Trojan agent svchost continuously returns after malware removal

Solved
By Rjrossi88
Mar 18, 2014
  1. Hi. My computer was infected with the fbi white screen virus. I was able to remove mostly everything but 2 files continue to return after being removed by malwarebytes. I've run the scan at least 4 times and it gets detected every time. I'm not sure what else to do to remove them and I don't want anything to spread again so I'm requesting whatever help you can provide!!
  2. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.19.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Jessica :: JESSICA-PC [administrator]

    3/18/2014 10:48:00 PM
    mbam-log-2014-03-18 (22-48-00).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213787
    Time elapsed: 2 minute(s), 58 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 3788 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    (end)
  4. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16428
    Run by Jessica at 23:08:49 on 2014-03-18
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2513 [GMT -4:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    C:\windows\system32\taskeng.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
    C:\windows\SysWOW64\ctfmon.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.toshiba.com/
    uDefault_Page_URL = hxxp://start.toshiba.com/
    uProxyOverride = <local>
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    BHO: Fast Search: {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
    BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: FrostWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
    mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
    mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    StartupFolder: C:\Users\Jessica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MYPCBA~1.LNK - C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{0ECFBAEC-4B71-4712-A1CF-A46D5AC475B0} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{35060F6E-6056-4463-BFCD-F53AA993184A} : DHCPNameServer = 75.75.75.75 75.75.76.76
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://start.toshiba.com/
    x64-mDefault_Page_URL = hxxp://start.toshiba.com/
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
    x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
    x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\zkqpeq8w.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=d871bc99-4125-4053-ad7c-5a8a08fe208c&apn_ptnrs=%5EFM&apn_sauid=3A366A0A-A63E-45E7-926D-797D95F4F5EA&apn_dtid=%5Epfm013%5EYY%5EUS&&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
    FF - ExtSQL: 2014-03-17 23:52; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-3-17 65776]
    R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-3-17 207904]
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
    R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2014-3-17 1038072]
    R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2014-3-17 421704]
    R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-3-17 78648]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-17 50344]
    R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-2-26 123320]
    R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-26 126392]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-2-26 2656280]
    R3 FwLnk;FwLnk Driver;C:\windows\System32\drivers\FwLnk.sys [2012-2-26 9216]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
    R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-2-26 38096]
    R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2012-2-26 1109096]
    R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-2-26 57216]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
    S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2014-3-14 36392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 aswStm;aswStm;C:\windows\System32\drivers\aswStm.sys [2014-3-17 80184]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-18 111616]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-2-26 243712]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-6-9 1255736]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2014-03-19 02:54:13 20480 ------w- C:\windows\svchost.exe
    2014-03-18 19:31:07 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
    2014-03-18 19:31:07 194048 ----a-w- C:\windows\SysWow64\elshyph.dll
    2014-03-18 19:29:57 878080 ----a-w- C:\windows\System32\advapi32.dll
    2014-03-18 13:37:37 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2014-03-18 13:37:37 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2014-03-18 13:37:36 12625920 ----a-w- C:\windows\System32\wmploc.DLL
    2014-03-18 13:37:35 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL
    2014-03-18 05:25:21 -------- d-----w- C:\Program Files\CCleaner
    2014-03-18 05:24:54 -------- d-----w- C:\Users\Jessica\AppData\Local\Macromedia
    2014-03-18 05:12:32 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
    2014-03-18 05:11:23 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-18 03:54:09 -------- d-----w- C:\Users\Jessica\AppData\Roaming\AVAST Software
    2014-03-18 03:53:27 80184 ----a-w- C:\windows\System32\drivers\aswStm.sys
    2014-03-18 03:53:26 207904 ----a-w- C:\windows\System32\drivers\aswVmm.sys
    2014-03-18 03:53:25 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
    2014-03-18 03:53:24 1038072 ----a-w- C:\windows\System32\drivers\aswSnx.sys
    2014-03-18 03:53:22 78648 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
    2014-03-18 03:53:18 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
    2014-03-18 03:52:46 43152 ----a-w- C:\windows\avastSS.scr
    2014-03-18 03:52:19 -------- d-----w- C:\Program Files\AVAST Software
    2014-03-18 03:51:08 -------- d-----w- C:\ProgramData\AVAST Software
    2014-03-18 03:47:58 -------- d-----w- C:\Program Files (x86)\FileHippo.com
    2014-03-18 03:06:30 70144 ----a-w- C:\windows\System32\appinfo.dll
    2014-03-18 03:06:30 111448 ----a-w- C:\windows\System32\consent.exe
    2014-03-18 03:05:59 1656680 ----a-w- C:\windows\System32\drivers\ntfs.sys
    2014-03-18 03:05:52 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2014-03-18 03:05:52 1474048 ----a-w- C:\windows\System32\crypt32.dll
    2014-03-18 03:05:52 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2014-03-18 03:05:52 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2014-03-18 03:05:52 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
    2014-03-18 03:05:52 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2014-03-18 03:05:06 484864 ----a-w- C:\windows\System32\wer.dll
    2014-03-18 03:05:06 381440 ----a-w- C:\windows\SysWow64\wer.dll
    2014-03-18 03:05:04 81408 ----a-w- C:\windows\System32\imagehlp.dll
    2014-03-18 03:05:04 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
    2014-03-18 03:04:54 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2014-03-18 03:04:54 2048 ----a-w- C:\windows\System32\tzres.dll
    2014-03-18 03:04:34 2048 ----a-w- C:\windows\SysWow64\msxml3r.dll
    2014-03-18 03:04:34 2048 ----a-w- C:\windows\System32\msxml3r.dll
    2014-03-18 03:04:34 1882112 ----a-w- C:\windows\System32\msxml3.dll
    2014-03-18 03:04:34 1237504 ----a-w- C:\windows\SysWow64\msxml3.dll
    2014-03-18 03:04:03 497152 ----a-w- C:\windows\System32\drivers\afd.sys
    2014-03-18 03:04:02 3156480 ----a-w- C:\windows\System32\win32k.sys
    2014-03-18 03:04:02 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
    2014-03-18 03:04:02 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
    2014-03-18 03:04:01 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
    2014-03-18 03:02:48 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2014-03-18 03:01:25 751104 ----a-w- C:\windows\System32\win32spl.dll
    2014-03-18 03:01:25 492544 ----a-w- C:\windows\SysWow64\win32spl.dll
    2014-03-18 03:01:24 624128 ----a-w- C:\windows\System32\qedit.dll
    2014-03-18 03:01:24 509440 ----a-w- C:\windows\SysWow64\qedit.dll
    2014-03-18 03:01:23 404480 ----a-w- C:\windows\System32\gdi32.dll
    2014-03-18 03:01:23 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
    2014-03-18 03:01:18 30720 ----a-w- C:\windows\System32\cryptdlg.dll
    2014-03-18 03:01:18 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
    2014-03-18 02:59:07 202752 ----a-w- C:\windows\System32\scrrun.dll
    2014-03-18 02:59:07 156160 ----a-w- C:\windows\System32\cscript.exe
    2014-03-18 02:59:07 150016 ----a-w- C:\windows\System32\wshom.ocx
    2014-03-18 02:59:07 141824 ----a-w- C:\windows\SysWow64\wscript.exe
    2014-03-18 02:59:07 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
    2014-03-18 02:59:06 168960 ----a-w- C:\windows\System32\wscript.exe
    2014-03-18 02:59:06 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
    2014-03-18 02:59:06 126976 ----a-w- C:\windows\SysWow64\cscript.exe
    2014-03-18 02:59:04 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
    2014-03-18 02:59:04 265064 ----a-w- C:\windows\System32\drivers\dxgmms1.sys
    2014-03-18 02:59:04 144384 ----a-w- C:\windows\System32\cdd.dll
    2014-03-18 02:58:17 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
    2014-03-18 02:58:17 830464 ----a-w- C:\windows\System32\nshwfp.dll
    2014-03-18 02:58:17 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
    2014-03-18 02:58:17 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
    2014-03-18 02:58:17 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
    2014-03-18 02:58:09 461312 ----a-w- C:\windows\System32\scavengeui.dll
    2014-03-18 02:47:56 -------- d-----w- C:\Users\Jessica\AppData\Roaming\Malwarebytes
    2014-03-18 02:47:42 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-03-18 02:47:41 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
    2014-03-18 02:47:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2014-03-18 02:47:25 -------- d-----w- C:\Users\Jessica\AppData\Local\Programs
    2014-03-18 02:46:42 -------- d-----w- C:\Program Files (x86)\MyPC Backup
    2014-03-18 02:44:29 -------- d-----w- C:\Users\Jessica\AppData\Local\Mozilla
    2014-03-18 02:42:47 -------- d-----w- C:\Users\Jessica\AppData\Local\SearchProtect
    2014-03-18 02:36:14 -------- d-----w- C:\Program Files (x86)\GUM7BA4.tmp
    .
    ==================== Find3M ====================
    .
    2014-03-18 19:29:57 859648 ----a-w- C:\windows\System32\tdh.dll
    2014-03-18 13:10:35 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-03-18 05:23:15 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-01-28 02:32:46 228864 ----a-w- C:\windows\System32\wwansvc.dll
    .
    ============= FINISH: 23:09:35.24 ===============
  5. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    System Uptime: 3/18/2014 10:52:57 PM (1 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz | CPU | 2200/1333mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 283 GiB total, 237.995 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP24: 1/13/2013 4:27:31 PM - Windows Update
    RP25: 3/17/2014 11:44:10 PM - Removed GoToMyPC Offer
    RP26: 3/17/2014 11:52:12 PM - avast! antivirus system restore point
    RP27: 3/18/2014 1:06:56 AM - Installed Adobe Reader XI.
    RP28: 3/18/2014 1:12:09 AM - Installed Java 7 Update 51 (64-bit)
    RP29: 3/18/2014 4:54:42 AM - Windows Update
    RP30: 3/18/2014 3:28:47 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 12 ActiveX
    Adobe Flash Player 12 Plugin
    Adobe Reader XI (11.0.06)
    Amazon Links
    Ask Toolbar
    Ask Toolbar Updater
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    avast! Free Antivirus
    Bejeweled 3
    CCleaner
    Conexant HD Audio
    CWA Reminder by We-Care.com v4.1.21.3
    D3DX10
    Digital DJ Pro 1.7.0
    Fast Search
    FATE - The Traitor Soul
    FileHippo.com Update Checker
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java 7 Update 51 (64-bit)
    Java Auto Updater
    Java(TM) 6 Update 25
    Junk Mail filter update
    Label@Once 1.0
    Letters from Nowhere 2
    Malwarebytes Anti-Malware version 1.75.0.1300
    Mesh Runtime
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Mozilla Firefox 20.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MyPC Backup
    Penguins!
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime amd64
    PlayReady PC Runtime x86
    Polar Bowler
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    RollerCoaster Tycoon 3: Platinum
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)
    Skype Launcher
    Synaptics Pointing Device Driver
    Tales of Lagoona
    Toshiba App Place
    TOSHIBA Application Installer
    TOSHIBA Assist
    Toshiba Book Place
    TOSHIBA Bulletin Board
    TOSHIBA Disc Creator
    TOSHIBA Face Recognition
    TOSHIBA Hardware Setup
    TOSHIBA HDD/SSD Alert
    Toshiba Laptop Checkup
    TOSHIBA Media Controller
    TOSHIBA Media Controller Plug-in
    Toshiba Online Backup
    TOSHIBA Quality Application
    TOSHIBA Recovery Media Creator
    TOSHIBA ReelTime
    TOSHIBA Resolution+ Plug-in for Windows Media Player
    TOSHIBA Service Station
    TOSHIBA Supervisor Password
    TOSHIBA Value Added Package
    TOSHIBA Web Camera Application
    TOSHIBARegistration
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
    Update Installer for WildTangent Games App
    WildTangent Games
    WildTangent Games App (Toshiba Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Yahoo! Software Update
    Yahoo! Toolbar
    Yontoo 1.10.04
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/18/2014 5:09:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    3/18/2014 5:09:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    3/18/2014 5:09:54 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/18/2014 5:09:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    3/18/2014 5:09:44 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswVmm discache spldr Wanarpv6
    3/18/2014 3:28:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2872339).
    3/18/2014 3:28:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2882822).
    3/18/2014 12:05:01 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    3/18/2014 12:05:01 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
    3/18/2014 11:00:34 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Cumulative Security Update for Internet Explorer 9 for Windows 7 for x64-based Systems (KB2925418).
    3/18/2014 10:53:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
    3/18/2014 10:53:58 PM, Error: Service Control Manager [7000] - The Computer Backup (MyPC Backup) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/18/2014 10:52:28 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
    3/17/2014 10:39:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdatem) service to connect.
    3/17/2014 10:39:37 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
    3/17/2014 10:39:37 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdatem) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/17/2014 10:39:37 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/17/2014 10:39:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
    3/17/2014 10:37:30 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
