1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Laptop constantly freezing and running really slow

Discussion in 'Virus & Other Malware Removal' started by Mrjamieson, Aug 7, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
    Hi my laptop is becoming a nightmare to use. It picks and chooses when it wants to work or constantly freeze. I'm finding that it is freezing a lot when I click on a new page and it says on the top bar 'not responding' then unfreezes maybe 60 seconds later. It just seems to be a lot slower now and i think its maybe because I have no idea about antiviruses etc and what the best software to gave is. I have MCafee and also the free version of Malwarebytes. I also have WinPatrol but only because it was recommended, I have no idea what it does or how to work it. I just want my laptop running fast again. Any help or advice is much appreciated. Here is all the desired information. I hope I have provided everything that is required. Thanks.

    Lee.



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:45:36, on 07/08/2012
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18602)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Users\LUCY\Desktop\TP-LINK\COMMON\TWCU.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\Downloads\HijackThis (4).exe
    C:\Windows\system32\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sky.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120804132259.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Google Update] "C:\Users\LUCY\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - Startup: TalkTalk Diagnostic Reporting Tool.exe
    O4 - Global Startup: TP-LINK Wireless Utility.lnk = LUCY\Desktop\TP-LINK\COMMON\TWCU.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} (PhotoboxPhotowaysUploader5 Control) - http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091105115744
    O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} (Bebo Uploader Control) - http://www.bebo.com/files/BeboUploader.5.8.05.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\mcsniepl.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Users\LUCY\Desktop\TP-LINK\COMMON\RaRegistry.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 10564 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000
    Run by LUCY at 19:46:54 on 2012-08-07
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1619 [GMT 1:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Users\LUCY\Desktop\TP-LINK\COMMON\RaRegistry.exe
    C:\Program Files\SMINST\BLService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Users\LUCY\Desktop\TP-LINK\COMMON\TWCU.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sky.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120804132259.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Google Update] "c:\users\lucy\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    StartupFolder: c:\users\lucy\appdata\roaming\microsoft\windows\start menu\programs\startup\TalkTalk Diagnostic Reporting Tool.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\users\lucy\desktop\tp-link\common\TWCU.exe
    mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091105115744
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5FB99223-FB10-43BA-A8F7-EE88AA90E2B6} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{61F3A4F5-8021-4DEC-8C65-69BFD0FF94EF} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F1D9F483-0CAD-4580-AA95-33A0170DB977} : DhcpNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    IFEO: image file execution options - svchost.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-8-4 464304]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-8-4 64912]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-8-4 169608]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-3 655944]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-4 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-4 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-4 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-8-4 166320]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-8-4 161664]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-8-4 151912]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\users\lucy\desktop\tp-link\common\RaRegistry.exe [2012-8-6 185632]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-26 365952]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-8-4 57600]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-26 193840]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-3 22344]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-8-4 180848]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-8-4 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-8-4 340920]
    R3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\netr28u.sys [2012-8-6 848224]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-8-4 87656]
    .
    =============== Created Last 30 ================
    .
    2012-08-07 18:25:31 -------- d-----w- c:\users\lucy\appdata\roaming\WinPatrol
    2012-08-07 18:25:17 -------- d-----w- c:\program files\BillP Studios
    2012-08-07 18:25:16 -------- d-----w- c:\programdata\InstallMate
    2012-08-06 16:13:34 -------- d-----w- c:\programdata\Ralink
    2012-08-06 16:10:19 848224 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2012-08-06 16:10:19 238880 ----a-w- c:\windows\system32\RaCoInst.dll
    2012-08-06 16:10:18 -------- d-----w- c:\programdata\TP-LINK Driver
    2012-08-06 16:09:29 776480 ----a-w- c:\windows\system32\RAIHV.dll
    2012-08-06 16:09:29 1590560 ----a-w- c:\windows\system32\RaCertMgr.dll
    2012-08-06 16:09:29 102688 ----a-w- c:\windows\system32\RAEXTUI.dll
    2012-08-04 12:22:58 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-08-04 12:22:20 151912 ----a-w- c:\windows\system32\mfevtps.exe
    2012-08-04 12:22:17 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-08-04 12:22:17 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2012-08-04 12:22:17 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-08-04 12:22:17 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-08-04 12:22:17 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-08-04 12:22:17 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-08-04 12:22:17 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-08-04 12:22:17 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-08-04 12:22:17 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-08-03 20:44:40 -------- d-----w- c:\program files\Xirrus
    2012-08-03 20:43:22 -------- d-----w- c:\users\lucy\appdata\roaming\Xirrus
    2012-08-03 20:23:20 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-03 20:23:20 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-03 20:20:21 -------- d-----w- c:\program files\iPod
    2012-08-03 20:20:10 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-08-03 20:20:10 -------- d-----w- c:\program files\iTunes
    2012-08-03 20:01:51 -------- d-----w- c:\program files\Bonjour
    2012-08-03 19:50:12 -------- d-----w- c:\users\lucy\appdata\local\Apps
    2012-08-03 19:50:11 -------- d-----w- c:\users\lucy\appdata\local\Deployment
    2012-08-03 19:44:34 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-03 19:44:34 472880 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-03 19:40:21 -------- d-----w- c:\users\lucy\appdata\roaming\Malwarebytes
    2012-08-03 19:40:13 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-03 19:40:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 19:40:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-03 19:30:39 -------- d-----w- c:\program files\common files\McAfee
    2012-08-03 19:30:37 -------- d-----w- c:\program files\McAfee.com
    2012-08-03 19:30:21 -------- d-----w- c:\program files\McAfee
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 19:48:28.48 ===============



    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6001.18000
    Run by LUCY at 19:46:54 on 2012-08-07
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1619 [GMT 1:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Users\LUCY\Desktop\TP-LINK\COMMON\RaRegistry.exe
    C:\Program Files\SMINST\BLService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Users\LUCY\Desktop\TP-LINK\COMMON\TWCU.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\LUCY\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.sky.com
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120804132259.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    uRun: [Google Update] "c:\users\lucy\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
    StartupFolder: c:\users\lucy\appdata\roaming\microsoft\windows\start menu\programs\startup\TalkTalk Diagnostic Reporting Tool.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\users\lucy\desktop\tp-link\common\TWCU.exe
    mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Search
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091105115744
    DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{5FB99223-FB10-43BA-A8F7-EE88AA90E2B6} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{61F3A4F5-8021-4DEC-8C65-69BFD0FF94EF} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{F1D9F483-0CAD-4580-AA95-33A0170DB977} : DhcpNameServer = 192.168.0.1
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    IFEO: image file execution options - svchost.exe
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2012-8-4 464304]
    R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2012-8-4 64912]
    R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-8-4 169608]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-21 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-3 655944]
    R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-4 214904]
    R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-4 214904]
    R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2012-8-4 214904]
    R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2012-8-4 166320]
    R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2012-8-4 161664]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-8-4 151912]
    R2 RalinkRegistryWriter;Ralink Registry Writer;c:\users\lucy\desktop\tp-link\common\RaRegistry.exe [2012-8-6 185632]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-26 365952]
    R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-8-4 57600]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-26 193840]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-3 22344]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2012-8-4 180848]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2012-8-4 59456]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-8-4 340920]
    R3 netr28u;TP-LINK Wireless USB Adapter;c:\windows\system32\drivers\netr28u.sys [2012-8-6 848224]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-8-4 87656]
    .
    =============== Created Last 30 ================
    .
    2012-08-07 18:25:31 -------- d-----w- c:\users\lucy\appdata\roaming\WinPatrol
    2012-08-07 18:25:17 -------- d-----w- c:\program files\BillP Studios
    2012-08-07 18:25:16 -------- d-----w- c:\programdata\InstallMate
    2012-08-06 16:13:34 -------- d-----w- c:\programdata\Ralink
    2012-08-06 16:10:19 848224 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2012-08-06 16:10:19 238880 ----a-w- c:\windows\system32\RaCoInst.dll
    2012-08-06 16:10:18 -------- d-----w- c:\programdata\TP-LINK Driver
    2012-08-06 16:09:29 776480 ----a-w- c:\windows\system32\RAIHV.dll
    2012-08-06 16:09:29 1590560 ----a-w- c:\windows\system32\RaCertMgr.dll
    2012-08-06 16:09:29 102688 ----a-w- c:\windows\system32\RAEXTUI.dll
    2012-08-04 12:22:58 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-08-04 12:22:20 151912 ----a-w- c:\windows\system32\mfevtps.exe
    2012-08-04 12:22:17 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-08-04 12:22:17 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2012-08-04 12:22:17 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-08-04 12:22:17 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-08-04 12:22:17 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-08-04 12:22:17 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-08-04 12:22:17 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-08-04 12:22:17 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-08-04 12:22:17 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-08-03 20:44:40 -------- d-----w- c:\program files\Xirrus
    2012-08-03 20:43:22 -------- d-----w- c:\users\lucy\appdata\roaming\Xirrus
    2012-08-03 20:23:20 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-03 20:23:20 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-03 20:20:21 -------- d-----w- c:\program files\iPod
    2012-08-03 20:20:10 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-08-03 20:20:10 -------- d-----w- c:\program files\iTunes
    2012-08-03 20:01:51 -------- d-----w- c:\program files\Bonjour
    2012-08-03 19:50:12 -------- d-----w- c:\users\lucy\appdata\local\Apps
    2012-08-03 19:50:11 -------- d-----w- c:\users\lucy\appdata\local\Deployment
    2012-08-03 19:44:34 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-03 19:44:34 472880 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-03 19:40:21 -------- d-----w- c:\users\lucy\appdata\roaming\Malwarebytes
    2012-08-03 19:40:13 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-03 19:40:12 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-03 19:40:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-03 19:30:39 -------- d-----w- c:\program files\common files\McAfee
    2012-08-03 19:30:37 -------- d-----w- c:\program files\McAfee.com
    2012-08-03 19:30:21 -------- d-----w- c:\program files\McAfee
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 19:48:28.48 ===============
     

    Attached Files:

  2. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
  3. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    452
    Hello there, Lee

    Welcome to TSG

    I'm Conspire, I'll be glad to help you with your computer problems.

