:59.0795 0x25a4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
    18:27:59.0837 0x25a4 DPS - ok
    18:27:59.0866 0x25a4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    18:27:59.0869 0x25a4 drmkaud - ok
    18:27:59.0923 0x25a4 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    18:27:59.0962 0x25a4 DXGKrnl - ok
    18:27:59.0992 0x25a4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
    18:28:00.0023 0x25a4 EapHost - ok
    18:28:00.0131 0x25a4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
    18:28:00.0254 0x25a4 ebdrv - ok
    18:28:00.0279 0x25a4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
    18:28:00.0329 0x25a4 EFS - ok
    18:28:00.0402 0x25a4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    18:28:00.0428 0x25a4 ehRecvr - ok
    18:28:00.0458 0x25a4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
    18:28:00.0463 0x25a4 ehSched - ok
    18:28:00.0489 0x25a4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
    18:28:00.0514 0x25a4 elxstor - ok
    18:28:00.0540 0x25a4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
    18:28:00.0543 0x25a4 ErrDev - ok
    18:28:00.0588 0x25a4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
    18:28:00.0679 0x25a4 EventSystem - ok
    18:28:00.0781 0x25a4 [ BDFCB7E8C108D042B213957D2B044E7E, 2840637123E40ACEB6F78A618C7C230B62388C36C49D5AD9BE795A1063FA5845 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    18:28:00.0851 0x25a4 EvtEng - ok
    18:28:00.0883 0x25a4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
    18:28:00.0891 0x25a4 exfat - ok
    18:28:00.0901 0x25a4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
    18:28:00.0910 0x25a4 fastfat - ok
    18:28:00.0973 0x25a4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
    18:28:01.0032 0x25a4 Fax - ok
    18:28:01.0057 0x25a4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\DRIVERS\fdc.sys
    18:28:01.0061 0x25a4 fdc - ok
    18:28:01.0073 0x25a4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
    18:28:01.0102 0x25a4 fdPHost - ok
    18:28:01.0111 0x25a4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
    18:28:01.0141 0x25a4 FDResPub - ok
    18:28:01.0151 0x25a4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    18:28:01.0157 0x25a4 FileInfo - ok
    18:28:01.0168 0x25a4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    18:28:01.0173 0x25a4 Filetrace - ok
    18:28:01.0182 0x25a4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
    18:28:01.0186 0x25a4 flpydisk - ok
    18:28:01.0223 0x25a4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    18:28:01.0239 0x25a4 FltMgr - ok
    18:28:01.0319 0x25a4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
    18:28:01.0392 0x25a4 FontCache - ok
    18:28:01.0436 0x25a4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    18:28:01.0457 0x25a4 FontCache3.0.0.0 - ok
    18:28:01.0469 0x25a4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    18:28:01.0477 0x25a4 FsDepends - ok
    18:28:01.0497 0x25a4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    18:28:01.0501 0x25a4 Fs_Rec - ok
    18:28:01.0538 0x25a4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    18:28:01.0547 0x25a4 fvevol - ok
    18:28:01.0592 0x25a4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
    18:28:01.0597 0x25a4 gagp30kx - ok
    18:28:01.0649 0x25a4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    18:28:01.0653 0x25a4 GEARAspiWDM - ok
    18:28:01.0708 0x25a4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
    18:28:01.0767 0x25a4 gpsvc - ok
    18:28:01.0840 0x25a4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:28:01.0849 0x25a4 gupdate - ok
    18:28:01.0865 0x25a4 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    18:28:01.0873 0x25a4 gupdatem - ok
    18:28:01.0901 0x25a4 [ CC839E8D766CC31A7710C9F38CF3E375, 327D57F18B4A2D1CB06C5682D3364097ECD3CF40C2719AA1F41D0B49A26003E4 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    18:28:01.0919 0x25a4 gusvc - ok
    18:28:01.0933 0x25a4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    18:28:01.0937 0x25a4 hcw85cir - ok
    18:28:01.0983 0x25a4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    18:28:02.0000 0x25a4 HdAudAddService - ok
    18:28:02.0012 0x25a4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
    18:28:02.0019 0x25a4 HDAudBus - ok
    18:28:02.0040 0x25a4 [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    18:28:02.0044 0x25a4 HECIx64 - ok
    18:28:02.0058 0x25a4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
    18:28:02.0062 0x25a4 HidBatt - ok
    18:28:02.0069 0x25a4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
    18:28:02.0075 0x25a4 HidBth - ok
    18:28:02.0095 0x25a4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\DRIVERS\hidir.sys
    18:28:02.0100 0x25a4 HidIr - ok
    18:28:02.0124 0x25a4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
    18:28:02.0160 0x25a4 hidserv - ok
    18:28:02.0188 0x25a4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
    18:28:02.0192 0x25a4 HidUsb - ok
    18:28:02.0223 0x25a4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
    18:28:02.0272 0x25a4 hkmsvc - ok
    18:28:02.0316 0x25a4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
    18:28:02.0389 0x25a4 HomeGroupListener - ok
    18:28:02.0430 0x25a4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    18:28:02.0524 0x25a4 HomeGroupProvider - ok
    18:28:02.0567 0x25a4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    18:28:02.0572 0x25a4 HpSAMD - ok
    18:28:02.0631 0x25a4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
    18:28:02.0667 0x25a4 HTTP - ok
    18:28:02.0690 0x25a4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    18:28:02.0695 0x25a4 hwpolicy - ok
    18:28:02.0732 0x25a4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\drivers\i8042prt.sys
    18:28:02.0738 0x25a4 i8042prt - ok
    18:28:02.0794 0x25a4 [ 5E60DD5F090AB4A563C7204C289C4650, 7728E3877C879EF90B2DE39B312F40AFF2DCA882BE50298C923CA0A250A93636 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    18:28:02.0816 0x25a4 iaStor - ok
    18:28:02.0849 0x25a4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    18:28:02.0865 0x25a4 iaStorV - ok
    18:28:02.0920 0x25a4 [ 1CF03C69B49ACB70C722DF92755C0C8C, C227850C133F29BB9DED91A26A22AE077FD69629CEF35B67D305F016C4BDAA81 ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    18:28:02.0923 0x25a4 IDriverT - ok
    18:28:02.0998 0x25a4 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    18:28:03.0052 0x25a4 idsvc - ok
    18:28:03.0408 0x25a4 [ 1BE8D9CA4F2363B8E8015621878E0043, 695B5F88A6F6943156D033DAA86188F50308AD71FCF26CF0AEDF7E23F774FB56 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    18:28:03.0745 0x25a4 igfx - ok
    18:28:03.0780 0x25a4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
    18:28:03.0786 0x25a4 iirsp - ok
    18:28:03.0837 0x25a4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
    18:28:03.0911 0x25a4 IKEEXT - ok
    18:28:03.0950 0x25a4 [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
    18:28:03.0958 0x25a4 Impcd - ok
    18:28:03.0986 0x25a4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
    18:28:03.0991 0x25a4 intelide - ok
    18:28:04.0009 0x25a4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    18:28:04.0016 0x25a4 intelppm - ok
    18:28:04.0038 0x25a4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
    18:28:04.0080 0x25a4 IPBusEnum - ok
    18:28:04.0130 0x25a4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    18:28:04.0146 0x25a4 IpFilterDriver - ok
    18:28:04.0210 0x25a4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    18:28:04.0287 0x25a4 iphlpsvc - ok
    18:28:04.0316 0x25a4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    18:28:04.0322 0x25a4 IPMIDRV - ok
    18:28:04.0329 0x25a4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
    18:28:04.0336 0x25a4 IPNAT - ok
    18:28:04.0389 0x25a4 [ 33B286326BD2B1A7748C43391058FB19, C6240C9ED5B7C227595E953E3D1AB5F2D45CCD86FDBDF985836A970B4B6467FE ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    18:28:04.0428 0x25a4 iPod Service - ok
    18:28:04.0450 0x25a4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
    18:28:04.0456 0x25a4 IRENUM - ok
    18:28:04.0471 0x25a4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
    18:28:04.0477 0x25a4 isapnp - ok
    18:28:04.0503 0x25a4 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    18:28:04.0520 0x25a4 iScsiPrt - ok
    18:28:04.0546 0x25a4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
    18:28:04.0553 0x25a4 kbdclass - ok
    18:28:04.0601 0x25a4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    18:28:04.0607 0x25a4 kbdhid - ok
    18:28:04.0620 0x25a4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
    18:28:04.0671 0x25a4 KeyIso - ok
    18:28:04.0732 0x25a4 [ 77481D3753F6DCB0A499C3A01460DC00, 788853CFB752B8A93C13A9EDFDB6FCF4A62C67688B3DF3F9A28FFB835FD1F3BE ] KmxAgent C:\windows\system32\DRIVERS\kmxagent.sys
    18:28:04.0739 0x25a4 KmxAgent - ok
    18:28:04.0781 0x25a4 [ C30A499E4A05FA7C1B2B1325953F12D4, B4425E9FDC13245525F6B321F45EDF8D9826D7378A76FCD524785EBA7799DDB7 ] KmxAMRT C:\windows\system32\DRIVERS\KmxAMRT.sys
    18:28:04.0792 0x25a4 KmxAMRT - ok
    18:28:04.0807 0x25a4 [ 2896919A9E5A4DC267A2D916F75D2346, ACC25CE0719D23B9CB1C14343D62189593D3FF6B2232BA3D16D6C36C8B0F60B3 ] KmxCF C:\windows\system32\DRIVERS\KmxCF.sys
    18:28:04.0818 0x25a4 KmxCF - ok
    18:28:04.0842 0x25a4 [ 2FA4CB9DCA3ED83583659670F3B40916, 5D1DD0986BC321C76E7E4AA5ED5A744F60EC96BBDAE90FF66553CA97A931FCF7 ] KmxCfg C:\windows\system32\DRIVERS\kmxcfg.sys
    18:28:04.0867 0x25a4 KmxCfg - ok
    18:28:04.0883 0x25a4 [ EB0576050B2A618563CAA3ECBF19F2EF, 2E5B00CF81A304C4EE59E75F863B360E44ACE1406F88A34D17554ADA93AEC3FD ] KmxFile C:\windows\system32\DRIVERS\KmxFile.sys
    18:28:04.0889 0x25a4 KmxFile - ok
    18:28:04.0906 0x25a4 [ 87DA5AFC8950EC34D0CDDF3438370727, 337836E1AF2430A0D75E23BFFDB93D6C71232A743082798EA341C80966A3AD64 ] KmxFilter C:\windows\system32\DRIVERS\KmxFilter.sys
    18:28:04.0913 0x25a4 KmxFilter - ok
    18:28:04.0935 0x25a4 [ 15260D1B5BB6BA8E5079E758FCE88207, 3080FD5C205C0EAED3A8FE45E5EC61F0826378043702DC8FB18A8AB64309CC0A ] KmxFw C:\windows\system32\DRIVERS\kmxfw.sys
    18:28:04.0944 0x25a4 KmxFw - ok
    18:28:04.0950 0x25a4 [ EEF33889A80990C70595457A5C97EE09, 12E1A70EA2394AB8567F293A3C1A83F3268A2737AF00D919C67563DE4A5005A6 ] KmxSbx C:\windows\system32\DRIVERS\KmxSbx.sys
    18:28:04.0958 0x25a4 KmxSbx - ok
    18:28:04.0980 0x25a4 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    18:28:04.0989 0x25a4 KSecDD - ok
    18:28:05.0009 0x25a4 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    18:28:05.0020 0x25a4 KSecPkg - ok
    18:28:05.0034 0x25a4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    18:28:05.0041 0x25a4 ksthunk - ok
    18:28:05.0078 0x25a4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
    18:28:05.0157 0x25a4 KtmRm - ok
    18:28:05.0193 0x25a4 [ 655A5D8E80869781CCE23760ADA7E695, 86DA2FC5DBA28762A89BC70D9DA0F370FC4A9F4F28E6802AD5972C387F4EEFD3 ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
    18:28:05.0203 0x25a4 L1C - ok
    18:28:05.0256 0x25a4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
    18:28:05.0383 0x25a4 LanmanServer - ok
    18:28:05.0424 0x25a4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    18:28:05.0552 0x25a4 LanmanWorkstation - ok
    18:28:05.0580 0x25a4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    18:28:05.0589 0x25a4 lltdio - ok
    18:28:05.0617 0x25a4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
    18:28:05.0688 0x25a4 lltdsvc - ok
    18:28:05.0706 0x25a4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
    18:28:05.0758 0x25a4 lmhosts - ok
    18:28:05.0820 0x25a4 [ DBC1136A62BD4DECC3632DF650284C2E, 2D6344357D21A9062019C7DDF3DB440ABC724CDA925471BBFA8CCAC65E6A2C80 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    18:28:05.0835 0x25a4 LMS - ok
    18:28:05.0868 0x25a4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
    18:28:05.0881 0x25a4 LSI_FC - ok
    18:28:05.0890 0x25a4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
    18:28:05.0901 0x25a4 LSI_SAS - ok
    18:28:05.0907 0x25a4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
    18:28:05.0914 0x25a4 LSI_SAS2 - ok
    18:28:05.0920 0x25a4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
    18:28:05.0929 0x25a4 LSI_SCSI - ok
    18:28:05.0961 0x25a4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
    18:28:05.0970 0x25a4 luafv - ok
    18:28:05.0998 0x25a4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    18:28:06.0058 0x25a4 Mcx2Svc - ok
    18:28:06.0062 0x25a4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\DRIVERS\megasas.sys
    18:28:06.0069 0x25a4 megasas - ok
    18:28:06.0091 0x25a4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
    18:28:06.0107 0x25a4 MegaSR - ok
    18:28:06.0145 0x25a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
     