    3/17/2014 10:31:11 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    3/17/2014 10:31:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    3/17/2014 10:31:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    3/17/2014 10:30:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/17/2014 10:30:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    3/17/2014 10:25:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    .
    ==== End Of File ===========================
  6. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    Should I have disabled my avast before running that? avast popped up with 4 threats that it blocked all for tdsskiller. should I disable avast and run tdsskiller again or just reboot as it says and paste that log here?
  8. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Are you saying that Avast is blocking TDSSKiller?
    If TDSSKiller ran fine just post its log.
  9. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    It didn't prohibit tdsskiller from starting but I just wasn't sure if it stopped it prematurely before it was done running. I'll reboot and post that log. if you feel like I should run it again you can let me know.
  10. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Let's see the log first.
  11. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    23:27:38.0467 0x1240 TDSS rootkit removing tool 3.0.0.25 Feb 27 2014 15:23:02
    23:27:42.0992 0x1240 ============================================================
    23:27:42.0992 0x1240 Current date / time: 2014/03/18 23:27:42.0992
    23:27:42.0992 0x1240 SystemInfo:
    23:27:42.0992 0x1240
    23:27:42.0992 0x1240 OS Version: 6.1.7601 ServicePack: 1.0
    23:27:42.0992 0x1240 Product type: Workstation
    23:27:42.0993 0x1240 ComputerName: JESSICA-PC
    23:27:42.0993 0x1240 UserName: Jessica
    23:27:42.0993 0x1240 Windows directory: C:\windows
    23:27:42.0993 0x1240 System windows directory: C:\windows
    23:27:42.0993 0x1240 Running under WOW64
    23:27:42.0993 0x1240 Processor architecture: Intel x64
    23:27:42.0993 0x1240 Number of processors: 2
    23:27:42.0993 0x1240 Page size: 0x1000
    23:27:42.0993 0x1240 Boot type: Normal boot
    23:27:42.0993 0x1240 ============================================================
    23:27:43.0144 0x1240 KLMD registered as C:\windows\system32\drivers\89227591.sys
    23:27:43.0567 0x1240 System UUID: {AB0EEA96-DCC5-178A-82D3-7C6DD70369B8}
    23:27:44.0257 0x1240 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    23:27:44.0264 0x1240 ============================================================
    23:27:44.0264 0x1240 \Device\Harddisk0\DR0:
    23:27:44.0264 0x1240 MBR partitions:
    23:27:44.0264 0x1240 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x235E9800
    23:27:44.0264 0x1240 ============================================================
    23:27:44.0295 0x1240 C: <-> \Device\Harddisk0\DR0\Partition1
    23:27:44.0295 0x1240 ============================================================
    23:27:44.0295 0x1240 Initialize success
    23:27:44.0295 0x1240 ============================================================
    23:27:47.0330 0x1218 ============================================================
    23:27:47.0330 0x1218 Scan started
    23:27:47.0330 0x1218 Mode: Manual;
    23:27:47.0330 0x1218 ============================================================
    23:27:47.0330 0x1218 KSN ping started
    23:27:49.0814 0x1218 KSN ping finished: true
    23:27:50.0098 0x1218 ================ Scan system memory ========================
    23:27:50.0098 0x1218 System memory - ok
    23:27:50.0098 0x1218 ================ Scan services =============================
    23:27:50.0290 0x1218 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
    23:27:50.0307 0x1218 1394ohci - ok
    23:27:50.0372 0x1218 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\windows\system32\drivers\ACPI.sys
    23:27:50.0386 0x1218 ACPI - ok
    23:27:50.0399 0x1218 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
    23:27:50.0401 0x1218 AcpiPmi - ok
    23:27:50.0531 0x1218 [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    23:27:50.0538 0x1218 AdobeARMservice - ok
    23:27:50.0671 0x1218 [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    23:27:50.0687 0x1218 AdobeFlashPlayerUpdateSvc - ok
    23:27:50.0769 0x1218 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\windows\system32\drivers\adp94xx.sys
    23:27:50.0794 0x1218 adp94xx - ok
    23:27:50.0871 0x1218 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\windows\system32\drivers\adpahci.sys
    23:27:50.0883 0x1218 adpahci - ok
    23:27:50.0893 0x1218 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\windows\system32\drivers\adpu320.sys
    23:27:50.0900 0x1218 adpu320 - ok
    23:27:50.0939 0x1218 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
    23:27:50.0944 0x1218 AeLookupSvc - ok
    23:27:51.0019 0x1218 [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD C:\windows\system32\drivers\afd.sys
    23:27:51.0042 0x1218 AFD - ok
    23:27:51.0096 0x1218 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\windows\system32\drivers\agp440.sys
    23:27:51.0099 0x1218 agp440 - ok
    23:27:51.0138 0x1218 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\windows\System32\alg.exe
    23:27:51.0141 0x1218 ALG - ok
    23:27:51.0212 0x1218 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\windows\system32\drivers\aliide.sys
    23:27:51.0215 0x1218 aliide - ok
    23:27:51.0239 0x1218 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\windows\system32\drivers\amdide.sys
    23:27:51.0241 0x1218 amdide - ok
    23:27:51.0276 0x1218 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\windows\system32\drivers\amdk8.sys
    23:27:51.0281 0x1218 AmdK8 - ok
    23:27:51.0290 0x1218 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\windows\system32\drivers\amdppm.sys
    23:27:51.0294 0x1218 AmdPPM - ok
    23:27:51.0322 0x1218 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\windows\system32\drivers\amdsata.sys
    23:27:51.0326 0x1218 amdsata - ok
    23:27:51.0353 0x1218 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\windows\system32\drivers\amdsbs.sys
    23:27:51.0359 0x1218 amdsbs - ok
    23:27:51.0385 0x1218 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\windows\system32\drivers\amdxata.sys
    23:27:51.0386 0x1218 amdxata - ok
    23:27:51.0411 0x1218 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\windows\system32\drivers\appid.sys
    23:27:51.0414 0x1218 AppID - ok
    23:27:51.0443 0x1218 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\windows\System32\appidsvc.dll
    23:27:51.0445 0x1218 AppIDSvc - ok
    23:27:51.0486 0x1218 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\windows\System32\appinfo.dll
    23:27:51.0492 0x1218 Appinfo - ok
    23:27:51.0536 0x1218 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\windows\system32\drivers\arc.sys
    23:27:51.0542 0x1218 arc - ok
    23:27:51.0554 0x1218 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\windows\system32\drivers\arcsas.sys
    23:27:51.0561 0x1218 arcsas - ok
    23:27:51.0599 0x1218 [ 0ACC3F49015E628590CA4372322EB46B, EB4E22EB4E840261168AF750E878E7A28CC080A89CEF77B5037C2897C40D1DE3 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
    23:27:51.0602 0x1218 aswMonFlt - ok
    23:27:51.0625 0x1218 [ 679712B7A353EE665B9301592164A172, CA3C918106A355BAFD0833BB493DF2CCBC2D0F90CA7EBF5E27CC088C7170B0E0 ] aswRdr C:\windows\system32\drivers\aswRdr2.sys
    23:27:51.0628 0x1218 aswRdr - ok
    23:27:51.0669 0x1218 [ C04F7B373881009D7994D9BF55D24AB4, 5DEEA804F4F9862024F40A204E88DBCFFBDD2DC87CA86145E3FB649CFCCDC624 ] aswRvrt C:\windows\system32\drivers\aswRvrt.sys
    23:27:51.0675 0x1218 aswRvrt - ok
    23:27:51.0786 0x1218 [ 43599E630DFC30AD4E6A2B4B269EB1C0, DA6C7FDC1F6A57117B17F697A94190CC0BB9E32B8CBB4F8C042AA461361CC74C ] aswSnx C:\windows\system32\drivers\aswSnx.sys
    23:27:51.0812 0x1218 aswSnx - ok
    23:27:51.0883 0x1218 [ F22DE5F5BA8ADA0A861441B624B51EB5, 58EF9FB3328B6B470F3652DBCE8ACEDAEE6839AC393889A02052298CA204689B ] aswSP C:\windows\system32\drivers\aswSP.sys
    23:27:51.0901 0x1218 aswSP - ok
    23:27:51.0941 0x1218 [ FD3EA14ADF6216BDF4030DB2EFD43D96, 2D3009008AAE93285301B5844DC214D6B05ECB05D37AE08895D8E7187A0BB619 ] aswStm C:\windows\system32\drivers\aswStm.sys
    23:27:51.0943 0x1218 aswStm - ok
    23:27:51.0989 0x1218 [ 90399625F341AB76BA4B85A5E860EB1F, 92DD461B14240222F451F971642844A4DAD9DF4FFEAA8F12D16EA117822BEEF3 ] aswVmm C:\windows\system32\drivers\aswVmm.sys
    23:27:51.0995 0x1218 aswVmm - ok
    23:27:52.0035 0x1218 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
    23:27:52.0037 0x1218 AsyncMac - ok
    23:27:52.0067 0x1218 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\windows\system32\drivers\atapi.sys
    23:27:52.0069 0x1218 atapi - ok
    23:27:52.0151 0x1218 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
    23:27:52.0177 0x1218 AudioEndpointBuilder - ok
    23:27:52.0205 0x1218 [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\windows\System32\Audiosrv.dll
    23:27:52.0221 0x1218 AudioSrv - ok
    23:27:52.0360 0x1218 [ CC42F104172B4A62793083D380867317, 0B09823419B328E29EB9FFBD033B3295590E414F31E7B37F11F62BD4B7EBAF06 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    23:27:52.0365 0x1218 avast! Antivirus - ok
    23:27:52.0412 0x1218 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\windows\System32\AxInstSV.dll
    23:27:52.0418 0x1218 AxInstSV - ok
    23:27:52.0484 0x1218 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys
    23:27:52.0507 0x1218 b06bdrv - ok
    23:27:52.0553 0x1218 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
    23:27:52.0563 0x1218 b57nd60a - ok
    23:27:52.0620 0x1218 [ E465525E1CBB92780AAC5AD7D3F1CBBF, 503840AA0A15E607C95D15457F99047264B1CE7B5CCEE95E37DDF311A3D7660C ] BackupStack C:\Program Files (x86)\MyPC Backup\BackupStack.exe
    23:27:52.0624 0x1218 BackupStack - ok
    23:27:52.0682 0x1218 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\windows\System32\bdesvc.dll
    23:27:52.0690 0x1218 BDESVC - ok
    23:27:52.0725 0x1218 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\windows\system32\drivers\Beep.sys
    23:27:52.0726 0x1218 Beep - ok
    23:27:52.0806 0x1218 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\windows\System32\bfe.dll
    23:27:52.0825 0x1218 BFE - ok
    23:27:52.0899 0x1218 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\windows\System32\qmgr.dll
    23:27:52.0925 0x1218 BITS - ok
    23:27:52.0971 0x1218 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
    23:27:52.0973 0x1218 blbdrive - ok
    23:27:52.0994 0x1218 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\windows\system32\DRIVERS\bowser.sys
    23:27:53.0001 0x1218 bowser - ok
    23:27:53.0032 0x1218 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys
    23:27:53.0033 0x1218 BrFiltLo - ok
    23:27:53.0037 0x1218 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys
    23:27:53.0038 0x1218 BrFiltUp - ok
    23:27:53.0074 0x1218 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\windows\System32\browser.dll
    23:27:53.0085 0x1218 Browser - ok
    23:27:53.0124 0x1218 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\windows\System32\Drivers\Brserid.sys
    23:27:53.0134 0x1218 Brserid - ok
    23:27:53.0140 0x1218 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
    23:27:53.0143 0x1218 BrSerWdm - ok
    23:27:53.0164 0x1218 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
    23:27:53.0166 0x1218 BrUsbMdm - ok
    23:27:53.0171 0x1218 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
    23:27:53.0173 0x1218 BrUsbSer - ok
    23:27:53.0179 0x1218 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys
    23:27:53.0182 0x1218 BTHMODEM - ok
    23:27:53.0244 0x1218 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\windows\system32\bthserv.dll
    23:27:53.0251 0x1218 bthserv - ok
    23:27:53.0282 0x1218 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
    23:27:53.0289 0x1218 cdfs - ok
    23:27:53.0315 0x1218 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
    23:27:53.0320 0x1218 cdrom - ok
    23:27:53.0347 0x1218 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\windows\System32\certprop.dll
    23:27:53.0350 0x1218 CertPropSvc - ok
    23:27:53.0365 0x1218 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\windows\system32\drivers\circlass.sys
    23:27:53.0368 0x1218 circlass - ok
    23:27:53.0411 0x1218 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\windows\system32\CLFS.sys
    23:27:53.0423 0x1218 CLFS - ok
    23:27:53.0504 0x1218 [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    23:27:53.0511 0x1218 clr_optimization_v2.0.50727_32 - ok
    23:27:53.0577 0x1218 [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    23:27:53.0585 0x1218 clr_optimization_v2.0.50727_64 - ok
    23:27:53.0677 0x1218 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    23:27:53.0688 0x1218 clr_optimization_v4.0.30319_32 - ok
    23:27:53.0720 0x1218 [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    23:27:53.0725 0x1218 clr_optimization_v4.0.30319_64 - ok
    23:27:53.0764 0x1218 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
    23:27:53.0766 0x1218 CmBatt - ok
    23:27:53.0798 0x1218 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\windows\system32\drivers\cmdide.sys
    23:27:53.0799 0x1218 cmdide - ok
    23:27:53.0850 0x1218 [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\windows\system32\Drivers\cng.sys
    23:27:53.0865 0x1218 CNG - ok
    23:27:54.0004 0x1218 [ A260BE645DD096D90318C8CF98536720, ACFDC643485AAAB40ABB3A00C8D9F2E962AF273B95118F0CD19FB8E93E8BF032 ] CnxtHdAudService C:\windows\system32\drivers\CHDRT64.sys
    23:27:54.0040 0x1218 CnxtHdAudService - ok
    23:27:54.0077 0x1218 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\windows\system32\drivers\compbatt.sys
    23:27:54.0078 0x1218 Compbatt - ok
    23:27:54.0090 0x1218 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
    23:27:54.0091 0x1218 CompositeBus - ok
    23:27:54.0096 0x1218 COMSysApp - ok
    23:27:54.0102 0x1218 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\windows\system32\drivers\crcdisk.sys
    23:27:54.0104 0x1218 crcdisk - ok
    23:27:54.0161 0x1218 [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\windows\system32\cryptsvc.dll
    23:27:54.0175 0x1218 CryptSvc - ok
    23:27:54.0227 0x1218 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\windows\system32\rpcss.dll
    23:27:54.0246 0x1218 DcomLaunch - ok
    23:27:54.0315 0x1218 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\windows\System32\defragsvc.dll
    23:27:54.0336 0x1218 defragsvc - ok
    23:27:54.0395 0x1218 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\windows\system32\Drivers\dfsc.sys
    23:27:54.0401 0x1218 DfsC - ok
    23:27:54.0452 0x1218 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\windows\system32\dhcpcore.dll
    23:27:54.0469 0x1218 Dhcp - ok
    23:27:54.0478 0x1218 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\windows\system32\drivers\discache.sys
    23:27:54.0480 0x1218 discache - ok
    23:27:54.0506 0x1218 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\windows\system32\drivers\disk.sys
    23:27:54.0509 0x1218 Disk - ok
    23:27:54.0537 0x1218 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\windows\System32\dnsrslvr.dll
    23:27:54.0543 0x1218 Dnscache - ok