    Please observe these rules while we work:
    • Read the entire procedure
    • It is important to perform ALL actions in sequence.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Stick with me till you're given the all clear.
    • Remember, absence of symptoms does not mean the infection is all gone.
    • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.


    IMPORTANT NOTE : Please do not delete anything unless instructed to. Remember to backup all your important data(if possible) before moving on.

    ---------------------------------------------------------------------------------------------------

    Also note that I will not respond to this thread if I don't receive your reply for 3 days.

    ---------------------------------------------------------------------------------------------------

    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool. (Vista/Windows 7 users - right click to run as administrator)
    • Allow it to update where necessary
    • Click Scan
      • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
      • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
    ===================================================

    Download TDSSKiller.exe and save it to your desktop

    Execute TDSSKiller.exe by doubleclicking on it.
    Press Start Scan
    If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    ===================================================

    On your next reply please post :
    aswMBR log
    MBR.dat (attachment)
    TDSS Killer log


    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
     
  4. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
    Hi thanks for getting back to me. Here you go...

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-11 12:17:34
    -----------------------------
    12:17:34.159 OS Version: Windows 6.0.6001 Service Pack 1
    12:17:34.160 Number of processors: 2 586 0x301
    12:17:34.161 ComputerName: LUCY-PC UserName: LUCY
    12:17:35.038 Initialize success
    12:23:16.142 AVAST engine defs: 12081100
    12:23:49.854 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
    12:23:49.857 Disk 0 Vendor: TOSHIBA_MK2555GSX FG002C Size: 238475MB BusType: 3
    12:23:49.874 Disk 0 MBR read successfully
    12:23:49.878 Disk 0 MBR scan
    12:23:49.888 Disk 0 unknown MBR code
    12:23:49.892 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227604 MB offset 63
    12:23:49.931 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10867 MB offset 466135040
    12:23:49.942 Disk 0 scanning sectors +488390656
    12:23:50.051 Disk 0 scanning C:\Windows\system32\drivers
    12:24:13.376 Service scanning
    12:25:17.942 Modules scanning
    12:25:26.969 Disk 0 trace - called modules:
    12:25:26.986 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
    12:25:26.989 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85ef01c0]
    12:25:26.990 3 CLASSPNP.SYS[807a2745] -> nt!IofCallDriver -> [0x85d63710]
    12:25:26.991 5 acpi.sys[806106a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x853e5030]
    12:25:28.720 AVAST engine scan C:\Windows
    12:25:32.121 AVAST engine scan C:\Windows\system32
    12:30:10.758 AVAST engine scan C:\Windows\system32\drivers
    12:30:42.876 AVAST engine scan C:\Users\LUCY
    12:54:05.205 AVAST engine scan C:\ProgramData
    12:56:51.158 Scan finished successfully
    13:05:59.817 Disk 0 MBR has been saved successfully to "C:\Users\LUCY\Desktop\MBR.dat"
    13:05:59.830 The log file has been saved successfully to "C:\Users\LUCY\Desktop\aswMBR.txt"