  6. driveman

    driveman TS Rookie Topic Starter Posts: 44

    18:28:06.0201 0x25a4 MMCSS - ok
    18:28:06.0206 0x25a4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
    18:28:06.0213 0x25a4 Modem - ok
    18:28:06.0228 0x25a4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
    18:28:06.0235 0x25a4 monitor - ok
    18:28:06.0248 0x25a4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    18:28:06.0255 0x25a4 mouclass - ok
    18:28:06.0275 0x25a4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
    18:28:06.0282 0x25a4 mouhid - ok
    18:28:06.0309 0x25a4 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    18:28:06.0318 0x25a4 mountmgr - ok
    18:28:06.0342 0x25a4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
    18:28:06.0352 0x25a4 mpio - ok
    18:28:06.0358 0x25a4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    18:28:06.0367 0x25a4 mpsdrv - ok
    18:28:06.0414 0x25a4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
    18:28:06.0498 0x25a4 MpsSvc - ok
    18:28:06.0532 0x25a4 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    18:28:06.0541 0x25a4 MRxDAV - ok
    18:28:06.0572 0x25a4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    18:28:06.0582 0x25a4 mrxsmb - ok
    18:28:06.0595 0x25a4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    18:28:06.0609 0x25a4 mrxsmb10 - ok
    18:28:06.0634 0x25a4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    18:28:06.0644 0x25a4 mrxsmb20 - ok
    18:28:06.0662 0x25a4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
    18:28:06.0670 0x25a4 msahci - ok
    18:28:06.0699 0x25a4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
    18:28:06.0708 0x25a4 msdsm - ok
    18:28:06.0728 0x25a4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
    18:28:06.0798 0x25a4 MSDTC - ok
    18:28:06.0819 0x25a4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
    18:28:06.0826 0x25a4 Msfs - ok
    18:28:06.0838 0x25a4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    18:28:06.0844 0x25a4 mshidkmdf - ok
    18:28:06.0865 0x25a4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    18:28:06.0873 0x25a4 msisadrv - ok
    18:28:06.0902 0x25a4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    18:28:06.0954 0x25a4 MSiSCSI - ok
    18:28:06.0958 0x25a4 msiserver - ok
    18:28:06.0971 0x25a4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    18:28:06.0978 0x25a4 MSKSSRV - ok
    18:28:06.0982 0x25a4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    18:28:06.0989 0x25a4 MSPCLOCK - ok
    18:28:06.0992 0x25a4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    18:28:06.0999 0x25a4 MSPQM - ok
    18:28:07.0037 0x25a4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    18:28:07.0071 0x25a4 MsRPC - ok
    18:28:07.0094 0x25a4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
    18:28:07.0101 0x25a4 mssmbios - ok
    18:28:07.0106 0x25a4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    18:28:07.0112 0x25a4 MSTEE - ok
    18:28:07.0126 0x25a4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
    18:28:07.0133 0x25a4 MTConfig - ok
    18:28:07.0158 0x25a4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
    18:28:07.0167 0x25a4 Mup - ok
    18:28:07.0209 0x25a4 [ 93CD1C4ECB8658A35E5E6EBA02D43E4F, 3439DBEEC3E6C9E7DCBF11B7065F7D596B5C11CFE2629821C9D46894053AD42A ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    18:28:07.0234 0x25a4 MyWiFiDHCPDNS - ok
    18:28:07.0278 0x25a4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
    18:28:07.0371 0x25a4 napagent - ok
    18:28:07.0398 0x25a4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    18:28:07.0432 0x25a4 NativeWifiP - ok
    18:28:07.0479 0x25a4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
    18:28:07.0522 0x25a4 NDIS - ok
    18:28:07.0551 0x25a4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    18:28:07.0558 0x25a4 NdisCap - ok
    18:28:07.0575 0x25a4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    18:28:07.0582 0x25a4 NdisTapi - ok
    18:28:07.0621 0x25a4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    18:28:07.0630 0x25a4 Ndisuio - ok
    18:28:07.0676 0x25a4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    18:28:07.0688 0x25a4 NdisWan - ok
    18:28:07.0731 0x25a4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    18:28:07.0740 0x25a4 NDProxy - ok
    18:28:07.0804 0x25a4 [ 2334DC48997BA203B794DF3EE70521DB, 832F4EC1586C9669F2D54AB3B212943E43B87A33B24DCC8CDAD6A0264291EE2F ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
    18:28:07.0839 0x25a4 Net Driver HPZ12 - ok
    18:28:07.0861 0x25a4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    18:28:07.0869 0x25a4 NetBIOS - ok
    18:28:07.0890 0x25a4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    18:28:07.0907 0x25a4 NetBT - ok
    18:28:07.0921 0x25a4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\windows\system32\lsass.exe
    18:28:07.0973 0x25a4 Netlogon - ok
    18:28:08.0014 0x25a4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
    18:28:08.0089 0x25a4 Netman - ok
    18:28:08.0124 0x25a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:08.0139 0x25a4 NetMsmqActivator - ok
    18:28:08.0174 0x25a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:08.0179 0x25a4 NetPipeActivator - ok
    18:28:08.0196 0x25a4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
    18:28:08.0267 0x25a4 netprofm - ok
    18:28:08.0291 0x25a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:08.0296 0x25a4 NetTcpActivator - ok
    18:28:08.0303 0x25a4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    18:28:08.0309 0x25a4 NetTcpPortSharing - ok
    18:28:08.0574 0x25a4 [ EB43840BABF5589E33186D094DE7381D, 028750D33516773258FEA120FE4108A2EEA3FC6FEC49C6B2C1926F57858173AC ] NETwNs64 C:\windows\system32\DRIVERS\NETwNs64.sys
    18:28:08.0812 0x25a4 NETwNs64 - ok
    18:28:08.0843 0x25a4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
    18:28:08.0851 0x25a4 nfrd960 - ok
    18:28:08.0884 0x25a4 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
    18:28:08.0959 0x25a4 NlaSvc - ok
    18:28:08.0979 0x25a4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
    18:28:08.0986 0x25a4 Npfs - ok
    18:28:08.0997 0x25a4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
    18:28:09.0063 0x25a4 nsi - ok
    18:28:09.0077 0x25a4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    18:28:09.0084 0x25a4 nsiproxy - ok
    18:28:09.0148 0x25a4 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    18:28:09.0209 0x25a4 Ntfs - ok
    18:28:09.0222 0x25a4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
    18:28:09.0229 0x25a4 Null - ok
    18:28:09.0269 0x25a4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
    18:28:09.0280 0x25a4 nvraid - ok
    18:28:09.0293 0x25a4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
    18:28:09.0310 0x25a4 nvstor - ok
    18:28:09.0323 0x25a4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    18:28:09.0333 0x25a4 nv_agp - ok
    18:28:09.0347 0x25a4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    18:28:09.0356 0x25a4 ohci1394 - ok
    18:28:09.0387 0x25a4 [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    18:28:09.0404 0x25a4 ose - ok
    18:28:09.0588 0x25a4 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    18:28:09.0775 0x25a4 osppsvc - ok
    18:28:09.0809 0x25a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    18:28:09.0893 0x25a4 p2pimsvc - ok
    18:28:09.0914 0x25a4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
    18:28:10.0006 0x25a4 p2psvc - ok
    18:28:10.0039 0x25a4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\DRIVERS\parport.sys
    18:28:10.0050 0x25a4 Parport - ok
    18:28:10.0077 0x25a4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
    18:28:10.0088 0x25a4 partmgr - ok
    18:28:10.0153 0x25a4 [ 9665402B7FA59302D520AD845DDFC026, 7FFE81F5402005FBD947A7440C12A206C58F3FDAE33F3E96987C334057CDB79E ] Partner Service C:\ProgramData\Partner\Partner.exe
    18:28:10.0195 0x25a4 Partner Service - ok
    18:28:10.0208 0x25a4 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
    18:28:10.0282 0x25a4 PcaSvc - ok
    18:28:10.0300 0x25a4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
    18:28:10.0317 0x25a4 pci - ok
    18:28:10.0340 0x25a4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
    18:28:10.0349 0x25a4 pciide - ok
    18:28:10.0358 0x25a4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
    18:28:10.0371 0x25a4 pcmcia - ok
    18:28:10.0387 0x25a4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
    18:28:10.0397 0x25a4 pcw - ok
    18:28:10.0428 0x25a4 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
    18:28:10.0462 0x25a4 PEAUTH - ok
    18:28:10.0523 0x25a4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
    18:28:10.0567 0x25a4 PerfHost - ok
    18:28:10.0607 0x25a4 [ 663962900E7FEA522126BA287715BB4A, 95CE12CA11E705C293BE4E18845581037D819A7EC812349BCAF4EABC8E7087B1 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    18:28:10.0616 0x25a4 PGEffect - ok
    18:28:10.0688 0x25a4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
    18:28:10.0814 0x25a4 pla - ok
    18:28:10.0872 0x25a4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    18:28:10.0988 0x25a4 PlugPlay - ok
    18:28:11.0048 0x25a4 [ AC78DF349F0E4CFB8B667C0CFFF83CCE, 7E635AA2E7350FCA0C954E697F1480A6204920AEFBCF06B90FFA02398DA82822 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
    18:28:11.0095 0x25a4 Pml Driver HPZ12 - ok
    18:28:11.0115 0x25a4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    18:28:11.0183 0x25a4 PNRPAutoReg - ok
    18:28:11.0201 0x25a4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    18:28:11.0276 0x25a4 PNRPsvc - ok
    18:28:11.0322 0x25a4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    18:28:11.0382 0x25a4 PolicyAgent - ok
    18:28:11.0426 0x25a4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