    23:27:54.0564 0x1218 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\windows\System32\dot3svc.dll
    23:27:54.0571 0x1218 dot3svc - ok
    23:27:54.0611 0x1218 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\windows\system32\dps.dll
    23:27:54.0617 0x1218 DPS - ok
    23:27:54.0648 0x1218 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
    23:27:54.0649 0x1218 drmkaud - ok
    23:27:54.0731 0x1218 [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
    23:27:54.0753 0x1218 DXGKrnl - ok
    23:27:54.0808 0x1218 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\windows\System32\eapsvc.dll
    23:27:54.0813 0x1218 EapHost - ok
    23:27:54.0988 0x1218 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\windows\system32\drivers\evbda.sys
    23:27:55.0073 0x1218 ebdrv - ok
    23:27:55.0148 0x1218 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS C:\windows\System32\lsass.exe
    23:27:55.0155 0x1218 EFS - ok
    23:27:55.0290 0x1218 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\windows\ehome\ehRecvr.exe
    23:27:55.0316 0x1218 ehRecvr - ok
    23:27:55.0347 0x1218 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\windows\ehome\ehsched.exe
    23:27:55.0351 0x1218 ehSched - ok
    23:27:55.0402 0x1218 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\windows\system32\drivers\elxstor.sys
    23:27:55.0416 0x1218 elxstor - ok
    23:27:55.0421 0x1218 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\windows\system32\drivers\errdev.sys
    23:27:55.0422 0x1218 ErrDev - ok
    23:27:55.0469 0x1218 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\windows\system32\es.dll
    23:27:55.0480 0x1218 EventSystem - ok
    23:27:55.0503 0x1218 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\windows\system32\drivers\exfat.sys
    23:27:55.0509 0x1218 exfat - ok
    23:27:55.0518 0x1218 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\windows\system32\drivers\fastfat.sys
    23:27:55.0524 0x1218 fastfat - ok
    23:27:55.0569 0x1218 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\windows\system32\fxssvc.exe
    23:27:55.0589 0x1218 Fax - ok
    23:27:55.0594 0x1218 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\windows\system32\drivers\fdc.sys
    23:27:55.0596 0x1218 fdc - ok
    23:27:55.0627 0x1218 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\windows\system32\fdPHost.dll
    23:27:55.0629 0x1218 fdPHost - ok
    23:27:55.0633 0x1218 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\windows\system32\fdrespub.dll
    23:27:55.0635 0x1218 FDResPub - ok
    23:27:55.0665 0x1218 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\windows\system32\drivers\fileinfo.sys
    23:27:55.0667 0x1218 FileInfo - ok
    23:27:55.0671 0x1218 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\windows\system32\drivers\filetrace.sys
    23:27:55.0673 0x1218 Filetrace - ok
    23:27:55.0677 0x1218 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\windows\system32\drivers\flpydisk.sys
    23:27:55.0679 0x1218 flpydisk - ok
    23:27:55.0699 0x1218 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
    23:27:55.0707 0x1218 FltMgr - ok
    23:27:55.0814 0x1218 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\windows\system32\FntCache.dll
    23:27:55.0846 0x1218 FontCache - ok
    23:27:55.0898 0x1218 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    23:27:55.0904 0x1218 FontCache3.0.0.0 - ok
    23:27:55.0942 0x1218 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\windows\system32\drivers\FsDepends.sys
    23:27:55.0947 0x1218 FsDepends - ok
    23:27:55.0988 0x1218 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
    23:27:55.0991 0x1218 Fs_Rec - ok
    23:27:56.0054 0x1218 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
    23:27:56.0068 0x1218 fvevol - ok
    23:27:56.0108 0x1218 [ 60ACB128E64C35C2B4E4AAB1B0A5C293, 7B476AB5E95529A894F95397C753662F4C58D1FE89F4648271251DA77C5A3FA9 ] FwLnk C:\windows\system32\DRIVERS\FwLnk.sys
    23:27:56.0111 0x1218 FwLnk - ok
    23:27:56.0155 0x1218 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys
    23:27:56.0160 0x1218 gagp30kx - ok
    23:27:56.0210 0x1218 [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    23:27:56.0222 0x1218 GamesAppService - ok
    23:27:56.0317 0x1218 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\windows\System32\gpsvc.dll
    23:27:56.0339 0x1218 gpsvc - ok
    23:27:56.0414 0x1218 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:27:56.0424 0x1218 gupdate - ok
    23:27:56.0434 0x1218 [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    23:27:56.0439 0x1218 gupdatem - ok
    23:27:56.0494 0x1218 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    23:27:56.0501 0x1218 gusvc - ok
    23:27:56.0530 0x1218 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
    23:27:56.0532 0x1218 hcw85cir - ok
    23:27:56.0573 0x1218 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
    23:27:56.0586 0x1218 HdAudAddService - ok
    23:27:56.0607 0x1218 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
    23:27:56.0612 0x1218 HDAudBus - ok
    23:27:56.0617 0x1218 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\windows\system32\drivers\HidBatt.sys
    23:27:56.0620 0x1218 HidBatt - ok
    23:27:56.0628 0x1218 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\windows\system32\drivers\hidbth.sys
    23:27:56.0632 0x1218 HidBth - ok
    23:27:56.0648 0x1218 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\windows\system32\drivers\hidir.sys
    23:27:56.0650 0x1218 HidIr - ok
    23:27:56.0676 0x1218 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\windows\system32\hidserv.dll
    23:27:56.0679 0x1218 hidserv - ok
    23:27:56.0718 0x1218 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\windows\system32\drivers\hidusb.sys
    23:27:56.0720 0x1218 HidUsb - ok
    23:27:56.0748 0x1218 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\windows\system32\kmsvc.dll
    23:27:56.0752 0x1218 hkmsvc - ok
    23:27:56.0773 0x1218 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\windows\system32\ListSvc.dll
    23:27:56.0781 0x1218 HomeGroupListener - ok
    23:27:56.0816 0x1218 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\windows\system32\provsvc.dll
    23:27:56.0823 0x1218 HomeGroupProvider - ok
    23:27:56.0865 0x1218 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
    23:27:56.0868 0x1218 HpSAMD - ok
    23:27:56.0922 0x1218 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\windows\system32\drivers\HTTP.sys
    23:27:56.0952 0x1218 HTTP - ok
    23:27:56.0956 0x1218 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
    23:27:56.0958 0x1218 hwpolicy - ok
    23:27:56.0972 0x1218 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
    23:27:56.0976 0x1218 i8042prt - ok
    23:27:57.0108 0x1218 [ D7921D5A870B11CC1ADAB198A519D50A, 5DF99EB5D5504E9D9EB21658E8B4A58DEE2AD143A1875DB7F9B7BF4877FCB57F ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
    23:27:57.0125 0x1218 iaStor - ok
    23:27:57.0173 0x1218 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
    23:27:57.0184 0x1218 iaStorV - ok
    23:27:57.0243 0x1218 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    23:27:57.0267 0x1218 idsvc - ok
    23:27:57.0287 0x1218 IEEtwCollectorService - ok
    23:27:57.0792 0x1218 [ 370C2A8629B30F910F740387795DDC6F, 7D2D69F0BC12E86236014003EEA7479BD0FDE9A469459B6550DC3AED07A02030 ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
    23:27:58.0271 0x1218 igfx - ok
    23:27:58.0334 0x1218 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\windows\system32\drivers\iirsp.sys
    23:27:58.0339 0x1218 iirsp - ok
    23:27:58.0414 0x1218 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\windows\System32\ikeext.dll
    23:27:58.0438 0x1218 IKEEXT - ok
    23:27:58.0469 0x1218 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\windows\system32\drivers\intelide.sys
    23:27:58.0473 0x1218 intelide - ok
    23:27:58.0514 0x1218 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
    23:27:58.0519 0x1218 intelppm - ok
    23:27:58.0572 0x1218 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\windows\system32\ipbusenum.dll
    23:27:58.0581 0x1218 IPBusEnum - ok
    23:27:58.0600 0x1218 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
    23:27:58.0607 0x1218 IpFilterDriver - ok
    23:27:58.0679 0x1218 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\windows\System32\iphlpsvc.dll
    23:27:58.0697 0x1218 iphlpsvc - ok
    23:27:58.0716 0x1218 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
    23:27:58.0719 0x1218 IPMIDRV - ok
    23:27:58.0735 0x1218 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\windows\system32\drivers\ipnat.sys
    23:27:58.0739 0x1218 IPNAT - ok
    23:27:58.0751 0x1218 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\windows\system32\drivers\irenum.sys
    23:27:58.0752 0x1218 IRENUM - ok
    23:27:58.0756 0x1218 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\windows\system32\drivers\isapnp.sys
    23:27:58.0758 0x1218 isapnp - ok
    23:27:58.0787 0x1218 [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
    23:27:58.0795 0x1218 iScsiPrt - ok
    23:27:58.0816 0x1218 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
    23:27:58.0818 0x1218 kbdclass - ok
    23:27:58.0827 0x1218 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
    23:27:58.0829 0x1218 kbdhid - ok
    23:27:58.0846 0x1218 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso C:\windows\system32\lsass.exe
    23:27:58.0849 0x1218 KeyIso - ok
    23:27:58.0888 0x1218 [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
    23:27:58.0896 0x1218 KSecDD - ok
    23:27:58.0932 0x1218 [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
    23:27:58.0943 0x1218 KSecPkg - ok
    23:27:58.0980 0x1218 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\windows\system32\drivers\ksthunk.sys
    23:27:58.0983 0x1218 ksthunk - ok
    23:27:59.0044 0x1218 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\windows\system32\msdtckrm.dll
    23:27:59.0073 0x1218 KtmRm - ok
    23:27:59.0131 0x1218 [ 045FB70BC993B691517CE309045FF02D, DF8D4755DB8440999CAABE1B25181D76342E0F79D9979A0600ECCAFA60E4130D ] L1C C:\windows\system32\DRIVERS\L1C62x64.sys
    23:27:59.0134 0x1218 L1C - ok
    23:27:59.0193 0x1218 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\windows\system32\srvsvc.dll
    23:27:59.0207 0x1218 LanmanServer - ok
    23:27:59.0248 0x1218 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
    23:27:59.0264 0x1218 LanmanWorkstation - ok
    23:27:59.0316 0x1218 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
    23:27:59.0322 0x1218 lltdio - ok
    23:27:59.0365 0x1218 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\windows\System32\lltdsvc.dll
    23:27:59.0381 0x1218 lltdsvc - ok
    23:27:59.0393 0x1218 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\windows\System32\lmhsvc.dll
    23:27:59.0398 0x1218 lmhosts - ok
    23:27:59.0477 0x1218 [ 98B16E756243BEA9410E32025B19C06F, C4F8663FF4C2F1123CC92D88004090AD06ED12FCD07706AE168333A33B269A53 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    23:27:59.0493 0x1218 LMS - ok
    23:27:59.0518 0x1218 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys
    23:27:59.0523 0x1218 LSI_FC - ok
    23:27:59.0546 0x1218 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys
    23:27:59.0550 0x1218 LSI_SAS - ok
    23:27:59.0556 0x1218 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys
    23:27:59.0559 0x1218 LSI_SAS2 - ok
    23:27:59.0583 0x1218 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys
    23:27:59.0587 0x1218 LSI_SCSI - ok
    23:27:59.0594 0x1218 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\windows\system32\drivers\luafv.sys
    23:27:59.0598 0x1218 luafv - ok
    23:27:59.0627 0x1218 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
    23:27:59.0632 0x1218 Mcx2Svc - ok
    23:27:59.0636 0x1218 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\windows\system32\drivers\megasas.sys
    23:27:59.0638 0x1218 megasas - ok
    23:27:59.0678 0x1218 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\windows\system32\drivers\MegaSR.sys
    23:27:59.0694 0x1218 MegaSR - ok
    23:27:59.0729 0x1218 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\windows\system32\DRIVERS\HECIx64.sys
    23:27:59.0731 0x1218 MEIx64 - ok
    23:27:59.0768 0x1218 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\windows\system32\mmcss.dll
    23:27:59.0773 0x1218 MMCSS - ok
    23:27:59.0779 0x1218 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\windows\system32\drivers\modem.sys
    23:27:59.0782 0x1218 Modem - ok
    23:27:59.0816 0x1218 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\windows\system32\DRIVERS\monitor.sys
    23:27:59.0817 0x1218 monitor - ok
    23:27:59.0837 0x1218 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
    23:27:59.0841 0x1218 mouclass - ok
    23:27:59.0851 0x1218 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\windows\system32\drivers\mouhid.sys
    23:27:59.0853 0x1218 mouhid - ok
    23:27:59.0861 0x1218 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\windows\system32\drivers\mountmgr.sys
    23:27:59.0865 0x1218 mountmgr - ok
    23:27:59.0927 0x1218 [ 7EDBBB9351A38C6BB0FE98CFD44DB430, FF77429D7FF3429AD15FD29B4F0F1CF1DA66F69651BCA9525889EDD47AB0306D ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    23:27:59.0936 0x1218 MozillaMaintenance - ok
    23:27:59.0972 0x1218 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\windows\system32\drivers\mpio.sys
    23:27:59.0978 0x1218 mpio - ok
    23:27:59.0997 0x1218 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
    23:28:00.0001 0x1218 mpsdrv - ok
    23:28:00.0060 0x1218 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\windows\system32\mpssvc.dll
    23:28:00.0092 0x1218 MpsSvc - ok
    23:28:00.0123 0x1218 [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
    23:28:00.0130 0x1218 MRxDAV - ok
    23:28:00.0158 0x1218 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
    23:28:00.0165 0x1218 mrxsmb - ok
    23:28:00.0180 0x1218 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
    23:28:00.0188 0x1218 mrxsmb10 - ok
    23:28:00.0194 0x1218 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
    23:28:00.0199 0x1218 mrxsmb20 - ok
    23:28:00.0229 0x1218 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\windows\system32\drivers\msahci.sys
    23:28:00.0230 0x1218 msahci - ok
    23:28:00.0237 0x1218 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\windows\system32\drivers\msdsm.sys
    23:28:00.0241 0x1218 msdsm - ok
    23:28:00.0265 0x1218 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\windows\System32\msdtc.exe
    23:28:00.0271 0x1218 MSDTC - ok
    23:28:00.0288 0x1218 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\windows\system32\drivers\Msfs.sys
    23:28:00.0290 0x1218 Msfs - ok
    23:28:00.0304 0x1218 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
    23:28:00.0305 0x1218 mshidkmdf - ok
    23:28:00.0309 0x1218 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
    23:28:00.0310 0x1218 msisadrv - ok
    23:28:00.0347 0x1218 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\windows\system32\iscsiexe.dll
    23:28:00.0353 0x1218 MSiSCSI - ok
    23:28:00.0357 0x1218 msiserver - ok
     