    13:06:48.0827 6036 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    13:06:50.0458 6036 ============================================================
    13:06:50.0458 6036 Current date / time: 2012/08/11 13:06:50.0458
    13:06:50.0458 6036 SystemInfo:
    13:06:50.0458 6036
    13:06:50.0459 6036 OS Version: 6.0.6001 ServicePack: 1.0
    13:06:50.0459 6036 Product type: Workstation
    13:06:50.0460 6036 ComputerName: LUCY-PC
    13:06:50.0461 6036 UserName: LUCY
    13:06:50.0461 6036 Windows directory: C:\Windows
    13:06:50.0461 6036 System windows directory: C:\Windows
    13:06:50.0461 6036 Processor architecture: Intel x86
    13:06:50.0461 6036 Number of processors: 2
    13:06:50.0461 6036 Page size: 0x1000
    13:06:50.0461 6036 Boot type: Normal boot
    13:06:50.0461 6036 ============================================================
    13:06:51.0900 6036 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    13:06:51.0908 6036 ============================================================
    13:06:51.0908 6036 \Device\Harddisk0\DR0:
    13:06:51.0916 6036 MBR partitions:
    13:06:51.0917 6036 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BC8A7C1
    13:06:51.0917 6036 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BC8A800, BlocksNum 0x1539800
    13:06:51.0917 6036 ============================================================
    13:06:51.0950 6036 C: <-> \Device\Harddisk0\DR0\Partition0
    13:06:52.0024 6036 D: <-> \Device\Harddisk0\DR0\Partition1
    13:06:52.0025 6036 ============================================================
    13:06:52.0026 6036 Initialize success
    13:06:52.0026 6036 ============================================================
    13:07:46.0146 2700 ============================================================
    13:07:46.0146 2700 Scan started
    13:07:46.0146 2700 Mode: Manual;
    13:07:46.0146 2700 ============================================================
    13:07:47.0167 2700 0295081344683606mcinstcleanup - ok
    13:07:47.0266 2700 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    13:07:47.0274 2700 ACPI - ok
    13:07:47.0339 2700 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    13:07:47.0361 2700 adp94xx - ok
    13:07:47.0398 2700 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    13:07:47.0407 2700 adpahci - ok
    13:07:47.0424 2700 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    13:07:47.0428 2700 adpu160m - ok
    13:07:47.0443 2700 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    13:07:47.0448 2700 adpu320 - ok
    13:07:47.0487 2700 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    13:07:47.0489 2700 AeLookupSvc - ok
    13:07:47.0527 2700 AFD (763e172a55177e478cb419f88fd0ba03) C:\Windows\system32\drivers\afd.sys
    13:07:47.0531 2700 AFD - ok
    13:07:47.0578 2700 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    13:07:47.0580 2700 agp440 - ok
    13:07:47.0599 2700 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    13:07:47.0601 2700 aic78xx - ok
    13:07:47.0616 2700 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    13:07:47.0618 2700 ALG - ok
    13:07:47.0628 2700 aliide (3d76fda1a10acc3dc84728f55c29b6d4) C:\Windows\system32\drivers\aliide.sys
    13:07:47.0629 2700 aliide - ok
    13:07:47.0644 2700 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    13:07:47.0646 2700 amdagp - ok
    13:07:47.0670 2700 amdide (5b92e7839f5a1fbc1b39de67758ad6f8) C:\Windows\system32\drivers\amdide.sys
    13:07:47.0672 2700 amdide - ok
    13:07:47.0703 2700 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    13:07:47.0706 2700 AmdK7 - ok
    13:07:47.0726 2700 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    13:07:47.0729 2700 AmdK8 - ok
    13:07:47.0772 2700 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    13:07:47.0773 2700 Appinfo - ok
    13:07:47.0882 2700 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    13:07:47.0887 2700 Apple Mobile Device - ok
    13:07:47.0915 2700 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    13:07:47.0918 2700 arc - ok
    13:07:47.0951 2700 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    13:07:47.0954 2700 arcsas - ok
    13:07:47.0977 2700 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    13:07:47.0980 2700 AsyncMac - ok
    13:07:47.0996 2700 atapi (9c0e70031905adbf94edb9ea14af943b) C:\Windows\system32\drivers\atapi.sys
    13:07:47.0998 2700 atapi - ok
    13:07:48.0077 2700 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
    13:07:48.0096 2700 athr - ok
    13:07:48.0140 2700 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    13:07:48.0148 2700 AudioEndpointBuilder - ok
    13:07:48.0160 2700 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    13:07:48.0166 2700 Audiosrv - ok
    13:07:48.0216 2700 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    13:07:48.0218 2700 Beep - ok
    13:07:48.0265 2700 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
    13:07:48.0274 2700 BFE - ok
    13:07:48.0368 2700 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\System32\qmgr.dll
    13:07:48.0381 2700 BITS - ok
    13:07:48.0401 2700 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    13:07:48.0404 2700 blbdrive - ok
    13:07:48.0485 2700 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    13:07:48.0489 2700 Bonjour Service - ok
    13:07:48.0518 2700 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    13:07:48.0521 2700 bowser - ok
    13:07:48.0557 2700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    13:07:48.0558 2700 BrFiltLo - ok
    13:07:48.0570 2700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    13:07:48.0572 2700 BrFiltUp - ok
    13:07:48.0593 2700 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    13:07:48.0595 2700 Browser - ok
    13:07:48.0631 2700 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    13:07:48.0634 2700 Brserid - ok
    13:07:48.0653 2700 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    13:07:48.0656 2700 BrSerWdm - ok
    13:07:48.0678 2700 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    13:07:48.0680 2700 BrUsbMdm - ok
    13:07:48.0696 2700 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    13:07:48.0698 2700 BrUsbSer - ok
    13:07:48.0725 2700 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    13:07:48.0728 2700 BTHMODEM - ok
    13:07:48.0756 2700 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    13:07:48.0760 2700 cdfs - ok
    13:07:48.0783 2700 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    13:07:48.0786 2700 cdrom - ok
    13:07:48.0819 2700 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    13:07:48.0822 2700 CertPropSvc - ok
    13:07:48.0891 2700 cfwids (1c7b1e36f3ced9e4b0b13385e627fe8b) C:\Windows\system32\drivers\cfwids.sys
    13:07:48.0895 2700 cfwids - ok
    13:07:48.0934 2700 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
    13:07:48.0937 2700 circlass - ok
    13:07:48.0974 2700 CLFS (0703b9dee7eec6d6370edebd43d0f5c2) C:\Windows\system32\CLFS.sys
    13:07:48.0981 2700 CLFS - ok
    13:07:49.0040 2700 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    13:07:49.0043 2700 clr_optimization_v2.0.50727_32 - ok
    13:07:49.0121 2700 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    13:07:49.0123 2700 CmBatt - ok
    13:07:49.0133 2700 cmdide (d36372a6ea6805efbe8884d10772313f) C:\Windows\system32\drivers\cmdide.sys
    13:07:49.0136 2700 cmdide - ok
    13:07:49.0182 2700 CnxtHdAudService (1adf6f4852e7d7e2e8ac481bdb970586) C:\Windows\system32\drivers\CHDRT32.sys
    13:07:49.0192 2700 CnxtHdAudService - ok
    13:07:49.0266 2700 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    13:07:49.0270 2700 Com4QLBEx - ok
    13:07:49.0281 2700 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    13:07:49.0283 2700 Compbatt - ok
    13:07:49.0291 2700 COMSysApp - ok
    13:07:49.0299 2700 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    13:07:49.0302 2700 crcdisk - ok
    13:07:49.0321 2700 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    13:07:49.0323 2700 Crusoe - ok
    13:07:49.0369 2700 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
    13:07:49.0373 2700 CryptSvc - ok
    13:07:49.0441 2700 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    13:07:49.0451 2700 DcomLaunch - ok
    13:07:49.0469 2700 DfsC (9e635ae5e8ad93e2b5989e2e23679f97) C:\Windows\system32\Drivers\dfsc.sys
    13:07:49.0471 2700 DfsC - ok
    13:07:49.0580 2700 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
    13:07:49.0613 2700 DFSR - ok
    13:07:49.0715 2700 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
    13:07:49.0721 2700 Dhcp - ok
    13:07:49.0791 2700 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    13:07:49.0793 2700 disk - ok
    13:07:49.0837 2700 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
    13:07:49.0840 2700 Dnscache - ok
    13:07:49.0865 2700 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
    13:07:49.0872 2700 dot3svc - ok
    13:07:49.0906 2700 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    13:07:49.0909 2700 DPS - ok
    13:07:49.0950 2700 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    13:07:49.0951 2700 drmkaud - ok
    13:07:50.0000 2700 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    13:07:50.0008 2700 DXGKrnl - ok
    13:07:50.0025 2700 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    13:07:50.0028 2700 E1G60 - ok
    13:07:50.0045 2700 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    13:07:50.0047 2700 EapHost - ok
    13:07:50.0098 2700 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    13:07:50.0102 2700 Ecache - ok
    13:07:50.0136 2700 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    13:07:50.0141 2700 ehRecvr - ok
    13:07:50.0159 2700 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    13:07:50.0162 2700 ehSched - ok
    13:07:50.0178 2700 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    13:07:50.0179 2700 ehstart - ok
    13:07:50.0238 2700 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    13:07:50.0244 2700 elxstor - ok
    13:07:50.0282 2700 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
    13:07:50.0292 2700 EMDMgmt - ok
    13:07:50.0331 2700 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    13:07:50.0332 2700 ErrDev - ok
    13:07:50.0376 2700 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
    13:07:50.0385 2700 EventSystem - ok
    13:07:50.0440 2700 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    13:07:50.0443 2700 exfat - ok
    13:07:50.0488 2700 ezSharedSvc (42f721c52eef2d6df9372a53813a83ef) C:\Windows\System32\ezsvc7.dll
    13:07:50.0496 2700 ezSharedSvc - ok
    13:07:50.0515 2700 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    13:07:50.0520 2700 fastfat - ok
    13:07:50.0559 2700 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    13:07:50.0561 2700 fdc - ok
    13:07:50.0580 2700 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    13:07:50.0581 2700 fdPHost - ok
    13:07:50.0602 2700 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    13:07:50.0604 2700 FDResPub - ok
    13:07:50.0621 2700 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    13:07:50.0623 2700 FileInfo - ok
    13:07:50.0632 2700 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    13:07:50.0636 2700 Filetrace - ok
    13:07:50.0649 2700 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    13:07:50.0652 2700 flpydisk - ok
    13:07:50.0681 2700 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    13:07:50.0686 2700 FltMgr - ok
    13:07:50.0735 2700 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    13:07:50.0737 2700 FontCache3.0.0.0 - ok
    13:07:50.0756 2700 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    13:07:50.0757 2700 Fs_Rec - ok
    13:07:50.0769 2700 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    13:07:50.0771 2700 gagp30kx - ok
    13:07:50.0839 2700 GameConsoleService (617dc2877015270914ca3c03873560d5) C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    13:07:50.0842 2700 GameConsoleService - ok