    18:28:11.0548 0x25a4 Power - ok
    18:28:11.0572 0x25a4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    18:28:11.0581 0x25a4 PptpMiniport - ok
    18:28:11.0608 0x25a4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\DRIVERS\processr.sys
    18:28:11.0617 0x25a4 Processor - ok
    18:28:11.0649 0x25a4 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
    18:28:11.0741 0x25a4 ProfSvc - ok
    18:28:11.0753 0x25a4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
    18:28:11.0805 0x25a4 ProtectedStorage - ok
    18:28:11.0842 0x25a4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
    18:28:11.0853 0x25a4 Psched - ok
    18:28:11.0892 0x25a4 [ C8FCB4899F8B70CC34E0D9876A80963C, E4CFC69C3EE1BC5C0FFF96CE034EAD8DD9727DA165A790CB57979AA0A6CEE350 ] QIOMem C:\windows\system32\DRIVERS\QIOMem.sys
    18:28:11.0901 0x25a4 QIOMem - ok
    18:28:11.0963 0x25a4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
    18:28:12.0020 0x25a4 ql2300 - ok
    18:28:12.0046 0x25a4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
    18:28:12.0056 0x25a4 ql40xx - ok
    18:28:12.0083 0x25a4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
    18:28:12.0166 0x25a4 QWAVE - ok
    18:28:12.0184 0x25a4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    18:28:12.0192 0x25a4 QWAVEdrv - ok
    18:28:12.0197 0x25a4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    18:28:12.0205 0x25a4 RasAcd - ok
    18:28:12.0226 0x25a4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    18:28:12.0228 0x25a4 RasAgileVpn - ok
    18:28:12.0241 0x25a4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
    18:28:12.0315 0x25a4 RasAuto - ok
    18:28:12.0355 0x25a4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    18:28:12.0365 0x25a4 Rasl2tp - ok
    18:28:12.0428 0x25a4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
    18:28:12.0527 0x25a4 RasMan - ok
    18:28:12.0534 0x25a4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    18:28:12.0544 0x25a4 RasPppoe - ok
    18:28:12.0551 0x25a4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    18:28:12.0561 0x25a4 RasSstp - ok
    18:28:12.0653 0x25a4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    18:28:12.0705 0x25a4 rdbss - ok
    18:28:12.0739 0x25a4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
    18:28:12.0748 0x25a4 rdpbus - ok
    18:28:12.0766 0x25a4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    18:28:12.0774 0x25a4 RDPCDD - ok
    18:28:12.0786 0x25a4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    18:28:12.0795 0x25a4 RDPENCDD - ok
    18:28:12.0810 0x25a4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    18:28:12.0819 0x25a4 RDPREFMP - ok
    18:28:12.0857 0x25a4 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\windows\system32\drivers\rdpvideominiport.sys
    18:28:12.0865 0x25a4 RdpVideoMiniport - ok
    18:28:12.0898 0x25a4 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    18:28:12.0915 0x25a4 RDPWD - ok
    18:28:12.0961 0x25a4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    18:28:12.0986 0x25a4 rdyboost - ok
    18:28:13.0091 0x25a4 [ A6BAEA839CC888D4961AB5FE16BB8C4A, A3DD50446BEDAE38A3DA8AC9809F3BCE95EA418C2DEF5DB433DB614591C6B51B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    18:28:13.0111 0x25a4 RegSrvc - ok
    18:28:13.0152 0x25a4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
    18:28:13.0209 0x25a4 RemoteAccess - ok
    18:28:13.0240 0x25a4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
    18:28:13.0348 0x25a4 RemoteRegistry - ok
    18:28:13.0360 0x25a4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    18:28:13.0436 0x25a4 RpcEptMapper - ok
    18:28:13.0454 0x25a4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
    18:28:13.0502 0x25a4 RpcLocator - ok
    18:28:13.0542 0x25a4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
    18:28:13.0625 0x25a4 RpcSs - ok
    18:28:13.0651 0x25a4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    18:28:13.0662 0x25a4 rspndr - ok
    18:28:13.0716 0x25a4 [ 3CEEE53BBF8BA284FF44585CEC0162FE, 5725A47BE8B7A9116983895FCB82CB2808B7B9C57BC285F3DFD7352E72DBC1FE ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    18:28:13.0729 0x25a4 RSUSBSTOR - ok
    18:28:13.0745 0x25a4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\windows\system32\lsass.exe
    18:28:13.0799 0x25a4 SamSs - ok
    18:28:13.0826 0x25a4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    18:28:13.0838 0x25a4 sbp2port - ok
    18:28:13.0856 0x25a4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
    18:28:13.0939 0x25a4 SCardSvr - ok
    18:28:13.0963 0x25a4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    18:28:13.0972 0x25a4 scfilter - ok
    18:28:14.0020 0x25a4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
    18:28:14.0136 0x25a4 Schedule - ok
    18:28:14.0170 0x25a4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
    18:28:14.0181 0x25a4 SCPolicySvc - ok
    18:28:14.0215 0x25a4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
    18:28:14.0298 0x25a4 SDRSVC - ok
    18:28:14.0327 0x25a4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
    18:28:14.0336 0x25a4 secdrv - ok
    18:28:14.0358 0x25a4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
    18:28:14.0434 0x25a4 seclogon - ok
    18:28:14.0457 0x25a4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
    18:28:14.0541 0x25a4 SENS - ok
    18:28:14.0572 0x25a4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
    18:28:14.0649 0x25a4 SensrSvc - ok
    18:28:14.0678 0x25a4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
    18:28:14.0689 0x25a4 Serenum - ok
    18:28:14.0699 0x25a4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\DRIVERS\serial.sys
    18:28:14.0712 0x25a4 Serial - ok
    18:28:14.0763 0x25a4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
    18:28:14.0774 0x25a4 sermouse - ok
    18:28:14.0823 0x25a4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
    18:28:14.0905 0x25a4 SessionEnv - ok
    18:28:14.0934 0x25a4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    18:28:14.0943 0x25a4 sffdisk - ok
    18:28:14.0954 0x25a4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    18:28:14.0963 0x25a4 sffp_mmc - ok
    18:28:14.0967 0x25a4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    18:28:14.0976 0x25a4 sffp_sd - ok
    18:28:14.0990 0x25a4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
    18:28:15.0001 0x25a4 sfloppy - ok
    18:28:15.0079 0x25a4 [ 2046AA7491DE7EFA4D70E615D9BC9D09, A8763D059AD68D5842C407FA9644E0B129BEF0F63CD87E62B80B05441EDC3489 ] Sftfs C:\windows\system32\DRIVERS\Sftfslh.sys
    18:28:15.0113 0x25a4 Sftfs - ok
    18:28:15.0165 0x25a4 [ 77C5A741A7452812F278EF2C18478862, 0B763679EB7EFB8ED9DCE7B429706E939BB65BA6BCF1BAE0E0426D4E87074B8C ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    18:28:15.0191 0x25a4 sftlist - ok
    18:28:15.0220 0x25a4 [ 0E0446BC4D51BE4263ACB7E33491191C, 2AD039FB440560658C4E06F67CC192EF71577EF3FF789A43C08430CE5EAE5A70 ] Sftplay C:\windows\system32\DRIVERS\Sftplaylh.sys
    18:28:15.0254 0x25a4 Sftplay - ok
    18:28:15.0265 0x25a4 [ C5FB982CD266E604ED3142102C26D62C, A6BC0D72E98F924274ECAD49C85F0775D1CD45B97CD43F53DF3992B560835FC5 ] Sftredir C:\windows\system32\DRIVERS\Sftredirlh.sys
    18:28:15.0274 0x25a4 Sftredir - ok
    18:28:15.0290 0x25a4 [ 2575511AF67AA1FA068CCC4918E2C2A3, 3152FF5AC2CF6FE966DA59B1B33E22F9BD9B6BB4310441870528364BA9501A4D ] Sftvol C:\windows\system32\DRIVERS\Sftvollh.sys
    18:28:15.0300 0x25a4 Sftvol - ok
    18:28:15.0317 0x25a4 [ 39B1D0A636A400304565D4521FAD6D77, 1F01DB35B5A477AA7A77585C9304E6B5F3E67807531305BCA93A7F494CED8F59 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    18:28:15.0323 0x25a4 sftvsa - ok
    18:28:15.0357 0x25a4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
    18:28:15.0416 0x25a4 SharedAccess - ok
    18:28:15.0463 0x25a4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
    18:28:15.0572 0x25a4 ShellHWDetection - ok
    18:28:15.0577 0x25a4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
    18:28:15.0587 0x25a4 SiSRaid2 - ok
    18:28:15.0592 0x25a4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
    18:28:15.0602 0x25a4 SiSRaid4 - ok
    18:28:15.0629 0x25a4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
    18:28:15.0639 0x25a4 Smb - ok
    18:28:15.0677 0x25a4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
    18:28:15.0768 0x25a4 SNMPTRAP - ok
    18:28:15.0782 0x25a4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
    18:28:15.0792 0x25a4 spldr - ok
    18:28:15.0832 0x25a4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
    18:28:15.0925 0x25a4 Spooler - ok
    18:28:16.0073 0x25a4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
    18:28:16.0285 0x25a4 sppsvc - ok
    18:28:16.0310 0x25a4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
    18:28:16.0393 0x25a4 sppuinotify - ok
    18:28:16.0431 0x25a4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
    18:28:16.0455 0x25a4 srv - ok
    18:28:16.0475 0x25a4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    18:28:16.0493 0x25a4 srv2 - ok
    18:28:16.0527 0x25a4 [ 0C4540311E11664B245A263E1154CEF8, 63376322BFFAFF2F166AF3FDD3F1A346C21FAE21F406F659F8630779D1D6525D ] SrvHsfHDA C:\windows\system32\DRIVERS\VSTAZL6.SYS
    18:28:16.0568 0x25a4 SrvHsfHDA - ok
    18:28:16.0631 0x25a4 [ 02071D207A9858FBE3A48CBFD59C4A04, FEA4DEBAEC3465E0C7C1E8B721805922F6BBCB96A60A193B11688F4252F4B89E ] SrvHsfV92 C:\windows\system32\DRIVERS\VSTDPV6.SYS
    18:28:16.0689 0x25a4 SrvHsfV92 - ok
    18:28:16.0720 0x25a4 [ 18E40C245DBFAF36FD0134A7EF2DF396, 0138A68958112101A5D3BD94114F320CE80B0C9A93E009AC78DE7415FCCC7DE7 ] SrvHsfWinac C:\windows\system32\DRIVERS\VSTCNXT6.SYS
    18:28:16.0748 0x25a4 SrvHsfWinac - ok
    18:28:16.0775 0x25a4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    18:28:16.0801 0x25a4 srvnet - ok
     