  12. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    23:28:00.0393 0x1218 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
    23:28:00.0395 0x1218 MSKSSRV - ok
    23:28:00.0406 0x1218 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
    23:28:00.0407 0x1218 MSPCLOCK - ok
    23:28:00.0411 0x1218 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\windows\system32\drivers\MSPQM.sys
    23:28:00.0412 0x1218 MSPQM - ok
    23:28:00.0444 0x1218 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
    23:28:00.0454 0x1218 MsRPC - ok
    23:28:00.0461 0x1218 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
    23:28:00.0462 0x1218 mssmbios - ok
    23:28:00.0466 0x1218 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\windows\system32\drivers\MSTEE.sys
    23:28:00.0468 0x1218 MSTEE - ok
    23:28:00.0471 0x1218 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\windows\system32\drivers\MTConfig.sys
    23:28:00.0473 0x1218 MTConfig - ok
    23:28:00.0478 0x1218 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\windows\system32\Drivers\mup.sys
    23:28:00.0479 0x1218 Mup - ok
    23:28:00.0532 0x1218 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\windows\system32\qagentRT.dll
    23:28:00.0547 0x1218 napagent - ok
    23:28:00.0602 0x1218 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
    23:28:00.0611 0x1218 NativeWifiP - ok
    23:28:00.0716 0x1218 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\windows\system32\drivers\ndis.sys
    23:28:00.0741 0x1218 NDIS - ok
    23:28:00.0788 0x1218 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
    23:28:00.0792 0x1218 NdisCap - ok
    23:28:00.0814 0x1218 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
    23:28:00.0819 0x1218 NdisTapi - ok
    23:28:00.0830 0x1218 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
    23:28:00.0836 0x1218 Ndisuio - ok
    23:28:00.0845 0x1218 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
    23:28:00.0851 0x1218 NdisWan - ok
    23:28:00.0874 0x1218 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
    23:28:00.0876 0x1218 NDProxy - ok
    23:28:00.0881 0x1218 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
    23:28:00.0883 0x1218 NetBIOS - ok
    23:28:00.0896 0x1218 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
    23:28:00.0904 0x1218 NetBT - ok
    23:28:00.0925 0x1218 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon C:\windows\system32\lsass.exe
    23:28:00.0928 0x1218 Netlogon - ok
    23:28:00.0971 0x1218 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\windows\System32\netman.dll
    23:28:00.0983 0x1218 Netman - ok
    23:28:01.0066 0x1218 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\windows\System32\netprofm.dll
    23:28:01.0086 0x1218 netprofm - ok
    23:28:01.0121 0x1218 [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    23:28:01.0125 0x1218 NetTcpPortSharing - ok
    23:28:01.0170 0x1218 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys
    23:28:01.0175 0x1218 nfrd960 - ok
    23:28:01.0205 0x1218 [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\windows\System32\nlasvc.dll
    23:28:01.0217 0x1218 NlaSvc - ok
    23:28:01.0285 0x1218 Norton PC Checkup Application Launcher - ok
    23:28:01.0293 0x1218 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\windows\system32\drivers\Npfs.sys
    23:28:01.0296 0x1218 Npfs - ok
    23:28:01.0341 0x1218 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\windows\system32\nsisvc.dll
    23:28:01.0345 0x1218 nsi - ok
    23:28:01.0381 0x1218 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
    23:28:01.0383 0x1218 nsiproxy - ok
    23:28:01.0505 0x1218 [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs C:\windows\system32\drivers\Ntfs.sys
    23:28:01.0547 0x1218 Ntfs - ok
    23:28:01.0567 0x1218 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\windows\system32\drivers\Null.sys
    23:28:01.0568 0x1218 Null - ok
    23:28:01.0587 0x1218 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\windows\system32\drivers\nvraid.sys
    23:28:01.0592 0x1218 nvraid - ok
    23:28:01.0624 0x1218 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\windows\system32\drivers\nvstor.sys
    23:28:01.0629 0x1218 nvstor - ok
    23:28:01.0647 0x1218 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\windows\system32\drivers\nv_agp.sys
    23:28:01.0652 0x1218 nv_agp - ok
    23:28:01.0665 0x1218 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
    23:28:01.0668 0x1218 ohci1394 - ok
    23:28:01.0705 0x1218 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\windows\system32\pnrpsvc.dll
    23:28:01.0716 0x1218 p2pimsvc - ok
    23:28:01.0742 0x1218 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\windows\system32\p2psvc.dll
    23:28:01.0756 0x1218 p2psvc - ok
    23:28:01.0780 0x1218 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\windows\system32\drivers\parport.sys
    23:28:01.0783 0x1218 Parport - ok
    23:28:01.0812 0x1218 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\windows\system32\drivers\partmgr.sys
    23:28:01.0815 0x1218 partmgr - ok
    23:28:01.0832 0x1218 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\windows\System32\pcasvc.dll
    23:28:01.0839 0x1218 PcaSvc - ok
    23:28:01.0865 0x1218 [ 2F86BE1818C2D7AC90478E3323EE7FCB, CE721FCFFDC9D24483DEB6BB77DAFEBE79BA143CA2EE68BF28E2A9297AADB2D4 ] PCCUJobMgr C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    23:28:01.0868 0x1218 PCCUJobMgr - ok
    23:28:01.0891 0x1218 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\windows\system32\drivers\pci.sys
    23:28:01.0896 0x1218 pci - ok
    23:28:01.0921 0x1218 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\windows\system32\drivers\pciide.sys
    23:28:01.0922 0x1218 pciide - ok
    23:28:01.0953 0x1218 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\windows\system32\drivers\pcmcia.sys
    23:28:01.0960 0x1218 pcmcia - ok
    23:28:01.0965 0x1218 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\windows\system32\drivers\pcw.sys
    23:28:01.0966 0x1218 pcw - ok
    23:28:01.0995 0x1218 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\windows\system32\drivers\peauth.sys
    23:28:02.0012 0x1218 PEAUTH - ok
    23:28:02.0102 0x1218 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\windows\SysWow64\perfhost.exe
    23:28:02.0110 0x1218 PerfHost - ok
    23:28:02.0172 0x1218 [ 91111CEBBDE8015E822C46120ED9537C, 255B85FEF663C2E0652CECF3F9B67B12B576F924A34415DEE13F0F5137E1E7F7 ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys
    23:28:02.0175 0x1218 PGEffect - ok
    23:28:02.0268 0x1218 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\windows\system32\pla.dll
    23:28:02.0308 0x1218 pla - ok
    23:28:02.0376 0x1218 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\windows\system32\umpnpmgr.dll
    23:28:02.0389 0x1218 PlugPlay - ok
    23:28:02.0414 0x1218 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
    23:28:02.0417 0x1218 PNRPAutoReg - ok
    23:28:02.0429 0x1218 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\windows\system32\pnrpsvc.dll
    23:28:02.0439 0x1218 PNRPsvc - ok
    23:28:02.0488 0x1218 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
    23:28:02.0504 0x1218 PolicyAgent - ok
    23:28:02.0532 0x1218 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\windows\system32\umpo.dll
    23:28:02.0539 0x1218 Power - ok
    23:28:02.0592 0x1218 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
    23:28:02.0601 0x1218 PptpMiniport - ok
    23:28:02.0624 0x1218 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\windows\system32\drivers\processr.sys
    23:28:02.0628 0x1218 Processor - ok
    23:28:02.0670 0x1218 [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\windows\system32\profsvc.dll
    23:28:02.0679 0x1218 ProfSvc - ok
    23:28:02.0702 0x1218 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\windows\system32\lsass.exe
    23:28:02.0705 0x1218 ProtectedStorage - ok
    23:28:02.0747 0x1218 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\windows\system32\DRIVERS\pacer.sys
    23:28:02.0752 0x1218 Psched - ok
    23:28:02.0863 0x1218 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\windows\system32\drivers\ql2300.sys
    23:28:02.0904 0x1218 ql2300 - ok
    23:28:02.0912 0x1218 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\windows\system32\drivers\ql40xx.sys
    23:28:02.0917 0x1218 ql40xx - ok
    23:28:02.0951 0x1218 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\windows\system32\qwave.dll
    23:28:02.0960 0x1218 QWAVE - ok
    23:28:02.0965 0x1218 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
    23:28:02.0967 0x1218 QWAVEdrv - ok
    23:28:02.0973 0x1218 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
    23:28:02.0974 0x1218 RasAcd - ok
    23:28:03.0049 0x1218 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
    23:28:03.0054 0x1218 RasAgileVpn - ok
    23:28:03.0106 0x1218 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\windows\System32\rasauto.dll
    23:28:03.0119 0x1218 RasAuto - ok
    23:28:03.0164 0x1218 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
    23:28:03.0173 0x1218 Rasl2tp - ok
    23:28:03.0215 0x1218 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\windows\System32\rasmans.dll
    23:28:03.0230 0x1218 RasMan - ok
    23:28:03.0237 0x1218 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
    23:28:03.0241 0x1218 RasPppoe - ok
    23:28:03.0255 0x1218 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
    23:28:03.0258 0x1218 RasSstp - ok
    23:28:03.0277 0x1218 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
    23:28:03.0286 0x1218 rdbss - ok
    23:28:03.0290 0x1218 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\windows\system32\drivers\rdpbus.sys
    23:28:03.0292 0x1218 rdpbus - ok
    23:28:03.0303 0x1218 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
    23:28:03.0304 0x1218 RDPCDD - ok
    23:28:03.0309 0x1218 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
    23:28:03.0310 0x1218 RDPENCDD - ok
    23:28:03.0336 0x1218 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
    23:28:03.0337 0x1218 RDPREFMP - ok
    23:28:03.0381 0x1218 [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
    23:28:03.0393 0x1218 RDPWD - ok
    23:28:03.0441 0x1218 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\windows\system32\drivers\rdyboost.sys
    23:28:03.0451 0x1218 rdyboost - ok
    23:28:03.0489 0x1218 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\windows\System32\mprdim.dll
    23:28:03.0497 0x1218 RemoteAccess - ok
    23:28:03.0556 0x1218 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\windows\system32\regsvc.dll
    23:28:03.0567 0x1218 RemoteRegistry - ok
    23:28:03.0601 0x1218 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
    23:28:03.0608 0x1218 RpcEptMapper - ok
    23:28:03.0638 0x1218 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\windows\system32\locator.exe
    23:28:03.0642 0x1218 RpcLocator - ok
    23:28:03.0686 0x1218 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\windows\system32\rpcss.dll
    23:28:03.0710 0x1218 RpcSs - ok
    23:28:03.0754 0x1218 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
    23:28:03.0760 0x1218 rspndr - ok
    23:28:03.0822 0x1218 [ 0E3DCF76F11DC431B088A2DFD7265CDA, 7FCC8A9C28B8B2E9EC6AB9FFF7354929838134F61DB9D5BB96C5F6A7ABDC6B6A ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys
    23:28:03.0837 0x1218 RSUSBSTOR - ok
    23:28:03.0889 0x1218 [ 64FDF4FE366CA42DA2B7D9D424B6E39B, FC3844152E29B703373788F24862CDD307837AA53D21F978FB9C038A34593B95 ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys
    23:28:03.0914 0x1218 RTL8192Ce - ok
    23:28:03.0935 0x1218 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs C:\windows\system32\lsass.exe
    23:28:03.0938 0x1218 SamSs - ok
    23:28:03.0966 0x1218 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\windows\system32\drivers\sbp2port.sys
    23:28:03.0970 0x1218 sbp2port - ok
    23:28:04.0003 0x1218 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\windows\System32\SCardSvr.dll
    23:28:04.0011 0x1218 SCardSvr - ok
    23:28:04.0025 0x1218 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
    23:28:04.0027 0x1218 scfilter - ok
    23:28:04.0077 0x1218 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\windows\system32\schedsvc.dll
    23:28:04.0107 0x1218 Schedule - ok
    23:28:04.0146 0x1218 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\windows\System32\certprop.dll
    23:28:04.0148 0x1218 SCPolicySvc - ok
    23:28:04.0185 0x1218 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\windows\System32\SDRSVC.dll
    23:28:04.0193 0x1218 SDRSVC - ok
    23:28:04.0226 0x1218 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\windows\system32\drivers\secdrv.sys
    23:28:04.0228 0x1218 secdrv - ok
    23:28:04.0245 0x1218 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\windows\system32\seclogon.dll
    23:28:04.0256 0x1218 seclogon - ok
    23:28:04.0266 0x1218 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\windows\System32\sens.dll
    23:28:04.0272 0x1218 SENS - ok
    23:28:04.0321 0x1218 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\windows\system32\sensrsvc.dll
    23:28:04.0331 0x1218 SensrSvc - ok
    23:28:04.0340 0x1218 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\windows\system32\drivers\serenum.sys
    23:28:04.0344 0x1218 Serenum - ok
    23:28:04.0409 0x1218 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\windows\system32\drivers\serial.sys
    23:28:04.0418 0x1218 Serial - ok
    23:28:04.0444 0x1218 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\windows\system32\drivers\sermouse.sys
    23:28:04.0448 0x1218 sermouse - ok
    23:28:04.0493 0x1218 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\windows\system32\sessenv.dll
    23:28:04.0500 0x1218 SessionEnv - ok
    23:28:04.0504 0x1218 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\windows\system32\drivers\sffdisk.sys
    23:28:04.0506 0x1218 sffdisk - ok
    23:28:04.0510 0x1218 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
    23:28:04.0512 0x1218 sffp_mmc - ok
    23:28:04.0516 0x1218 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
    23:28:04.0518 0x1218 sffp_sd - ok
    23:28:04.0523 0x1218 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\windows\system32\drivers\sfloppy.sys
    23:28:04.0524 0x1218 sfloppy - ok
    23:28:04.0579 0x1218 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\windows\System32\ipnathlp.dll
    23:28:04.0597 0x1218 SharedAccess - ok
    23:28:04.0628 0x1218 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\windows\System32\shsvcs.dll
    23:28:04.0641 0x1218 ShellHWDetection - ok
    23:28:04.0678 0x1218 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys
    23:28:04.0682 0x1218 SiSRaid2 - ok
    23:28:04.0695 0x1218 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys
    23:28:04.0702 0x1218 SiSRaid4 - ok
    23:28:04.0724 0x1218 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\windows\system32\DRIVERS\smb.sys
    23:28:04.0729 0x1218 Smb - ok
    23:28:04.0770 0x1218 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\windows\System32\snmptrap.exe
    23:28:04.0780 0x1218 SNMPTRAP - ok
    23:28:04.0788 0x1218 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\windows\system32\drivers\spldr.sys
    23:28:04.0791 0x1218 spldr - ok
    23:28:04.0862 0x1218 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\windows\System32\spoolsv.exe
    23:28:04.0881 0x1218 Spooler - ok
    23:28:05.0016 0x1218 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\windows\system32\sppsvc.exe
    23:28:05.0109 0x1218 sppsvc - ok
    23:28:05.0126 0x1218 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\windows\system32\sppuinotify.dll
    23:28:05.0131 0x1218 sppuinotify - ok
    23:28:05.0165 0x1218 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\windows\system32\DRIVERS\srv.sys
    23:28:05.0178 0x1218 srv - ok
    23:28:05.0192 0x1218 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
    23:28:05.0203 0x1218 srv2 - ok
    23:28:05.0211 0x1218 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
    23:28:05.0217 0x1218 srvnet - ok
    23:28:05.0238 0x1218 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
    23:28:05.0246 0x1218 SSDPSRV - ok
    23:28:05.0258 0x1218 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\windows\system32\sstpsvc.dll
    23:28:05.0263 0x1218 SstpSvc - ok
    23:28:05.0267 0x1218 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\windows\system32\drivers\stexstor.sys
    23:28:05.0269 0x1218 stexstor - ok
    23:28:05.0340 0x1218 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\windows\System32\wiaservc.dll
    23:28:05.0359 0x1218 stisvc - ok
    23:28:05.0390 0x1218 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\windows\system32\DRIVERS\swenum.sys
    23:28:05.0391 0x1218 swenum - ok
    23:28:05.0436 0x1218 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\windows\System32\swprv.dll
    23:28:05.0452 0x1218 swprv - ok
    23:28:05.0521 0x1218 [ 470C47DABA9CA3966F0AB3F835D7D135, BF98E48B05F37F8ABE264BF77355391A08955057E24AE456A5637D56BDFD40A5 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
    23:28:05.0531 0x1218 SynTP - ok
    23:28:05.0611 0x1218 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\windows\system32\sysmain.dll