    13:07:50.0867 2700 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    13:07:50.0869 2700 GEARAspiWDM - ok
    13:07:50.0919 2700 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
    13:07:50.0930 2700 gpsvc - ok
    13:07:50.0977 2700 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    13:07:50.0982 2700 HdAudAddService - ok
    13:07:51.0002 2700 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    13:07:51.0005 2700 HDAudBus - ok
    13:07:51.0018 2700 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    13:07:51.0021 2700 HidBth - ok
    13:07:51.0039 2700 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    13:07:51.0042 2700 HidIr - ok
    13:07:51.0069 2700 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\system32\hidserv.dll
    13:07:51.0071 2700 hidserv - ok
    13:07:51.0087 2700 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
    13:07:51.0089 2700 HidUsb - ok
    13:07:51.0111 2700 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    13:07:51.0114 2700 hkmsvc - ok
    13:07:51.0156 2700 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    13:07:51.0158 2700 HP Health Check Service - ok
    13:07:51.0174 2700 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    13:07:51.0176 2700 HpCISSs - ok
    13:07:51.0198 2700 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    13:07:51.0199 2700 HpqKbFiltr - ok
    13:07:51.0226 2700 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    13:07:51.0230 2700 hpqwmiex - ok
    13:07:51.0310 2700 HSF_DPV (cc267848cb3508e72762be65734e764d) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    13:07:51.0328 2700 HSF_DPV - ok
    13:07:51.0351 2700 HSXHWAZL (a2882945cc4b6e3e4e9e825590438888) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    13:07:51.0356 2700 HSXHWAZL - ok
    13:07:51.0399 2700 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    13:07:51.0408 2700 HTTP - ok
    13:07:51.0426 2700 hwdatacard - ok
    13:07:51.0452 2700 hwusbfake - ok
    13:07:51.0475 2700 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    13:07:51.0477 2700 i2omp - ok
    13:07:51.0506 2700 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    13:07:51.0508 2700 i8042prt - ok
    13:07:51.0529 2700 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    13:07:51.0546 2700 iaStorV - ok
    13:07:51.0607 2700 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    13:07:51.0609 2700 IDriverT - ok
    13:07:51.0697 2700 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    13:07:51.0713 2700 idsvc - ok
    13:07:51.0738 2700 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    13:07:51.0741 2700 iirsp - ok
    13:07:51.0780 2700 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
    13:07:51.0790 2700 IKEEXT - ok
    13:07:51.0813 2700 intelide (dd512a049bd7b4bce8a83554c5eff2c1) C:\Windows\system32\drivers\intelide.sys
    13:07:51.0815 2700 intelide - ok
    13:07:51.0846 2700 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    13:07:51.0848 2700 intelppm - ok
    13:07:51.0874 2700 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    13:07:51.0877 2700 IPBusEnum - ok
    13:07:51.0910 2700 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    13:07:51.0912 2700 IpFilterDriver - ok
    13:07:51.0942 2700 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
    13:07:51.0947 2700 iphlpsvc - ok
    13:07:51.0952 2700 IpInIp - ok
    13:07:51.0971 2700 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    13:07:51.0973 2700 IPMIDRV - ok
    13:07:51.0995 2700 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    13:07:51.0998 2700 IPNAT - ok
    13:07:52.0084 2700 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
    13:07:52.0102 2700 iPod Service - ok
    13:07:52.0122 2700 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    13:07:52.0124 2700 IRENUM - ok
    13:07:52.0149 2700 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    13:07:52.0152 2700 isapnp - ok
    13:07:52.0191 2700 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    13:07:52.0193 2700 iScsiPrt - ok
    13:07:52.0209 2700 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    13:07:52.0211 2700 iteatapi - ok
    13:07:52.0228 2700 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    13:07:52.0230 2700 iteraid - ok
    13:07:52.0344 2700 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    13:07:52.0354 2700 kbdclass - ok
    13:07:52.0370 2700 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
    13:07:52.0372 2700 kbdhid - ok
    13:07:52.0405 2700 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    13:07:52.0407 2700 KeyIso - ok
    13:07:52.0447 2700 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    13:07:52.0455 2700 KSecDD - ok
    13:07:52.0499 2700 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    13:07:52.0508 2700 KtmRm - ok
    13:07:52.0563 2700 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\system32\srvsvc.dll
    13:07:52.0569 2700 LanmanServer - ok
    13:07:52.0614 2700 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
    13:07:52.0619 2700 LanmanWorkstation - ok
    13:07:52.0647 2700 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    13:07:52.0649 2700 lltdio - ok
    13:07:52.0682 2700 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    13:07:52.0689 2700 lltdsvc - ok
    13:07:52.0708 2700 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    13:07:52.0710 2700 lmhosts - ok
    13:07:52.0741 2700 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    13:07:52.0743 2700 LSI_FC - ok
    13:07:52.0752 2700 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    13:07:52.0755 2700 LSI_SAS - ok
    13:07:52.0763 2700 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    13:07:52.0765 2700 LSI_SCSI - ok
    13:07:52.0775 2700 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    13:07:52.0777 2700 luafv - ok
    13:07:52.0809 2700 massfilter - ok
    13:07:52.0935 2700 McAfee SiteAdvisor Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:07:52.0940 2700 McAfee SiteAdvisor Service - ok
    13:07:52.0964 2700 McMPFSvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:07:52.0968 2700 McMPFSvc - ok
    13:07:52.0981 2700 mcmscsvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    13:07:52.0983 2700 mcmscsvc - ok
    13:07:52.0990 2700 McNaiAnn (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    13:07:52.0993 2700 McNaiAnn - ok
    13:07:53.0018 2700 McNASvc (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    13:07:53.0021 2700 McNASvc - ok
    13:07:53.0156 2700 McODS (135aa9e9e7047b7dc1f753205d421a26) C:\Program Files\McAfee\VirusScan\mcods.exe
    13:07:53.0165 2700 McODS - ok
    13:07:53.0206 2700 McProxy (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    13:07:53.0208 2700 McProxy - ok
    13:07:53.0275 2700 McShield (85db8ddd2d664716bb5b2d3405f9ef92) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    13:07:53.0279 2700 McShield - ok
    13:07:53.0303 2700 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    13:07:53.0306 2700 Mcx2Svc - ok
    13:07:53.0330 2700 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    13:07:53.0331 2700 mdmxsdk - ok
    13:07:53.0378 2700 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    13:07:53.0380 2700 megasas - ok
    13:07:53.0419 2700 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    13:07:53.0428 2700 MegaSR - ok
    13:07:53.0465 2700 mfeapfk (43c31bdf404a6d7a7ac1bfd5ead2a566) C:\Windows\system32\drivers\mfeapfk.sys
    13:07:53.0470 2700 mfeapfk - ok
    13:07:53.0507 2700 mfeavfk (c1dc5f42d3367f33b6451be78b38bd46) C:\Windows\system32\drivers\mfeavfk.sys
    13:07:53.0511 2700 mfeavfk - ok
    13:07:53.0536 2700 mfeavfk01 - ok
    13:07:53.0566 2700 mfebopk (0435c43f4c2be01b84868ad2a906397b) C:\Windows\system32\drivers\mfebopk.sys
    13:07:53.0569 2700 mfebopk - ok
    13:07:53.0601 2700 mfefire (183ab9dce971e029c50223765671839c) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    13:07:53.0605 2700 mfefire - ok
    13:07:53.0646 2700 mfefirek (4ea6ff90015424517843e931448e00f1) C:\Windows\system32\drivers\mfefirek.sys
    13:07:53.0653 2700 mfefirek - ok
    13:07:53.0740 2700 mfehidk (d1e998748ba24a731106611d535c6bbf) C:\Windows\system32\drivers\mfehidk.sys
    13:07:53.0749 2700 mfehidk - ok
    13:07:53.0804 2700 mfenlfk (ac04a618aef3de0fce91c766f9e069da) C:\Windows\system32\DRIVERS\mfenlfk.sys
    13:07:53.0806 2700 mfenlfk - ok
    13:07:53.0833 2700 mferkdet (f454a13377f0a006d20a8c14a753c432) C:\Windows\system32\drivers\mferkdet.sys
    13:07:53.0835 2700 mferkdet - ok
    13:07:53.0865 2700 mfevtp (2b8dfc60edddaa33eb5e9f7c91b48acd) C:\Windows\system32\mfevtps.exe
    13:07:53.0871 2700 mfevtp - ok
    13:07:53.0916 2700 mfewfpk (f284337aedb7483df8a5fa840647e2b0) C:\Windows\system32\drivers\mfewfpk.sys
    13:07:53.0921 2700 mfewfpk - ok
    13:07:53.0951 2700 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    13:07:53.0954 2700 MMCSS - ok
    13:07:53.0980 2700 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    13:07:53.0982 2700 Modem - ok
    13:07:54.0003 2700 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    13:07:54.0004 2700 monitor - ok
    13:07:54.0022 2700 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    13:07:54.0024 2700 mouclass - ok
    13:07:54.0041 2700 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\drivers\mouhid.sys
    13:07:54.0043 2700 mouhid - ok
    13:07:54.0062 2700 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    13:07:54.0064 2700 MountMgr - ok
    13:07:54.0089 2700 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    13:07:54.0091 2700 mpio - ok
    13:07:54.0110 2700 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    13:07:54.0112 2700 mpsdrv - ok
    13:07:54.0148 2700 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
    13:07:54.0160 2700 MpsSvc - ok
    13:07:54.0166 2700 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    13:07:54.0171 2700 Mraid35x - ok
    13:07:54.0200 2700 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    13:07:54.0203 2700 MRxDAV - ok
    13:07:54.0242 2700 mrxsmb (cc752d233ef39875ca6885d9415ba869) C:\Windows\system32\DRIVERS\mrxsmb.sys
    13:07:54.0245 2700 mrxsmb - ok
    13:07:54.0265 2700 mrxsmb10 (9049dddd4bd27d43d82f5968f1da76e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    13:07:54.0270 2700 mrxsmb10 - ok
    13:07:54.0278 2700 mrxsmb20 (91dc069b6831ef564e7d8c97eaf0343e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    13:07:54.0281 2700 mrxsmb20 - ok
    13:07:54.0306 2700 msahci (aa305cff241da187bd5077de4a2a043d) C:\Windows\system32\drivers\msahci.sys
    13:07:54.0308 2700 msahci - ok
    13:07:54.0327 2700 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    13:07:54.0329 2700 msdsm - ok
    13:07:54.0364 2700 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    13:07:54.0369 2700 MSDTC - ok
    13:07:54.0407 2700 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    13:07:54.0408 2700 Msfs - ok
    13:07:54.0436 2700 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    13:07:54.0438 2700 msisadrv - ok
    13:07:54.0505 2700 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    13:07:54.0508 2700 MSiSCSI - ok
    13:07:54.0516 2700 msiserver - ok
    13:07:54.0636 2700 MSK80Service (7e6932eeda54c8eaf7dc6c2225261b85) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
    13:07:54.0641 2700 MSK80Service - ok
    13:07:54.0679 2700 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    13:07:54.0680 2700 MSKSSRV - ok
    13:07:54.0702 2700 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    13:07:54.0705 2700 MSPCLOCK - ok
    13:07:54.0723 2700 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    13:07:54.0724 2700 MSPQM - ok
    13:07:54.0740 2700 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    13:07:54.0743 2700 MsRPC - ok
    13:07:54.0768 2700 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    13:07:54.0770 2700 mssmbios - ok
    13:07:54.0780 2700 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    13:07:54.0782 2700 MSTEE - ok