  7. driveman

    driveman TS Rookie Topic Starter Posts: 44

    18:28:16.0830 0x25a4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    18:28:16.0938 0x25a4 SSDPSRV - ok
    18:28:16.0955 0x25a4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
    18:28:17.0040 0x25a4 SstpSvc - ok
    18:28:17.0060 0x25a4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
    18:28:17.0069 0x25a4 stexstor - ok
    18:28:17.0109 0x25a4 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\windows\system32\DRIVERS\serscan.sys
    18:28:17.0118 0x25a4 StillCam - ok
    18:28:17.0162 0x25a4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
    18:28:17.0278 0x25a4 stisvc - ok
    18:28:17.0310 0x25a4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\drivers\swenum.sys
    18:28:17.0319 0x25a4 swenum - ok
    18:28:17.0347 0x25a4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
    18:28:17.0447 0x25a4 swprv - ok
    18:28:17.0493 0x25a4 [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    18:28:17.0519 0x25a4 SynTP - ok
    18:28:17.0597 0x25a4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
    18:28:17.0736 0x25a4 SysMain - ok
    18:28:17.0785 0x25a4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
    18:28:17.0876 0x25a4 TabletInputService - ok
    18:28:17.0930 0x25a4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
    18:28:18.0030 0x25a4 TapiSrv - ok
    18:28:18.0071 0x25a4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
    18:28:18.0158 0x25a4 TBS - ok
    18:28:18.0231 0x25a4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\windows\system32\drivers\tcpip.sys
    18:28:18.0298 0x25a4 Tcpip - ok
    18:28:18.0352 0x25a4 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    18:28:18.0397 0x25a4 TCPIP6 - ok
    18:28:18.0422 0x25a4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    18:28:18.0432 0x25a4 tcpipreg - ok
    18:28:18.0477 0x25a4 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    18:28:18.0497 0x25a4 tdcmdpst - ok
    18:28:18.0529 0x25a4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    18:28:18.0564 0x25a4 TDPIPE - ok
    18:28:18.0613 0x25a4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    18:28:18.0624 0x25a4 TDTCP - ok
    18:28:18.0667 0x25a4 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    18:28:18.0681 0x25a4 tdx - ok
    18:28:18.0703 0x25a4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\drivers\termdd.sys
    18:28:18.0715 0x25a4 TermDD - ok
    18:28:18.0756 0x25a4 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
    18:28:18.0887 0x25a4 TermService - ok
    18:28:18.0902 0x25a4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
    18:28:18.0990 0x25a4 Themes - ok
    18:28:19.0011 0x25a4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
    18:28:19.0063 0x25a4 THREADORDER - ok
    18:28:19.0122 0x25a4 [ 28644B0523D64EFF2FC7312A2EE74B0A, 09A36DE0B2B90842BD5B8353CC34B7C71C0FBBF6DD5862720FCEE760849C4561 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    18:28:19.0143 0x25a4 TMachInfo - ok
    18:28:19.0166 0x25a4 [ ED32035BDFECED1AD66D459FD9CC1140, B82A15FAB4CBB5A633B9BF722441D5B20D946B63DD10BBE2A89D3A8BA3BE3339 ] TODDSrv C:\Windows\system32\TODDSrv.exe
    18:28:19.0266 0x25a4 TODDSrv - ok
    18:28:19.0337 0x25a4 [ 98C864481D62F86EC8AF65BE3419A95B, 61F0C7CBFAB151FBB62081A37C655D4E818A558E140F3F3BA5C26B024AE24EBB ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    18:28:19.0354 0x25a4 TosCoSrv - ok
    18:28:19.0389 0x25a4 [ BAE96AD126F4EED4D361B092BA2E61FE, DA52698953D1B97F79F55D939707F334DB914DF1038869009B8CB4FCADF62CF9 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe
    18:28:19.0396 0x25a4 TOSHIBA eco Utility Service - ok
    18:28:19.0435 0x25a4 [ 74C2FA8C3765EE71A9C22182EC108457, A7073FAB6CE6FB9824544A9CDCCA441D08FD87D68EB564DCB1186FC257776221 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    18:28:19.0466 0x25a4 TOSHIBA HDD SSD Alert Service - ok
    18:28:19.0510 0x25a4 [ 97687D094AA597DA366E1194B218CC6C, 8A617E1901235518FDB7504FCDCE641D9F7C5D256A11D5FEFD35E7696972E2B8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    18:28:19.0557 0x25a4 TPCHSrv - ok
    18:28:19.0572 0x25a4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
    18:28:19.0666 0x25a4 TrkWks - ok
    18:28:19.0711 0x25a4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    18:28:19.0715 0x25a4 TrustedInstaller - ok
    18:28:19.0747 0x25a4 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    18:28:19.0758 0x25a4 tssecsrv - ok
    18:28:19.0792 0x25a4 [ 17C6B51CBCCDED95B3CC14E22791F85E, EE417C19E9B2C258D62A74F1F2421AFFBAC67ACD62481CAA08F5B6A3439C1D7C ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    18:28:19.0803 0x25a4 TsUsbFlt - ok
    18:28:19.0842 0x25a4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    18:28:19.0856 0x25a4 tunnel - ok
    18:28:19.0884 0x25a4 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    18:28:19.0895 0x25a4 TVALZ - ok
    18:28:19.0908 0x25a4 [ 9C7191F4B2E49BFF47A6C1144B5923FA, DF4E663499946F4E68B7528CA399574D1EB69797FF81F681943B84F3E5E6A40E ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys
    18:28:19.0919 0x25a4 TVALZFL - ok
    18:28:19.0945 0x25a4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
    18:28:19.0956 0x25a4 uagp35 - ok
    18:28:20.0013 0x25a4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    18:28:20.0050 0x25a4 udfs - ok
    18:28:20.0084 0x25a4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
    18:28:20.0190 0x25a4 UI0Detect - ok
    18:28:20.0207 0x25a4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    18:28:20.0218 0x25a4 uliagpkx - ok
    18:28:20.0249 0x25a4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\drivers\umbus.sys
    18:28:20.0259 0x25a4 umbus - ok
    18:28:20.0269 0x25a4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\DRIVERS\umpass.sys
    18:28:20.0278 0x25a4 UmPass - ok
    18:28:20.0363 0x25a4 [ AF950F62E5FC72FFDB7363F72600B21C, 25B1EDE885803D129BD26199299A6561E2F73C540BAB50F21AB0A24F3166AEE8 ] UmxEngine C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
    18:28:20.0382 0x25a4 UmxEngine - ok
    18:28:20.0568 0x25a4 [ 7466809E6DA561D60C2F1CE8EDE3C73F, A3185049282A51B17C3DA839AF7E90F1CD395B2FB5587514EB2D65CB22854E2C ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    18:28:20.0614 0x25a4 UNS - ok
    18:28:20.0674 0x25a4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
    18:28:20.0798 0x25a4 upnphost - ok
    18:28:20.0829 0x25a4 [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64 C:\windows\system32\Drivers\usbaapl64.sys
    18:28:20.0840 0x25a4 USBAAPL64 - ok
    18:28:20.0874 0x25a4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    18:28:20.0885 0x25a4 usbccgp - ok
    18:28:20.0920 0x25a4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
    18:28:20.0932 0x25a4 usbcir - ok
    18:28:20.0968 0x25a4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
    18:28:20.0978 0x25a4 usbehci - ok
    18:28:21.0033 0x25a4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    18:28:21.0066 0x25a4 usbhub - ok
    18:28:21.0079 0x25a4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
    18:28:21.0089 0x25a4 usbohci - ok
    18:28:21.0104 0x25a4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
    18:28:21.0114 0x25a4 usbprint - ok
    18:28:21.0134 0x25a4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\drivers\USBSTOR.SYS
    18:28:21.0146 0x25a4 USBSTOR - ok
    18:28:21.0161 0x25a4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    18:28:21.0173 0x25a4 usbuhci - ok
    18:28:21.0211 0x25a4 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
    18:28:21.0235 0x25a4 usbvideo - ok
    18:28:21.0256 0x25a4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
    18:28:21.0349 0x25a4 UxSms - ok
    18:28:21.0361 0x25a4 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\windows\system32\lsass.exe
    18:28:21.0410 0x25a4 VaultSvc - ok
    18:28:21.0423 0x25a4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    18:28:21.0434 0x25a4 vdrvroot - ok
    18:28:21.0479 0x25a4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
    18:28:21.0605 0x25a4 vds - ok
    18:28:21.0633 0x25a4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    18:28:21.0645 0x25a4 vga - ok
    18:28:21.0654 0x25a4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
    18:28:21.0666 0x25a4 VgaSave - ok
    18:28:21.0694 0x25a4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    18:28:21.0712 0x25a4 vhdmp - ok
    18:28:21.0730 0x25a4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
    18:28:21.0742 0x25a4 viaide - ok
    18:28:21.0757 0x25a4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
    18:28:21.0770 0x25a4 volmgr - ok
    18:28:21.0820 0x25a4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    18:28:21.0864 0x25a4 volmgrx - ok
    18:28:21.0897 0x25a4 [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap C:\windows\system32\drivers\volsnap.sys
    18:28:21.0931 0x25a4 volsnap - ok
    18:28:21.0953 0x25a4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
    18:28:21.0978 0x25a4 vsmraid - ok
    18:28:22.0060 0x25a4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
    18:28:22.0186 0x25a4 VSS - ok
    18:28:22.0205 0x25a4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    18:28:22.0216 0x25a4 vwifibus - ok
    18:28:22.0237 0x25a4 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    18:28:22.0249 0x25a4 vwififlt - ok
    18:28:22.0265 0x25a4 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
    18:28:22.0278 0x25a4 vwifimp - ok
    18:28:22.0311 0x25a4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
    18:28:22.0427 0x25a4 W32Time - ok
    18:28:22.0445 0x25a4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
    18:28:22.0460 0x25a4 WacomPen - ok
    18:28:22.0490 0x25a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    18:28:22.0506 0x25a4 WANARP - ok
    18:28:22.0513 0x25a4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    18:28:22.0527 0x25a4 Wanarpv6 - ok
    18:28:22.0606 0x25a4 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    18:28:22.0683 0x25a4 WatAdminSvc - ok
    18:28:22.0777 0x25a4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
    18:28:22.0950 0x25a4 wbengine - ok
    18:28:22.0968 0x25a4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    18:28:23.0076 0x25a4 WbioSrvc - ok
    18:28:23.0114 0x25a4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
    18:28:23.0230 0x25a4 wcncsvc - ok
    18:28:23.0235 0x25a4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    18:28:23.0327 0x25a4 WcsPlugInService - ok
    18:28:23.0354 0x25a4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\DRIVERS\wd.sys
    18:28:23.0365 0x25a4 Wd - ok
    18:28:23.0421 0x25a4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    18:28:23.0464 0x25a4 Wdf01000 - ok
    18:28:23.0487 0x25a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
    18:28:23.0583 0x25a4 WdiServiceHost - ok
    18:28:23.0588 0x25a4 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
    18:28:23.0682 0x25a4 WdiSystemHost - ok
    18:28:23.0695 0x25a4 [ FE31110E39A0B11ABAE1BA43A2DC94F9, 5C520E0FB737A2113FB89F23FB1D36916980BBBD020638EEB04144C10A9D9522 ] wdkmd C:\windows\system32\DRIVERS\WDKMD.sys
    18:28:23.0707 0x25a4 wdkmd - ok
    18:28:23.0736 0x25a4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
    18:28:23.0845 0x25a4 WebClient - ok
    18:28:23.0868 0x25a4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
    18:28:23.0976 0x25a4 Wecsvc - ok
    18:28:23.0987 0x25a4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
    18:28:24.0081 0x25a4 wercplsupport - ok
    18:28:24.0094 0x25a4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
    18:28:24.0189 0x25a4 WerSvc - ok
    18:28:24.0202 0x25a4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    18:28:24.0212 0x25a4 WfpLwf - ok
    18:28:24.0230 0x25a4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
    18:28:24.0240 0x25a4 WIMMount - ok
    18:28:24.0272 0x25a4 WinDefend - ok
    18:28:24.0289 0x25a4 WinHttpAutoProxySvc - ok
    18:28:24.0337 0x25a4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    18:28:24.0371 0x25a4 Winmgmt - ok
    18:28:24.0467 0x25a4 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
    18:28:24.0644 0x25a4 WinRM - ok
    18:28:24.0691 0x25a4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    18:28:24.0703 0x25a4 WinUsb - ok
    18:28:24.0747 0x25a4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
    18:28:24.0899 0x25a4 Wlansvc - ok
    18:28:25.0013 0x25a4 [ 7E47C328FC4768CB8BEAFBCFAFA70362, C98BD6A0C2F70E069D5FD3BAB31BD028DFEAC0490D180BBC28A14BE375897D8C ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    18:28:25.0149 0x25a4 wlidsvc - ok
    18:28:25.0181 0x25a4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    18:28:25.0194 0x25a4 WmiAcpi - ok
    18:28:25.0218 0x25a4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    18:28:25.0244 0x25a4 wmiApSrv - ok
    18:28:25.0263 0x25a4 WMPNetworkSvc - ok
    18:28:25.0278 0x25a4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
    18:28:25.0383 0x25a4 WPCSvc - ok
    18:28:25.0414 0x25a4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    18:28:25.0517 0x25a4 WPDBusEnum - ok
    18:28:25.0549 0x25a4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    18:28:25.0564 0x25a4 ws2ifsl - ok
    18:28:25.0585 0x25a4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
    18:28:25.0690 0x25a4 wscsvc - ok
    18:28:25.0695 0x25a4 WSearch - ok
    18:28:25.0804 0x25a4 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
    18:28:25.0997 0x25a4 wuauserv - ok
    18:28:26.0024 0x25a4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    18:28:26.0042 0x25a4 WudfPf - ok
    18:28:26.0064 0x25a4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    18:28:26.0081 0x25a4 WUDFRd - ok
    18:28:26.0099 0x25a4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    18:28:26.0207 0x25a4 wudfsvc - ok
    18:28:26.0245 0x25a4 [ FE90B750AB808FB9DD8FBB428B5FF83B, 3F8F592EC813BE292D305A87C5BA852F8BC3D7CE610612D9871F209A17326AA8 ] WwanSvc C:\windows\System32\wwansvc.dll
    18:28:26.0362 0x25a4 WwanSvc - ok
    18:28:26.0387 0x25a4 ================ Scan global ===============================
    18:28:26.0403 0x25a4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
    18:28:26.0431 0x25a4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
    18:28:26.0555 0x25a4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\windows\system32\winsrv.dll
    18:28:26.0684 0x25a4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
    18:28:26.0800 0x25a4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
    18:28:26.0890 0x25a4 [ Global ] - ok
    18:28:26.0894 0x25a4 ================ Scan MBR ==================================
    18:28:26.0908 0x25a4 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    18:28:27.0234 0x25a4 \Device\Harddisk0\DR0 - ok
    18:28:27.0235 0x25a4 ================ Scan VBR ==================================
    18:28:27.0240 0x25a4 [ 00F7842ED0D5E73B71CD071D4F762BE2 ] \Device\Harddisk0\DR0\Partition1
    18:28:27.0243 0x25a4 \Device\Harddisk0\DR0\Partition1 - ok
    18:28:27.0252 0x25a4 Waiting for KSN requests completion. In queue: 73
    18:28:28.0253 0x25a4 Waiting for KSN requests completion. In queue: 73
    18:28:29.0253 0x25a4 Waiting for KSN requests completion. In queue: 73
    18:28:30.0333 0x25a4 AV detected via SS2: Total Defense Anti-Virus, C:\Program Files\Total Defense\Internet Security Suite\casc.exe ( 9.0.0.26 ), 0x41000 ( enabled : updated )
    18:28:30.0337 0x25a4 FW detected via SS2: Total Defense Personal Firewall, C:\Program Files\Total Defense\Internet Security Suite\casc.exe ( 9.0.0.26 ), 0x41010 ( enabled )
    18:28:33.0170 0x25a4 ============================================================
    18:28:33.0170 0x25a4 Scan finished
    18:28:33.0170 0x25a4 ============================================================
    18:28:33.0191 0x2240 Detected object count: 0
    18:28:33.0192 0x2240 Actual detected object count: 0
    18:28:44.0067 0x1e14 Deinitialize success
     