    23:28:05.0658 0x1218 SysMain - ok
    23:28:05.0696 0x1218 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\windows\System32\TabSvc.dll
    23:28:05.0702 0x1218 TabletInputService - ok
    23:28:05.0722 0x1218 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\windows\System32\tapisrv.dll
    23:28:05.0733 0x1218 TapiSrv - ok
    23:28:05.0743 0x1218 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\windows\System32\tbssvc.dll
    23:28:05.0748 0x1218 TBS - ok
    23:28:05.0889 0x1218 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip C:\windows\system32\drivers\tcpip.sys
    23:28:05.0939 0x1218 Tcpip - ok
    23:28:06.0012 0x1218 [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
    23:28:06.0054 0x1218 TCPIP6 - ok
    23:28:06.0084 0x1218 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
    23:28:06.0086 0x1218 tcpipreg - ok
    23:28:06.0119 0x1218 [ FD542B661BD22FA69CA789AD0AC58C29, 75FFAF1834B1E22DF37608ED451F161052FF1FE3C681B4E20A68DCA92CC7FD8C ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys
    23:28:06.0121 0x1218 tdcmdpst - ok
    23:28:06.0153 0x1218 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
    23:28:06.0156 0x1218 TDPIPE - ok
    23:28:06.0188 0x1218 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
    23:28:06.0192 0x1218 TDTCP - ok
    23:28:06.0221 0x1218 [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\windows\system32\DRIVERS\tdx.sys
    23:28:06.0230 0x1218 tdx - ok
    23:28:06.0240 0x1218 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\windows\system32\DRIVERS\termdd.sys
    23:28:06.0242 0x1218 TermDD - ok
    23:28:06.0296 0x1218 [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\windows\System32\termsrv.dll
    23:28:06.0317 0x1218 TermService - ok
    23:28:06.0327 0x1218 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\windows\system32\themeservice.dll
    23:28:06.0332 0x1218 Themes - ok
    23:28:06.0346 0x1218 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\windows\system32\mmcss.dll
    23:28:06.0350 0x1218 THREADORDER - ok
    23:28:06.0448 0x1218 [ 71C321649B28638EE80A2EEB164C1DC8, D75D296B506DCC38A4DED82C71141388AEB60B065785DCC5BC2F4B3B77ACEDC7 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    23:28:06.0453 0x1218 TMachInfo - ok
    23:28:06.0492 0x1218 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19, CFE8A69E3F2A42C3BA2B38EC9233076D0AD32C441500E6407219F2E866905D9B ] TODDSrv C:\windows\system32\TODDSrv.exe
    23:28:06.0509 0x1218 TODDSrv - ok
    23:28:06.0644 0x1218 [ 1C73689B900428C7D054A41C4687F55C, 6DD3CDC09E4A62F40A81872789A5C8678C0FE23DD911C2951DFF5494B6BFC012 ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    23:28:06.0677 0x1218 TosCoSrv - ok
    23:28:06.0745 0x1218 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8, 8D852DB100AC68A07A6E2AD21198410EAAB36E83BB8BAEA71CB698680B5DCE71 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    23:28:06.0754 0x1218 TOSHIBA HDD SSD Alert Service - ok
    23:28:06.0831 0x1218 [ 09FF7B0B1B5C3D225495CB6F5A9B39F8, 0D2CC72B7E02B92C9A1D6B76300B75A39427046903326642B9D511A51A795027 ] tos_sps64 C:\windows\system32\DRIVERS\tos_sps64.sys
    23:28:06.0848 0x1218 tos_sps64 - ok
    23:28:06.0882 0x1218 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\windows\System32\trkwks.dll
    23:28:06.0889 0x1218 TrkWks - ok
    23:28:06.0949 0x1218 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
    23:28:06.0961 0x1218 TrustedInstaller - ok
    23:28:06.0998 0x1218 [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
    23:28:07.0001 0x1218 tssecsrv - ok
    23:28:07.0083 0x1218 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
    23:28:07.0089 0x1218 TsUsbFlt - ok
    23:28:07.0099 0x1218 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys
    23:28:07.0104 0x1218 TsUsbGD - ok
    23:28:07.0130 0x1218 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
    23:28:07.0134 0x1218 tunnel - ok
    23:28:07.0176 0x1218 [ 550B567F9364D8F7684C3FB3EA665A72, A214BBBBAB9F0DD525FA5A818CEB8E9294B4A96676317255D7ACF6049049C933 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS
    23:28:07.0179 0x1218 TVALZ - ok
    23:28:07.0191 0x1218 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\windows\system32\drivers\uagp35.sys
    23:28:07.0198 0x1218 uagp35 - ok
    23:28:07.0226 0x1218 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\windows\system32\DRIVERS\udfs.sys
    23:28:07.0236 0x1218 udfs - ok
    23:28:07.0274 0x1218 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\windows\system32\UI0Detect.exe
    23:28:07.0278 0x1218 UI0Detect - ok
    23:28:07.0292 0x1218 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
    23:28:07.0295 0x1218 uliagpkx - ok
    23:28:07.0327 0x1218 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\windows\system32\DRIVERS\umbus.sys
    23:28:07.0330 0x1218 umbus - ok
    23:28:07.0358 0x1218 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\windows\system32\drivers\umpass.sys
    23:28:07.0359 0x1218 UmPass - ok
    23:28:07.0545 0x1218 [ 7A78ED1088890114DFDE2C4AB038D6B6, B52357594A90A8BCF5F96FA630F52BB1274A2FE814AF0270D21C892871D076FC ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    23:28:07.0614 0x1218 UNS - ok
    23:28:07.0651 0x1218 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\windows\System32\upnphost.dll
    23:28:07.0663 0x1218 upnphost - ok
    23:28:07.0691 0x1218 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
    23:28:07.0694 0x1218 usbccgp - ok
    23:28:07.0738 0x1218 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\windows\system32\drivers\usbcir.sys
    23:28:07.0745 0x1218 usbcir - ok
    23:28:07.0778 0x1218 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\windows\system32\drivers\usbehci.sys
    23:28:07.0781 0x1218 usbehci - ok
    23:28:07.0845 0x1218 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
    23:28:07.0865 0x1218 usbhub - ok
    23:28:07.0901 0x1218 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\windows\system32\drivers\usbohci.sys
    23:28:07.0904 0x1218 usbohci - ok
    23:28:07.0932 0x1218 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\windows\system32\drivers\usbprint.sys
    23:28:07.0935 0x1218 usbprint - ok
    23:28:07.0943 0x1218 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
    23:28:07.0948 0x1218 USBSTOR - ok
    23:28:07.0962 0x1218 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\windows\system32\drivers\usbuhci.sys
    23:28:07.0965 0x1218 usbuhci - ok
    23:28:08.0028 0x1218 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
    23:28:08.0042 0x1218 usbvideo - ok
    23:28:08.0085 0x1218 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\windows\System32\uxsms.dll
    23:28:08.0093 0x1218 UxSms - ok
    23:28:08.0137 0x1218 [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc C:\windows\system32\lsass.exe
    23:28:08.0141 0x1218 VaultSvc - ok
    23:28:08.0198 0x1218 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
    23:28:08.0201 0x1218 vdrvroot - ok
    23:28:08.0289 0x1218 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\windows\System32\vds.exe
    23:28:08.0323 0x1218 vds - ok
    23:28:08.0329 0x1218 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
    23:28:08.0333 0x1218 vga - ok
    23:28:08.0339 0x1218 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\windows\System32\drivers\vga.sys
    23:28:08.0341 0x1218 VgaSave - ok
    23:28:08.0363 0x1218 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\windows\system32\drivers\vhdmp.sys
    23:28:08.0370 0x1218 vhdmp - ok
    23:28:08.0397 0x1218 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\windows\system32\drivers\viaide.sys
    23:28:08.0399 0x1218 viaide - ok
    23:28:08.0428 0x1218 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\windows\system32\drivers\volmgr.sys
    23:28:08.0433 0x1218 volmgr - ok
    23:28:08.0479 0x1218 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\windows\system32\drivers\volmgrx.sys
    23:28:08.0494 0x1218 volmgrx - ok
    23:28:08.0510 0x1218 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\windows\system32\drivers\volsnap.sys
    23:28:08.0519 0x1218 volsnap - ok
    23:28:08.0537 0x1218 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\windows\system32\drivers\vsmraid.sys
    23:28:08.0542 0x1218 vsmraid - ok
    23:28:08.0645 0x1218 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\windows\system32\vssvc.exe
    23:28:08.0690 0x1218 VSS - ok
    23:28:08.0695 0x1218 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
    23:28:08.0696 0x1218 vwifibus - ok
    23:28:08.0719 0x1218 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
    23:28:08.0721 0x1218 vwififlt - ok
    23:28:08.0755 0x1218 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\windows\system32\w32time.dll
    23:28:08.0767 0x1218 W32Time - ok
    23:28:08.0799 0x1218 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\windows\system32\drivers\wacompen.sys
    23:28:08.0801 0x1218 WacomPen - ok
    23:28:08.0837 0x1218 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
    23:28:08.0841 0x1218 WANARP - ok
    23:28:08.0846 0x1218 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
    23:28:08.0848 0x1218 Wanarpv6 - ok
    23:28:08.0932 0x1218 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
    23:28:08.0965 0x1218 WatAdminSvc - ok
    23:28:09.0075 0x1218 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\windows\system32\wbengine.exe
    23:28:09.0117 0x1218 wbengine - ok
    23:28:09.0127 0x1218 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\windows\System32\wbiosrvc.dll
    23:28:09.0136 0x1218 WbioSrvc - ok
    23:28:09.0159 0x1218 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\windows\System32\wcncsvc.dll
    23:28:09.0172 0x1218 wcncsvc - ok
    23:28:09.0179 0x1218 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
    23:28:09.0183 0x1218 WcsPlugInService - ok
    23:28:09.0215 0x1218 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\windows\system32\drivers\wd.sys
    23:28:09.0216 0x1218 Wd - ok
    23:28:09.0274 0x1218 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
    23:28:09.0295 0x1218 Wdf01000 - ok
    23:28:09.0347 0x1218 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\windows\system32\wdi.dll
    23:28:09.0361 0x1218 WdiServiceHost - ok
    23:28:09.0367 0x1218 [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\windows\system32\wdi.dll
    23:28:09.0374 0x1218 WdiSystemHost - ok
    23:28:09.0416 0x1218 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\windows\System32\webclnt.dll
    23:28:09.0430 0x1218 WebClient - ok
    23:28:09.0461 0x1218 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\windows\system32\wecsvc.dll
    23:28:09.0474 0x1218 Wecsvc - ok
    23:28:09.0489 0x1218 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\windows\System32\wercplsupport.dll
    23:28:09.0495 0x1218 wercplsupport - ok
    23:28:09.0530 0x1218 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\windows\System32\WerSvc.dll
    23:28:09.0535 0x1218 WerSvc - ok
    23:28:09.0558 0x1218 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
    23:28:09.0559 0x1218 WfpLwf - ok
    23:28:09.0572 0x1218 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\windows\system32\drivers\wimmount.sys
    23:28:09.0574 0x1218 WIMMount - ok
    23:28:09.0590 0x1218 WinDefend - ok
    23:28:09.0605 0x1218 WinHttpAutoProxySvc - ok
    23:28:09.0678 0x1218 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
    23:28:09.0693 0x1218 Winmgmt - ok
    23:28:09.0799 0x1218 [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\windows\system32\WsmSvc.dll
    23:28:09.0854 0x1218 WinRM - ok
    23:28:09.0913 0x1218 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys
    23:28:09.0915 0x1218 WinUsb - ok
    23:28:09.0969 0x1218 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\windows\System32\wlansvc.dll
    23:28:09.0996 0x1218 Wlansvc - ok
    23:28:10.0060 0x1218 [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    23:28:10.0066 0x1218 wlcrasvc - ok
    23:28:10.0245 0x1218 [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    23:28:10.0305 0x1218 wlidsvc - ok
    23:28:10.0325 0x1218 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
    23:28:10.0327 0x1218 WmiAcpi - ok
    23:28:10.0366 0x1218 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
    23:28:10.0372 0x1218 wmiApSrv - ok
    23:28:10.0402 0x1218 WMPNetworkSvc - ok
    23:28:10.0426 0x1218 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\windows\System32\wpcsvc.dll
    23:28:10.0430 0x1218 WPCSvc - ok
    23:28:10.0454 0x1218 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
    23:28:10.0460 0x1218 WPDBusEnum - ok
    23:28:10.0482 0x1218 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
    23:28:10.0484 0x1218 ws2ifsl - ok
    23:28:10.0497 0x1218 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\windows\System32\wscsvc.dll
    23:28:10.0503 0x1218 wscsvc - ok
    23:28:10.0507 0x1218 WSearch - ok
    23:28:10.0659 0x1218 [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\windows\system32\wuaueng.dll
    23:28:10.0724 0x1218 wuauserv - ok
    23:28:10.0756 0x1218 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
    23:28:10.0760 0x1218 WudfPf - ok
    23:28:10.0788 0x1218 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
    23:28:10.0794 0x1218 WUDFRd - ok
    23:28:10.0835 0x1218 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\windows\System32\WUDFSvc.dll
    23:28:10.0851 0x1218 wudfsvc - ok
    23:28:10.0904 0x1218 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\windows\System32\wwansvc.dll
    23:28:10.0924 0x1218 WwanSvc - ok
    23:28:11.0018 0x1218 [ DD0042F0C3B606A6A8B92D49AFB18AD6, 8D3BE4C93D02AF5F42EC46AF598D6DA40C61D467CB2FEE5E222F9C1E7A84B852 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    23:28:11.0035 0x1218 YahooAUService - ok
    23:28:11.0052 0x1218 ================ Scan global ===============================
    23:28:11.0089 0x1218 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\windows\system32\basesrv.dll
    23:28:11.0125 0x1218 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\windows\system32\winsrv.dll
    23:28:11.0141 0x1218 [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\windows\system32\winsrv.dll
    23:28:11.0181 0x1218 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\windows\system32\sxssrv.dll
    23:28:11.0233 0x1218 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\windows\system32\services.exe
    23:28:11.0256 0x1218 [ Global ] - ok
    23:28:11.0257 0x1218 ================ Scan MBR ==================================
    23:28:11.0270 0x1218 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR0
    23:28:11.0270 0x1218 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    23:28:11.0366 0x1218 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c ( 0 )
    23:28:11.0366 0x1218 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    23:28:22.0056 0x1218 ================ Scan VBR ==================================
    23:28:22.0092 0x1218 [ F35360472A297C6EDD472B5A8FE5D58B ] \Device\Harddisk0\DR0\Partition1
    23:28:22.0094 0x1218 \Device\Harddisk0\DR0\Partition1 - ok
    23:28:22.0094 0x1218 Waiting for KSN requests completion. In queue: 351
    23:28:23.0144 0x1218 AV detected via SS2: avast! Antivirus, C:\Program Files\AVAST Software\Avast\VisthAux.exe ( 9.0.2013.292 ), 0x41000 ( enabled : updated )
    23:28:23.0151 0x1218 Win FW state via NFP2: enabled
    23:28:25.0637 0x1218 ============================================================
    23:28:25.0637 0x1218 Scan finished
    23:28:25.0637 0x1218 ============================================================
    23:28:25.0653 0x1138 Detected object count: 1
    23:28:25.0653 0x1138 Actual detected object count: 1
    23:28:38.0080 0x1138 \Device\Harddisk0\DR0\# - copied to quarantine
    23:28:38.0085 0x1138 \Device\Harddisk0\DR0 - copied to quarantine
    23:28:38.0121 0x1138 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    23:28:38.0164 0x1138 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    23:28:38.0191 0x1138 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    23:28:41.0333 0x1138 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    23:28:41.0363 0x1138 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    23:28:41.0373 0x1138 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    23:28:41.0373 0x1138 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    23:28:41.0373 0x1138 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    23:28:41.0423 0x1138 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    23:28:41.0453 0x1138 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    23:28:41.0453 0x1138 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    23:28:41.0453 0x1138 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    23:28:41.0453 0x1138 \Device\Harddisk0\DR0\TDLFS\ns - copied to quarantine
    23:28:41.0463 0x1138 \Device\Harddisk0\DR0\TDLFS\cmd32.dll - copied to quarantine
    23:28:41.0613 0x1138 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    23:28:41.0613 0x1138 \Device\Harddisk0\DR0 - ok
    23:28:42.0423 0x1138 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    23:28:42.0473 0x1138 KLMD registered as C:\windows\system32\drivers\49511195.sys
    23:36:16.0478 0x0f58 Deinitialize success
  13. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Very good.