    13:07:54.0812 2700 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    13:07:54.0814 2700 Mup - ok
    13:07:54.0838 2700 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
    13:07:54.0845 2700 napagent - ok
    13:07:54.0876 2700 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    13:07:54.0879 2700 NativeWifiP - ok
    13:07:54.0929 2700 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    13:07:54.0937 2700 NDIS - ok
    13:07:54.0955 2700 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    13:07:54.0957 2700 NdisTapi - ok
    13:07:54.0973 2700 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    13:07:54.0974 2700 Ndisuio - ok
    13:07:55.0005 2700 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    13:07:55.0008 2700 NdisWan - ok
    13:07:55.0024 2700 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    13:07:55.0025 2700 NDProxy - ok
    13:07:55.0049 2700 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    13:07:55.0052 2700 NetBIOS - ok
    13:07:55.0066 2700 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    13:07:55.0072 2700 netbt - ok
    13:07:55.0105 2700 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    13:07:55.0107 2700 Netlogon - ok
    13:07:55.0130 2700 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    13:07:55.0137 2700 Netman - ok
    13:07:55.0159 2700 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    13:07:55.0166 2700 netprofm - ok
    13:07:55.0246 2700 netr28u (51250d5632ddffeb87546dd17401d61e) C:\Windows\system32\DRIVERS\netr28u.sys
    13:07:55.0258 2700 netr28u - ok
    13:07:55.0315 2700 NetTcpPortSharing (0ad5876ef4e9eb77c8f93eb5b2fff386) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    13:07:55.0318 2700 NetTcpPortSharing - ok
    13:07:55.0439 2700 NETw3v32 (35d5458d9a1b26b2005abffbf4c1c5e7) C:\Windows\system32\DRIVERS\NETw3v32.sys
    13:07:55.0474 2700 NETw3v32 - ok
    13:07:55.0553 2700 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    13:07:55.0555 2700 nfrd960 - ok
    13:07:55.0578 2700 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    13:07:55.0583 2700 NlaSvc - ok
    13:07:55.0605 2700 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    13:07:55.0607 2700 Npfs - ok
    13:07:55.0623 2700 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    13:07:55.0626 2700 nsi - ok
    13:07:55.0648 2700 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    13:07:55.0649 2700 nsiproxy - ok
    13:07:55.0720 2700 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    13:07:55.0737 2700 Ntfs - ok
    13:07:55.0747 2700 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    13:07:55.0749 2700 ntrigdigi - ok
    13:07:55.0772 2700 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    13:07:55.0773 2700 Null - ok
    13:07:55.0835 2700 NVENETFD (ae78a7285df03a277415fc62f8ce8f24) C:\Windows\system32\DRIVERS\nvmfdx32.sys
    13:07:55.0850 2700 NVENETFD - ok
    13:07:55.0874 2700 NVHDA (b0dd52428bf564f5fc5ee331060be2a6) C:\Windows\system32\drivers\nvhda32v.sys
    13:07:55.0876 2700 NVHDA - ok
    13:07:56.0295 2700 nvlddmkm (9dac05d828e56801fd6ce5fdfced64af) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    13:07:56.0501 2700 nvlddmkm - ok
    13:07:56.0575 2700 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    13:07:56.0577 2700 nvraid - ok
    13:07:56.0599 2700 nvsmu (0fb6bf3ab170fc5bd403d25e134eafde) C:\Windows\system32\DRIVERS\nvsmu.sys
    13:07:56.0601 2700 nvsmu - ok
    13:07:56.0617 2700 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    13:07:56.0618 2700 nvstor - ok
    13:07:56.0654 2700 nvsvc (51e7f2c26b6ece61c5241f1f731eab2b) C:\Windows\system32\nvvsvc.exe
    13:07:56.0659 2700 nvsvc - ok
    13:07:56.0691 2700 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    13:07:56.0693 2700 nv_agp - ok
    13:07:56.0698 2700 NwlnkFlt - ok
    13:07:56.0707 2700 NwlnkFwd - ok
    13:07:56.0741 2700 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    13:07:56.0744 2700 ohci1394 - ok
    13:07:56.0788 2700 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    13:07:56.0800 2700 p2pimsvc - ok
    13:07:56.0810 2700 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    13:07:56.0817 2700 p2psvc - ok
    13:07:56.0842 2700 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    13:07:56.0845 2700 Parport - ok
    13:07:56.0863 2700 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    13:07:56.0865 2700 partmgr - ok
    13:07:56.0884 2700 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    13:07:56.0886 2700 Parvdm - ok
    13:07:56.0915 2700 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    13:07:56.0918 2700 PcaSvc - ok
    13:07:56.0937 2700 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    13:07:56.0941 2700 pci - ok
    13:07:56.0963 2700 pciide (1d8b3d8df8eb7fcf2f0ac02f9f947802) C:\Windows\system32\drivers\pciide.sys
    13:07:56.0965 2700 pciide - ok
    13:07:56.0996 2700 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    13:07:57.0000 2700 pcmcia - ok
    13:07:57.0100 2700 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    13:07:57.0118 2700 PEAUTH - ok
    13:07:57.0254 2700 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    13:07:57.0286 2700 pla - ok
    13:07:57.0378 2700 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
    13:07:57.0384 2700 PlugPlay - ok
    13:07:57.0433 2700 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    13:07:57.0440 2700 PNRPAutoReg - ok
    13:07:57.0455 2700 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    13:07:57.0462 2700 PNRPsvc - ok
    13:07:57.0501 2700 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
    13:07:57.0509 2700 PolicyAgent - ok
    13:07:57.0556 2700 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    13:07:57.0558 2700 PptpMiniport - ok
    13:07:57.0573 2700 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
    13:07:57.0575 2700 Processor - ok
    13:07:57.0602 2700 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
    13:07:57.0607 2700 ProfSvc - ok
    13:07:57.0639 2700 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    13:07:57.0643 2700 ProtectedStorage - ok
    13:07:57.0661 2700 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    13:07:57.0665 2700 PSched - ok
    13:07:57.0729 2700 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
    13:07:57.0732 2700 PxHelp20 - ok
    13:07:57.0810 2700 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    13:07:57.0835 2700 ql2300 - ok
    13:07:57.0861 2700 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    13:07:57.0864 2700 ql40xx - ok
    13:07:57.0898 2700 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    13:07:57.0911 2700 QWAVE - ok
    13:07:57.0932 2700 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    13:07:57.0933 2700 QWAVEdrv - ok
    13:07:58.0110 2700 RalinkRegistryWriter (583608ee65aabf971117a61aee4bcaae) C:\Users\LUCY\Desktop\TP-LINK\COMMON\RaRegistry.exe
    13:07:58.0113 2700 RalinkRegistryWriter - ok
    13:07:58.0144 2700 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    13:07:58.0146 2700 RasAcd - ok
    13:07:58.0167 2700 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    13:07:58.0172 2700 RasAuto - ok
    13:07:58.0202 2700 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    13:07:58.0206 2700 Rasl2tp - ok
    13:07:58.0233 2700 RasMan (afb474438762f0418060653f7294d92c) C:\Windows\System32\rasmans.dll
    13:07:58.0241 2700 RasMan - ok
    13:07:58.0257 2700 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    13:07:58.0258 2700 RasPppoe - ok
    13:07:58.0280 2700 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    13:07:58.0281 2700 RasSstp - ok
    13:07:58.0310 2700 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    13:07:58.0315 2700 rdbss - ok
    13:07:58.0330 2700 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    13:07:58.0332 2700 RDPCDD - ok
    13:07:58.0359 2700 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
    13:07:58.0363 2700 rdpdr - ok
    13:07:58.0368 2700 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    13:07:58.0370 2700 RDPENCDD - ok
    13:07:58.0399 2700 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    13:07:58.0403 2700 RDPWD - ok
    13:07:58.0480 2700 Recovery Service for Windows (0d362785bef9bdf5a6e1f4628d06716d) C:\Program Files\SMINST\BLService.exe
    13:07:58.0486 2700 Recovery Service for Windows - ok
    13:07:58.0509 2700 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    13:07:58.0512 2700 RemoteAccess - ok
    13:07:58.0537 2700 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
    13:07:58.0544 2700 RemoteRegistry - ok
    13:07:58.0569 2700 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    13:07:58.0572 2700 RpcLocator - ok
    13:07:58.0626 2700 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    13:07:58.0638 2700 RpcSs - ok
    13:07:58.0673 2700 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    13:07:58.0676 2700 rspndr - ok
    13:07:58.0696 2700 RTSTOR (8dab5975b5c7923d61506a48e251dbad) C:\Windows\system32\drivers\RTSTOR.SYS
    13:07:58.0700 2700 RTSTOR - ok
    13:07:58.0739 2700 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    13:07:58.0743 2700 SamSs - ok
    13:07:58.0778 2700 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    13:07:58.0781 2700 sbp2port - ok
    13:07:58.0817 2700 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
    13:07:58.0823 2700 SCardSvr - ok
    13:07:58.0876 2700 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
    13:07:58.0887 2700 Schedule - ok
    13:07:58.0909 2700 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    13:07:58.0911 2700 SCPolicySvc - ok
    13:07:58.0936 2700 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    13:07:58.0939 2700 sdbus - ok
    13:07:58.0974 2700 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    13:07:58.0978 2700 SDRSVC - ok
    13:07:58.0990 2700 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    13:07:58.0992 2700 secdrv - ok
    13:07:59.0002 2700 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    13:07:59.0006 2700 seclogon - ok
    13:07:59.0024 2700 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    13:07:59.0027 2700 SENS - ok
    13:07:59.0050 2700 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    13:07:59.0053 2700 Serenum - ok
    13:07:59.0073 2700 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    13:07:59.0076 2700 Serial - ok
    13:07:59.0090 2700 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    13:07:59.0091 2700 sermouse - ok
    13:07:59.0122 2700 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    13:07:59.0126 2700 SessionEnv - ok
    13:07:59.0152 2700 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    13:07:59.0155 2700 sffdisk - ok
    13:07:59.0168 2700 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    13:07:59.0170 2700 sffp_mmc - ok
    13:07:59.0188 2700 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    13:07:59.0189 2700 sffp_sd - ok
    13:07:59.0200 2700 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    13:07:59.0202 2700 sfloppy - ok
    13:07:59.0244 2700 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    13:07:59.0250 2700 SharedAccess - ok
    13:07:59.0291 2700 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
    13:07:59.0298 2700 ShellHWDetection - ok
    13:07:59.0336 2700 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    13:07:59.0338 2700 sisagp - ok
    13:07:59.0357 2700 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    13:07:59.0358 2700 SiSRaid2 - ok
    13:07:59.0374 2700 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    13:07:59.0375 2700 SiSRaid4 - ok
    13:07:59.0521 2700 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
    13:07:59.0591 2700 slsvc - ok
    13:07:59.0683 2700 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
    13:07:59.0690 2700 SLUINotify - ok
    13:07:59.0729 2700 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    13:07:59.0732 2700 Smb - ok
    13:07:59.0770 2700 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    13:07:59.0776 2700 SNMPTRAP - ok