  8. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  9. driveman

    driveman TS Rookie Topic Starter Posts: 44

    MBAR didn't find anything. Attached are the logs from RogueKiller and MBAR:

    RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Matthew [Admin rights]
    Mode : Remove -- Date : 02/11/2014 21:23:39
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000BPKT-60PK4T0 +++++
    --- User ---
    [MBR] de1707c986855f6e02c3ac6c21a67334
    [BSP] 2929fe73abd64209f7c8f9e04fb35de6 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464854 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 955095040 | Size: 10585 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_02112014_212339.txt >>
    RKreport[0]_S_02112014_212328.txt

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.02.12.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16736
    Matthew :: MATTHEW-PC [administrator]

    2/11/2014 9:31:23 PM
    mbar-log-2014-02-11 (21-31-23).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 249376
    Time elapsed: 12 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16736

    Java version: 1.6.0_17

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
    CPU speed: 2.394000 GHz
    Memory total: 4083007488, free: 1714528256

    Downloaded database version: v2014.02.12.01
    Downloaded database version: v2013.12.18.01
    Initializing...
    ======================
    ------------ Kernel report ------------
    02/11/2014 21:31:18
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\system32\DRIVERS\KmxAMRT.sys
    \SystemRoot\System32\DRIVERS\kmxfw.sys
    \SystemRoot\System32\DRIVERS\msrpc.sys
    \SystemRoot\System32\DRIVERS\NETIO.SYS
    \SystemRoot\System32\DRIVERS\NDIS.SYS
    \SystemRoot\System32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\fwpkclnt.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\system32\DRIVERS\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\drivers\cdrom.sys
    \SystemRoot\System32\DRIVERS\KmxFile.sys
    \SystemRoot\System32\DRIVERS\kmxagent.sys
    \SystemRoot\System32\DRIVERS\kmxcfg.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\KmxFilter.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\NETwNs64.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\L1C62x64.sys
    \SystemRoot\system32\drivers\i8042prt.sys
    \SystemRoot\system32\drivers\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Impcd.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\QIOMem.sys
    \SystemRoot\system32\DRIVERS\TVALZFL.sys
    \SystemRoot\system32\drivers\wmiacpi.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\serscan.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\WDKMD.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\System32\DRIVERS\KmxSbx.sys
    \SystemRoot\system32\DRIVERS\Sftvollh.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\System32\DRIVERS\KmxCF.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\system32\DRIVERS\Sftfslh.sys
    \SystemRoot\system32\DRIVERS\Sftplaylh.sys
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\System32\ATMFD.DLL
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\SysWOW64\ntdll.dll
    \Windows\System32\wow64.dll
    \Windows\System32\wow64win.dll
    \Windows\System32\wow64cpu.dll
    \Windows\System32\kernel32.dll
    \Windows\SysWOW64\kernel32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\user32.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8007197060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa800498c050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8007197060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004be2a60, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8007197060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa800498c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: ED0BE136

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 952020992

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 955095040 Numsec = 21678080
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-955095040-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  10. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  11. driveman

    driveman TS Rookie Topic Starter Posts: 44

    Thank you again for your help. Combofix ran on the first try. Here is the log:

    ComboFix 14-02-11.01 - Matthew 02/11/2014 23:23:56.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2311 [GMT -5:00]
    Running from: c:\users\Matthew\Downloads\ComboFix.exe
    AV: Total Defense Anti-Virus *Disabled/Updated* {57B5C44D-AAB5-DBC9-741B-542BE5A132EA}
    FW: Total Defense Personal Firewall *Disabled* {6F8E4568-E0DA-DA91-5F44-FD1E1B727591}
    SP: Total Defense Anti-Virus *Disabled/Updated* {ECD425A9-8C8F-D447-4EAB-6F599E267857}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-01-12 to 2014-02-12 )))))))))))))))))))))))))))))))
    .
    .
    2014-02-12 02:31 . 2014-02-12 02:44 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-02-12 02:31 . 2014-02-12 02:31 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-02-12 02:30 . 2014-02-12 02:30 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-02-11 21:27 . 2014-02-11 21:27 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-02-11 21:27 . 2014-02-11 21:27 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-01-29 01:19 . 2014-01-29 01:19 -------- d-----w- c:\windows\Migration
    2014-01-29 00:04 . 2014-01-29 00:04 -------- d-----w- c:\users\Matthew\AppData\Roaming\Malwarebytes
    2014-01-29 00:04 . 2014-01-29 00:04 -------- d-----w- c:\programdata\Malwarebytes
    2014-01-29 00:04 . 2014-01-29 00:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-01-29 00:04 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-01-29 00:04 . 2014-01-29 00:04 -------- d-----w- c:\users\Matthew\AppData\Local\Programs
    2014-01-15 17:03 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
    2014-01-15 17:03 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2014-01-15 17:03 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
    2014-01-15 17:03 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
    2014-01-15 17:03 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
    2014-01-15 17:03 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
    2014-01-15 17:03 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
    2014-01-15 17:03 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
    2014-01-15 17:03 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
    2014-01-13 15:45 . 2014-02-05 20:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-13 15:45 . 2014-02-05 20:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-01-13 15:45 . 2014-01-13 15:45 -------- d-----w- c:\windows\system32\Macromed
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-12 04:36 . 2013-11-17 01:12 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll
    2014-02-12 04:36 . 2013-11-17 01:11 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe
    2014-02-12 04:36 . 2013-11-15 19:10 17920 ----a-w- c:\windows\system32\rpcnetp.exe
    2014-01-16 15:18 . 2013-11-15 06:15 86054176 ----a-w- c:\windows\system32\MRT.exe
    2013-11-23 18:26 . 2013-12-11 14:40 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2013-11-23 17:47 . 2013-12-11 14:40 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2013-11-17 00:29 . 2013-11-17 00:29 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2013-11-17 00:29 . 2013-11-17 00:29 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2013-11-17 00:29 . 2013-11-17 00:29 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2013-11-17 00:29 . 2013-11-17 00:29 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2013-11-17 00:29 . 2013-11-17 00:29 855552 ----a-w- c:\windows\system32\jscript.dll
    2013-11-17 00:29 . 2013-11-17 00:29 81408 ----a-w- c:\windows\system32\icardie.dll
    2013-11-17 00:29 . 2013-11-17 00:29 77312 ----a-w- c:\windows\system32\tdc.ocx
    2013-11-17 00:29 . 2013-11-17 00:29 762368 ----a-w- c:\windows\system32\ieapfltr.dll
    2013-11-17 00:29 . 2013-11-17 00:29 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-11-17 00:29 . 2013-11-17 00:29 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2013-11-17 00:29 . 2013-11-17 00:29 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-11-17 00:29 . 2013-11-17 00:29 67072 ----a-w- c:\windows\system32\iesetup.dll
    2013-11-17 00:29 . 2013-11-17 00:29 62976 ----a-w- c:\windows\system32\pngfilt.dll
    2013-11-17 00:29 . 2013-11-17 00:29 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
    2013-11-17 00:29 . 2013-11-17 00:29 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2013-11-17 00:29 . 2013-11-17 00:29 603136 ----a-w- c:\windows\system32\msfeeds.dll
    2013-11-17 00:29 . 2013-11-17 00:29 599552 ----a-w- c:\windows\system32\vbscript.dll
    2013-11-17 00:29 . 2013-11-17 00:29 53248 ----a-w- c:\windows\system32\jsproxy.dll
    2013-11-17 00:29 . 2013-11-17 00:29 526336 ----a-w- c:\windows\system32\ieui.dll
    2013-11-17 00:29 . 2013-11-17 00:29 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
    2013-11-17 00:29 . 2013-11-17 00:29 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
    2013-11-17 00:29 . 2013-11-17 00:29 51712 ----a-w- c:\windows\system32\ie4uinit.exe
    2013-11-17 00:29 . 2013-11-17 00:29 51200 ----a-w- c:\windows\system32\imgutil.dll
    2013-11-17 00:29 . 2013-11-17 00:29 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2013-11-17 00:29 . 2013-11-17 00:29 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2013-11-17 00:29 . 2013-11-17 00:29 452096 ----a-w- c:\windows\system32\dxtmsft.dll
    2013-11-17 00:29 . 2013-11-17 00:29 441856 ----a-w- c:\windows\system32\html.iec
    2013-11-17 00:29 . 2013-11-17 00:29 39936 ----a-w- c:\windows\system32\iernonce.dll
    2013-11-17 00:29 . 2013-11-17 00:29 3959808 ----a-w- c:\windows\system32\jscript9.dll
    2013-11-17 00:29 . 2013-11-17 00:29 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
    2013-11-17 00:29 . 2013-11-17 00:29 361984 ----a-w- c:\windows\SysWow64\html.iec
    2013-11-17 00:29 . 2013-11-17 00:29 2877952 ----a-w- c:\windows\SysWow64\jscript9.dll
    2013-11-17 00:29 . 2013-11-17 00:29 281600 ----a-w- c:\windows\system32\dxtrans.dll
    2013-11-17 00:29 . 2013-11-17 00:29 27648 ----a-w- c:\windows\system32\licmgr10.dll
    2013-11-17 00:29 . 2013-11-17 00:29 270848 ----a-w- c:\windows\system32\iedkcs32.dll
    2013-11-17 00:29 . 2013-11-17 00:29 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2013-11-17 00:29 . 2013-11-17 00:29 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2013-11-17 00:29 . 2013-11-17 00:29 2648576 ----a-w- c:\windows\system32\iertutil.dll
    2013-11-17 00:29 . 2013-11-17 00:29 247296 ----a-w- c:\windows\system32\webcheck.dll
    2013-11-17 00:29 . 2013-11-17 00:29 235008 ----a-w- c:\windows\system32\url.dll
    2013-11-17 00:29 . 2013-11-17 00:29 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2013-11-17 00:29 . 2013-11-17 00:29 226304 ----a-w- c:\windows\system32\elshyph.dll
    2013-11-17 00:29 . 2013-11-17 00:29 2241536 ----a-w- c:\windows\system32\wininet.dll
    2013-11-17 00:29 . 2013-11-17 00:29 216064 ----a-w- c:\windows\system32\msls31.dll
    2013-11-17 00:29 . 2013-11-17 00:29 197120 ----a-w- c:\windows\system32\msrating.dll
    2013-11-17 00:29 . 2013-11-17 00:29 19269632 ----a-w- c:\windows\system32\mshtml.dll
    2013-11-17 00:29 . 2013-11-17 00:29 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
    2013-11-17 00:29 . 2013-11-17 00:29 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
    2013-11-17 00:29 . 2013-11-17 00:29 173568 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-11-17 00:29 . 2013-11-17 00:29 167424 ----a-w- c:\windows\system32\iexpress.exe
    2013-11-17 00:29 . 2013-11-17 00:29 158720 ----a-w- c:\windows\SysWow64\msls31.dll
    2013-11-17 00:29 . 2013-11-17 00:29 15404544 ----a-w- c:\windows\system32\ieframe.dll
    2013-11-17 00:29 . 2013-11-17 00:29 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-11-17 00:29 . 2013-11-17 00:29 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2013-11-17 00:29 . 2013-11-17 00:29 149504 ----a-w- c:\windows\system32\occache.dll
    2013-11-17 00:29 . 2013-11-17 00:29 144896 ----a-w- c:\windows\system32\wextract.exe
    2013-11-17 00:29 . 2013-11-17 00:29 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2013-11-17 00:29 . 2013-11-17 00:29 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
    2013-11-17 00:29 . 2013-11-17 00:29 138752 ----a-w- c:\windows\SysWow64\wextract.exe
    2013-11-17 00:29 . 2013-11-17 00:29 13824 ----a-w- c:\windows\system32\mshta.exe
    2013-11-17 00:29 . 2013-11-17 00:29 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2013-11-17 00:29 . 2013-11-17 00:29 136704 ----a-w- c:\windows\system32\iesysprep.dll
    2013-11-17 00:29 . 2013-11-17 00:29 1364992 ----a-w- c:\windows\system32\urlmon.dll
    2013-11-17 00:29 . 2013-11-17 00:29 136192 ----a-w- c:\windows\system32\iepeers.dll
    2013-11-17 00:29 . 2013-11-17 00:29 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
    2013-11-17 00:29 . 2013-11-17 00:29 12800 ----a-w- c:\windows\SysWow64\mshta.exe
    2013-11-17 00:29 . 2013-11-17 00:29 12800 ----a-w- c:\windows\system32\msfeedssync.exe
    2013-11-17 00:29 . 2013-11-17 00:29 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2013-11-17 00:29 . 2013-11-17 00:29 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2013-11-17 00:29 . 2013-11-17 00:29 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2013-11-17 00:29 . 2013-11-17 00:29 102912 ----a-w- c:\windows\system32\inseng.dll
    2013-11-17 00:28 . 2013-11-17 00:28 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 648192 ----a-w- c:\windows\system32\d3d10level9.dll
    2013-11-17 00:28 . 2013-11-17 00:28 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2013-11-17 00:28 . 2013-11-17 00:28 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2013-11-17 00:28 . 2013-11-17 00:28 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3928064 ----a-w- c:\windows\system32\d2d1.dll
    2013-11-17 00:28 . 2013-11-17 00:28 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2013-11-17 00:28 . 2013-11-17 00:28 363008 ----a-w- c:\windows\system32\dxgi.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
    2013-11-17 00:28 . 2013-11-17 00:28 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2013-11-17 00:28 . 2013-11-17 00:28 296960 ----a-w- c:\windows\system32\d3d10core.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-09-10 02:09 433648 ----a-w- c:\programdata\Partner\Partner.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2010-6-24 9216]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
    2011-02-24 19:33 79368 ----a-w- c:\windows\System32\UmxWNP.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
    R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
    R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe;c:\programdata\Partner\Partner.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    S0 KmxAMRT;KmxAMRT;c:\windows\system32\DRIVERS\KmxAMRT.sys;c:\windows\SYSNATIVE\DRIVERS\KmxAMRT.sys [x]
    S0 KmxFw;KmxFw;c:\windows\System32\DRIVERS\kmxfw.sys;c:\windows\SYSNATIVE\DRIVERS\kmxfw.sys [x]
    S0 rpcnetp;rpcnetp;rpcnetp [x]
    S1 KmxAgent;KmxAgent;c:\windows\system32\DRIVERS\kmxagent.sys;c:\windows\SYSNATIVE\DRIVERS\kmxagent.sys [x]
    S1 KmxCfg;KmxCfg;c:\windows\system32\DRIVERS\kmxcfg.sys;c:\windows\SYSNATIVE\DRIVERS\kmxcfg.sys [x]
    S1 KmxFile;KmxFile;c:\windows\system32\DRIVERS\KmxFile.sys;c:\windows\SYSNATIVE\DRIVERS\KmxFile.sys [x]
    S1 KmxFilter;HIPS Core Filter Driver;c:\windows\system32\DRIVERS\KmxFilter.sys;c:\windows\SYSNATIVE\DRIVERS\KmxFilter.sys [x]
    S2 CAAMSvc;CAAMSvc;c:\program files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe;c:\program files\Total Defense\Internet Security Suite\Anti-Virus\caamsvc.exe [x]
    S2 ccSchedulerSVC;Total Defense Common Scheduler Service;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe;c:\program files\Total Defense\Internet Security Suite\ccschedulersvc.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 KmxCF;KmxCF;c:\windows\system32\DRIVERS\KmxCF.sys;c:\windows\SYSNATIVE\DRIVERS\KmxCF.sys [x]
    S2 KmxSbx;KmxSbx;c:\windows\system32\DRIVERS\KmxSbx.sys;c:\windows\SYSNATIVE\DRIVERS\KmxSbx.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-02-04 19:29 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-02-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-13 20:04]
    .
    2014-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
    .
    2014-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-10 02:09]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
    2010-09-10 02:09 750064 ----a-w- c:\programdata\Partner\Partner64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-10 386584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
    "cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-10 520760]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
    "cctray"="c:\program files\Total Defense\Internet Security Suite\casc.exe" [2013-09-25 2733576]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\UmxSbxExA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig?brand=TSND&bmod=TSND
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>;*.local
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2834456463-4036289094-2117392042-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-2834456463-4036289094-2117392042-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\windows\System32\rpcnetp.exe
    c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    .
    **************************************************************************
    .
    Completion time: 2014-02-11 23:43:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-02-12 04:43
    .
    Pre-Run: 385,830,821,888 bytes free
    Post-Run: 387,357,724,672 bytes free
    .
    - - End Of File - - 593DAC93FF4EBE16A523E3BCAF6299DD
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    All looks perfectly clean so far.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. driveman