    Did Avast stop complaining?

    [​IMG] Re-run MBAM one more time and post fresh log.
  14. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    Yes it did. Should I just run another quick scan or full system?
  15. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Quick is fine.

    When done...

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  16. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.19.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Jessica :: JESSICA-PC [administrator]

    3/18/2014 11:52:52 PM
    mbam-log-2014-03-18 (23-52-52).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213562
    Time elapsed: 3 minute(s),

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
  17. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    RogueKiller V8.8.11 [Mar 14 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Jessica [Admin rights]
    Mode : Remove -- Date : 03/19/2014 00:05:53
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 2 ¤¤¤
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK3275GSX +++++
    --- User ---
    [MBR] c14a194e47a70f624d48fac8dd35e444
    [BSP] 35cff5c93c53e5a466e70c6c8ff31d64 : Windows Vista MBR Code
    Partition table:
    0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 289747 Mo
    2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 596475904 | Size: 13997 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_03192014_000553.txt >>
    RKreport[0]_S_03192014_000504.txt
  18. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    When I opened the installer for malwarebytes anti-rootkit a messag popped up titled "probable rootkit activity dtected" and says "registry value AppInit_Dlls which may be caused by rootkit activity. Note: Press not if you're not sure. If the tool crashes or terminates unexpectedly during a system scan, restart the tool and press yes should this message appear again. " it ends with asking if I want to "remove this value and restart the tool" should I click yes or no?
  19. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Click "Yes".
  20. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    1st scan

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.03.19.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Jessica :: JESSICA-PC [administrator]

    3/19/2014 12:30:31 AM
    mbar-log-2014-03-19 (00-30-31).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 229540
    Time elapsed: 10 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 3
    C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43\U (Trojan.Siredef.C) -> Delete on reboot.
    C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43\L (Trojan.Siredef.C) -> Delete on reboot.
    C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43 (Trojan.Siredef.C) -> Delete on reboot.