    13:07:59.0791 2700 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    13:07:59.0794 2700 spldr - ok
    13:07:59.0829 2700 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
    13:07:59.0837 2700 Spooler - ok
    13:07:59.0885 2700 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    13:07:59.0894 2700 srv - ok
    13:07:59.0945 2700 srv2 (96512f4a30b741e7d33a7936b9abbc20) C:\Windows\system32\DRIVERS\srv2.sys
    13:07:59.0948 2700 srv2 - ok
    13:07:59.0983 2700 srvnet (1c69e33e0e23626da5a34ca5ba0dd990) C:\Windows\system32\DRIVERS\srvnet.sys
    13:07:59.0986 2700 srvnet - ok
    13:08:00.0018 2700 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    13:08:00.0024 2700 SSDPSRV - ok
    13:08:00.0072 2700 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    13:08:00.0077 2700 SstpSvc - ok
    13:08:00.0110 2700 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
    13:08:00.0119 2700 stisvc - ok
    13:08:00.0134 2700 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    13:08:00.0136 2700 swenum - ok
    13:08:00.0381 2700 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
    13:08:00.0393 2700 swprv - ok
    13:08:00.0409 2700 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    13:08:00.0411 2700 Symc8xx - ok
    13:08:00.0426 2700 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    13:08:00.0429 2700 Sym_hi - ok
    13:08:00.0441 2700 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    13:08:00.0443 2700 Sym_u3 - ok
    13:08:00.0493 2700 SynTP (00b19f27858f56181edb58b71a7c67a0) C:\Windows\system32\DRIVERS\SynTP.sys
    13:08:00.0499 2700 SynTP - ok
    13:08:00.0545 2700 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
    13:08:00.0561 2700 SysMain - ok
    13:08:00.0586 2700 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    13:08:00.0594 2700 TabletInputService - ok
    13:08:00.0617 2700 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
    13:08:00.0627 2700 TapiSrv - ok
    13:08:00.0648 2700 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    13:08:00.0655 2700 TBS - ok
    13:08:00.0724 2700 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    13:08:00.0743 2700 Tcpip - ok
    13:08:00.0769 2700 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    13:08:00.0784 2700 Tcpip6 - ok
    13:08:00.0810 2700 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    13:08:00.0813 2700 tcpipreg - ok
    13:08:00.0829 2700 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    13:08:00.0831 2700 TDPIPE - ok
    13:08:00.0845 2700 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    13:08:00.0847 2700 TDTCP - ok
    13:08:00.0862 2700 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    13:08:00.0864 2700 tdx - ok
    13:08:00.0882 2700 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    13:08:00.0883 2700 TermDD - ok
    13:08:00.0922 2700 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
    13:08:00.0934 2700 TermService - ok
    13:08:00.0978 2700 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
    13:08:00.0983 2700 Themes - ok
    13:08:01.0017 2700 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    13:08:01.0020 2700 THREADORDER - ok
    13:08:01.0037 2700 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    13:08:01.0042 2700 TrkWks - ok
    13:08:01.0063 2700 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
    13:08:01.0064 2700 TrustedInstaller - ok
    13:08:01.0093 2700 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    13:08:01.0095 2700 tssecsrv - ok
    13:08:01.0120 2700 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    13:08:01.0122 2700 tunmp - ok
    13:08:01.0139 2700 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    13:08:01.0142 2700 tunnel - ok
    13:08:01.0181 2700 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    13:08:01.0184 2700 uagp35 - ok
    13:08:01.0203 2700 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    13:08:01.0211 2700 udfs - ok
    13:08:01.0246 2700 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    13:08:01.0252 2700 UI0Detect - ok
    13:08:01.0279 2700 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    13:08:01.0283 2700 uliagpkx - ok
    13:08:01.0318 2700 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    13:08:01.0325 2700 uliahci - ok
    13:08:01.0340 2700 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    13:08:01.0344 2700 UlSata - ok
    13:08:01.0376 2700 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    13:08:01.0379 2700 ulsata2 - ok
    13:08:01.0389 2700 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    13:08:01.0392 2700 umbus - ok
    13:08:01.0427 2700 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    13:08:01.0438 2700 upnphost - ok
    13:08:01.0480 2700 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
    13:08:01.0482 2700 USBAAPL - ok
    13:08:01.0530 2700 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    13:08:01.0533 2700 usbccgp - ok
    13:08:01.0552 2700 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    13:08:01.0556 2700 usbcir - ok
    13:08:01.0579 2700 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    13:08:01.0583 2700 usbehci - ok
    13:08:01.0602 2700 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    13:08:01.0609 2700 usbhub - ok
    13:08:01.0634 2700 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
    13:08:01.0637 2700 usbohci - ok
    13:08:01.0666 2700 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    13:08:01.0669 2700 usbprint - ok
    13:08:01.0715 2700 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    13:08:01.0718 2700 USBSTOR - ok
    13:08:01.0734 2700 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    13:08:01.0738 2700 usbuhci - ok
    13:08:01.0769 2700 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    13:08:01.0774 2700 usbvideo - ok
    13:08:01.0800 2700 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
    13:08:01.0807 2700 UxSms - ok
    13:08:01.0843 2700 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
    13:08:01.0852 2700 vds - ok
    13:08:01.0872 2700 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    13:08:01.0874 2700 vga - ok
    13:08:01.0889 2700 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    13:08:01.0890 2700 VgaSave - ok
    13:08:01.0906 2700 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    13:08:01.0909 2700 viaagp - ok
    13:08:01.0920 2700 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    13:08:01.0923 2700 ViaC7 - ok
    13:08:01.0947 2700 viaide (ea1aa6e3abb3c194feba12a46de8cf2c) C:\Windows\system32\drivers\viaide.sys
    13:08:01.0949 2700 viaide - ok
    13:08:01.0974 2700 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    13:08:01.0975 2700 volmgr - ok
    13:08:02.0010 2700 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    13:08:02.0016 2700 volmgrx - ok
    13:08:02.0041 2700 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    13:08:02.0046 2700 volsnap - ok
    13:08:02.0064 2700 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    13:08:02.0067 2700 vsmraid - ok
    13:08:02.0130 2700 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
    13:08:02.0147 2700 VSS - ok
    13:08:02.0175 2700 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
    13:08:02.0181 2700 W32Time - ok
    13:08:02.0218 2700 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    13:08:02.0220 2700 WacomPen - ok
    13:08:02.0237 2700 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    13:08:02.0239 2700 Wanarp - ok
    13:08:02.0244 2700 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    13:08:02.0245 2700 Wanarpv6 - ok
    13:08:02.0285 2700 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
    13:08:02.0294 2700 wcncsvc - ok
    13:08:02.0325 2700 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    13:08:02.0330 2700 WcsPlugInService - ok
    13:08:02.0351 2700 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    13:08:02.0353 2700 Wd - ok
    13:08:02.0382 2700 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    13:08:02.0390 2700 Wdf01000 - ok
    13:08:02.0412 2700 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    13:08:02.0416 2700 WdiServiceHost - ok
    13:08:02.0423 2700 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    13:08:02.0427 2700 WdiSystemHost - ok
    13:08:02.0452 2700 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
    13:08:02.0459 2700 WebClient - ok
    13:08:02.0495 2700 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    13:08:02.0500 2700 Wecsvc - ok
    13:08:02.0529 2700 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    13:08:02.0533 2700 wercplsupport - ok
    13:08:02.0562 2700 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
    13:08:02.0567 2700 WerSvc - ok
    13:08:02.0620 2700 winachsf (0acd399f5db3df1b58903cf4949ab5a8) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    13:08:02.0630 2700 winachsf - ok
    13:08:02.0703 2700 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    13:08:02.0708 2700 WinDefend - ok
    13:08:02.0723 2700 WinHttpAutoProxySvc - ok
    13:08:02.0768 2700 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
    13:08:02.0771 2700 Winmgmt - ok
    13:08:02.0855 2700 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    13:08:02.0884 2700 WinRM - ok
    13:08:02.0955 2700 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
    13:08:02.0965 2700 Wlansvc - ok
    13:08:03.0005 2700 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    13:08:03.0007 2700 WmiAcpi - ok
    13:08:03.0054 2700 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
    13:08:03.0057 2700 wmiApSrv - ok
    13:08:03.0152 2700 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    13:08:03.0165 2700 WMPNetworkSvc - ok
    13:08:03.0193 2700 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
    13:08:03.0198 2700 WPCSvc - ok
    13:08:03.0221 2700 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
    13:08:03.0225 2700 WPDBusEnum - ok
    13:08:03.0276 2700 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    13:08:03.0279 2700 WpdUsb - ok
    13:08:03.0297 2700 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    13:08:03.0298 2700 ws2ifsl - ok
    13:08:03.0329 2700 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\System32\wscsvc.dll
    13:08:03.0333 2700 wscsvc - ok
    13:08:03.0340 2700 WSearch - ok
    13:08:03.0457 2700 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    13:08:03.0502 2700 wuauserv - ok
    13:08:03.0600 2700 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    13:08:03.0603 2700 WUDFRd - ok
    13:08:03.0636 2700 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    13:08:03.0644 2700 wudfsvc - ok
    13:08:03.0674 2700 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
    13:08:03.0677 2700 XAudio - ok
    13:08:03.0713 2700 XAudioService (cd5f291a1161f15896d1a4d63daff5df) C:\Windows\system32\DRIVERS\xaudio.exe
    13:08:03.0723 2700 XAudioService - ok
    13:08:03.0774 2700 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
    13:08:03.0781 2700 yukonwlh - ok
    13:08:03.0806 2700 ZTEusbmdm6k - ok
    13:08:03.0821 2700 ZTEusbnmea - ok
    13:08:03.0832 2700 ZTEusbser6k - ok
    13:08:03.0877 2700 MBR (0x1B8) (588ae8f0c685c02ba11f30d9cd7e61a0) \Device\Harddisk0\DR0
    13:08:03.0946 2700 \Device\Harddisk0\DR0 - ok
    13:08:03.0954 2700 Boot (0x1200) (a58e3923b536cc8ef7980b615a3d01eb) \Device\Harddisk0\DR0\Partition0
    13:08:03.0955 2700 \Device\Harddisk0\DR0\Partition0 - ok
    13:08:03.0963 2700 Boot (0x1200) (f21f1b0243c58c9a1481abc1d3b57dfd) \Device\Harddisk0\DR0\Partition1
    13:08:03.0967 2700 \Device\Harddisk0\DR0\Partition1 - ok
    13:08:03.0967 2700 ============================================================
    13:08:03.0968 2700 Scan finished
    13:08:03.0968 2700 ============================================================
    13:08:03.0994 4928 Detected object count: 0
    13:08:03.0994 4928 Actual detected object count: 0
    13:10:11.0944 5724 Deinitialize success
     