    driveman TS Rookie Topic Starter Posts: 44

    It looks like iexplore.exe is still showing up. I'll let it sit overnight to see how many instances start running. In any case, attached are the logs.

    # AdwCleaner v3.018 - Report created 12/02/2014 at 00:00:46
    # Updated 28/01/2014 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : Matthew - MATTHEW-PC
    # Running from : C:\Users\Matthew\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : Partner Service

    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\Partner

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
    Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
    Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16736


    -\\ Google Chrome v32.0.1700.107

    [ File : C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1948 octets] - [11/02/2014 23:59:47]
    AdwCleaner[S0].txt - [1897 octets] - [12/02/2014 00:00:46]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1957 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.1 (02.04.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Matthew on Wed 02/12/2014 at 0:04:21.57
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 02/12/2014 at 0:24:34.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    OTL logfile created on: 2/12/2014 12:25:38 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthew\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 66.35% Memory free
    7.60 Gb Paging File | 6.21 Gb Available in Paging File | 81.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.96 Gb Total Space | 360.83 Gb Free Space | 79.49% Space Free | Partition Type: NTFS

    Computer Name: MATTHEW-PC | User Name: Matthew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2014/02/12 00:01:49 | 000,017,920 | ---- | M] () -- C:\Windows\SysWOW64\rpcnetp.exe
    PRC - [2014/02/11 23:58:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Downloads\OTL.exe
    PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2012/06/06 15:31:56 | 003,076,096 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
    PRC - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe
    PRC - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


    ========== Modules (No Company Name) ==========

    MOD - [2009/02/27 16:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/11/16 22:02:02 | 000,313,040 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\CAAMSvc.exe -- (CAAMSvc)
    SRV:64bit: - [2013/09/25 14:36:16 | 000,314,888 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\Total Defense\Internet Security Suite\Anti-Virus\isafe.exe -- (CAISafe)
    SRV:64bit: - [2013/09/25 14:33:28 | 000,288,776 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\Total Defense\Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
    SRV:64bit: - [2013/09/25 14:33:26 | 000,367,112 | ---- | M] (Total Defense, Inc.) [On_Demand | Running] -- C:\Program Files\Total Defense\Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
    SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2011/04/04 12:42:30 | 000,920,656 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
    SRV:64bit: - [2010/07/19 21:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2010/07/19 20:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV:64bit: - [2010/07/19 20:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2010/02/25 22:00:32 | 000,252,928 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
    SRV:64bit: - [2010/02/23 20:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
    SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
    SRV:64bit: - [2009/11/06 01:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
    SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
    SRV - [2014/02/05 15:04:52 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2012/06/05 15:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2010/03/18 15:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 15:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/10/06 12:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2013/05/06 08:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/10/27 16:07:50 | 000,182,352 | ---- | M] (Total Defense) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\KmxAMRT.sys -- (KmxAMRT)
    DRV:64bit: - [2011/10/26 12:51:38 | 000,113,744 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxAgent.sys -- (KmxAgent)
    DRV:64bit: - [2011/09/06 22:04:22 | 000,201,936 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxCF.sys -- (KmxCF)
    DRV:64bit: - [2011/09/06 22:04:22 | 000,143,824 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\KmxFw.sys -- (KmxFw)
    DRV:64bit: - [2011/09/06 22:04:22 | 000,099,024 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxFilter.sys -- (KmxFilter)
    DRV:64bit: - [2011/09/06 22:04:20 | 000,365,136 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\KmxCfg.sys -- (KmxCfg)
    DRV:64bit: - [2011/09/06 22:04:20 | 000,087,120 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\SysNative\drivers\KmxFile.sys -- (KmxFile)
    DRV:64bit: - [2011/09/06 22:04:20 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\KmxSbx.sys -- (KmxSbx)
    DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/07/29 08:10:42 | 010,610,400 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/07/28 14:46:18 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/06/18 13:38:06 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/03/31 02:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
    DRV:64bit: - [2010/03/24 16:55:56 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/10 21:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/09 00:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
    DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
    DRV:64bit: - [2009/06/22 20:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
    DRV:64bit: - [2009/06/19 22:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
    DRV:64bit: - [2009/06/15 15:58:50 | 000,012,800 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\QIOMem.sys -- (QIOMem)
    DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {CD575240-FDAF-478F-99B0-6018AAF183EB}
    IE:64bit: - HKLM\..\SearchScopes\{CD575240-FDAF-478F-99B0-6018AAF183EB}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{765E0797-EBD3-472B-B620-FD4F9F221286}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/ [binary data]
    IE - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?brand=TSND&bmod=TSND
    IE - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\..\SearchScopes\{F2901BB3-11D9-4F28-B0B0-A134C699C78E}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7TSND
    IE - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\caaphishtoolbar@ca.com: C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\Firefox [2013/11/16 21:20:05 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:eek:mniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
    CHR - Extension: Total Defense Anti-Phishing Toolbar = C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih\2.2.0.33_0\
    CHR - Extension: Google Wallet = C:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\

    O1 HOSTS File: ([2014/02/11 23:37:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
    O2 - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
    O3:64bit: - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\Total Defense\Internet Security Suite\Anti-Phishing\x86\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
    O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\Total Defense\Internet Security Suite\casc.exe (Total Defense, Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2834456463-4036289094-2117392042-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.51.2)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.51.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBEB6541-5B38-470F-AD38-2F4FA1020B4D}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\UmxSbxExA64.dll) - C:\Windows\SysNative\UmxSbxExA64.dll (CA)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O20:64bit: - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\PFW: DllName - (UmxWnp.Dll) - C:\windows\SysWow64\UmxWNP.dll (CA)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2014/02/12 00:04:19 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2014/02/11 23:59:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/02/11 23:43:42 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2014/02/11 23:37:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2014/02/11 23:20:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2014/02/11 23:20:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2014/02/11 23:20:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2014/02/11 23:20:12 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/02/11 23:19:47 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2014/02/11 21:31:18 | 000,119,000 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/02/11 21:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2014/02/11 21:30:39 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
    [2014/02/11 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\MBAR
    [2014/02/11 21:21:24 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\RK_Quarantine
    [2014/02/11 16:27:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2014/01/28 20:19:01 | 000,000,000 | ---D | C] -- C:\windows\Migration
    [2014/01/28 19:04:37 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Roaming\Malwarebytes
    [2014/01/28 19:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2014/01/28 19:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2014/01/28 19:04:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2014/01/28 19:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2014/01/28 19:04:11 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Programs
    [2014/01/13 10:45:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Macromed
    [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2014/02/12 00:09:28 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/02/12 00:09:28 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/02/12 00:08:17 | 000,782,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2014/02/12 00:08:17 | 000,662,338 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2014/02/12 00:08:17 | 000,121,916 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2014/02/12 00:08:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2014/02/12 00:05:00 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/02/12 00:02:24 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/02/12 00:02:05 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.dll
    [2014/02/12 00:01:57 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2014/02/12 00:01:53 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
    [2014/02/12 00:01:49 | 000,017,920 | ---- | M] () -- C:\windows\SysWow64\rpcnetp.exe
    [2014/02/12 00:01:49 | 000,017,920 | ---- | M] () -- C:\windows\SysNative\rpcnetp.exe
    [2014/02/12 00:01:25 | 001,056,273 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k0
    [2014/02/12 00:01:25 | 000,130,548 | ---- | M] () -- C:\windows\SysNative\drivers\KmxAgent.asc
    [2014/02/12 00:01:25 | 000,000,509 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k0
    [2014/02/12 00:01:25 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k7
    [2014/02/12 00:01:25 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k6
    [2014/02/12 00:01:25 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k5
    [2014/02/12 00:01:25 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k4
    [2014/02/12 00:01:25 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k3
    [2014/02/12 00:01:25 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k2
    [2014/02/12 00:01:25 | 000,000,085 | ---- | M] () -- C:\windows\SysNative\drivers\kmxcfg.u2k1
    [2014/02/12 00:01:25 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k7
    [2014/02/12 00:01:25 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k6
    [2014/02/12 00:01:25 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k5
    [2014/02/12 00:01:25 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k4
    [2014/02/12 00:01:25 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k3
    [2014/02/12 00:01:25 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k2
    [2014/02/12 00:01:25 | 000,000,049 | ---- | M] () -- C:\windows\SysNative\drivers\kmxzone.u2k1
    [2014/02/11 23:37:24 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2014/02/11 21:31:18 | 000,119,000 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
    [2014/02/11 21:30:39 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
    [2014/02/04 14:31:53 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2014/01/28 20:21:33 | 000,771,422 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
    [2014/01/28 19:04:32 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/16 10:28:49 | 000,275,712 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2014/01/15 12:11:37 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [1 C:\windows\SysNative\*.tmp files -> C:\windows\SysNative\*.tmp -> ]
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2014/02/11 23:20:51 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2014/02/11 23:20:51 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2014/02/11 23:20:51 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2014/02/11 23:20:51 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2014/02/11 23:20:51 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2014/01/28 19:04:32 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2014/01/15 12:11:37 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
    [2014/01/13 10:45:56 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2013/11/16 21:50:41 | 000,000,245 | ---- | C] () -- C:\windows\Brpfx04a.ini
    [2013/11/16 21:50:41 | 000,000,064 | ---- | C] () -- C:\windows\brpcfx.ini
    [2013/11/16 21:49:53 | 000,003,302 | ---- | C] () -- C:\windows\BRPARAM.INI
    [2013/11/16 21:48:11 | 000,000,000 | ---- | C] () -- C:\windows\brdfxspd.dat
    [2013/11/16 21:48:05 | 000,045,056 | ---- | C] () -- C:\windows\SysWow64\BRTCPCON.DLL
    [2013/11/16 21:48:03 | 000,000,114 | ---- | C] () -- C:\windows\SysWow64\BRLMW03A.INI
    [2013/11/16 21:34:27 | 000,000,000 | ---- | C] () -- C:\windows\HPMProp.INI
    [2013/11/16 20:12:26 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.dll
    [2013/11/16 20:11:53 | 000,017,920 | ---- | C] () -- C:\windows\SysWow64\rpcnetp.exe
    [2013/11/15 01:16:02 | 000,771,422 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