    Files Detected: 1
    C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43\@ (Trojan.Siredef.C) -> Delete on reboot.

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)

    2nd scan

    Malwarebytes Anti-Rootkit BETA 1.07.0.1009
    www.malwarebytes.org

    Database version: v2014.03.19.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16428
    Jessica :: JESSICA-PC [administrator]

    3/19/2014 12:46:44 AM
    mbar-log-2014-03-19 (00-46-44).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 229564
    Time elapsed: 11 minute(s), 51 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
  21. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    System log

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16428

    Java version: 1.6.0_25

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.195000 GHz
    Memory total: 4240293888, free: 2571300864

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16428

    Java version: 1.6.0_25

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.195000 GHz
    Memory total: 4240293888, free: 2632511488

    Downloaded database version: v2014.03.19.01
    Downloaded database version: v2014.03.18.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/19/2014 00:30:27
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \??\C:\windows\system32\drivers\aswSnx.sys
    \??\C:\windows\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \??\C:\windows\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\L1C62x64.sys
    \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\windows\system32\drivers\aswStm.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \??\C:\windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\shell32.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\ole32.dll
    \Windows\System32\sechost.dll
    \Windows\System32\msctf.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\usp10.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\wininet.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\psapi.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\lpk.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\imm32.dll
    \Windows\System32\user32.dll
    \Windows\System32\advapi32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\devobj.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004f30060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004de6050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004f30060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004f30b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004f30060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004de6050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 10ED62A

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 593401856

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596475904 Numsec = 28665856
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Infected: C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43\@ --> [Trojan.Siredef.C]
    Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
    Infected: C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43\U --> [Trojan.Siredef.C]
    Infected: C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43\L --> [Trojan.Siredef.C]
    Infected: C:\$Recycle.Bin\S-1-5-21-650517197-2475678106-1037007056-1000\$56e02f73c73e341c1909583710acfd43 --> [Trojan.Siredef.C]
    Scan finished
    Cleaning up...
    Executing an action fixdamage.exe...
    Success!
    Queuing an action fixdamage.exe
    Removal scheduling successful. System shutdown needed.
    System shutdown occurred
    =======================================


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1009

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.16428

    Java version: 1.6.0_25

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.195000 GHz
    Memory total: 4240293888, free: 2471776256

    Downloaded database version: v2014.03.19.02
    =======================================
    Initializing...
    ------------ Kernel report ------------
    03/19/2014 00:46:39
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\drivers\imofugc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\drivers\compbatt.sys
    \SystemRoot\system32\drivers\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\drivers\wd.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
    \SystemRoot\system32\DRIVERS\tos_sps64.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\drivers\disk.sys
    \SystemRoot\System32\Drivers\aswVmm.sys
    \SystemRoot\System32\Drivers\aswRvrt.sys
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \??\C:\windows\system32\drivers\aswSnx.sys
    \??\C:\windows\system32\drivers\aswSP.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \??\C:\windows\system32\drivers\aswRdr2.sys
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\DRIVERS\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\DRIVERS\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\L1C62x64.sys
    \SystemRoot\system32\DRIVERS\rtl8192Ce.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\tdcmdpst.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\FwLnk.sys
    \SystemRoot\system32\DRIVERS\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\swenum.sys
    \SystemRoot\system32\DRIVERS\ks.sys
    \SystemRoot\system32\DRIVERS\umbus.sys
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\CHDRT64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\system32\DRIVERS\pgeffect.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\cdd.dll
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\Drivers\dump_iaStor.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\windows\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \??\C:\windows\system32\drivers\aswStm.sys
    \??\C:\windows\system32\drivers\mbamchameleon.sys
    \SystemRoot\system32\drivers\spsys.sys
    \??\C:\windows\system32\drivers\MBAMSwissArmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    \Windows\System32\advapi32.dll
    \Windows\System32\gdi32.dll
    \Windows\System32\nsi.dll
    \Windows\System32\imm32.dll
    \Windows\System32\oleaut32.dll
    \Windows\System32\comdlg32.dll
    \Windows\System32\ole32.dll
    \Windows\System32\Wldap32.dll
    \Windows\System32\user32.dll
    \Windows\System32\shell32.dll
    \Windows\System32\ws2_32.dll
    \Windows\System32\iertutil.dll
    \Windows\System32\rpcrt4.dll
    \Windows\System32\lpk.dll
    \Windows\System32\usp10.dll
    \Windows\System32\urlmon.dll
    \Windows\System32\msvcrt.dll
    \Windows\System32\clbcatq.dll
    \Windows\System32\wininet.dll
    \Windows\System32\kernel32.dll
    \Windows\System32\normaliz.dll
    \Windows\System32\msctf.dll
    \Windows\System32\imagehlp.dll
    \Windows\System32\sechost.dll
    \Windows\System32\psapi.dll
    \Windows\System32\difxapi.dll
    \Windows\System32\setupapi.dll
    \Windows\System32\shlwapi.dll
    \Windows\System32\wintrust.dll
    \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
    \Windows\System32\KernelBase.dll
    \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
    \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    \Windows\System32\cfgmgr32.dll
    \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
    \Windows\System32\devobj.dll
    \Windows\System32\crypt32.dll
    \Windows\System32\comctl32.dll
    \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    \Windows\System32\msasn1.dll
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8004f2c6b0
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa8004dde050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8004f2c6b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8004f2d040, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8004f2c6b0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa8004dde050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 10ED62A

    Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048 Numsec = 593401856

    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 596475904 Numsec = 28665856
    Partition is not bootable
    Hidden partition VBR is not infected.

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 320072933376 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-596475904-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
  22. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Very good :)

    [​IMG]
    Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
  23. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    ComboFix 14-03-19.01 - Jessica 03/19/2014 23:22:03.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2271 [GMT -4:00]
    Running from: c:\users\Jessica\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-20 to 2014-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-20 03:26 . 2014-03-20 03:26 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-03-19 04:30 . 2014-03-19 04:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-03-19 04:29 . 2014-03-19 04:46 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-19 04:03 . 2014-03-19 04:03 -------- d-----w- c:\users\Jessica\AppData\Local\CrashDumps
    2014-03-19 03:28 . 2014-03-19 03:28 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-03-18 19:32 . 2013-10-14 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2014-03-18 19:31 . 2014-03-18 19:31 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-03-18 19:31 . 2014-03-18 19:31 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-03-18 19:29 . 2014-03-18 19:29 878080 ----a-w- c:\windows\system32\advapi32.dll
    2014-03-18 13:37 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2014-03-18 13:37 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2014-03-18 13:37 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2014-03-18 13:37 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2014-03-18 13:37 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2014-03-18 08:56 . 2014-03-18 08:56 -------- d-----w- c:\program files\Microsoft Silverlight
    2014-03-18 08:56 . 2014-03-18 08:56 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2014-03-18 05:25 . 2014-03-18 05:25 -------- d-----w- c:\program files\CCleaner
    2014-03-18 05:24 . 2014-03-18 05:24 -------- d-----w- c:\users\Jessica\AppData\Local\Macromedia
    2014-03-18 05:12 . 2014-03-18 05:12 312744 ----a-w- c:\windows\system32\javaws.exe
    2014-03-18 05:12 . 2014-03-18 05:12 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-03-18 05:12 . 2014-03-18 05:12 189352 ----a-w- c:\windows\system32\javaw.exe
    2014-03-18 05:12 . 2014-03-18 05:12 189352 ----a-w- c:\windows\system32\java.exe
    2014-03-18 05:12 . 2014-03-18 05:12 -------- d-----w- c:\program files\Java
    2014-03-18 05:11 . 2014-03-18 05:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-18 05:11 . 2014-03-18 05:11 -------- d-----w- c:\windows\system32\Macromed
    2014-03-18 05:08 . 2014-03-18 05:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2014-03-18 03:54 . 2014-03-18 03:54 -------- d-----w- c:\users\Jessica\AppData\Roaming\AVAST Software
    2014-03-18 03:53 . 2014-03-18 03:52 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-03-18 03:53 . 2014-03-18 03:52 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-03-18 03:53 . 2014-03-18 03:52 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-03-18 03:53 . 2014-03-18 03:52 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-03-18 03:53 . 2014-03-18 03:52 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-03-18 03:53 . 2014-03-18 03:52 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-03-18 03:53 . 2014-03-18 03:52 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-03-18 03:53 . 2014-03-18 03:52 334136 ----a-w- c:\windows\system32\aswBoot.exe
    2014-03-18 03:52 . 2014-03-18 03:52 43152 ----a-w- c:\windows\avastSS.scr
    2014-03-18 03:52 . 2014-03-18 03:52 -------- d-----w- c:\program files\AVAST Software
    2014-03-18 03:51 . 2014-03-18 03:51 -------- d-----w- c:\programdata\AVAST Software
    2014-03-18 03:47 . 2014-03-18 03:47 -------- d-----w- c:\program files (x86)\FileHippo.com
    2014-03-18 03:06 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
    2014-03-18 03:06 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2014-03-18 03:05 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2014-03-18 03:05 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
    2014-03-18 03:05 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
    2014-03-18 03:05 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2014-03-18 03:05 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2014-03-18 03:05 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2014-03-18 03:05 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2014-03-18 03:05 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
    2014-03-18 03:05 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
    2014-03-18 03:05 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2014-03-18 03:05 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2014-03-18 03:04 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-03-18 03:04 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-03-18 03:04 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-03-18 03:04 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
    2014-03-18 03:04 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-03-18 03:04 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-03-18 03:04 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-03-18 03:04 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
    2014-03-18 03:04 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
    2014-03-18 03:04 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
    2014-03-18 03:04 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
    2014-03-18 03:02 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2014-03-18 03:01 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
    2014-03-18 03:01 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2014-03-18 03:01 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
    2014-03-18 03:01 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
    2014-03-18 03:01 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-18 03:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-18 03:01 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-03-18 03:01 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-03-18 03:01 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
    2014-03-18 03:01 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
    2014-03-18 02:59 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
    2014-03-18 02:59 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
    2014-03-18 02:59 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
    2014-03-18 02:59 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
    2014-03-18 02:59 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
    2014-03-18 02:59 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
    2014-03-18 02:59 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
    2014-03-18 02:59 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
    2014-03-18 02:59 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-03-18 02:59 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-03-18 02:59 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
    2014-03-18 02:58 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2014-03-18 02:58 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2014-03-18 02:58 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2014-03-18 02:58 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2014-03-18 02:58 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    2014-03-18 02:58 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\programdata\Malwarebytes
    2014-03-18 02:47 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\users\Jessica\AppData\Local\Programs
    2014-03-18 02:46 . 2014-03-18 02:46 -------- d-----w- c:\program files (x86)\MyPC Backup
    2014-03-18 02:44 . 2014-03-18 02:44 -------- d-----w- c:\users\Jessica\AppData\Local\Mozilla
    2014-03-18 02:43 . 2014-03-18 02:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2014-03-18 02:42 . 2014-03-18 02:43 -------- d-----w- c:\users\Jessica\AppData\Local\SearchProtect
    2014-03-18 02:36 . 2014-03-18 02:36 -------- d-----w- c:\program files (x86)\GUM7BA4.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-18 19:29 . 2014-03-18 19:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-03-18 05:23 . 2011-10-31 02:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-18 02:37 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521352]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2014-02-11 1565464]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-10-29 22:22 1521352 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2013-01-07 23:13 198072 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521352]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-26 39408]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573576]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-18 3767096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
    .
    c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    MyPC Backup.lnk - c:\program files (x86)\MyPC Backup\MyPC Backup.exe [2014-3-14 2901032]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 BackupStack;Computer Backup (MyPC Backup);c:\program files (x86)\MyPC Backup\BackupStack.exe;c:\program files (x86)\MyPC Backup\BackupStack.exe [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-18 03:10 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18 05:23]
    .
    2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 14:31]
    .
    2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 14:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-03-18 03:52 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\zkqpeq8w.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=d871bc99-4125-4053-ad7c-5a8a08fe208c&apn_ptnrs=%5EFM&apn_sauid=3A366A0A-A63E-45E7-926D-797D95F4F5EA&apn_dtid=%5Epfm013%5EYY%5EUS&&q=
    FF - ExtSQL: 2014-03-17 23:52; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    SafeBoot-51245792.sys
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
    HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
    HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
    HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
    f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:14,a3,b5,04,4e,d6,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-03-19 23:28:33
    ComboFix-quarantined-files.txt 2014-03-20 03:28
    .
    Pre-Run: 258,516,283,392 bytes free
    Post-Run: 258,261,008,384 bytes free
    .
    - - End Of File - - A785599AAE6969A04304E1FA1E5B0F94
  24. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    
    Folder::
    c:\program files (x86)\MyPC Backup
    