    Attached Files:

    • MBR.zip
      File size:
      547 bytes
      Views:
      0
  5. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    452
    Please read through these instructions to familiarize yourself with what to expect when this tool runs

    Refer to the ComboFix User's Guide


    Download ComboFix from one of these locations:

    Link 1
    Link 2



    * IMPORTANT- Save ComboFix.exe to your Desktop

    ====================================================


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs


    ====================================================


    Double click on combofix.exe & follow the prompts.


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
     
  6. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
    ComboFix 12-08-09.01 - LUCY 11/08/2012 14:13:30.1.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.44.1033.18.2814.1839 [GMT 1:00]
    Running from: c:\users\LUCY\Downloads\ComboFix.exe
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\CLSV.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\CLSV.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\dudl.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\dudl.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\eb.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\energy.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\exec.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\fan.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\fan.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\fix.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\fix.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\fix.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\hymt.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\kernel32.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\pal.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\PE.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\runddl.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\runddl.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\runddl.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.tmp
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\sld.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\sld.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\SM.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\snl2w.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\snl2w.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\std.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\std.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\tjd.dll
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\tjd.exe
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp
    c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
    c:\windows\system32\SET899E.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-11 13:24 . 2012-08-11 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-08 20:30 . 2012-02-22 12:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-08-08 20:30 . 2012-02-22 12:29 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-08-08 20:30 . 2012-02-22 12:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-08-08 20:30 . 2012-02-22 12:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-08-07 18:25 . 2012-08-07 18:25 -------- d-----w- c:\users\LUCY\AppData\Roaming\WinPatrol
    2012-08-07 18:25 . 2012-08-07 18:25 -------- d-----w- c:\program files\BillP Studios
    2012-08-07 18:25 . 2012-08-07 18:25 -------- d-----w- c:\programdata\InstallMate
    2012-08-06 16:13 . 2012-08-06 17:53 -------- d-----w- c:\programdata\Ralink
    2012-08-06 16:10 . 2010-06-25 14:57 848224 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2012-08-06 16:10 . 2010-06-25 14:57 238880 ----a-w- c:\windows\system32\RaCoInst.dll
    2012-08-06 16:10 . 2012-08-06 16:10 -------- d-----w- c:\programdata\TP-LINK Driver
    2012-08-06 16:09 . 2010-06-25 14:57 776480 ----a-w- c:\windows\system32\RAIHV.dll
    2012-08-06 16:09 . 2010-06-25 14:57 1590560 ----a-w- c:\windows\system32\RaCertMgr.dll
    2012-08-06 16:09 . 2010-06-25 14:57 102688 ----a-w- c:\windows\system32\RAEXTUI.dll
    2012-08-04 12:22 . 2012-05-25 16:13 151912 ----a-w- c:\windows\system32\mfevtps.exe
    2012-08-04 12:22 . 2012-02-22 12:29 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-08-04 12:22 . 2012-02-22 12:29 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-08-03 20:44 . 2012-08-03 20:44 -------- d-----w- c:\program files\Xirrus
    2012-08-03 20:43 . 2012-08-03 20:43 -------- d-----w- c:\users\LUCY\AppData\Roaming\Xirrus
    2012-08-03 20:23 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-03 20:23 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-03 20:20 . 2012-08-03 20:20 -------- d-----w- c:\program files\iPod
    2012-08-03 20:20 . 2012-08-03 20:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-08-03 20:20 . 2012-08-03 20:23 -------- d-----w- c:\program files\iTunes
    2012-08-03 20:18 . 2012-08-03 20:18 -------- d-----w- c:\program files\Apple Software Update
    2012-08-03 20:01 . 2012-08-03 20:01 -------- d-----w- c:\program files\Bonjour
    2012-08-03 19:50 . 2012-08-03 19:50 -------- d-----w- c:\users\LUCY\AppData\Local\Apps
    2012-08-03 19:50 . 2012-08-03 19:50 -------- d-----w- c:\users\LUCY\AppData\Local\Deployment
    2012-08-03 19:44 . 2012-08-03 19:43 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-03 19:44 . 2012-08-03 19:43 472880 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-03 19:40 . 2012-08-03 19:40 -------- d-----w- c:\users\LUCY\AppData\Roaming\Malwarebytes
    2012-08-03 19:40 . 2012-08-03 19:40 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-03 19:30 . 2012-08-08 20:32 -------- d-----w- c:\program files\Common Files\McAfee
    2012-08-03 19:30 . 2012-08-08 20:33 -------- d-----w- c:\program files\McAfee
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-30 22058792]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
    .
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TalkTalk Diagnostic Reporting Tool.exe [2010-9-8 728024]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    TP-LINK Wireless Utility.lnk - c:\users\LUCY\Desktop\TP-LINK\COMMON\TWCU.exe [2012-8-6 1638400]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 2 (0x2)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - 63643150
    *NewlyCreated* - ASWMBR
    *Deregistered* - 63643150
    *Deregistered* - aswMBR
    *Deregistered* - mfeavfk01
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986291307-1994827417-4254001572-1000Core.job
    - c:\users\LUCY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 19:50]
    .
    2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986291307-1994827417-4254001572-1000UA.job
    - c:\users\LUCY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 19:50]
    .
    2012-08-05 c:\windows\Tasks\HPCeeScheduleForLUCY.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-26 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sky.com
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091105115744
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-11 14:24
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-08-11 14:27:18
    ComboFix-quarantined-files.txt 2012-08-11 13:27
    .
    Pre-Run: 161,921,986,560 bytes free
    Post-Run: 163,906,158,592 bytes free
    .
    - - End Of File - - D0F2A0FD47218B2D58EB294D5600F15E
     
  7. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    452
    Hi,

    Download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should automatically reboot your machine,
    • if it doesn't, manually reboot to ensure a complete clean
    ===================================================

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan

    Note: If you are using Windows Vista/7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



    1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESET OnlineScan
    2. Click the [​IMG] button.
    3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      1. Click on [​IMG] to download the ESET Smart Installer. Save it to your desktop.
      2. Double click on the [​IMG] icon on your desktop.
    4. Check [​IMG]
    5. Click the [​IMG] button.
    6. Accept any security warnings from your browser.
    7. Check [​IMG]
    8. Make sure that the option "Remove found threats" is Unchecked
    9. Push the Start button.
    10. ESET will then download updates for itself, install itself, and begin
      scanning your computer. Please be patient as this can take some time.
    11. When the scan completes, push [​IMG]
    12. Push [​IMG], and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
    13. Push the Back button.
    14. Make sure you saved the log somewhere else. Select Uninstall application on close check box and push [​IMG]
    ===================================================

    Malwarebytes' Anti-Malware
    Download Malwarebytes' Anti-Malware here and save to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program. (Note to Vista users, please right-click and select Run as Administrator.)
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform quick scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
    • The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.


    ===================================================

    On your next reply please post :
    ESET log
    MBAM log
    How is your machine behaving at the moment?


    Please STOP and let me know if you have any problems in performing with the steps above or any questions you may have.

    Good Day!
     
  8. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
    Hi here you go, the laptop is still kind of the same. Is it correct that during the ESET scan i was to UNCHECK the box that says remove found threats as as you can see from the logs there were a few threats found?



    C:\Program Files\Bandoo\Plugins\MSN\msnplugin.dll a variant of Win32/Adware.Bandoo.AA application
    C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
    C:\Users\LUCY\AppData\LocalLow\MyWebSearch\bar\setups\mwsautSp.exe a variant of Win32/Toolbar.MyWebSearch.K application



    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.12.05

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 7.0.6001.18000
    LUCY :: LUCY-PC [administrator]

    Protection: Disabled

    12/08/2012 22:50:53
    mbam-log-2012-08-12 (22-50-53).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 191157
    Time elapsed: 6 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  9. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    452
    Yes, that is correct. Now allow ESET to cure the items.