    ========== ZeroAccess Check ==========

    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2014/01/20 12:38:05 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\ControlCenter4
    [2014/02/11 10:10:46 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\SoftGrid Client
    [2013/11/21 10:17:00 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Toshiba
    [2013/11/15 01:17:03 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\TP
    [2013/11/15 00:49:37 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\WinBatch
    [2013/12/12 14:27:47 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Windows Live Writer
    [2013/12/17 09:44:03 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\{90140011-0066-0409-0000-0000000FF1CE}

    ========== Purity Check ==========



    < End of report >
     
  14. driveman

    driveman TS Rookie Topic Starter Posts: 44

    OTL Extras logfile created on: 2/12/2014 12:25:38 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matthew\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16736)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 66.35% Memory free
    7.60 Gb Paging File | 6.21 Gb Available in Paging File | 81.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 453.96 Gb Total Space | 360.83 Gb Free Space | 79.49% Space Free | Partition Type: NTFS

    Computer Name: MATTHEW-PC | User Name: Matthew | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2834456463-4036289094-2117392042-1001\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00292807-7573-4351-A806-7C9B2AB4C597}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{01255100-1EF9-4E03-8780-EABCFDB71F0B}" = rport=138 | protocol=17 | dir=out | app=system |
    "{09EC213E-E82A-4BFB-82DA-79938BBEBE5C}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{0DF582B0-40F6-48C3-9B96-D3548DFF9D39}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{11656281-65B0-4E04-AE0F-3612BEAF2FE7}" = rport=445 | protocol=6 | dir=out | app=system |
    "{137A8EE1-40EC-46D3-AC72-129F5D03D106}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{1DBF7B56-6128-4A83-9DF1-7492952848AF}" = rport=139 | protocol=6 | dir=out | app=system |
    "{29BF3899-2662-411C-B527-EC83758C8F6D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2A7CC5D6-8056-4D08-BA17-15E7B1D93C2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4EE4CB3D-AA1C-4310-B08D-CA3459D97DAE}" = lport=139 | protocol=6 | dir=in | app=system |
    "{540C4366-7C57-4323-9F51-EE639C1C3187}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{69808D84-715D-4A61-B676-D36300155CA9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6A05ABDE-E629-430E-8B48-8FECCB5DE960}" = lport=137 | protocol=17 | dir=in | app=system |
    "{7180CCB1-5247-4FA6-A5CB-9AA7548E4554}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{808F7087-6B59-43BC-B7A6-8FD6803394F1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{8D16E661-E8C8-4447-983F-818B67C4952F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{9C985534-45C6-47A9-89A3-FB14E19CE745}" = rport=137 | protocol=17 | dir=out | app=system |
    "{9D251D24-7946-4B86-95C3-654F405A76C0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A21C0301-6D4C-428B-B888-A7E08025B78E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{A70EA970-E31C-4067-BE65-591CC4315ADE}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
    "{A845F42A-08AD-4F54-82A2-4242C5F502A0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{B9EF2E3F-7FDA-4281-BB56-4007EAD79EDD}" = lport=445 | protocol=6 | dir=in | app=system |
    "{BD00D105-8423-4EBF-B61D-67EF0D74CDB2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C31557B6-6ED6-446F-AC3B-11EFF118CB2F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{C8E50CC8-71B8-422A-B851-29BB79D6E0CC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{D4E1D9EE-A128-4620-8EBF-5E693A8BB586}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{D64366E6-3DEE-4634-B601-A7CF5B03D133}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FA8E0CA8-8F1E-418B-AB8A-E6B87B572607}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{105D71BB-90D4-40FF-B94E-0F5139A92CCD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{1DACE247-E41E-4AE0-9100-562BB9CB483A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{24CBA7EF-6154-4EF0-A1D0-49D53F59AFE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{2E7B4607-B6F8-4655-94D9-B9BDAC0549C4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{2FC88B9A-1FBC-42EE-8FE8-E87C951EC5DA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{3153C231-5AD1-4F41-986C-2BCB7AED724E}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
    "{3EF03F21-5E67-4E2C-B9D6-36570460F597}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4A8DB675-78D8-4C44-83B5-18236DFFC133}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{50BA0C83-317E-4942-A89B-4D91A568A533}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{51889E76-F623-4978-AB53-2B7FF8938839}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6AA8DFBD-F306-4F73-88DE-64298A0BF752}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{729A7740-ECA2-48EE-8554-64DBA23B0F2F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
    "{7D684C71-9625-40A5-81D7-B5033791BDEC}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{7F48CA5E-F8E3-432C-B84B-CC3BAF0B9F0C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{85E11D71-F66F-4082-B7E9-CD1BD351F0F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{8816AA93-54C8-4F35-AA43-BC7C93C69E3B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{915C1590-3449-42C5-A771-5BA718CDDB02}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{A05ED358-4CE8-4779-92B2-9ADF3F88ACDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A2BC6735-0E78-44A4-A547-D4A6F5E056D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AEEA3780-8A89-4CE1-802A-B9DC5072E9F1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{B53CA36F-2F47-472F-B9CC-231EDFC5B23F}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
    "{C63EDD3D-CDB6-46A0-B603-87F926F6619A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CB1A280E-EB78-4614-A5A3-069E6B757CB3}" = protocol=6 | dir=out | app=system |
    "{CCCC29B3-70DB-4229-A41E-1DAE54B5E372}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{D3DB11FF-5269-468F-A511-AEABF85EB927}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D8FA0B6E-8498-4D90-9E17-69B5FB9A0053}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{DC70F24A-D516-4C30-9ECC-E28DAF817115}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{DC8F2D4C-5C7B-4477-BEAA-E345F65F2276}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{DFFDCEA4-69D3-46B5-A731-52F8480E5709}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{FF61D256-B23F-46E5-8688-9359BD9ACB20}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
    "{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = Anti-Virus
    "{4327107B-E95E-415C-9194-458FCED6BF12}" = Intel(R) PROSet/Wireless WiFi Software
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
    "{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
    "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
    "{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "{C298FF86-AB23-4B58-AC53-A23383C07B3A}" = Intel® Wireless Display
    "{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{F3A591D1-C991-4722-B40D-C4A80C2A6D05}" = HIPS
    "{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
    "CAAPH2" = APH placeholder
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "eTrust Suite Personal" = Total Defense Internet Security Suite
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
    "{1367D815-EC9F-4e2f-9FB9-E40A075AD19B}" = DNAMigrator
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
    "{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
    "{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}" = Brother MFL-Pro Suite MFC-J430W
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "{BB51B753-9A0C-4D1D-B3EF-A1B936F55796}" = Toshiba Book Place
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
    "Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
    "Google Chrome" = Google Chrome
    "InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
    "InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}" = TOSHIBA ReelTime
    "InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
    "InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
    "InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
    "InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
    "InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
    "InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2834456463-4036289094-2117392042-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Amazon Cloud Player" = Amazon Cloud Player

    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Make sure Internet Explorer is CLOSED.

    [​IMG] Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
    Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
    NOTE. Windows Vista, 7 and 8 users right click on procexp.exe, click "Run As Administrator".
    Click on View > Select Colunms.
    In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
    Go File>Save As, and save the report as Procexp.txt.
    Attach the file to your next reply.

    [​IMG] Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2

    64-bit users go HERE
    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:
    Code:
    C:\windows\SysNative\rpcnetp.exe
    C:\Windows\SysWOW64\rpcnetp.exe
    
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt

    [​IMG]
    Open Windows Explorer. Go Tools>Folder Options>View tab (Windows 8 users. Open File Manager. Go View>Options>Change folder and search options>View tab), put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
    NOTE. Make sure to reverse the above changes, when done with this step.
    Upload following files to http://www.virustotal.com/ for security check:
    - C:\windows\SysNative\rpcnetp.exe
    - C:\Windows\SysWOW64\rpcnetp.exe
    IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
    Post scan results.
     
  16. driveman

    driveman TS Rookie Topic Starter Posts: 44

    Here are the scan results. I don't have a folder C:\Windows\SysNative\ so I didn't scan that file.

    Process CPU Private Bytes Working Set PID Description Company Name
    System Idle Process 51.16 0 K 24 K 0
    System 0.63 296 K 8,308 K 4
    Interrupts 0.79 0 K 0 K n/a Hardware Interrupts and DPCs
    smss.exe 532 K 1,160 K 324 Windows Session Manager Microsoft Corporation
    csrss.exe < 0.01 4,084 K 7,468 K 448 Client Server Runtime Process Microsoft Corporation
    conhost.exe 1,068 K 2,660 K 1272 Console Window Host Microsoft Corporation
    wininit.exe 1,892 K 4,344 K 496 Windows Start-Up Application Microsoft Corporation
    services.exe 6,352 K 9,372 K 560 Services and Controller app Microsoft Corporation
    svchost.exe 0.01 4,908 K 9,196 K 728 Host Process for Windows Services Microsoft Corporation
    unsecapp.exe 1,780 K 4,824 K 2208 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation
    WmiPrvSE.exe 5,628 K 10,356 K 3204 WMI Provider Host Microsoft Corporation
    dllhost.exe 2,788 K 6,892 K 5664 COM Surrogate Microsoft Corporation
    ccprovep.exe 2,020 K 5,204 K 5916 CCProvEP Total Defense, Inc.
    svchost.exe 6,264 K 9,484 K 800 Host Process for Windows Services Microsoft Corporation
    svchost.exe 22,928 K 24,436 K 912 Host Process for Windows Services Microsoft Corporation
    audiodg.exe 16,628 K 16,968 K 6232 Windows Audio Device Graph Isolation Microsoft Corporation
    svchost.exe 0.07 141,536 K 150,648 K 944 Host Process for Windows Services Microsoft Corporation
    wlanext.exe 8,500 K 14,532 K 1264 Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation
    dwm.exe 0.96 58,532 K 41,144 K 3604 Desktop Window Manager Microsoft Corporation
    svchost.exe < 0.01 13,892 K 21,420 K 972 Host Process for Windows Services Microsoft Corporation
    svchost.exe < 0.01 37,220 K 53,996 K 996 Host Process for Windows Services Microsoft Corporation
    svchost.exe 2,692 K 5,140 K 452 Host Process for Windows Services Microsoft Corporation
    svchost.exe 0.01 17,604 K 18,468 K 1172 Host Process for Windows Services Microsoft Corporation
    spoolsv.exe < 0.01 11,468 K 16,272 K 1352 Spooler SubSystem App Microsoft Corporation
    svchost.exe 11,296 K 12,240 K 1384 Host Process for Windows Services Microsoft Corporation
    AppleMobileDeviceService.exe 0.02 3,192 K 8,604 K 1476 MobileDeviceService Apple Inc.
    mDNSResponder.exe 2,920 K 6,060 K 1520 Bonjour Service Apple Inc.
    CAAMSvc.exe 6,844 K 4,216 K 1556 Total Defense Anti-Malware Service. Total Defense, Inc.
    isafe.exe 4,088 K 7,496 K 1600 CA ISafe Service Computer Associates International, Inc.
    ccschedulersvc.exe < 0.01 2,660 K 6,636 K 1624 CCSchedulerSVC Total Defense, Inc.
    svchost.exe 0.02 8,800 K 15,576 K 1664 Host Process for Windows Services Microsoft Corporation
    LMS.exe 0.02 2,656 K 4,724 K 1752 Local Manageability Service Intel Corporation
    RegSrvc.exe 2,312 K 5,524 K 1856 Intel(R) PROSet/Wireless Registry Service Intel(R) Corporation
    rpcnetp.exe 1,164 K 3,752 K 1908
    sftvsa.exe 1,480 K 4,404 K 2056 Microsoft Application Virtualization Virtual Service Agent Microsoft Corporation
    svchost.exe 0.01 10,120 K 12,048 K 2088 Host Process for Windows Services Microsoft Corporation
    TODDSrv.exe < 0.01 1,848 K 4,796 K 2116 TDCSrv Application TOSHIBA Corporation
    TosCoSrv.exe 3,052 K 4,712 K 2240 TOSHIBA Power Saver TOSHIBA Corporation
    TecoService.exe 0.03 2,364 K 4,728 K 2344 TOSHIBA eco Utility Service TOSHIBA Corporation
    UmxEngine.exe 0.22 170,224 K 166,440 K 2400 CA Threat Management Engine Service CA
    ccEvtMgr.exe < 0.01 30,552 K 22,396 K 3768 Common Event Manager Total Defense, Inc.
    WLIDSVC.EXE < 0.01 7,632 K 13,724 K 2608 Microsoft® Windows Live ID Service Microsoft Corp.
    WLIDSVCM.EXE 1,492 K 3,312 K 2772 Microsoft® Windows Live ID Service Monitor Microsoft Corp.
    SearchIndexer.exe 0.01 29,740 K 20,544 K 2704 Microsoft Windows Search Indexer Microsoft Corporation
    EvtEng.exe 10,536 K 15,432 K 2752 Intel(R) PROSet/Wireless Event Log Service Intel(R) Corporation
    sftlist.exe < 0.01 6,620 K 12,832 K 2832 Microsoft Application Virtualization Client Service Microsoft Corporation
    CVHSVC.EXE 6,860 K 13,000 K 3132 Microsoft Office Client Virtualization Service Microsoft Corporation
    taskhost.exe < 0.01 13,436 K 14,080 K 3484 Host Process for Windows Tasks Microsoft Corporation
    svchost.exe 2,104 K 5,368 K 3332 Host Process for Windows Services Microsoft Corporation
    ccprovsp.exe 2,076 K 5,416 K 4916 CCProvSP Total Defense, Inc.
    svchost.exe < 0.01 11,900 K 14,552 K 4672 Host Process for Windows Services Microsoft Corporation
    BrYNSvc.exe 0.02 4,584 K 9,452 K 3084 BrYNCSvc Brother Industries, Ltd.
    wmpnetwk.exe < 0.01 12,996 K 12,268 K 1148 Windows Media Player Network Sharing Service Microsoft Corporation
    UNS.exe < 0.01 4,832 K 9,100 K 5452 User Notification Service Intel Corporation
    lsass.exe 5,996 K 12,720 K 584 Local Security Authority Process Microsoft Corporation
    lsm.exe 2,740 K 4,268 K 592 Local Session Manager Service Microsoft Corporation
    csrss.exe 0.26 3,600 K 38,988 K 524 Client Server Runtime Process Microsoft Corporation
    winlogon.exe 3,120 K 6,896 K 664 Windows Logon Application Microsoft Corporation
    igfxtray.exe 3,268 K 6,864 K 4224 igfxTray Module Intel Corporation
    hkcmd.exe 3,832 K 9,700 K 4256 hkcmd Module Intel Corporation
    igfxpers.exe 3,000 K 7,104 K 4292 persistence Module Intel Corporation
    cAudioFilterAgent64.exe 2,700 K 5,828 K 4340 Conexant High Definition Audio Filter Agent Conexant Systems, Inc.
    SynTPEnh.exe 0.61 9,484 K 14,088 K 4408 Synaptics TouchPad Enhancements Synaptics Incorporated
    SynTPHelper.exe 1,556 K 3,232 K 4848 Synaptics Pointing Device Helper Synaptics Incorporated
    casc.exe 0.06 59,800 K 20,152 K 4424 Security Center Total Defense, Inc.
    BrStMonW.exe 0.02 9,756 K 16,472 K 5076 Status Monitor Application Brother Industries, Ltd.
    jusched.exe 3,708 K 10,868 K 5360 Java(TM) Update Scheduler Oracle Corporation
    explorer.exe 0.49 52,788 K 67,328 K 6100 Windows Explorer Microsoft Corporation
    chrome.exe 1.35 83,116 K 113,688 K 3460 Google Chrome Google Inc.
    chrome.exe 0.37 122,296 K 134,952 K 4284 Google Chrome Google Inc.
    chrome.exe 0.76 79,560 K 88,820 K 3876 Google Chrome Google Inc.
    chrome.exe 0.01 32,052 K 38,432 K 1780 Google Chrome Google Inc.
    chrome.exe 0.07 59,624 K 66,640 K 4980 Google Chrome Google Inc.
    chrome.exe 24.28 158,540 K 167,896 K 1864 Google Chrome Google Inc.
    chrome.exe 0.03 41,832 K 48,568 K 4168 Google Chrome Google Inc.
    chrome.exe 0.01 37,652 K 44,572 K 6000 Google Chrome Google Inc.
    chrome.exe 0.89 169,136 K 176,912 K 6064 Google Chrome Google Inc.
    chrome.exe < 0.01 39,248 K 45,744 K 5788 Google Chrome Google Inc.
    chrome.exe 24,072 K 25,804 K 5648 Google Chrome Google Inc.
    chrome.exe 0.11 59,532 K 66,136 K 1568 Google Chrome Google Inc.
    chrome.exe 0.01 48,524 K 52,568 K 5844 Google Chrome Google Inc.
    chrome.exe 22,404 K 23,832 K 2248 Google Chrome Google Inc.
    chrome.exe 24,272 K 37,412 K 3200 Google Chrome Google Inc.
    chrome.exe 51,616 K 55,796 K 5356 Google Chrome Google Inc.
    procexp.exe 2,520 K 7,808 K 3532 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
    procexp64.exe 4.65 25,880 K 44,852 K 6360 Sysinternals Process Explorer Sysinternals - www.sysinternals.com
    taskmgr.exe 14.20 3,516 K 10,208 K 5876 Windows Task Manager Microsoft Corporation
    notepad.exe < 0.01 1,456 K 6,376 K 5328 Notepad Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 4608 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 6884 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 7328 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 2932 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 7924 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 6588 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 3908 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 6472 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 6600 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 4620 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 6524 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 7764 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 1060 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 6724 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 7460 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 7776 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 2196 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 4716 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 7252 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 7032 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 356 K 272 K 7728 Internet Explorer Microsoft Corporation
    iexplore.exe Suspended 360 K 276 K 5572 Internet Explorer Microsoft Corporation

    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:26 on 12/02/2014 by Matthew
    Administrator - Elevation successful

    No Context: C:\windows\SysNative\rpcnetp.exe

    No Context: C:\Windows\SysWOW64\rpcnetp.exe

    -= EOF =-

    SHA256:96e1bc2a93a8aed4dae5274bf55668ad9f6d808c716f31af670aa509a09d251a
    File name:rpcnetp.exe
    Detection ratio:0 / 49
    Analysis date:2014-02-12 17:32:07 UTC ( 0 minutes ago )
    [​IMG]
    0

    0

    Probably harmless! There are strong indicators suggesting that this file is safe to use.

    AntivirusResultUpdate
    AVG20140212
    Ad-Aware20140212
    Agnitum20140211
    AhnLab-V320140212
    AntiVir20140212
    Avast20140212
    Baidu-International20140212
    BitDefender20140212
    Bkav20140212
    ByteHero20140212
    CAT-QuickHeal20140212
    CMC20140211
    ClamAV20140212
    Commtouch20140212
    Comodo20140212
    DrWeb20140212
    ESET-NOD3220140212
    Emsisoft20140212
    F-Prot20140211
    F-Secure20140212
    Fortinet20140212
    GData20140212
    Ikarus20140212
    Jiangmin20140212
    K7AntiVirus20140212
    K7GW20140212
    Kaspersky20140212
    Kingsoft20140212
    Malwarebytes20140212
    McAfee20140212
    McAfee-GW-Edition20140212
    MicroWorld-eScan20140212
    Microsoft20140212
    NANO-Antivirus20140212
    Norman20140212
    Panda20140212
    Qihoo-36020140212
    Rising20140212
    SUPERAntiSpyware20140212
    Sophos20140212
    Symantec20140212
    TheHacker20140212
    TotalDefense20140212
    TrendMicro20140212
    TrendMicro-HouseCall20140212
    VBA3220140212
    VIPRE20140212
    ViRobot20140212
    nProtect20140212
     
  17. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    I made a mistake with System Look code.
    Here is the correct one:

    Code:
    :file
    C:\windows\SysNative\rpcnetp.exe
    C:\Windows\SysWOW64\rpcnetp.exe
     
  18. driveman

    driveman TS Rookie Topic Starter Posts: 44

    Here is the result of the System Look

    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:04 on 12/02/2014 by Matthew
    Administrator - Elevation successful

    ========== file ==========

    C:\windows\SysNative\rpcnetp.exe - Unable to find/read file.

    C:\Windows\SysWOW64\rpcnetp.exe - File found and opened.
    MD5: F4402AFE7F512904D05D657FE16F8BE0
    Created at 01:11 on 17/11/2013
    Modified at 05:01 on 12/02/2014
    Size: 17920 bytes
    Attributes: --a----
    No version information available.

    -= EOF =-
     
  19. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Is this a laptop?
    Do you have Lo-Jack Absolute Software Corp installed?
     
  20. driveman

    driveman TS Rookie Topic Starter Posts: 44

    This is a laptop as far as I know I don't have that installed.
     
  21. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Re-run Process Explorer.
    Right click on "rpcnetp.exe", click "Properties" and post a screenshot of it.
     
  22. driveman

    driveman TS Rookie Topic Starter Posts: 44

    Is this what you want to see?

    upload_2014-2-12_13-39-7.png
     
  23. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Yes. Thank you :)

    Go Start>Run (Start Search in Vista/7), type in:
    msconfig
    Click OK (hit Enter in Vista/7).

    Click on Startup tab.
    Click Disable all
    IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

    Click Services tab.
    Put checkmark in Hide all Microsoft services
    Click Disable all.

    Click OK.
    Restart computer in Normal Mode.

    NOTE. If you use different firewall, than Windows firewall, turn Windows firewall on, just for this test, since your regular firewall won't be running.
    If you use Windows firewall, you're fine.

    Re-run Process Explorer and see if multiple iexplore.exe processes are still listed.
     
  24. driveman

    driveman TS Rookie Topic Starter Posts: 44

    I disabled everything and restarted. Upon running process explorer, 1 instance of iexplore.exe popped up right away. That's how it starts. Then multiple instances open as time goes on. Here is the screenshot. Should I re-enable the startup items?
    upload_2014-2-12_13-57-22.png
     
  25. Broni

    Broni Malware Annihilator Posts: 47,693   +268

    Yes, reverse all changes.

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.