    Driver::
    BackupStack
    
    Registry::
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  25. Rjrossi88

    Rjrossi88 Newcomer, in training Topic Starter Posts: 42

    ComboFix 14-03-19.01 - Jessica 03/19/2014 23:55:59.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2458 [GMT -4:00]
    Running from: c:\users\Jessica\Desktop\ComboFix.exe
    Command switches used :: c:\users\Jessica\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\MyPC Backup
    c:\program files (x86)\MyPC Backup\aff.conf
    c:\program files (x86)\MyPC Backup\AlphaVSS.51.x86.dll
    c:\program files (x86)\MyPC Backup\AlphaVSS.52.x64.dll
    c:\program files (x86)\MyPC Backup\AlphaVSS.52.x86.dll
    c:\program files (x86)\MyPC Backup\AlphaVSS.60.x64.dll
    c:\program files (x86)\MyPC Backup\AlphaVSS.60.x86.dll
    c:\program files (x86)\MyPC Backup\AlphaVSS.Common.dll
    c:\program files (x86)\MyPC Backup\AWSSDK.dll
    c:\program files (x86)\MyPC Backup\BackupStack.exe
    c:\program files (x86)\MyPC Backup\Configuration Updater.exe
    c:\program files (x86)\MyPC Backup\Crypto32.dll
    c:\program files (x86)\MyPC Backup\Crypto64.dll
    c:\program files (x86)\MyPC Backup\Database\mpcb_backup_conf.db
    c:\program files (x86)\MyPC Backup\Database\mpcb_file_cache.db
    c:\program files (x86)\MyPC Backup\Database\mpcb_queues.db
    c:\program files (x86)\MyPC Backup\Database\mpcb_settings.db
    c:\program files (x86)\MyPC Backup\Database\mpcb_sig_cache.db
    c:\program files (x86)\MyPC Backup\de_DE.mo
    c:\program files (x86)\MyPC Backup\diffstack.dll
    c:\program files (x86)\MyPC Backup\es_ES.mo
    c:\program files (x86)\MyPC Backup\fr_FR.mo
    c:\program files (x86)\MyPC Backup\GetText.dll
    c:\program files (x86)\MyPC Backup\it_IT.mo
    c:\program files (x86)\MyPC Backup\log\WAIT_HANDLES.log
    c:\program files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll
    c:\program files (x86)\MyPC Backup\MPCBClient.dll
    c:\program files (x86)\MyPC Backup\MPCBContextMenu.dll
    c:\program files (x86)\MyPC Backup\MPCBIconOverlays.dll
    c:\program files (x86)\MyPC Backup\MyPC Backup.exe
    c:\program files (x86)\MyPC Backup\mypcbackup.ico
    c:\program files (x86)\MyPC Backup\ObjectListView.dll
    c:\program files (x86)\MyPC Backup\pt_PT.mo
    c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe
    c:\program files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe
    c:\program files (x86)\MyPC Backup\RestartExplorer.exe
    c:\program files (x86)\MyPC Backup\Service Start.exe
    c:\program files (x86)\MyPC Backup\Shared Stack.dll
    c:\program files (x86)\MyPC Backup\Signup Wizard.exe
    c:\program files (x86)\MyPC Backup\syncicon.ico
    c:\program files (x86)\MyPC Backup\syncing.ico
    c:\program files (x86)\MyPC Backup\tick.ico
    c:\program files (x86)\MyPC Backup\uninst.exe
    c:\program files (x86)\MyPC Backup\UnRegisterExtensions.exe
    c:\program files (x86)\MyPC Backup\Updater.exe
    c:\program files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
    c:\program files (x86)\MyPC Backup\x86\System.Data.SQLite.dll
    c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_BackupStack
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-02-20 to 2014-03-20 )))))))))))))))))))))))))))))))
    .
    .
    2014-03-20 04:00 . 2014-03-20 04:00 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2014-03-19 04:29 . 2014-03-19 04:46 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-03-19 04:03 . 2014-03-19 04:03 -------- d-----w- c:\users\Jessica\AppData\Local\CrashDumps
    2014-03-19 03:28 . 2014-03-19 03:28 -------- d-----w- C:\TDSSKiller_Quarantine
    2014-03-18 19:32 . 2013-10-14 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2014-03-18 19:31 . 2014-03-18 19:31 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-03-18 19:31 . 2014-03-18 19:31 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-03-18 19:29 . 2014-03-18 19:29 878080 ----a-w- c:\windows\system32\advapi32.dll
    2014-03-18 13:37 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2014-03-18 13:37 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2014-03-18 13:37 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2014-03-18 13:37 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2014-03-18 13:37 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2014-03-18 08:56 . 2014-03-18 08:56 -------- d-----w- c:\program files\Microsoft Silverlight
    2014-03-18 08:56 . 2014-03-18 08:56 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
    2014-03-18 05:25 . 2014-03-18 05:25 -------- d-----w- c:\program files\CCleaner
    2014-03-18 05:24 . 2014-03-18 05:24 -------- d-----w- c:\users\Jessica\AppData\Local\Macromedia
    2014-03-18 05:12 . 2014-03-18 05:12 312744 ----a-w- c:\windows\system32\javaws.exe
    2014-03-18 05:12 . 2014-03-18 05:12 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-03-18 05:12 . 2014-03-18 05:12 189352 ----a-w- c:\windows\system32\javaw.exe
    2014-03-18 05:12 . 2014-03-18 05:12 189352 ----a-w- c:\windows\system32\java.exe
    2014-03-18 05:12 . 2014-03-18 05:12 -------- d-----w- c:\program files\Java
    2014-03-18 05:11 . 2014-03-18 05:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-03-18 05:11 . 2014-03-18 05:11 -------- d-----w- c:\windows\system32\Macromed
    2014-03-18 05:08 . 2014-03-18 05:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe
    2014-03-18 03:54 . 2014-03-18 03:54 -------- d-----w- c:\users\Jessica\AppData\Roaming\AVAST Software
    2014-03-18 03:53 . 2014-03-18 03:52 80184 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-03-18 03:53 . 2014-03-18 03:52 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-03-18 03:53 . 2014-03-18 03:52 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-03-18 03:53 . 2014-03-18 03:52 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-03-18 03:53 . 2014-03-18 03:52 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-03-18 03:53 . 2014-03-18 03:52 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-03-18 03:53 . 2014-03-18 03:52 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-03-18 03:53 . 2014-03-18 03:52 334136 ----a-w- c:\windows\system32\aswBoot.exe
    2014-03-18 03:52 . 2014-03-18 03:52 43152 ----a-w- c:\windows\avastSS.scr
    2014-03-18 03:52 . 2014-03-18 03:52 -------- d-----w- c:\program files\AVAST Software
    2014-03-18 03:51 . 2014-03-18 03:51 -------- d-----w- c:\programdata\AVAST Software
    2014-03-18 03:47 . 2014-03-18 03:47 -------- d-----w- c:\program files (x86)\FileHippo.com
    2014-03-18 03:06 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
    2014-03-18 03:06 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
    2014-03-18 03:05 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2014-03-18 03:05 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
    2014-03-18 03:05 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll
    2014-03-18 03:05 . 2013-07-09 05:46 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2014-03-18 03:05 . 2013-07-09 05:46 139776 ----a-w- c:\windows\system32\cryptnet.dll
    2014-03-18 03:05 . 2013-07-09 04:46 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2014-03-18 03:05 . 2013-07-09 04:46 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2014-03-18 03:05 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
    2014-03-18 03:05 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
    2014-03-18 03:05 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2014-03-18 03:05 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2014-03-18 03:04 . 2013-11-12 02:23 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-03-18 03:04 . 2013-11-12 02:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-03-18 03:04 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-03-18 03:04 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
    2014-03-18 03:04 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-03-18 03:04 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-03-18 03:04 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys
    2014-03-18 03:04 . 2014-02-07 01:23 3156480 ----a-w- c:\windows\system32\win32k.sys
    2014-03-18 03:04 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
    2014-03-18 03:04 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
    2014-03-18 03:04 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
    2014-03-18 03:02 . 2013-07-25 09:25 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2014-03-18 03:01 . 2013-07-26 02:24 14172672 ----a-w- c:\windows\system32\shell32.dll
    2014-03-18 03:01 . 2013-07-26 02:24 197120 ----a-w- c:\windows\system32\shdocvw.dll
    2014-03-18 03:01 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll
    2014-03-18 03:01 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
    2014-03-18 03:01 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll
    2014-03-18 03:01 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll
    2014-03-18 03:01 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-03-18 03:01 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-03-18 03:01 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll
    2014-03-18 03:01 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
    2014-03-18 02:59 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
    2014-03-18 02:59 . 2013-10-12 02:31 202752 ----a-w- c:\windows\system32\scrrun.dll
    2014-03-18 02:59 . 2013-10-12 02:04 121856 ----a-w- c:\windows\SysWow64\wshom.ocx
    2014-03-18 02:59 . 2013-10-12 01:33 156160 ----a-w- c:\windows\system32\cscript.exe
    2014-03-18 02:59 . 2013-10-12 01:15 141824 ----a-w- c:\windows\SysWow64\wscript.exe
    2014-03-18 02:59 . 2013-10-12 02:03 163840 ----a-w- c:\windows\SysWow64\scrrun.dll
    2014-03-18 02:59 . 2013-10-12 01:33 168960 ----a-w- c:\windows\system32\wscript.exe
    2014-03-18 02:59 . 2013-10-12 01:15 126976 ----a-w- c:\windows\SysWow64\cscript.exe
    2014-03-18 02:59 . 2013-08-01 12:09 983488 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2014-03-18 02:59 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
    2014-03-18 02:59 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
    2014-03-18 02:58 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll
    2014-03-18 02:58 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL
    2014-03-18 02:58 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL
    2014-03-18 02:58 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll
    2014-03-18 02:58 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
    2014-03-18 02:58 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\users\Jessica\AppData\Roaming\Malwarebytes
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\programdata\Malwarebytes
    2014-03-18 02:47 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2014-03-18 02:47 . 2014-03-18 02:47 -------- d-----w- c:\users\Jessica\AppData\Local\Programs
    2014-03-18 02:44 . 2014-03-18 02:44 -------- d-----w- c:\users\Jessica\AppData\Local\Mozilla
    2014-03-18 02:43 . 2014-03-18 02:43 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
    2014-03-18 02:42 . 2014-03-18 02:43 -------- d-----w- c:\users\Jessica\AppData\Local\SearchProtect
    2014-03-18 02:36 . 2014-03-18 02:36 -------- d-----w- c:\program files (x86)\GUM7BA4.tmp
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-03-18 19:29 . 2014-03-18 19:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2014-03-18 05:23 . 2011-10-31 02:34 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-18 02:37 . 2011-03-29 01:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521352]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2014-02-11 1565464]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-10-29 22:22 1521352 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
    2013-01-07 23:13 198072 ----a-w- c:\program files (x86)\Yontoo\YontooIEClient.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-10-29 1521352]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-02-26 39408]
    "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
    "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
    "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
    "ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-10-29 1573576]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-03-18 3767096]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
    R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
    R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
    S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-03-18 03:10 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-18 05:23]
    .
    2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 14:31]
    .
    2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-26 14:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-03-18 03:52 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
    "SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-12-14 316032]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
    "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
    "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
    "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
    "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
    "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://start.toshiba.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    FF - ProfilePath - c:\users\Jessica\AppData\Roaming\Mozilla\Firefox\Profiles\zkqpeq8w.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=en_US&apn_uid=d871bc99-4125-4053-ad7c-5a8a08fe208c&apn_ptnrs=%5EFM&apn_sauid=3A366A0A-A63E-45E7-926D-797D95F4F5EA&apn_dtid=%5Epfm013%5EYY%5EUS&&q=
    FF - ExtSQL: 2014-03-17 23:52; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
    "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    "{F3C88694-EFFA-4D78-B409-54B7B2535B14}"=hex:51,66,7a,6c,4c,1d,38,12,fa,85,db,
    f7,c8,a1,16,08,cb,1f,17,f7,b7,0d,1f,00
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:14,a3,b5,04,4e,d6,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2014-03-20 00:08:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2014-03-20 04:08
    ComboFix2.txt 2014-03-20 03:28
    .
    Pre-Run: 258,394,341,376 bytes free
    Post-Run: 257,836,802,048 bytes free
    .
    - - End Of File - - 390CE8AC6191AB93321BC1F1B19D51B6


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.