    Please run DDS one more time and post the log in your next reply.
     
  10. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
    On your previous post you asked me uninstall ESET scanner?
     
  11. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    452
    Please follow all previous instructions regarding security programs.

    Open a new Notepad session
    • Click the Start button, click run
    • in the run box type notepad
    • click ok
    • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
    • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

    Code:
    File::
    C:\Program Files\Bandoo\Plugins\MSN\msnplugin.dll
    C:\Program Files\Windows Live\Messenger\msimg32.dll
    C:\Program Files\Windows Live\Messenger\riched20.dll
    
    Folder::
    C:\Users\LUCY\AppData\LocalLow\MyWebSearch
    

    In the notepad
    • Click File, Save as..., and set the Save in to your Desktop
    • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
    • Click save
    Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

    This will start ComboFix again.Close all browser/windows first.

    When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    [​IMG]
     
  12. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
    here you go...


    ComboFix 12-08-13.01 - LUCY 13/08/2012 19:27:18.2.2 - x86
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6001.1.1252.44.1033.18.2814.2003 [GMT 1:00]
    Running from: c:\users\LUCY\Downloads\ComboFix.exe
    Command switches used :: c:\users\LUCY\Desktop\CFScript.txt.txt
    AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\program files\Bandoo\Plugins\MSN\msnplugin.dll"
    "c:\program files\Windows Live\Messenger\msimg32.dll"
    "c:\program files\Windows Live\Messenger\riched20.dll"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\LUCY\AppData\LocalLow\MyWebSearch
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\avatar.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\bgfadel.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\bgfader.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\common-x.css
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\common.css
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\cornerbl.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\cornerbr.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\ext_def.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\ext_roll.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\include.js
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\index.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\loader.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\loading.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\logo.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\max_def.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\max_roll.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\min_def.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\min_roll.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\noflash.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\res_def.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\res_roll.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\spacer.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\spacer.swf
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\topgrad.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Avatar\COMMON\window.ico
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\0001BEDB.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00030608.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00032145
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00033C92.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\0003403A.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\0003422D.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\000344DC.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\000346FE.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\0003D364.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00040C30
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00041812
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\000480C3.bmp
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00057119
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\000ADE6C.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\000AE291.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\000AE742.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\000AE8F7.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\0014DD82
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00249202.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00249942.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\003A5ED2.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\003A6114.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\003A6393.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\003A669F.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\0040403B.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00456B51.bmp
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00694F1B.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\00695533.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\006957C2.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\007BAF44
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\0097678B
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\019487DC.bin
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\History\search3
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\8_step1.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\ask_logo.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\autoup.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkez.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgr.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkgs.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bklf.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkrg.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzc.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzl.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzn.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzq.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzr.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzu.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzv.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzw.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2d.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn2r.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3d.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\blubtn3r.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\center.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\index.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\logo_ZJ.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\logo_ZR.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mid_dots.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\mws_logo.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\protect.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\reb_bg.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebbtnbg.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebbtnn1.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebbtnn2.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebbtny1.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebbtny2.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebclose.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut2.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4b.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\rebut4c.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shield.png
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\shocked.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\stop.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systray.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\systrayp.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\tp_grad.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Message\COMMON\warn.gif
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm.bak
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat.bak
    c:\users\LUCY\AppData\LocalLow\MyWebSearch\bar\setups\mwsautSp.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-13 18:41 . 2012-08-13 18:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-13 18:32 . 2012-08-13 18:32 0 ---ha-w- c:\users\LUCY\BIT5727.tmp
    2012-08-12 21:49 . 2012-08-12 21:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-12 21:49 . 2012-07-03 12:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-08 20:30 . 2012-02-22 12:29 9608 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 87656 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2012-08-08 20:30 . 2012-02-22 12:29 64912 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 59456 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 57600 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2012-08-08 20:30 . 2012-02-22 12:29 340920 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2012-08-08 20:30 . 2012-02-22 12:29 180848 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2012-08-08 20:30 . 2012-02-22 12:29 169608 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
    2012-08-07 18:25 . 2012-08-07 18:25 -------- d-----w- c:\users\LUCY\AppData\Roaming\WinPatrol
    2012-08-07 18:25 . 2012-08-07 18:25 -------- d-----w- c:\program files\BillP Studios
    2012-08-07 18:25 . 2012-08-07 18:25 -------- d-----w- c:\programdata\InstallMate
    2012-08-06 16:13 . 2012-08-06 17:53 -------- d-----w- c:\programdata\Ralink
    2012-08-06 16:10 . 2010-06-25 14:57 848224 ----a-w- c:\windows\system32\drivers\netr28u.sys
    2012-08-06 16:10 . 2010-06-25 14:57 238880 ----a-w- c:\windows\system32\RaCoInst.dll
    2012-08-06 16:10 . 2012-08-06 16:10 -------- d-----w- c:\programdata\TP-LINK Driver
    2012-08-06 16:09 . 2010-06-25 14:57 776480 ----a-w- c:\windows\system32\RAIHV.dll
    2012-08-06 16:09 . 2010-06-25 14:57 1590560 ----a-w- c:\windows\system32\RaCertMgr.dll
    2012-08-06 16:09 . 2010-06-25 14:57 102688 ----a-w- c:\windows\system32\RAEXTUI.dll
    2012-08-04 12:22 . 2012-05-25 16:13 151912 ----a-w- c:\windows\system32\mfevtps.exe
    2012-08-04 12:22 . 2012-02-22 12:29 464304 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2012-08-04 12:22 . 2012-02-22 12:29 121544 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2012-08-03 20:44 . 2012-08-03 20:44 -------- d-----w- c:\program files\Xirrus
    2012-08-03 20:43 . 2012-08-03 20:43 -------- d-----w- c:\users\LUCY\AppData\Roaming\Xirrus
    2012-08-03 20:23 . 2009-05-18 12:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2012-08-03 20:23 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2012-08-03 20:20 . 2012-08-03 20:20 -------- d-----w- c:\program files\iPod
    2012-08-03 20:20 . 2012-08-03 20:23 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2012-08-03 20:20 . 2012-08-03 20:23 -------- d-----w- c:\program files\iTunes
    2012-08-03 20:18 . 2012-08-03 20:18 -------- d-----w- c:\program files\Apple Software Update
    2012-08-03 20:01 . 2012-08-03 20:01 -------- d-----w- c:\program files\Bonjour
    2012-08-03 19:50 . 2012-08-03 19:50 -------- d-----w- c:\users\LUCY\AppData\Local\Apps
    2012-08-03 19:50 . 2012-08-03 19:50 -------- d-----w- c:\users\LUCY\AppData\Local\Deployment
    2012-08-03 19:44 . 2012-08-03 19:43 476976 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-08-03 19:44 . 2012-08-03 19:43 472880 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-03 19:40 . 2012-08-03 19:40 -------- d-----w- c:\users\LUCY\AppData\Roaming\Malwarebytes
    2012-08-03 19:40 . 2012-08-03 19:40 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-03 19:30 . 2012-08-08 20:32 -------- d-----w- c:\program files\Common Files\McAfee
    2012-08-03 19:30 . 2012-08-08 20:33 -------- d-----w- c:\program files\McAfee
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
    "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 13797920]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
    "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\users\LUCY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    TalkTalk Diagnostic Reporting Tool.exe [2010-9-8 728024]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    TP-LINK Wireless Utility.lnk - c:\users\LUCY\Desktop\TP-LINK\COMMON\TWCU.exe [2012-8-6 1638400]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 2 (0x2)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    --- Other Services/Drivers In Memory ---
    .
    *Deregistered* - mfeavfk01
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986291307-1994827417-4254001572-1000Core.job
    - c:\users\LUCY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 19:50]
    .
    2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1986291307-1994827417-4254001572-1000UA.job
    - c:\users\LUCY\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-03 19:50]
    .
    2012-08-13 c:\windows\Tasks\HPCeeScheduleForLUCY.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-26 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.sky.com
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_gb&c=91&bd=Presario&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.0.1
    DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20091105115744
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-13 19:41
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-08-13 19:45:36
    ComboFix-quarantined-files.txt 2012-08-13 18:45
    ComboFix2.txt 2012-08-11 13:27
    .
    Pre-Run: 164,297,646,080 bytes free
    Post-Run: 164,261,744,640 bytes free
    .
    - - End Of File - - 1777150E1CD6CA5C4F85AE1B42AE7AC5
     
  13. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    452
    You might want to try defrag your hard drive and see if there's any different at all. Feel free to ask any questions.

    Auslogics Disk Defrag is one of the good software for maintenance.
     
  14. Mrjamieson

    Mrjamieson Thread Starter

    Joined:
    Jul 22, 2012
    Messages:
    58
    I have already noticed a massive difference in the laptops performance and i will try this aswell. I take it i wont lose any data its just sort of a rearangement of space?
     
  15. Conspire

    Conspire Malware Specialist

    Joined:
    Feb 3, 2011
    Messages:
    452
    Yes. That is correct. You won't lose any data for this. :)

    Are there any issues left to address? If not we will wrap this up.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1064223

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice