Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ping.exe, google keeps redirecting


  • This topic is locked This topic is locked
38 replies to this topic

#1 grogall

grogall

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 10 April 2012 - 11:33 PM

I've ran malwarebytes, superantispyware, rkill, tdsskiller, and even combofix. Combofix created an error in the load up of windows, so I had to restore the backup in order for windows to operate again.
I've had the ping.exe virus before and I believe I was able to delete it with the use of all these, however, I can't seem to get rid of it this time.

My Gmer scan looks different from what was displayed on the site. I can't check or uncheck any boxes.




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Ryan at 17:36:45 on 2012-04-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.1858 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\ltmoh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\ping.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDcwMDgxNDU0LVhPMzYrMS1GUDkrNi1TVDErMi1OMUYrMS1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMg"&"prod=90"&"ver=10.0.1170
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{216A3054-B68F-4653-8CA6-FB5EF3F2B7E0} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9D7053FE-B752-4B3D-954A-C7817695F09A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{9D7053FE-B752-4B3D-954A-C7817695F09A}\341647348616472387 : DhcpNameServer = 131.96.1.4 131.96.1.6
TCP: Interfaces\{9D7053FE-B752-4B3D-954A-C7817695F09A}\A4F616E6 : DhcpNameServer = 192.168.254.254
TCP: Interfaces\{9D7053FE-B752-4B3D-954A-C7817695F09A}\C696E6B6379737F5355435F53333132343 : DhcpNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{9D7053FE-B752-4B3D-954A-C7817695F09A}\D697177756374783936393 : DhcpNameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{9D7053FE-B752-4B3D-954A-C7817695F09A}\E4544574541425 : DhcpNameServer = 192.168.0.1
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDcwMDgxNDU0LVhPMzYrMS1GUDkrNi1TVDErMi1OMUYrMS1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMg"&"prod=90"&"ver=10.0.1170
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-7-7 65904]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-2-26 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-8-3 137560]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176]
S3 ewusbnet;HUAWEI USB-NDIS miniport;C:\windows\system32\DRIVERS\ewusbnet.sys --> C:\windows\system32\DRIVERS\ewusbnet.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-04-10 09:06:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{195FE194-4101-4853-A3D8-29614AF7F421}\offreg.dll
2012-04-10 07:57:28 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-04-10 07:57:28 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-04-06 07:22:15 -------- d-----we C:\windows\system64
2012-04-06 05:30:24 -------- d-s---w- C:\ComboFix
2012-04-06 05:09:56 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-04 08:38:09 0 --sha-w- C:\windows\System32\dds_trash_log.cmd
2012-03-22 07:35:55 -------- d-----w- C:\Users\Ryan\FrostWire
2012-03-22 07:35:46 -------- d-----w- C:\Users\Ryan\.frostwire5
2012-03-22 07:35:22 -------- d-----w- C:\Users\Ryan\AppData\Local\APN
2012-03-22 07:28:14 -------- d-----w- C:\Users\Ryan\AppData\Local\The Weather Channel
2012-03-22 07:26:26 -------- d-----w- C:\Users\Ryan\AppData\Local\Babylon
2012-03-22 07:26:26 -------- d-----w- C:\ProgramData\Babylon
2012-03-22 07:26:25 -------- d-----w- C:\Users\Ryan\AppData\Roaming\Babylon
2012-03-22 07:25:16 -------- d-----w- C:\Program Files (x86)\Conduit
2012-03-22 07:25:15 -------- d-----w- C:\Users\Ryan\AppData\Local\Conduit
2012-03-19 07:20:59 -------- d-----w- C:\Program Files (x86)\ExpressFiles
2012-03-19 07:08:10 -------- d-----w- C:\ProgramData\Tarma Installer
2012-03-19 07:08:06 -------- d-----w- C:\Program Files (x86)\fbphotozoom
2012-03-16 04:02:08 -------- d-----w- C:\Users\Ryan\AppData\Roaming\xmldm
2012-03-16 04:02:08 -------- d-----w- C:\Users\Ryan\AppData\Roaming\kock
.
==================== Find3M ====================
.
2012-01-14 04:02:25 3143168 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 17:37:32.94 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 11 April 2012 - 02:18 AM

Hello grogall and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

My Gmer scan looks different from what was displayed on the site. I can't check or uncheck any boxes.

This is because you have a 64 bit operating system, and GMER operates differently on a 64bit O.S.

Do you have access to a USB flash drive that we could utilize?


-----
It appears you're infected with an infection known as ZeroAccess.

ZeroAccess (Max++) Rootkit (aka: Sirefef) is a sophisticated rootkit that uses advanced technology to hide its presence in a system and can infect both x86 and x64 platforms. ZeroAccess is similar to the TDSS rootkit but has more self-protection mechanisms that can be used to disable anti-virus software resulting in "Access Denied" messages whenever you run a security application. For more specific information about this infection, please refer to:


NEXT:



Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure SKIP is selected, then click Continue.

    Posted Image
  • Note: Do not choose Cure or Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


NEXT:



Farbar Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


NEXT:


Running OTL

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Copy and Paste the following code into the Posted Image textbox.
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    "%WinDir%\$NtUninstallKB*$." /30
    C:\Program Files\Common Files\ComObjects\*.* /s
    %systemroot%\*. /mp /s
    %systemroot%\*. /rp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %SYSTEMDRIVE%\*.exe
    C:\Users\Ryan\AppData\Roaming\xmldm\*.* /s
    C:\Users\Ryan\AppData\Roaming\kock\*.* /s
    /md5start
    volsnap.sys
    atapi.sys
    explorer.exe
    winlogon.exe
    wininit.exe
    tdx.sys
    afd.sys
    /md5stop
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized


NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. TDSSKiller log.
3. Farbar Service Scanner log.
4. OTL.txt & Extras.txt logs.
5. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.


Please let me know how the above scans go.

Kindest Regards,
ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 grogall

grogall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 11 April 2012 - 03:48 AM

1. Thank you ST for your time. I really appreciate it. I do have a flash drive that can be used as well.


2. TDSSKILLER REPORT


04:08:46.0890 5724 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
04:08:47.0284 5724 ============================================================
04:08:47.0284 5724 Current date / time: 2012/04/11 04:08:47.0284
04:08:47.0284 5724 SystemInfo:
04:08:47.0284 5724
04:08:47.0284 5724 OS Version: 6.1.7600 ServicePack: 0.0
04:08:47.0284 5724 Product type: Workstation
04:08:47.0284 5724 ComputerName: RYAN-PC
04:08:47.0284 5724 UserName: Ryan
04:08:47.0284 5724 Windows directory: C:\windows
04:08:47.0284 5724 System windows directory: C:\windows
04:08:47.0284 5724 Running under WOW64
04:08:47.0284 5724 Processor architecture: Intel x64
04:08:47.0284 5724 Number of processors: 2
04:08:47.0284 5724 Page size: 0x1000
04:08:47.0284 5724 Boot type: Normal boot
04:08:47.0284 5724 ============================================================
04:08:48.0526 5724 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:08:48.0530 5724 \Device\Harddisk0\DR0:
04:08:48.0530 5724 MBR used
04:08:48.0530 5724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F65800
04:08:48.0562 5724 Initialize success
04:08:48.0562 5724 ============================================================
04:09:37.0142 5136 ============================================================
04:09:37.0142 5136 Scan started
04:09:37.0142 5136 Mode: Manual; SigCheck; TDLFS;
04:09:37.0142 5136 ============================================================
04:09:38.0298 5136 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
04:09:38.0336 5136 !SASCORE - ok
04:09:38.0466 5136 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
04:09:38.0519 5136 1394ohci - ok
04:09:38.0631 5136 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
04:09:38.0647 5136 ACPI - ok
04:09:38.0753 5136 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
04:09:38.0812 5136 AcpiPmi - ok
04:09:38.0947 5136 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
04:09:38.0964 5136 adp94xx - ok
04:09:39.0100 5136 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
04:09:39.0115 5136 adpahci - ok
04:09:39.0236 5136 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
04:09:39.0249 5136 adpu320 - ok
04:09:39.0343 5136 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
04:09:39.0379 5136 AeLookupSvc - ok
04:09:39.0758 5136 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
04:09:39.0805 5136 AFD - ok
04:09:39.0892 5136 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
04:09:39.0936 5136 AgereModemAudio - ok
04:09:40.0087 5136 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys
04:09:40.0144 5136 AgereSoftModem - ok
04:09:40.0260 5136 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
04:09:40.0271 5136 agp440 - ok
04:09:40.0383 5136 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
04:09:40.0406 5136 ALG - ok
04:09:40.0504 5136 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
04:09:40.0512 5136 aliide - ok
04:09:40.0611 5136 AMD External Events Utility (98a2774d3f18c107874c8c1163ebe484) C:\windows\system32\atiesrxx.exe
04:09:40.0686 5136 AMD External Events Utility - ok
04:09:40.0799 5136 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
04:09:40.0807 5136 amdide - ok
04:09:40.0927 5136 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
04:09:40.0941 5136 AmdK8 - ok
04:09:41.0053 5136 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
04:09:41.0083 5136 AmdPPM - ok
04:09:41.0238 5136 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
04:09:41.0248 5136 amdsata - ok
04:09:41.0356 5136 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
04:09:41.0368 5136 amdsbs - ok
04:09:41.0510 5136 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
04:09:41.0518 5136 amdxata - ok
04:09:41.0682 5136 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
04:09:41.0710 5136 AppID - ok
04:09:41.0820 5136 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
04:09:41.0870 5136 AppIDSvc - ok
04:09:41.0985 5136 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
04:09:42.0031 5136 Appinfo - ok
04:09:42.0166 5136 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
04:09:42.0176 5136 Apple Mobile Device - ok
04:09:42.0305 5136 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
04:09:42.0315 5136 arc - ok
04:09:42.0435 5136 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
04:09:42.0445 5136 arcsas - ok
04:09:42.0558 5136 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
04:09:42.0614 5136 AsyncMac - ok
04:09:42.0712 5136 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
04:09:42.0720 5136 atapi - ok
04:09:42.0969 5136 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\windows\system32\DRIVERS\atikmdag.sys
04:09:43.0161 5136 atikmdag - ok
04:09:43.0277 5136 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
04:09:43.0296 5136 AtiPcie - ok
04:09:43.0447 5136 atksgt (fc0e8778c000291caf60eb88c011e931) C:\windows\system32\DRIVERS\atksgt.sys
04:09:43.0461 5136 atksgt - ok
04:09:43.0558 5136 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
04:09:43.0601 5136 AudioEndpointBuilder - ok
04:09:43.0617 5136 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
04:09:43.0691 5136 AudioSrv - ok
04:09:43.0828 5136 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
04:09:43.0856 5136 AxInstSV - ok
04:09:43.0979 5136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
04:09:44.0011 5136 b06bdrv - ok
04:09:44.0130 5136 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
04:09:44.0144 5136 b57nd60a - ok
04:09:44.0265 5136 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
04:09:44.0312 5136 BDESVC - ok
04:09:44.0435 5136 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
04:09:44.0484 5136 Beep - ok
04:09:44.0604 5136 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
04:09:44.0674 5136 BITS - ok
04:09:44.0955 5136 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
04:09:44.0984 5136 blbdrive - ok
04:09:45.0068 5136 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
04:09:45.0082 5136 Bonjour Service - ok
04:09:45.0197 5136 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
04:09:45.0238 5136 bowser - ok
04:09:45.0360 5136 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
04:09:45.0388 5136 BrFiltLo - ok
04:09:45.0490 5136 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
04:09:45.0504 5136 BrFiltUp - ok
04:09:45.0627 5136 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
04:09:45.0674 5136 BridgeMP - ok
04:09:45.0759 5136 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
04:09:45.0817 5136 Browser - ok
04:09:45.0912 5136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
04:09:45.0966 5136 Brserid - ok
04:09:46.0062 5136 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
04:09:46.0087 5136 BrSerWdm - ok
04:09:46.0195 5136 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
04:09:46.0230 5136 BrUsbMdm - ok
04:09:46.0318 5136 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
04:09:46.0346 5136 BrUsbSer - ok
04:09:46.0453 5136 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
04:09:46.0486 5136 BTHMODEM - ok
04:09:46.0599 5136 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
04:09:46.0648 5136 bthserv - ok
04:09:46.0799 5136 bwcsrv (5f22132c9153639762708909f156b33d) C:\windows\system32\vaiomediaplatform-integratedserver-appserver.dll
04:09:46.0801 5136 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - infected
04:09:46.0801 5136 bwcsrv - detected Backdoor.Multi.ZAccess.gen (0)
04:09:46.0889 5136 catchme - ok
04:09:46.0985 5136 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
04:09:47.0035 5136 cdfs - ok
04:09:47.0147 5136 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
04:09:47.0175 5136 cdrom - ok
04:09:47.0308 5136 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
04:09:47.0344 5136 CertPropSvc - ok
04:09:47.0466 5136 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
04:09:47.0475 5136 cfWiMAXService - ok
04:09:47.0586 5136 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
04:09:47.0625 5136 circlass - ok
04:09:47.0721 5136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
04:09:47.0736 5136 CLFS - ok
04:09:47.0824 5136 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:09:47.0833 5136 clr_optimization_v2.0.50727_32 - ok
04:09:47.0915 5136 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
04:09:47.0923 5136 clr_optimization_v2.0.50727_64 - ok
04:09:48.0092 5136 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:09:48.0103 5136 clr_optimization_v4.0.30319_32 - ok
04:09:48.0252 5136 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
04:09:48.0261 5136 clr_optimization_v4.0.30319_64 - ok
04:09:48.0360 5136 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
04:09:48.0383 5136 CmBatt - ok
04:09:48.0478 5136 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
04:09:48.0487 5136 cmdide - ok
04:09:48.0598 5136 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
04:09:48.0655 5136 CNG - ok
04:09:48.0771 5136 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
04:09:48.0779 5136 Compbatt - ok
04:09:48.0885 5136 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
04:09:48.0900 5136 CompositeBus - ok
04:09:48.0989 5136 COMSysApp - ok
04:09:49.0086 5136 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
04:09:49.0092 5136 ConfigFree Gadget Service - ok
04:09:49.0189 5136 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
04:09:49.0199 5136 ConfigFree Service - ok
04:09:49.0294 5136 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
04:09:49.0303 5136 crcdisk - ok
04:09:49.0401 5136 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
04:09:49.0457 5136 CryptSvc - ok
04:09:49.0565 5136 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
04:09:49.0608 5136 DcomLaunch - ok
04:09:49.0704 5136 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
04:09:49.0761 5136 defragsvc - ok
04:09:49.0876 5136 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
04:09:49.0954 5136 DfsC - ok
04:09:50.0064 5136 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
04:09:50.0083 5136 Dhcp - ok
04:09:50.0180 5136 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
04:09:50.0232 5136 discache - ok
04:09:50.0350 5136 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
04:09:50.0360 5136 Disk - ok
04:09:50.0483 5136 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
04:09:50.0504 5136 Dnscache - ok
04:09:50.0595 5136 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
04:09:50.0654 5136 dot3svc - ok
04:09:50.0755 5136 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
04:09:50.0815 5136 DPS - ok
04:09:50.0921 5136 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
04:09:50.0951 5136 drmkaud - ok
04:09:51.0074 5136 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
04:09:51.0100 5136 DXGKrnl - ok
04:09:51.0212 5136 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
04:09:51.0269 5136 EapHost - ok
04:09:51.0439 5136 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
04:09:51.0551 5136 ebdrv - ok
04:09:51.0642 5136 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
04:09:51.0670 5136 EFS - ok
04:09:51.0758 5136 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
04:09:51.0800 5136 ehRecvr - ok
04:09:51.0860 5136 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
04:09:51.0889 5136 ehSched - ok
04:09:52.0008 5136 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
04:09:52.0027 5136 elxstor - ok
04:09:52.0128 5136 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
04:09:52.0160 5136 ErrDev - ok
04:09:52.0272 5136 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
04:09:52.0332 5136 EventSystem - ok
04:09:52.0446 5136 ewusbnet (18fa0e750b1a617fb523358491948c52) C:\windows\system32\DRIVERS\ewusbnet.sys
04:09:52.0481 5136 ewusbnet - ok
04:09:52.0582 5136 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
04:09:52.0637 5136 exfat - ok
04:09:52.0740 5136 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
04:09:52.0777 5136 fastfat - ok
04:09:52.0895 5136 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
04:09:52.0952 5136 Fax - ok
04:09:53.0045 5136 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
04:09:53.0070 5136 fdc - ok
04:09:53.0176 5136 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
04:09:53.0228 5136 fdPHost - ok
04:09:53.0325 5136 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
04:09:53.0374 5136 FDResPub - ok
04:09:53.0479 5136 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
04:09:53.0488 5136 FileInfo - ok
04:09:53.0573 5136 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
04:09:53.0621 5136 Filetrace - ok
04:09:53.0720 5136 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
04:09:53.0747 5136 flpydisk - ok
04:09:53.0848 5136 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
04:09:53.0862 5136 FltMgr - ok
04:09:53.0979 5136 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
04:09:54.0019 5136 FontCache - ok
04:09:54.0107 5136 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
04:09:54.0114 5136 FontCache3.0.0.0 - ok
04:09:54.0206 5136 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
04:09:54.0217 5136 FsDepends - ok
04:09:54.0313 5136 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
04:09:54.0322 5136 Fs_Rec - ok
04:09:54.0442 5136 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
04:09:54.0456 5136 fvevol - ok
04:09:54.0551 5136 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
04:09:54.0560 5136 gagp30kx - ok
04:09:54.0684 5136 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
04:09:54.0691 5136 GEARAspiWDM - ok
04:09:54.0792 5136 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
04:09:54.0839 5136 gpsvc - ok
04:09:54.0978 5136 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:09:55.0008 5136 gupdate - ok
04:09:55.0157 5136 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
04:09:55.0165 5136 gupdatem - ok
04:09:55.0286 5136 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
04:09:55.0296 5136 gusvc - ok
04:09:55.0381 5136 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
04:09:55.0412 5136 hcw85cir - ok
04:09:55.0531 5136 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
04:09:55.0571 5136 HdAudAddService - ok
04:09:55.0685 5136 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
04:09:55.0700 5136 HDAudBus - ok
04:09:55.0795 5136 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
04:09:55.0831 5136 HidBatt - ok
04:09:55.0931 5136 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
04:09:55.0946 5136 HidBth - ok
04:09:56.0067 5136 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
04:09:56.0098 5136 HidIr - ok
04:09:56.0173 5136 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
04:09:56.0222 5136 hidserv - ok
04:09:56.0336 5136 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
04:09:56.0357 5136 HidUsb - ok
04:09:56.0449 5136 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
04:09:56.0507 5136 hkmsvc - ok
04:09:56.0591 5136 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
04:09:56.0635 5136 HomeGroupListener - ok
04:09:56.0718 5136 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
04:09:56.0732 5136 HomeGroupProvider - ok
04:09:56.0826 5136 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
04:09:56.0836 5136 HpSAMD - ok
04:09:56.0967 5136 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
04:09:57.0035 5136 HTTP - ok
04:09:57.0186 5136 hwdatacard (f57e489800543b69fe196f51ca9c85b5) C:\windows\system32\DRIVERS\ewusbmdm.sys
04:09:57.0247 5136 hwdatacard - ok
04:09:57.0339 5136 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
04:09:57.0347 5136 hwpolicy - ok
04:09:57.0495 5136 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
04:09:57.0508 5136 i8042prt - ok
04:09:57.0634 5136 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
04:09:57.0650 5136 iaStorV - ok
04:09:57.0769 5136 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
04:09:57.0792 5136 idsvc - ok
04:09:57.0889 5136 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
04:09:57.0898 5136 iirsp - ok
04:09:58.0018 5136 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
04:09:58.0080 5136 IKEEXT - ok
04:09:58.0231 5136 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
04:09:58.0277 5136 IntcAzAudAddService - ok
04:09:58.0367 5136 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
04:09:58.0376 5136 intelide - ok
04:09:58.0496 5136 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
04:09:58.0524 5136 intelppm - ok
04:09:58.0614 5136 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
04:09:58.0687 5136 IPBusEnum - ok
04:09:58.0801 5136 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
04:09:58.0835 5136 IpFilterDriver - ok
04:09:58.0969 5136 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
04:09:59.0047 5136 iphlpsvc - ok
04:09:59.0162 5136 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
04:09:59.0194 5136 IPMIDRV - ok
04:09:59.0317 5136 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
04:09:59.0379 5136 IPNAT - ok
04:09:59.0482 5136 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
04:09:59.0505 5136 iPod Service - ok
04:09:59.0628 5136 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
04:09:59.0643 5136 IRENUM - ok
04:09:59.0821 5136 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
04:09:59.0830 5136 isapnp - ok
04:09:59.0939 5136 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
04:09:59.0952 5136 iScsiPrt - ok
04:10:00.0052 5136 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
04:10:00.0062 5136 kbdclass - ok
04:10:00.0250 5136 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
04:10:00.0336 5136 kbdhid - ok
04:10:00.0433 5136 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
04:10:00.0443 5136 KeyIso - ok
04:10:00.0497 5136 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
04:10:00.0507 5136 KSecDD - ok
04:10:00.0622 5136 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
04:10:00.0632 5136 KSecPkg - ok
04:10:00.0732 5136 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
04:10:00.0779 5136 ksthunk - ok
04:10:00.0891 5136 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
04:10:00.0951 5136 KtmRm - ok
04:10:01.0073 5136 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
04:10:01.0127 5136 LanmanServer - ok
04:10:01.0229 5136 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
04:10:01.0266 5136 LanmanWorkstation - ok
04:10:01.0395 5136 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\windows\system32\DRIVERS\lirsgt.sys
04:10:01.0403 5136 lirsgt - ok
04:10:01.0516 5136 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
04:10:01.0565 5136 lltdio - ok
04:10:01.0675 5136 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
04:10:01.0735 5136 lltdsvc - ok
04:10:01.0822 5136 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
04:10:01.0892 5136 lmhosts - ok
04:10:02.0016 5136 LPCFilter (16679269303613c4ce7c8ff03413410f) C:\windows\system32\DRIVERS\LPCFilter.sys
04:10:02.0023 5136 LPCFilter - ok
04:10:02.0138 5136 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
04:10:02.0148 5136 LSI_FC - ok
04:10:02.0268 5136 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
04:10:02.0278 5136 LSI_SAS - ok
04:10:02.0400 5136 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
04:10:02.0409 5136 LSI_SAS2 - ok
04:10:02.0531 5136 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
04:10:02.0541 5136 LSI_SCSI - ok
04:10:02.0648 5136 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
04:10:02.0703 5136 luafv - ok
04:10:02.0803 5136 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
04:10:02.0835 5136 Mcx2Svc - ok
04:10:02.0934 5136 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
04:10:02.0943 5136 megasas - ok
04:10:03.0042 5136 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
04:10:03.0056 5136 MegaSR - ok
04:10:03.0140 5136 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
04:10:03.0187 5136 MMCSS - ok
04:10:03.0285 5136 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
04:10:03.0335 5136 Modem - ok
04:10:03.0433 5136 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
04:10:03.0462 5136 monitor - ok
04:10:03.0560 5136 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
04:10:03.0570 5136 mouclass - ok
04:10:03.0695 5136 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
04:10:03.0717 5136 mouhid - ok
04:10:03.0820 5136 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
04:10:03.0830 5136 mountmgr - ok
04:10:03.0932 5136 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
04:10:03.0943 5136 mpio - ok
04:10:04.0039 5136 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
04:10:04.0076 5136 mpsdrv - ok
04:10:04.0184 5136 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
04:10:04.0201 5136 MRxDAV - ok
04:10:04.0304 5136 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
04:10:04.0348 5136 mrxsmb - ok
04:10:04.0452 5136 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
04:10:04.0510 5136 mrxsmb10 - ok
04:10:04.0625 5136 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
04:10:04.0654 5136 mrxsmb20 - ok
04:10:04.0747 5136 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
04:10:04.0756 5136 msahci - ok
04:10:04.0853 5136 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
04:10:04.0864 5136 msdsm - ok
04:10:04.0952 5136 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
04:10:04.0985 5136 MSDTC - ok
04:10:05.0115 5136 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
04:10:05.0150 5136 Msfs - ok
04:10:05.0249 5136 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
04:10:05.0294 5136 mshidkmdf - ok
04:10:05.0451 5136 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
04:10:05.0459 5136 msisadrv - ok
04:10:05.0574 5136 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
04:10:05.0623 5136 MSiSCSI - ok
04:10:05.0694 5136 msiserver - ok
04:10:05.0809 5136 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
04:10:05.0858 5136 MSKSSRV - ok
04:10:05.0973 5136 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
04:10:06.0007 5136 MSPCLOCK - ok
04:10:06.0120 5136 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
04:10:06.0155 5136 MSPQM - ok
04:10:06.0261 5136 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
04:10:06.0276 5136 MsRPC - ok
04:10:06.0374 5136 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
04:10:06.0383 5136 mssmbios - ok
04:10:06.0493 5136 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
04:10:06.0541 5136 MSTEE - ok
04:10:06.0641 5136 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
04:10:06.0668 5136 MTConfig - ok
04:10:06.0772 5136 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
04:10:06.0782 5136 Mup - ok
04:10:06.0867 5136 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
04:10:06.0931 5136 napagent - ok
04:10:07.0059 5136 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
04:10:07.0098 5136 NativeWifiP - ok
04:10:07.0229 5136 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
04:10:07.0254 5136 NDIS - ok
04:10:07.0366 5136 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
04:10:07.0444 5136 NdisCap - ok
04:10:07.0552 5136 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
04:10:07.0589 5136 NdisTapi - ok
04:10:07.0699 5136 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
04:10:07.0751 5136 Ndisuio - ok
04:10:07.0856 5136 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
04:10:07.0926 5136 NdisWan - ok
04:10:08.0032 5136 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
04:10:08.0090 5136 NDProxy - ok
04:10:08.0192 5136 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
04:10:08.0225 5136 NetBIOS - ok
04:10:08.0336 5136 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
04:10:08.0373 5136 NetBT - ok
04:10:08.0467 5136 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
04:10:08.0477 5136 Netlogon - ok
04:10:08.0573 5136 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
04:10:08.0627 5136 Netman - ok
04:10:08.0722 5136 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
04:10:08.0781 5136 netprofm - ok
04:10:08.0882 5136 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
04:10:08.0891 5136 NetTcpPortSharing - ok
04:10:08.0999 5136 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
04:10:09.0008 5136 nfrd960 - ok
04:10:09.0102 5136 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
04:10:09.0172 5136 NlaSvc - ok
04:10:09.0265 5136 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
04:10:09.0299 5136 Npfs - ok
04:10:09.0376 5136 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
04:10:09.0426 5136 nsi - ok
04:10:09.0527 5136 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
04:10:09.0584 5136 nsiproxy - ok
04:10:09.0738 5136 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
04:10:09.0777 5136 Ntfs - ok
04:10:09.0869 5136 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
04:10:09.0925 5136 Null - ok
04:10:10.0024 5136 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
04:10:10.0035 5136 nvraid - ok
04:10:10.0123 5136 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
04:10:10.0135 5136 nvstor - ok
04:10:10.0259 5136 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
04:10:10.0270 5136 nv_agp - ok
04:10:10.0291 5136 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
04:10:10.0316 5136 ohci1394 - ok
04:10:10.0551 5136 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
04:10:10.0560 5136 ose - ok
04:10:10.0657 5136 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
04:10:10.0697 5136 p2pimsvc - ok
04:10:10.0789 5136 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
04:10:10.0807 5136 p2psvc - ok
04:10:10.0910 5136 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
04:10:10.0922 5136 Parport - ok
04:10:11.0017 5136 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
04:10:11.0027 5136 partmgr - ok
04:10:11.0117 5136 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
04:10:11.0148 5136 PcaSvc - ok
04:10:11.0233 5136 PCD65X10 - ok
04:10:11.0322 5136 PCD65X11 - ok
04:10:11.0412 5136 PCD65X12 - ok
04:10:11.0512 5136 PCD65X2 - ok
04:10:11.0612 5136 PCD65X3 - ok
04:10:11.0712 5136 PCD65X4 - ok
04:10:11.0801 5136 PCD65X5 - ok
04:10:11.0890 5136 PCD65X6 - ok
04:10:11.0909 5136 PCD65X7 - ok
04:10:11.0955 5136 PCD65X8 - ok
04:10:11.0960 5136 PCD65X9 - ok
04:10:12.0067 5136 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
04:10:12.0078 5136 pci - ok
04:10:12.0177 5136 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
04:10:12.0185 5136 pciide - ok
04:10:12.0294 5136 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
04:10:12.0306 5136 pcmcia - ok
04:10:12.0410 5136 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
04:10:12.0419 5136 pcw - ok
04:10:12.0528 5136 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
04:10:12.0573 5136 PEAUTH - ok
04:10:12.0663 5136 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
04:10:12.0692 5136 PerfHost - ok
04:10:12.0790 5136 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
04:10:12.0798 5136 PGEffect - ok
04:10:12.0926 5136 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
04:10:12.0994 5136 pla - ok
04:10:13.0109 5136 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
04:10:13.0126 5136 PlugPlay - ok
04:10:13.0202 5136 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
04:10:13.0214 5136 PNRPAutoReg - ok
04:10:13.0302 5136 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
04:10:13.0317 5136 PNRPsvc - ok
04:10:13.0412 5136 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
04:10:13.0453 5136 PolicyAgent - ok
04:10:13.0535 5136 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
04:10:13.0594 5136 Power - ok
04:10:13.0703 5136 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
04:10:13.0757 5136 PptpMiniport - ok
04:10:13.0869 5136 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
04:10:13.0896 5136 Processor - ok
04:10:13.0981 5136 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
04:10:14.0051 5136 ProfSvc - ok
04:10:14.0146 5136 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
04:10:14.0161 5136 ProtectedStorage - ok
04:10:14.0279 5136 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
04:10:14.0351 5136 Psched - ok
04:10:14.0486 5136 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
04:10:14.0526 5136 ql2300 - ok
04:10:14.0670 5136 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
04:10:14.0681 5136 ql40xx - ok
04:10:14.0903 5136 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
04:10:14.0925 5136 QWAVE - ok
04:10:15.0032 5136 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
04:10:15.0049 5136 QWAVEdrv - ok
04:10:15.0141 5136 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
04:10:15.0188 5136 RasAcd - ok
04:10:15.0326 5136 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
04:10:15.0363 5136 RasAgileVpn - ok
04:10:15.0479 5136 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
04:10:15.0536 5136 RasAuto - ok
04:10:15.0812 5136 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
04:10:15.0869 5136 Rasl2tp - ok
04:10:15.0963 5136 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
04:10:16.0104 5136 RasMan - ok
04:10:16.0224 5136 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
04:10:16.0499 5136 RasPppoe - ok
04:10:16.0610 5136 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
04:10:16.0794 5136 RasSstp - ok
04:10:16.0891 5136 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
04:10:16.0965 5136 rdbss - ok
04:10:17.0083 5136 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
04:10:17.0109 5136 rdpbus - ok
04:10:17.0218 5136 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
04:10:17.0251 5136 RDPCDD - ok
04:10:17.0405 5136 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
04:10:17.0456 5136 RDPENCDD - ok
04:10:17.0564 5136 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
04:10:17.0599 5136 RDPREFMP - ok
04:10:17.0718 5136 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
04:10:17.0772 5136 RDPWD - ok
04:10:17.0882 5136 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
04:10:17.0895 5136 rdyboost - ok
04:10:18.0010 5136 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
04:10:18.0048 5136 RemoteAccess - ok
04:10:18.0126 5136 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
04:10:18.0182 5136 RemoteRegistry - ok
04:10:18.0268 5136 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
04:10:18.0320 5136 RpcEptMapper - ok
04:10:18.0407 5136 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
04:10:18.0437 5136 RpcLocator - ok
04:10:18.0536 5136 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\System32\rpcss.dll
04:10:18.0578 5136 RpcSs - ok
04:10:18.0649 5136 RSELSVC - ok
04:10:18.0764 5136 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
04:10:18.0813 5136 rspndr - ok
04:10:18.0896 5136 RSUSBSTOR - ok
04:10:18.0981 5136 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
04:10:19.0031 5136 RTL8167 - ok
04:10:19.0148 5136 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\windows\system32\DRIVERS\rtl8192se.sys
04:10:19.0204 5136 rtl8192se - ok
04:10:19.0285 5136 RtsUIR - ok
04:10:19.0324 5136 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
04:10:19.0336 5136 SamSs - ok
04:10:19.0450 5136 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
04:10:19.0458 5136 SASDIFSV - ok
04:10:19.0575 5136 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
04:10:19.0582 5136 SASKUTIL - ok
04:10:19.0682 5136 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
04:10:19.0692 5136 sbp2port - ok
04:10:19.0779 5136 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
04:10:19.0852 5136 SCardSvr - ok
04:10:19.0951 5136 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
04:10:19.0988 5136 scfilter - ok
04:10:20.0118 5136 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
04:10:20.0187 5136 Schedule - ok
04:10:20.0268 5136 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
04:10:20.0304 5136 SCPolicySvc - ok
04:10:20.0330 5136 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
04:10:20.0375 5136 SDRSVC - ok
04:10:20.0496 5136 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
04:10:20.0561 5136 secdrv - ok
04:10:20.0636 5136 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
04:10:20.0693 5136 seclogon - ok
04:10:21.0032 5136 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
04:10:21.0267 5136 SENS - ok
04:10:21.0359 5136 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
04:10:21.0477 5136 SensrSvc - ok
04:10:21.0578 5136 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
04:10:21.0664 5136 Serenum - ok
04:10:21.0778 5136 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
04:10:21.0793 5136 Serial - ok
04:10:21.0895 5136 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
04:10:21.0968 5136 sermouse - ok
04:10:22.0070 5136 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
04:10:22.0287 5136 SessionEnv - ok
04:10:22.0384 5136 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
04:10:22.0455 5136 sffdisk - ok
04:10:22.0551 5136 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
04:10:22.0605 5136 sffp_mmc - ok
04:10:22.0707 5136 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
04:10:22.0885 5136 sffp_sd - ok
04:10:22.0985 5136 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
04:10:23.0171 5136 sfloppy - ok
04:10:23.0280 5136 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
04:10:23.0519 5136 SharedAccess - ok
04:10:23.0623 5136 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
04:10:23.0664 5136 ShellHWDetection - ok
04:10:23.0764 5136 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
04:10:23.0773 5136 SiSRaid2 - ok
04:10:23.0879 5136 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
04:10:23.0892 5136 SiSRaid4 - ok
04:10:24.0010 5136 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
04:10:24.0073 5136 Smb - ok
04:10:24.0184 5136 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
04:10:24.0231 5136 SNMPTRAP - ok
04:10:24.0469 5136 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
04:10:24.0478 5136 spldr - ok
04:10:24.0592 5136 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
04:10:24.0659 5136 Spooler - ok
04:10:24.0808 5136 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
04:10:24.0932 5136 sppsvc - ok
04:10:25.0027 5136 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
04:10:25.0092 5136 sppuinotify - ok
04:10:25.0214 5136 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
04:10:25.0282 5136 srv - ok
04:10:25.0391 5136 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
04:10:25.0427 5136 srv2 - ok
04:10:25.0534 5136 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
04:10:25.0742 5136 srvnet - ok
04:10:25.0835 5136 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
04:10:26.0119 5136 SSDPSRV - ok
04:10:27.0034 5136 SSHDRV65 - ok
04:10:27.0130 5136 SSHDRV79 - ok
04:10:27.0155 5136 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
04:10:27.0248 5136 SstpSvc - ok
04:10:27.0366 5136 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
04:10:27.0376 5136 stexstor - ok
04:10:27.0507 5136 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
04:10:27.0533 5136 stisvc - ok
04:10:27.0633 5136 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
04:10:27.0643 5136 swenum - ok
04:10:27.0748 5136 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
04:10:27.0837 5136 swprv - ok
04:10:27.0957 5136 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
04:10:28.0021 5136 SynTP - ok
04:10:28.0134 5136 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
04:10:28.0423 5136 SysMain - ok
04:10:28.0500 5136 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
04:10:28.0616 5136 TabletInputService - ok
04:10:28.0638 5136 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
04:10:28.0947 5136 TapiSrv - ok
04:10:29.0031 5136 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
04:10:29.0232 5136 TBS - ok
04:10:29.0435 5136 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
04:10:29.0479 5136 Tcpip - ok
04:10:29.0901 5136 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
04:10:29.0938 5136 TCPIP6 - ok
04:10:30.0045 5136 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
04:10:30.0081 5136 tcpipreg - ok
04:10:30.0263 5136 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
04:10:30.0283 5136 tdcmdpst - ok
04:10:30.0381 5136 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
04:10:30.0447 5136 TDPIPE - ok
04:10:30.0628 5136 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
04:10:30.0677 5136 TDTCP - ok
04:10:30.0786 5136 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
04:10:30.0838 5136 tdx - ok
04:10:30.0941 5136 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
04:10:30.0954 5136 TermDD - ok
04:10:31.0061 5136 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
04:10:31.0114 5136 TermService - ok
04:10:31.0197 5136 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
04:10:31.0280 5136 Themes - ok
04:10:31.0366 5136 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
04:10:31.0401 5136 THREADORDER - ok
04:10:31.0538 5136 TMachInfo (32577b987ae5401038451bb392cb8d89) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
04:10:31.0545 5136 TMachInfo - ok
04:10:31.0657 5136 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
04:10:31.0667 5136 TODDSrv - ok
04:10:31.0793 5136 TosCoSrv (06c61275adc64f1e36240a2287998a5e) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
04:10:31.0808 5136 TosCoSrv - ok
04:10:31.0897 5136 TOSHIBA eco Utility Service (707800855afbd7648375efb1519b8d6d) C:\Program Files\TOSHIBA\TECO\TecoService.exe
04:10:31.0906 5136 TOSHIBA eco Utility Service - ok
04:10:32.0023 5136 TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
04:10:32.0030 5136 TOSHIBA HDD SSD Alert Service - ok
04:10:32.0183 5136 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
04:10:32.0199 5136 tos_sps64 - ok
04:10:32.0311 5136 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
04:10:32.0329 5136 TPCHSrv - ok
04:10:32.0411 5136 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
04:10:32.0464 5136 TrkWks - ok
04:10:32.0552 5136 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
04:10:32.0586 5136 TrustedInstaller - ok
04:10:32.0689 5136 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
04:10:32.0743 5136 tssecsrv - ok
04:10:32.0872 5136 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
04:10:32.0931 5136 tunnel - ok
04:10:33.0068 5136 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
04:10:33.0076 5136 TVALZ - ok
04:10:33.0187 5136 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
04:10:33.0200 5136 TVALZFL - ok
04:10:33.0300 5136 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
04:10:33.0310 5136 uagp35 - ok
04:10:33.0412 5136 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
04:10:33.0466 5136 udfs - ok
04:10:33.0563 5136 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
04:10:33.0576 5136 UI0Detect - ok
04:10:33.0691 5136 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
04:10:33.0701 5136 uliagpkx - ok
04:10:33.0809 5136 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
04:10:33.0834 5136 umbus - ok
04:10:33.0931 5136 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
04:10:33.0954 5136 UmPass - ok
04:10:34.0049 5136 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
04:10:34.0090 5136 upnphost - ok
04:10:34.0187 5136 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
04:10:34.0234 5136 USBAAPL64 - ok
04:10:34.0344 5136 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
04:10:34.0387 5136 usbccgp - ok
04:10:34.0468 5136 USBCCID - ok
04:10:34.0569 5136 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
04:10:34.0602 5136 usbcir - ok
04:10:34.0707 5136 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
04:10:34.0719 5136 usbehci - ok
04:10:34.0846 5136 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
04:10:34.0884 5136 usbhub - ok
04:10:35.0000 5136 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\DRIVERS\usbohci.sys
04:10:35.0025 5136 usbohci - ok
04:10:35.0128 5136 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
04:10:35.0152 5136 usbprint - ok
04:10:35.0256 5136 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
04:10:35.0300 5136 USBSTOR - ok
04:10:35.0409 5136 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
04:10:35.0421 5136 usbuhci - ok
04:10:35.0521 5136 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
04:10:35.0570 5136 usbvideo - ok
04:10:35.0649 5136 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
04:10:35.0709 5136 UxSms - ok
04:10:35.0804 5136 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
04:10:35.0819 5136 VaultSvc - ok
04:10:35.0943 5136 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
04:10:35.0952 5136 vdrvroot - ok
04:10:36.0032 5136 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
04:10:36.0072 5136 vds - ok
04:10:36.0180 5136 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
04:10:36.0194 5136 vga - ok
04:10:36.0594 5136 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
04:10:36.0644 5136 VgaSave - ok
04:10:36.0770 5136 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
04:10:36.0783 5136 vhdmp - ok
04:10:36.0902 5136 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
04:10:36.0911 5136 viaide - ok
04:10:37.0013 5136 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
04:10:37.0026 5136 volmgr - ok
04:10:37.0150 5136 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
04:10:37.0169 5136 volmgrx - ok
04:10:37.0272 5136 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
04:10:37.0287 5136 volsnap - ok
04:10:37.0388 5136 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
04:10:37.0399 5136 vsmraid - ok
04:10:37.0516 5136 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
04:10:37.0555 5136 VSS - ok
04:10:37.0654 5136 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
04:10:37.0689 5136 vwifibus - ok
04:10:37.0808 5136 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
04:10:37.0879 5136 vwififlt - ok
04:10:37.0992 5136 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
04:10:38.0036 5136 W32Time - ok
04:10:38.0156 5136 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
04:10:38.0183 5136 WacomPen - ok
04:10:38.0316 5136 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
04:10:38.0392 5136 WANARP - ok
04:10:38.0409 5136 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
04:10:38.0445 5136 Wanarpv6 - ok
04:10:38.0561 5136 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
04:10:38.0593 5136 WatAdminSvc - ok
04:10:38.0704 5136 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
04:10:38.0772 5136 wbengine - ok
04:10:38.0855 5136 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
04:10:38.0878 5136 WbioSrvc - ok
04:10:38.0983 5136 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
04:10:39.0039 5136 wcncsvc - ok
04:10:39.0126 5136 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
04:10:39.0175 5136 WcsPlugInService - ok
04:10:39.0284 5136 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
04:10:39.0294 5136 Wd - ok
04:10:39.0403 5136 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
04:10:39.0428 5136 Wdf01000 - ok
04:10:39.0513 5136 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
04:10:39.0546 5136 WdiServiceHost - ok
04:10:39.0550 5136 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
04:10:39.0568 5136 WdiSystemHost - ok
04:10:39.0666 5136 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
04:10:39.0694 5136 WebClient - ok
04:10:39.0785 5136 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
04:10:39.0843 5136 Wecsvc - ok
04:10:39.0933 5136 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
04:10:39.0971 5136 wercplsupport - ok
04:10:40.0093 5136 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
04:10:40.0149 5136 WerSvc - ok
04:10:40.0263 5136 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
04:10:40.0299 5136 WfpLwf - ok
04:10:40.0400 5136 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
04:10:40.0408 5136 WIMMount - ok
04:10:40.0492 5136 WinDefend - ok
04:10:40.0503 5136 WinHttpAutoProxySvc - ok
04:10:40.0612 5136 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
04:10:40.0669 5136 Winmgmt - ok
04:10:40.0791 5136 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
04:10:40.0870 5136 WinRM - ok
04:10:41.0017 5136 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
04:10:41.0051 5136 WinUsb - ok
04:10:41.0163 5136 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
04:10:41.0210 5136 Wlansvc - ok
04:10:41.0330 5136 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
04:10:41.0341 5136 WmiAcpi - ok
04:10:41.0471 5136 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
04:10:41.0499 5136 wmiApSrv - ok
04:10:41.0553 5136 WMPNetworkSvc - ok
04:10:41.0829 5136 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
04:10:41.0852 5136 WPCSvc - ok
04:10:41.0936 5136 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
04:10:41.0970 5136 WPDBusEnum - ok
04:10:42.0072 5136 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
04:10:42.0112 5136 ws2ifsl - ok
04:10:42.0241 5136 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
04:10:42.0289 5136 wscsvc - ok
04:10:42.0368 5136 WSearch - ok
04:10:42.0463 5136 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
04:10:42.0610 5136 wuauserv - ok
04:10:42.0717 5136 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
04:10:42.0760 5136 WudfPf - ok
04:10:42.0955 5136 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
04:10:43.0002 5136 WUDFRd - ok
04:10:43.0089 5136 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
04:10:43.0148 5136 wudfsvc - ok
04:10:43.0248 5136 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
04:10:43.0291 5136 WwanSvc - ok
04:10:43.0371 5136 X6va001 - ok
04:10:43.0420 5136 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
04:10:44.0481 5136 \Device\Harddisk0\DR0 - ok
04:10:44.0523 5136 Boot (0x1200) (97c9ad973f7bc30bb325429c5183fccc) \Device\Harddisk0\DR0\Partition0
04:10:44.0524 5136 \Device\Harddisk0\DR0\Partition0 - ok
04:10:44.0527 5136 ============================================================
04:10:44.0527 5136 Scan finished
04:10:44.0527 5136 ============================================================
04:10:44.0541 5328 Detected object count: 1
04:10:44.0541 5328 Actual detected object count: 1
04:11:57.0397 5328 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
04:11:57.0397 5328 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip




3. FARBAR REPORT




Farbar Service Scanner Version: 01-03-2012
Ran by Ryan (administrator) on 11-04-2012 at 04:19:07
Running from "C:\Users\Ryan\Desktop\Virus stuff"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 07:58] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2009-07-13 20:36] - [2009-07-13 21:41] - 2418176 ____A (Microsoft Corporation) 38340204A2D0228F1E87740FC5E554A7

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




4. OTL REPORTS




OTL Txt

OTL logfile created on: 4/11/2012 4:21:49 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ryan\Desktop\Virus stuff
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 45.48% Memory free
8.63 Gb Paging File | 6.21 Gb Available in Paging File | 71.93% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5650 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.70 Gb Total Space | 204.92 Gb Free Space | 71.23% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 07:20:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Ryan\Desktop\Virus stuff\OTL.exe
PRC - [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Safari\Safari.exe
PRC - [2011/11/02 00:26:24 | 000,014,184 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
PRC - [2009/07/29 00:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
PRC - [2009/07/13 21:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2009/07/13 19:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/01/14 01:33:40 | 000,034,088 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2008/09/25 19:49:00 | 000,195,080 | ---- | M] (LSI Corp.) -- C:\Program Files\ltmoh\ltmoh.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 21:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/11 19:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/08/27 17:38:22 | 000,251,760 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2009/08/21 13:31:06 | 000,488,800 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/08/04 15:15:06 | 000,826,224 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2009/08/03 22:17:56 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/30 03:54:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/28 19:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\vaiomediaplatform-integratedserver-appserver.dll -- (bwcsrv)
SRV:64bit: - [2009/07/07 13:38:24 | 000,065,904 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\rselect\RSelSvc.exe -- (RSELSVC)
SRV:64bit: - [2009/03/27 22:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/17 14:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 23:55:58 | 000,248,688 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/07/14 23:10:30 | 000,042,368 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe -- (ConfigFree Gadget Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 22:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/04 22:51:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/11/04 22:51:00 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/08/26 22:11:12 | 000,942,080 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/30 16:07:12 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 19:57:08 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/07/21 18:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/07/20 21:48:32 | 000,274,480 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/02 18:55:38 | 000,044,912 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/06/22 21:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 04:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2008/05/27 07:36:42 | 000,115,072 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008/01/22 12:11:40 | 000,119,296 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/11/28 13:40:08 | 000,075,264 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV79.sys -- (SSHDRV79)
DRV - [2010/11/28 11:13:56 | 000,120,320 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0ADE78E7-7C1A-433B-81C7-395ECFBEAC15}
IE:64bit: - HKLM\..\SearchScopes\{0ADE78E7-7C1A-433B-81C7-395ECFBEAC15}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\..\SearchScopes,DefaultScope = {8AC0ED70-78E7-412E-957E-6BCDFDF9C421}
IE - HKLM\..\SearchScopes\{8AC0ED70-78E7-412E-957E-6BCDFDF9C421}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes,DefaultScope = {FF35629F-E29F-47A7-B0D8-C3B17D5F53D2}
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{4944562F-AF22-4436-B9E9-94C3D223A777}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{BD636381-6BF0-4F89-8D71-2B02E54E9F74}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS370
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{E36F4ED8-7996-4F40-A51E-563643EF915A}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FWV5&o=14193&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=FM&apn_dtid=TES002U2US&apn_uid=fde53382-59a6-4418-9ef7-1aeed361eaaa&apn_sauid=7E8A1DD9-52A2-447C-B2B8-5E3E29DA8D9D
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{FF35629F-E29F-47A7-B0D8-C3B17D5F53D2}: "URL" = http://search.internet-search-results.com/?sid=10101199100&clsid={FF35629F-E29F-47A7-B0D8-C3B17D5F53D2}&s={searchTerms}
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbphotozoom@installdaddy.com: C:\Program Files (x86)\fbphotozoom\fbphotozoom14.xpi [2012/03/19 03:08:07 | 000,102,505 | ---- | M] ()

[2011/04/18 20:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ryan\AppData\Roaming\Mozilla\Extensions
[2011/12/19 11:25:50 | 000,002,223 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\websearch.xml

========== Chrome ==========


Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (LSI Corp.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.)
O4 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10v_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - %SystemRoot%\System32\nwprovau.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{216A3054-B68F-4653-8CA6-FB5EF3F2B7E0}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D7053FE-B752-4B3D-954A-C7817695F09A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*
O37 - HKU\S-1-5-18\...exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*


SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SafeBootMin:64bit: 34285097.sys - Driver
SafeBootMin:64bit: 54270591.sys - Driver
SafeBootMin:64bit: 76130706.sys - Driver
SafeBootMin:64bit: 96967326.sys - Driver
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PEVSystemStart - Service
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: procexp90.Sys - Driver
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: 34285097.sys - Driver
SafeBootMin: 54270591.sys - Driver
SafeBootMin: 76130706.sys - Driver
SafeBootMin: 96967326.sys - Driver
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{0B3C41C5-7545-4BCA-ADB1-3F25477BBC34} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

NetSvcs:64bit: bwcsrv - C:\Windows\SysNative\vaiomediaplatform-integratedserver-appserver.dll (Oak Technology Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2012/04/10 03:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/04/10 03:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/04/10 03:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/04/06 03:22:15 | 000,000,000 | ---D | C] -- C:\windows\system64
[2012/04/06 01:44:06 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/04/06 01:30:24 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/04/06 01:09:56 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/23 03:49:58 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/23 03:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/23 03:49:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/03/22 03:35:55 | 000,000,000 | ---D | C] -- C:\Users\Ryan\FrostWire
[2012/03/22 03:35:46 | 000,000,000 | ---D | C] -- C:\Users\Ryan\.frostwire5
[2012/03/22 03:35:22 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\APN
[2012/03/22 03:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2012/03/22 03:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2012/03/22 03:33:39 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Real
[2012/03/22 03:28:14 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\The Weather Channel
[2012/03/22 03:26:26 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Babylon
[2012/03/22 03:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/22 03:26:25 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\Babylon
[2012/03/22 03:25:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012/03/22 03:25:15 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Local\Conduit
[2012/03/19 03:20:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressFiles
[2012/03/19 03:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/03/19 03:08:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fbphotozoom
[2012/03/16 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\xmldm
[2012/03/16 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\kock
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Ryan\*.tmp files -> C:\Users\Ryan\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/11 04:04:03 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 03:03:09 | 000,018,484 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2012/04/11 02:15:29 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/10 23:06:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/10 05:18:47 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 05:18:47 | 000,016,304 | ---- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/10 05:13:44 | 000,726,444 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/10 05:13:44 | 000,624,412 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/10 05:13:44 | 000,106,756 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/10 05:07:26 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/04/10 05:06:15 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/10 03:52:29 | 000,002,315 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/04/04 04:35:11 | 000,000,154 | ---- | M] () -- C:\Users\Ryan\AppData\Local\svcxdcl32.dat
[2012/03/23 04:29:12 | 000,002,006 | ---- | M] () -- C:\Users\Ryan\Desktop\Morrowind Launcher.exe - Shortcut.lnk
[2012/03/22 03:26:30 | 000,001,490 | ---- | M] () -- C:\user.js
[2012/03/15 04:18:03 | 000,000,121 | ---- | M] () -- C:\Users\Ryan\webct_upload_applet.properties
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Ryan\*.tmp files -> C:\Users\Ryan\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/04 04:38:09 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
[2012/04/04 04:33:00 | 000,000,154 | ---- | C] () -- C:\Users\Ryan\AppData\Local\svcxdcl32.dat
[2012/03/23 04:29:12 | 000,002,006 | ---- | C] () -- C:\Users\Ryan\Desktop\Morrowind Launcher.exe - Shortcut.lnk
[2012/03/22 03:26:29 | 000,001,490 | ---- | C] () -- C:\user.js
[2011/12/31 18:24:12 | 000,010,514 | -HS- | C] () -- C:\ProgramData\14ci6806e20rkkb53dvmg13e81l53q6t
[2011/12/31 18:07:38 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\{C9EE40BC-6C04-4600-8161-052A75A32850}
[2011/12/26 22:07:56 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/12/26 22:07:56 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/12/26 22:07:56 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/12/26 22:07:56 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/12/26 22:07:56 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/12/26 21:58:02 | 000,001,621 | ---- | C] () -- C:\ProgramData\repository.xml
[2011/12/26 06:18:10 | 000,007,618 | ---- | C] () -- C:\Users\Ryan\AppData\Local\resmon.resmoncfg
[2011/12/24 21:11:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\O4Ol0Glu.dat
[2011/12/24 20:37:50 | 000,009,500 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\dwymsafh6s2r
[2011/12/24 20:37:50 | 000,009,500 | -HS- | C] () -- C:\ProgramData\3559968465
[2011/12/24 20:35:03 | 000,009,500 | -HS- | C] () -- C:\ProgramData\dwymsafh6s2r
[2011/12/24 16:04:05 | 000,010,222 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\230276g6x323v423g161f3avq0c1
[2011/12/24 16:00:56 | 000,010,222 | -HS- | C] () -- C:\ProgramData\230276g6x323v423g161f3avq0c1
[2011/12/03 16:57:02 | 000,011,706 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\8pu6m23tas8m06ceell8081ld325fyl88q4j
[2011/12/03 16:46:34 | 000,011,706 | -HS- | C] () -- C:\ProgramData\8pu6m23tas8m06ceell8081ld325fyl88q4j
[2011/08/22 23:53:43 | 000,147,116 | ---- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/08/12 17:51:38 | 000,000,168 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011/08/12 17:51:37 | 000,000,216 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011/08/12 17:51:32 | 000,000,400 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2010/12/21 13:50:06 | 000,018,484 | ---- | C] () -- C:\Users\Ryan\AppData\Roaming\wklnhst.dat
[2010/11/28 13:25:00 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\drivers\SSHDRV79.sys
[2010/11/28 10:37:53 | 000,120,320 | ---- | C] () -- C:\windows\SysWow64\drivers\SSHDRV65.sys
[2010/11/25 22:52:48 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2010/11/04 13:22:24 | 000,000,061 | ---- | C] () -- C:\windows\WININIT.INI
[2010/09/16 00:46:23 | 000,086,528 | ---- | C] () -- C:\windows\bnetunin.exe
[2010/09/16 00:43:44 | 000,000,000 | ---- | C] () -- C:\windows\EAREMOVE.INI
[2010/09/16 00:35:10 | 000,000,000 | ---- | C] () -- C:\windows\ins.INI
[2010/09/09 21:50:41 | 000,000,000 | ---- | C] () -- C:\windows\PowerReg.dat

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >

< %SYSTEMDRIVE%\*.exe >

< C:\Users\Ryan\AppData\Roaming\xmldm\*.* /s >
[2012/03/12 00:02:02 | 000,000,184 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_0O1BATGX.txt
[2012/03/12 00:02:37 | 000,000,176 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_15NGTMPX.txt
[2012/01/18 23:34:37 | 000,000,108 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_72JW0VFI.txt
[2012/03/12 00:02:02 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_G7WTD3KM.txt
[2012/01/01 03:58:43 | 000,000,116 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120209_SRJX3RTF.txt
[2012/03/03 20:00:51 | 000,000,971 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120209_UG7175LC.txt
[2012/03/16 00:12:04 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121209_KEGVPJ3Q.txt
[2012/03/16 00:11:22 | 000,000,563 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121209_TRU59BE3.txt
[2012/03/16 00:14:36 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121709_3YSDNR9H.txt
[2012/03/16 00:20:05 | 000,000,757 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.122210_CN7D99RV.txt

< C:\Users\Ryan\AppData\Roaming\kock\*.* /s >
[2012/03/12 00:02:02 | 000,000,184 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\0O1BATGX.txt
[2012/03/12 00:02:37 | 000,000,176 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\15NGTMPX.txt
[2012/03/16 00:14:36 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\3YSDNR9H.txt
[2012/01/18 23:34:37 | 000,000,108 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\72JW0VFI.txt
[2012/03/16 00:20:05 | 000,000,757 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\CN7D99RV.txt
[2012/03/12 00:02:02 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\G7WTD3KM.txt
[2012/03/16 00:12:04 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\KEGVPJ3Q.txt
[2012/01/01 03:58:43 | 000,000,116 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\SRJX3RTF.txt
[2012/03/16 00:11:22 | 000,000,563 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\TRU59BE3.txt
[2012/03/03 20:00:51 | 000,000,971 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\UG7175LC.txt

< MD5 for: AFD.SYS >
[2011/12/27 23:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 00:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2011/04/24 22:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/13 19:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2011/12/28 00:01:12 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=CCA39961E76B491DDF44B1E90FC8971D -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.21115_none_34b263fe91032456\afd.sys
[2010/11/20 05:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/24 22:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\windows\SysNative\drivers\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\system64\drivers\afd.sys
[2011/12/27 23:59:11 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=DB9D6C6B2CD95A9CA414D045B627422E -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16937_none_34154fcd77f3bbda\afd.sys
[2011/04/24 23:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/24 22:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/13 21:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Ryan\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Ryan\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: TDX.SYS >
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\ERDNT\cache64\tdx.sys
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\windows\SysNative\drivers\tdx.sys
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\system64\drivers\tdx.sys
[2009/07/13 19:21:15 | 000,099,840 | ---- | M] (Microsoft Corporation) MD5=079125C4B17B01FCAEEBCE0BCB290C0F -- C:\Windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7600.16385_none_4632b9f2f5c6af5e\tdx.sys
[2010/11/20 05:21:56 | 000,119,296 | ---- | M] (Microsoft Corporation) MD5=DDAD5A7AB24D8B65F8D724F5C20FD806 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 09:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\windows\SysNative\drivers\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\system64\drivers\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\system64\DriverStore\FileRepository\volume.inf_amd64_neutral_1b1a512d99c5b72c\volsnap.sys
[2009/07/13 21:45:55 | 000,294,992 | ---- | M] (Microsoft Corporation) MD5=58F82EED8CA24B461441F9C3E4F0BF5C -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_71aba92815c60174\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe
[2009/07/13 21:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/13 21:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Ryan\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\windows\SysNative\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\system64\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE" -SAFE-MODE
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --SHOW-ICONS [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --HIDE-ICONS [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" --MAKE-DEFAULT-BROWSER [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2012/04/09 16:28:49 | 001,224,176 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2009/07/13 21:39:12 | 000,073,728 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2011/12/16 04:03:08 | 000,673,048 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /REINSTALL [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /HIDEICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" /SHOWICONS [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\PROGRAM FILES (X86)\SAFARI\SAFARI.EXE" [2011/11/10 18:19:40 | 002,388,848 | ---- | M] (Apple Inc.)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >




OTL extra report




OTL Extras logfile created on: 4/11/2012 4:21:49 AM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Ryan\Desktop\Virus stuff
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 45.48% Memory free
8.63 Gb Paging File | 6.21 Gb Available in Paging File | 71.93% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5650 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.70 Gb Total Space | 204.92 Gb Free Space | 71.23% Space Free | Partition Type: NTFS

Computer Name: RYAN-PC | User Name: Ryan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\windows\system32\svchost.exe" = C:\windows\system32\svchost.exe:*:Enabled:svchost.exe -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{26A24AE4-039D-4CA4-87B4-2F86416030FF}" = Java™ 6 Update 30 (64-bit)
"{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{81F3BC27-141B-635F-5D6B-5DE08D3B5884}" = ccc-utility64
"{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{A0880F03-8480-482E-1606-BC91669B0882}" = ATI Catalyst Install Manager
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"LTMOH" = LSI V92 MOH Application
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0DB8F853-899A-8628-E0D7-29FB190CF848}" = Catalyst Control Center Graphics Full Existing
"{0FB630AB-7BD8-40AE-B223-60397D57C3C9}" = Realtek WLAN Driver
"{117BCF94-6A1E-6741-39F5-09444381445E}" = CCC Help Italian
"{1211D6B0-B7B5-CB9A-99A2-066473FC35CA}" = CCC Help Swedish
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{14956199-1890-C3D4-F8B8-3C0C6FD82993}" = ccc-core-static
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B87C40B-A60B-4EF3-9A68-706CF4B69978}" = TOSHIBA Assist
"{1D210042-41EE-4472-2219-6A900366B9A3}" = CCC Help French
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{2ABB6396-785C-E2CB-579E-79BAF98E0527}" = Catalyst Control Center Graphics Previews Vista
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3B843B38-04B1-4CE6-8888-586273E0F289}" = Quickbooks Financial Center
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E1B8E31-9692-207B-77B7-A8339AF03795}" = Catalyst Control Center Graphics Full New
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{55559ABB-AB08-416F-A227-6319B545AF83}" = VitalSource Bookshelf
"{58630658-9DF7-E873-9F5D-0EAF87D25DAA}" = CCC Help Norwegian
"{594A3C2C-19B3-E02E-359C-B8D134F6B939}" = CCC Help Korean
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = ToshibaRegistration
"{5E6F6CF3-BACC-4144-868C-E14622C658F3}" = TOSHIBA Web Camera Application
"{6055830B-40E4-C794-3F04-2D0CD8AF1AAC}" = CCC Help Russian
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6E932CA6-FD17-7694-FD7C-14CE25770EA5}" = Catalyst Control Center Graphics Previews Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{739A6E9D-5D7D-8A5D-EC8A-4BD11E5749AA}" = CCC Help Hungarian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C72927B-7410-131A-E641-B9C505F4973C}" = CCC Help Japanese
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{911AB6CA-E04C-1E98-523D-8FCFAB4F456C}" = CCC Help Czech
"{9216C6A7-694A-4437-BD00-BD1CF58E1839}" = CCC Help Spanish
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92DE68CE-BC3E-7323-EA53-99490C8BD34D}" = Catalyst Control Center Graphics Light
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9668AE11-E05C-8169-F6D8-FBF7B507D7DB}" = CCC Help German
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{979587FD-F264-3C71-B0BE-6FC8DA993790}" = CCC Help Thai
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{999307CD-D57D-8C98-27ED-07F384ACFAA1}" = CCC Help Turkish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7594D38-0B7E-BCF7-A938-1AC03A6477FB}" = CCC Help English
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC7BE07B-14D3-6EB5-814A-EB0A63CBFB47}" = CCC Help Polish
"{B1CDB3C6-8DD8-4864-8589-BDFBDA033941}" = CCC Help Chinese Traditional
"{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{BDABF8CD-7436-EC6C-DD82-439225E22557}" = CCC Help Finnish
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C5A15C68-0DF3-8A13-352E-E605491D7E3D}" = Catalyst Control Center InstallProxy
"{CFAE78A9-A7A4-537E-7CC0-5A794FFBF73F}" = Catalyst Control Center Core Implementation
"{D19A1978-2FB2-B39A-5D30-C1EA38F788DD}" = CCC Help Danish
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8634D93-03DD-01F1-AC7D-EE468AA24F45}" = CCC Help Dutch
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{E151E679-4EC8-36F9-A691-C7600688A1CA}" = CCC Help Chinese Standard
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D63B95-4B21-414A-A2C7-D6D6A6AC6D79}" = Catalyst Control Center - Branding
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EBC6193C-ED23-E332-9A9C-D5CB83CDDE2B}" = Catalyst Control Center Localization All
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F3529665-D75E-4D6D-98F0-745C78C68E9B}" = TOSHIBA ConfigFree
"{F544CA20-6810-E275-D288-F0D92CFADE4A}" = CCC Help Greek
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FEED29DD-7BF3-582C-3353-1F2634C2323D}" = CCC Help Portuguese
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Battle.net" = Battle.net
"Google Chrome" = Google Chrome
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}" = TOSHIBA ReelTime
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}" = TOSHIBA Internal Modem Region Select Utility
"InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}" = TOSHIBA eco Utility
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}" = TOSHIBA Bulletin Board
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"NJStar Japanese WP" = NJStar Japanese WP
"Picasa 3" = Picasa 3
"QuickLink Mobile" = QuickLink Mobile
"RTPatch_is1" = RTPatch Update
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1394663217-2439825344-4002662712-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2012 5:41:23 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/10/2012 5:41:23 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1201

Error - 4/10/2012 5:41:23 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1201

Error - 4/10/2012 5:41:24 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/10/2012 5:41:24 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2247

Error - 4/10/2012 5:41:24 PM | Computer Name = Ryan-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2247

Error - 4/10/2012 11:22:07 PM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: mshtml.dll, version: 8.0.7600.16930, time
stamp: 0x4eeaf850 Exception code: 0xc00000fd Fault offset: 0x000e46e2 Faulting process
id: 0xfdc Faulting application start time: 0x01cd179170959048 Faulting application
path: C:\windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 83df745a-8385-11e1-bfd1-705ab674368f

Error - 4/10/2012 11:33:09 PM | Computer Name = Ryan-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 4/11/2012 12:23:37 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: mshtml.dll, version: 8.0.7600.16930, time
stamp: 0x4eeaf850 Exception code: 0xc00000fd Fault offset: 0x000d4c42 Faulting process
id: 0x1514 Faulting application start time: 0x01cd179a97e208a2 Faulting application
path: C:\windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 1b65ece7-838e-11e1-bfd1-705ab674368f

Error - 4/11/2012 1:22:47 AM | Computer Name = Ryan-PC | Source = Application Error | ID = 1000
Description = Faulting application name: ping.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc964 Faulting module name: mshtml.dll, version: 8.0.7600.16930, time
stamp: 0x4eeaf850 Exception code: 0xc00000fd Fault offset: 0x000d6911 Faulting process
id: 0x3a4 Faulting application start time: 0x01cd17a2fac43d4c Faulting application
path: C:\windows\SysWOW64\ping.exe Faulting module path: C:\Windows\SysWOW64\mshtml.dll
Report
Id: 5f01b115-8396-11e1-bfd1-705ab674368f

[ System Events ]
Error - 12/25/2011 3:22:30 AM | Computer Name = Ryan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/25/2011 3:22:34 AM | Computer Name = Ryan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/25/2011 5:04:18 PM | Computer Name = Ryan-PC | Source = Application Popup | ID = 1060
Description = \??\C:\windows\SysWow64\drivers\SSHDRV65.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 12/25/2011 5:04:18 PM | Computer Name = Ryan-PC | Source = Application Popup | ID = 1060
Description = \??\C:\windows\SysWow64\drivers\SSHDRV79.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 12/25/2011 5:04:50 PM | Computer Name = Ryan-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter

Error - 12/25/2011 5:04:50 PM | Computer Name = Ryan-PC | Source = atikmdag | ID = 43029
Description = Display is not active

Error - 12/25/2011 5:05:01 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 12/25/2011 5:05:05 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 12/25/2011 5:05:08 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 12/25/2011 5:06:09 PM | Computer Name = Ryan-PC | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.


< End of report >



5. The computer's CPU is still running high. Between 70-85% and there are several svchost and ping processes running. I wouldn't even
know the computer had a virus if it wasn't for the fan having to constantly run or the google redirects(only affects internet explorer
and not safari). I haven't had any false security alerts like in the past either.

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 11 April 2012 - 08:11 AM

Hi grogall!

Not a problem! I'm glad to be of assistance!

I do have a flash drive that can be used as well.

Perfect! We may or may not need to utilize it.

We are going to have to repair some areas in the registry a little later.

Thanks for the update on how your system is running.

Do you recognize this file?

[2012/03/22 03:26:30 | 000,001,490 | ---- | M] () -- C:\user.js

Do you happen to have access to another computer in the house?

When you ran TDSSKiller was there the option to CURE this threat?

04:11:57.0397 5328 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
04:11:57.0397 5328 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip

If so, I'd like to have you re-run TDSSKiller and allow it to CURE the threat. Followed by a reboot.

Use these instructions below:

Running TDSSKiller

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.



NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\vaiomediaplatform-integratedserver-appserver.dll -- (bwcsrv)
    IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
    IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
    IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{FF35629F-E29F-47A7-B0D8-C3B17D5F53D2}: "URL" = http://search.internet-search-results.com/?sid=10101199100&clsid={FF35629F-E29F-47A7-B0D8-C3B17D5F53D2}&s={searchTerms}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
    O37 - HKU\.DEFAULT\...exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*
    SafeBootMin:64bit: 34285097.sys - Driver
    SafeBootMin:64bit: 54270591.sys - Driver
    SafeBootMin:64bit: 76130706.sys - Driver
    SafeBootMin:64bit: 96967326.sys - Driver
    SafeBootMin: 34285097.sys - Driver
    SafeBootMin: 54270591.sys - Driver
    SafeBootMin: 76130706.sys - Driver
    SafeBootMin: 96967326.sys - Driver
    NetSvcs:64bit: bwcsrv - C:\Windows\SysNative\vaiomediaplatform-integratedserver-appserver.dll (Oak Technology Inc.)
    [2012/03/16 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\xmldm
    [2012/03/16 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\kock
    [2012/04/10 05:07:26 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
    [2012/04/04 04:35:11 | 000,000,154 | ---- | M] () -- C:\Users\Ryan\AppData\Local\svcxdcl32.dat
    [2012/04/04 04:38:09 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
    [2012/04/04 04:33:00 | 000,000,154 | ---- | C] () -- C:\Users\Ryan\AppData\Local\svcxdcl32.dat
    [2011/12/31 18:24:12 | 000,010,514 | -HS- | C] () -- C:\ProgramData\14ci6806e20rkkb53dvmg13e81l53q6t
    [2011/12/31 18:07:38 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\{C9EE40BC-6C04-4600-8161-052A75A32850}
    [2011/12/24 21:11:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\O4Ol0Glu.dat
    [2011/12/24 20:37:50 | 000,009,500 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\dwymsafh6s2r
    [2011/12/24 20:37:50 | 000,009,500 | -HS- | C] () -- C:\ProgramData\3559968465
    [2011/12/24 20:35:03 | 000,009,500 | -HS- | C] () -- C:\ProgramData\dwymsafh6s2r
    [2011/12/24 16:04:05 | 000,010,222 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\230276g6x323v423g161f3avq0c1
    [2011/12/24 16:00:56 | 000,010,222 | -HS- | C] () -- C:\ProgramData\230276g6x323v423g161f3avq0c1
    [2011/12/03 16:57:02 | 000,011,706 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\8pu6m23tas8m06ceell8081ld325fyl88q4j
    [2011/12/03 16:46:34 | 000,011,706 | -HS- | C] () -- C:\ProgramData\8pu6m23tas8m06ceell8081ld325fyl88q4j
    [2011/08/12 17:51:38 | 000,000,168 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
    [2011/08/12 17:51:37 | 000,000,216 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/08/12 17:51:32 | 000,000,400 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
    [2012/03/12 00:02:02 | 000,000,184 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_0O1BATGX.txt
    [2012/03/12 00:02:37 | 000,000,176 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_15NGTMPX.txt
    [2012/01/18 23:34:37 | 000,000,108 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_72JW0VFI.txt
    [2012/03/12 00:02:02 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_G7WTD3KM.txt
    [2012/01/01 03:58:43 | 000,000,116 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120209_SRJX3RTF.txt
    [2012/03/03 20:00:51 | 000,000,971 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120209_UG7175LC.txt
    [2012/03/16 00:12:04 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121209_KEGVPJ3Q.txt
    [2012/03/16 00:11:22 | 000,000,563 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121209_TRU59BE3.txt
    [2012/03/16 00:14:36 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121709_3YSDNR9H.txt
    [2012/03/16 00:20:05 | 000,000,757 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.122210_CN7D99RV.txt
    [2012/03/12 00:02:02 | 000,000,184 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\0O1BATGX.txt
    [2012/03/12 00:02:37 | 000,000,176 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\15NGTMPX.txt
    [2012/03/16 00:14:36 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\3YSDNR9H.txt
    [2012/01/18 23:34:37 | 000,000,108 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\72JW0VFI.txt
    [2012/03/16 00:20:05 | 000,000,757 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\CN7D99RV.txt
    [2012/03/12 00:02:02 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\G7WTD3KM.txt
    [2012/03/16 00:12:04 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\KEGVPJ3Q.txt
    [2012/01/01 03:58:43 | 000,000,116 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\SRJX3RTF.txt
    [2012/03/16 00:11:22 | 000,000,563 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\TRU59BE3.txt
    [2012/03/03 20:00:51 | 000,000,971 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\UG7175LC.txt
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Let me know.

~ST.

Edited by SweetTech, 11 April 2012 - 08:32 AM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 grogall

grogall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 11 April 2012 - 06:59 PM

Do you recognize this file?

[2012/03/22 03:26:30 | 000,001,490 | ---- | M] () -- C:\user.js

Do you happen to have access to another computer in the house?

When you ran TDSSKiller was there the option to CURE this threat?



I do not recognize that file, and unfortunately this is the only computer I have access to in the house.
There was no CURE option either, only skip, copy to quarantine, and delete.
Here is the report for the TDSSKiller.

Did you still want me to run OTL FIX with the TDSSKiller being unable to CURE?

19:54:59.0365 2548 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
19:55:00.0052 2548 ============================================================
19:55:00.0052 2548 Current date / time: 2012/04/11 19:55:00.0052
19:55:00.0052 2548 SystemInfo:
19:55:00.0052 2548
19:55:00.0053 2548 OS Version: 6.1.7600 ServicePack: 0.0
19:55:00.0053 2548 Product type: Workstation
19:55:00.0053 2548 ComputerName: RYAN-PC
19:55:00.0053 2548 UserName: Ryan
19:55:00.0053 2548 Windows directory: C:\windows
19:55:00.0053 2548 System windows directory: C:\windows
19:55:00.0053 2548 Running under WOW64
19:55:00.0053 2548 Processor architecture: Intel x64
19:55:00.0053 2548 Number of processors: 2
19:55:00.0053 2548 Page size: 0x1000
19:55:00.0053 2548 Boot type: Normal boot
19:55:00.0053 2548 ============================================================
19:55:01.0424 2548 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:55:01.0428 2548 \Device\Harddisk0\DR0:
19:55:01.0428 2548 MBR used
19:55:01.0428 2548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F65800
19:55:01.0460 2548 Initialize success
19:55:01.0460 2548 ============================================================
19:55:07.0874 0940 ============================================================
19:55:07.0874 0940 Scan started
19:55:07.0874 0940 Mode: Manual; SigCheck; TDLFS;
19:55:07.0874 0940 ============================================================
19:55:11.0279 0940 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
19:55:11.0315 0940 !SASCORE - ok
19:55:11.0447 0940 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
19:55:11.0464 0940 1394ohci - ok
19:55:11.0579 0940 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
19:55:11.0593 0940 ACPI - ok
19:55:11.0701 0940 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
19:55:11.0715 0940 AcpiPmi - ok
19:55:11.0850 0940 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
19:55:11.0868 0940 adp94xx - ok
19:55:11.0992 0940 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
19:55:12.0007 0940 adpahci - ok
19:55:12.0117 0940 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
19:55:12.0129 0940 adpu320 - ok
19:55:12.0224 0940 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:55:12.0261 0940 AeLookupSvc - ok
19:55:12.0395 0940 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\windows\system32\drivers\afd.sys
19:55:12.0416 0940 AFD - ok
19:55:12.0506 0940 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
19:55:12.0516 0940 AgereModemAudio - ok
19:55:12.0635 0940 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys
19:55:12.0660 0940 AgereSoftModem - ok
19:55:12.0775 0940 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
19:55:12.0783 0940 agp440 - ok
19:55:12.0909 0940 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:55:12.0923 0940 ALG - ok
19:55:12.0963 0940 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
19:55:12.0972 0940 aliide - ok
19:55:13.0070 0940 AMD External Events Utility (98a2774d3f18c107874c8c1163ebe484) C:\windows\system32\atiesrxx.exe
19:55:13.0084 0940 AMD External Events Utility - ok
19:55:13.0191 0940 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
19:55:13.0199 0940 amdide - ok
19:55:13.0319 0940 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
19:55:13.0331 0940 AmdK8 - ok
19:55:13.0446 0940 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:55:13.0459 0940 AmdPPM - ok
19:55:13.0596 0940 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
19:55:13.0606 0940 amdsata - ok
19:55:13.0726 0940 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
19:55:13.0737 0940 amdsbs - ok
19:55:13.0846 0940 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
19:55:13.0855 0940 amdxata - ok
19:55:13.0996 0940 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
19:55:14.0015 0940 AppID - ok
19:55:14.0123 0940 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:55:14.0185 0940 AppIDSvc - ok
19:55:14.0300 0940 Appinfo (d065be66822847b7f127d1f90158376e) C:\windows\System32\appinfo.dll
19:55:14.0312 0940 Appinfo - ok
19:55:14.0447 0940 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:55:14.0456 0940 Apple Mobile Device - ok
19:55:14.0598 0940 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
19:55:14.0607 0940 arc - ok
19:55:14.0727 0940 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
19:55:14.0736 0940 arcsas - ok
19:55:14.0850 0940 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:55:14.0912 0940 AsyncMac - ok
19:55:15.0026 0940 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
19:55:15.0034 0940 atapi - ok
19:55:15.0320 0940 atikmdag (173f4c05f87085e9bda3f7037bc9f40e) C:\windows\system32\DRIVERS\atikmdag.sys
19:55:15.0434 0940 atikmdag - ok
19:55:15.0569 0940 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\windows\system32\DRIVERS\AtiPcie.sys
19:55:15.0590 0940 AtiPcie - ok
19:55:15.0729 0940 atksgt (fc0e8778c000291caf60eb88c011e931) C:\windows\system32\DRIVERS\atksgt.sys
19:55:15.0742 0940 atksgt - ok
19:55:15.0862 0940 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
19:55:15.0906 0940 AudioEndpointBuilder - ok
19:55:15.0917 0940 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\windows\System32\Audiosrv.dll
19:55:15.0965 0940 AudioSrv - ok
19:55:16.0098 0940 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\windows\System32\AxInstSV.dll
19:55:16.0118 0940 AxInstSV - ok
19:55:16.0282 0940 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
19:55:16.0299 0940 b06bdrv - ok
19:55:16.0422 0940 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:55:16.0436 0940 b57nd60a - ok
19:55:16.0580 0940 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:55:16.0592 0940 BDESVC - ok
19:55:16.0716 0940 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:55:16.0750 0940 Beep - ok
19:55:16.0881 0940 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\windows\system32\qmgr.dll
19:55:16.0950 0940 BITS - ok
19:55:17.0058 0940 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:55:17.0070 0940 blbdrive - ok
19:55:17.0171 0940 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:55:17.0207 0940 Bonjour Service - ok
19:55:17.0334 0940 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
19:55:17.0346 0940 bowser - ok
19:55:17.0464 0940 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
19:55:17.0478 0940 BrFiltLo - ok
19:55:17.0582 0940 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
19:55:17.0595 0940 BrFiltUp - ok
19:55:17.0719 0940 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
19:55:17.0756 0940 BridgeMP - ok
19:55:17.0862 0940 Browser (94fbc06f294d58d02361918418f996e3) C:\windows\System32\browser.dll
19:55:17.0899 0940 Browser - ok
19:55:18.0016 0940 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:55:18.0033 0940 Brserid - ok
19:55:18.0154 0940 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:55:18.0169 0940 BrSerWdm - ok
19:55:18.0288 0940 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:55:18.0305 0940 BrUsbMdm - ok
19:55:18.0410 0940 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:55:18.0422 0940 BrUsbSer - ok
19:55:18.0534 0940 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
19:55:18.0549 0940 BTHMODEM - ok
19:55:18.0669 0940 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:55:18.0708 0940 bthserv - ok
19:55:18.0880 0940 bwcsrv (5f22132c9153639762708909f156b33d) C:\windows\system32\vaiomediaplatform-integratedserver-appserver.dll
19:55:18.0882 0940 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - infected
19:55:18.0882 0940 bwcsrv - detected Backdoor.Multi.ZAccess.gen (0)
19:55:18.0981 0940 catchme - ok
19:55:19.0099 0940 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:55:19.0138 0940 cdfs - ok
19:55:19.0261 0940 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
19:55:19.0274 0940 cdrom - ok
19:55:19.0389 0940 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
19:55:19.0426 0940 CertPropSvc - ok
19:55:19.0559 0940 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:55:19.0569 0940 cfWiMAXService - ok
19:55:19.0679 0940 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
19:55:19.0694 0940 circlass - ok
19:55:19.0804 0940 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:55:19.0818 0940 CLFS - ok
19:55:19.0950 0940 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:55:19.0958 0940 clr_optimization_v2.0.50727_32 - ok
19:55:20.0042 0940 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:55:20.0049 0940 clr_optimization_v2.0.50727_64 - ok
19:55:20.0230 0940 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:55:20.0240 0940 clr_optimization_v4.0.30319_32 - ok
19:55:20.0401 0940 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:55:20.0427 0940 clr_optimization_v4.0.30319_64 - ok
19:55:20.0564 0940 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:55:20.0576 0940 CmBatt - ok
19:55:20.0682 0940 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
19:55:20.0691 0940 cmdide - ok
19:55:20.0758 0940 CNG (937beb186a735aca91d717044a49d17e) C:\windows\system32\Drivers\cng.sys
19:55:20.0779 0940 CNG - ok
19:55:20.0897 0940 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
19:55:20.0905 0940 Compbatt - ok
19:55:21.0023 0940 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
19:55:21.0037 0940 CompositeBus - ok
19:55:21.0127 0940 COMSysApp - ok
19:55:21.0213 0940 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
19:55:21.0219 0940 ConfigFree Gadget Service - ok
19:55:21.0238 0940 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:55:21.0246 0940 ConfigFree Service - ok
19:55:21.0576 0940 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
19:55:21.0584 0940 crcdisk - ok
19:55:21.0683 0940 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\windows\system32\cryptsvc.dll
19:55:21.0720 0940 CryptSvc - ok
19:55:21.0836 0940 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\windows\system32\rpcss.dll
19:55:21.0878 0940 DcomLaunch - ok
19:55:21.0974 0940 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:55:22.0012 0940 defragsvc - ok
19:55:22.0136 0940 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
19:55:22.0147 0940 DfsC - ok
19:55:22.0268 0940 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\windows\system32\dhcpcore.dll
19:55:22.0288 0940 Dhcp - ok
19:55:22.0384 0940 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:55:22.0420 0940 discache - ok
19:55:22.0544 0940 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
19:55:22.0552 0940 Disk - ok
19:55:22.0677 0940 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\windows\System32\dnsrslvr.dll
19:55:22.0693 0940 Dnscache - ok
19:55:22.0777 0940 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\windows\System32\dot3svc.dll
19:55:22.0817 0940 dot3svc - ok
19:55:22.0904 0940 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\windows\system32\dps.dll
19:55:22.0941 0940 DPS - ok
19:55:23.0048 0940 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:55:23.0070 0940 drmkaud - ok
19:55:23.0189 0940 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
19:55:23.0213 0940 DXGKrnl - ok
19:55:23.0305 0940 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:55:23.0342 0940 EapHost - ok
19:55:23.0510 0940 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
19:55:23.0577 0940 ebdrv - ok
19:55:23.0668 0940 EFS (156f6159457d0aa7e59b62681b56eb90) C:\windows\System32\lsass.exe
19:55:23.0680 0940 EFS - ok
19:55:23.0739 0940 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\windows\ehome\ehRecvr.exe
19:55:23.0762 0940 ehRecvr - ok
19:55:23.0831 0940 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:55:23.0844 0940 ehSched - ok
19:55:23.0968 0940 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
19:55:23.0985 0940 elxstor - ok
19:55:24.0088 0940 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
19:55:24.0099 0940 ErrDev - ok
19:55:24.0200 0940 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:55:24.0238 0940 EventSystem - ok
19:55:24.0362 0940 ewusbnet (18fa0e750b1a617fb523358491948c52) C:\windows\system32\DRIVERS\ewusbnet.sys
19:55:24.0373 0940 ewusbnet - ok
19:55:24.0464 0940 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:55:24.0504 0940 exfat - ok
19:55:24.0599 0940 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:55:24.0639 0940 fastfat - ok
19:55:24.0766 0940 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\windows\system32\fxssvc.exe
19:55:24.0785 0940 Fax - ok
19:55:24.0883 0940 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
19:55:24.0894 0940 fdc - ok
19:55:24.0991 0940 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:55:25.0041 0940 fdPHost - ok
19:55:25.0185 0940 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:55:25.0225 0940 FDResPub - ok
19:55:25.0316 0940 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:55:25.0327 0940 FileInfo - ok
19:55:25.0411 0940 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:55:25.0449 0940 Filetrace - ok
19:55:25.0547 0940 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
19:55:25.0559 0940 flpydisk - ok
19:55:25.0652 0940 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
19:55:25.0664 0940 FltMgr - ok
19:55:25.0738 0940 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\windows\system32\FntCache.dll
19:55:25.0768 0940 FontCache - ok
19:55:25.0855 0940 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:55:25.0861 0940 FontCache3.0.0.0 - ok
19:55:25.0954 0940 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:55:25.0963 0940 FsDepends - ok
19:55:26.0083 0940 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
19:55:26.0092 0940 Fs_Rec - ok
19:55:26.0212 0940 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
19:55:26.0225 0940 fvevol - ok
19:55:26.0343 0940 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
19:55:26.0351 0940 gagp30kx - ok
19:55:26.0476 0940 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:55:26.0483 0940 GEARAspiWDM - ok
19:55:26.0917 0940 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\windows\System32\gpsvc.dll
19:55:26.0942 0940 gpsvc - ok
19:55:27.0059 0940 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:27.0068 0940 gupdate - ok
19:55:27.0091 0940 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:55:27.0098 0940 gupdatem - ok
19:55:27.0212 0940 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:55:27.0220 0940 gusvc - ok
19:55:27.0307 0940 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:55:27.0317 0940 hcw85cir - ok
19:55:27.0433 0940 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
19:55:27.0451 0940 HdAudAddService - ok
19:55:27.0566 0940 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:55:27.0582 0940 HDAudBus - ok
19:55:27.0675 0940 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
19:55:27.0690 0940 HidBatt - ok
19:55:27.0790 0940 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
19:55:27.0805 0940 HidBth - ok
19:55:27.0903 0940 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
19:55:27.0917 0940 HidIr - ok
19:55:27.0999 0940 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
19:55:28.0045 0940 hidserv - ok
19:55:28.0161 0940 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
19:55:28.0172 0940 HidUsb - ok
19:55:28.0263 0940 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\windows\system32\kmsvc.dll
19:55:28.0305 0940 hkmsvc - ok
19:55:28.0395 0940 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\windows\system32\ListSvc.dll
19:55:28.0410 0940 HomeGroupListener - ok
19:55:28.0499 0940 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\windows\system32\provsvc.dll
19:55:28.0516 0940 HomeGroupProvider - ok
19:55:28.0630 0940 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
19:55:28.0638 0940 HpSAMD - ok
19:55:28.0773 0940 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
19:55:28.0816 0940 HTTP - ok
19:55:28.0967 0940 hwdatacard (f57e489800543b69fe196f51ca9c85b5) C:\windows\system32\DRIVERS\ewusbmdm.sys
19:55:28.0977 0940 hwdatacard - ok
19:55:29.0098 0940 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
19:55:29.0106 0940 hwpolicy - ok
19:55:29.0266 0940 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:55:29.0278 0940 i8042prt - ok
19:55:29.0415 0940 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
19:55:29.0430 0940 iaStorV - ok
19:55:29.0539 0940 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:55:29.0559 0940 idsvc - ok
19:55:29.0681 0940 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
19:55:29.0690 0940 iirsp - ok
19:55:29.0811 0940 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\windows\System32\ikeext.dll
19:55:29.0855 0940 IKEEXT - ok
19:55:30.0035 0940 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\windows\system32\drivers\RTKVHD64.sys
19:55:30.0071 0940 IntcAzAudAddService - ok
19:55:30.0204 0940 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
19:55:30.0212 0940 intelide - ok
19:55:30.0332 0940 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
19:55:30.0344 0940 intelppm - ok
19:55:30.0428 0940 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:55:30.0466 0940 IPBusEnum - ok
19:55:30.0526 0940 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:55:30.0564 0940 IpFilterDriver - ok
19:55:30.0700 0940 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\windows\System32\iphlpsvc.dll
19:55:30.0742 0940 iphlpsvc - ok
19:55:30.0841 0940 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
19:55:30.0855 0940 IPMIDRV - ok
19:55:30.0986 0940 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:55:31.0025 0940 IPNAT - ok
19:55:31.0142 0940 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
19:55:31.0164 0940 iPod Service - ok
19:55:31.0287 0940 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:55:31.0303 0940 IRENUM - ok
19:55:31.0413 0940 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
19:55:31.0421 0940 isapnp - ok
19:55:31.0454 0940 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
19:55:31.0466 0940 iScsiPrt - ok
19:55:31.0589 0940 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:55:31.0599 0940 kbdclass - ok
19:55:31.0720 0940 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
19:55:31.0732 0940 kbdhid - ok
19:55:31.0847 0940 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:55:31.0861 0940 KeyIso - ok
19:55:32.0145 0940 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\windows\system32\Drivers\ksecdd.sys
19:55:32.0154 0940 KSecDD - ok
19:55:32.0269 0940 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\windows\system32\Drivers\ksecpkg.sys
19:55:32.0279 0940 KSecPkg - ok
19:55:32.0379 0940 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:55:32.0414 0940 ksthunk - ok
19:55:32.0539 0940 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:55:32.0590 0940 KtmRm - ok
19:55:32.0721 0940 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\windows\System32\srvsvc.dll
19:55:32.0747 0940 LanmanServer - ok
19:55:32.0854 0940 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\windows\System32\wkssvc.dll
19:55:32.0893 0940 LanmanWorkstation - ok
19:55:33.0053 0940 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\windows\system32\DRIVERS\lirsgt.sys
19:55:33.0142 0940 lirsgt - ok
19:55:33.0253 0940 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:55:33.0293 0940 lltdio - ok
19:55:33.0400 0940 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:55:33.0439 0940 lltdsvc - ok
19:55:33.0525 0940 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:55:33.0560 0940 lmhosts - ok
19:55:33.0686 0940 LPCFilter (16679269303613c4ce7c8ff03413410f) C:\windows\system32\DRIVERS\LPCFilter.sys
19:55:33.0693 0940 LPCFilter - ok
19:55:33.0808 0940 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
19:55:33.0818 0940 LSI_FC - ok
19:55:33.0938 0940 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
19:55:33.0948 0940 LSI_SAS - ok
19:55:34.0081 0940 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
19:55:34.0091 0940 LSI_SAS2 - ok
19:55:34.0212 0940 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
19:55:34.0223 0940 LSI_SCSI - ok
19:55:34.0318 0940 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:55:34.0357 0940 luafv - ok
19:55:34.0450 0940 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\windows\system32\Mcx2Svc.dll
19:55:34.0465 0940 Mcx2Svc - ok
19:55:34.0582 0940 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
19:55:34.0591 0940 megasas - ok
19:55:34.0712 0940 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
19:55:34.0726 0940 MegaSR - ok
19:55:34.0821 0940 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:55:34.0860 0940 MMCSS - ok
19:55:34.0955 0940 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:55:34.0996 0940 Modem - ok
19:55:35.0114 0940 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:55:35.0131 0940 monitor - ok
19:55:35.0241 0940 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:55:35.0250 0940 mouclass - ok
19:55:35.0376 0940 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:55:35.0392 0940 mouhid - ok
19:55:35.0490 0940 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
19:55:35.0500 0940 mountmgr - ok
19:55:35.0602 0940 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
19:55:35.0612 0940 mpio - ok
19:55:35.0708 0940 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:55:35.0745 0940 mpsdrv - ok
19:55:35.0843 0940 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
19:55:35.0861 0940 MRxDAV - ok
19:55:36.0007 0940 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
19:55:36.0020 0940 mrxsmb - ok
19:55:36.0066 0940 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:55:36.0082 0940 mrxsmb10 - ok
19:55:36.0195 0940 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:55:36.0206 0940 mrxsmb20 - ok
19:55:36.0294 0940 msahci (5c37497276e3b3a5488b23a326a754b7) C:\windows\system32\DRIVERS\msahci.sys
19:55:36.0303 0940 msahci - ok
19:55:36.0400 0940 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
19:55:36.0410 0940 msdsm - ok
19:55:36.0499 0940 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:55:36.0515 0940 MSDTC - ok
19:55:36.0629 0940 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:55:36.0663 0940 Msfs - ok
19:55:36.0774 0940 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:55:36.0809 0940 mshidkmdf - ok
19:55:36.0832 0940 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
19:55:36.0840 0940 msisadrv - ok
19:55:36.0955 0940 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:55:36.0991 0940 MSiSCSI - ok
19:55:37.0000 0940 msiserver - ok
19:55:37.0224 0940 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:55:37.0272 0940 MSKSSRV - ok
19:55:37.0388 0940 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:55:37.0426 0940 MSPCLOCK - ok
19:55:37.0546 0940 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:55:37.0581 0940 MSPQM - ok
19:55:37.0677 0940 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
19:55:37.0692 0940 MsRPC - ok
19:55:37.0789 0940 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:55:37.0798 0940 mssmbios - ok
19:55:37.0908 0940 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:55:37.0942 0940 MSTEE - ok
19:55:38.0045 0940 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
19:55:38.0056 0940 MTConfig - ok
19:55:38.0154 0940 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:55:38.0167 0940 Mup - ok
19:55:38.0261 0940 napagent (4987e079a4530fa737a128be54b63b12) C:\windows\system32\qagentRT.dll
19:55:38.0315 0940 napagent - ok
19:55:38.0452 0940 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:55:38.0471 0940 NativeWifiP - ok
19:55:38.0600 0940 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
19:55:38.0623 0940 NDIS - ok
19:55:38.0737 0940 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:55:38.0780 0940 NdisCap - ok
19:55:38.0911 0940 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:55:38.0946 0940 NdisTapi - ok
19:55:39.0070 0940 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
19:55:39.0106 0940 Ndisuio - ok
19:55:39.0216 0940 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
19:55:39.0257 0940 NdisWan - ok
19:55:39.0280 0940 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
19:55:39.0320 0940 NDProxy - ok
19:55:39.0429 0940 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:55:39.0468 0940 NetBIOS - ok
19:55:39.0574 0940 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
19:55:39.0613 0940 NetBT - ok
19:55:39.0715 0940 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:55:39.0730 0940 Netlogon - ok
19:55:39.0811 0940 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:55:39.0852 0940 Netman - ok
19:55:39.0926 0940 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:55:39.0969 0940 netprofm - ok
19:55:40.0064 0940 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:55:40.0072 0940 NetTcpPortSharing - ok
19:55:40.0192 0940 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
19:55:40.0201 0940 nfrd960 - ok
19:55:40.0316 0940 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\windows\System32\nlasvc.dll
19:55:40.0358 0940 NlaSvc - ok
19:55:40.0458 0940 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:55:40.0499 0940 Npfs - ok
19:55:40.0580 0940 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:55:40.0616 0940 nsi - ok
19:55:40.0720 0940 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:55:40.0756 0940 nsiproxy - ok
19:55:40.0932 0940 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
19:55:40.0985 0940 Ntfs - ok
19:55:41.0128 0940 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:55:41.0163 0940 Null - ok
19:55:41.0261 0940 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
19:55:41.0272 0940 nvraid - ok
19:55:41.0361 0940 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
19:55:41.0372 0940 nvstor - ok
19:55:41.0497 0940 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
19:55:41.0508 0940 nv_agp - ok
19:55:41.0606 0940 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
19:55:41.0618 0940 ohci1394 - ok
19:55:41.0710 0940 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:55:41.0718 0940 ose - ok
19:55:41.0806 0940 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:55:41.0821 0940 p2pimsvc - ok
19:55:41.0916 0940 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:55:41.0932 0940 p2psvc - ok
19:55:42.0036 0940 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
19:55:42.0050 0940 Parport - ok
19:55:42.0144 0940 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
19:55:42.0153 0940 partmgr - ok
19:55:42.0438 0940 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:55:42.0459 0940 PcaSvc - ok
19:55:42.0559 0940 PCD65X10 - ok
19:55:42.0648 0940 PCD65X11 - ok
19:55:42.0773 0940 PCD65X12 - ok
19:55:42.0870 0940 PCD65X2 - ok
19:55:42.0982 0940 PCD65X3 - ok
19:55:42.0987 0940 PCD65X4 - ok
19:55:42.0994 0940 PCD65X5 - ok
19:55:42.0999 0940 PCD65X6 - ok
19:55:43.0005 0940 PCD65X7 - ok
19:55:43.0093 0940 PCD65X8 - ok
19:55:43.0098 0940 PCD65X9 - ok
19:55:43.0204 0940 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
19:55:43.0214 0940 pci - ok
19:55:43.0314 0940 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
19:55:43.0322 0940 pciide - ok
19:55:43.0341 0940 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
19:55:43.0354 0940 pcmcia - ok
19:55:43.0458 0940 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:55:43.0467 0940 pcw - ok
19:55:43.0576 0940 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:55:43.0617 0940 PEAUTH - ok
19:55:43.0744 0940 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:55:43.0757 0940 PerfHost - ok
19:55:43.0849 0940 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
19:55:43.0855 0940 PGEffect - ok
19:55:44.0017 0940 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\windows\system32\pla.dll
19:55:44.0093 0940 pla - ok
19:55:44.0200 0940 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\windows\system32\umpnpmgr.dll
19:55:44.0220 0940 PlugPlay - ok
19:55:44.0305 0940 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:55:44.0316 0940 PNRPAutoReg - ok
19:55:44.0405 0940 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:55:44.0420 0940 PNRPsvc - ok
19:55:44.0504 0940 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\windows\System32\ipsecsvc.dll
19:55:44.0553 0940 PolicyAgent - ok
19:55:44.0638 0940 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:55:44.0675 0940 Power - ok
19:55:45.0118 0940 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
19:55:45.0162 0940 PptpMiniport - ok
19:55:45.0317 0940 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
19:55:45.0329 0940 Processor - ok
19:55:45.0417 0940 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\windows\system32\profsvc.dll
19:55:45.0454 0940 ProfSvc - ok
19:55:45.0493 0940 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:55:45.0506 0940 ProtectedStorage - ok
19:55:45.0627 0940 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
19:55:45.0663 0940 Psched - ok
19:55:45.0800 0940 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
19:55:45.0832 0940 ql2300 - ok
19:55:45.0940 0940 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
19:55:45.0950 0940 ql40xx - ok
19:55:46.0051 0940 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:55:46.0069 0940 QWAVE - ok
19:55:46.0169 0940 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:55:46.0187 0940 QWAVEdrv - ok
19:55:46.0277 0940 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:55:46.0312 0940 RasAcd - ok
19:55:46.0418 0940 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:55:46.0456 0940 RasAgileVpn - ok
19:55:46.0482 0940 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:55:46.0520 0940 RasAuto - ok
19:55:46.0637 0940 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
19:55:46.0674 0940 Rasl2tp - ok
19:55:46.0756 0940 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\windows\System32\rasmans.dll
19:55:46.0804 0940 RasMan - ok
19:55:46.0927 0940 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:55:46.0972 0940 RasPppoe - ok
19:55:47.0102 0940 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:55:47.0137 0940 RasSstp - ok
19:55:47.0239 0940 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
19:55:47.0291 0940 rdbss - ok
19:55:47.0386 0940 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
19:55:47.0401 0940 rdpbus - ok
19:55:47.0632 0940 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:55:47.0674 0940 RDPCDD - ok
19:55:47.0762 0940 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:55:47.0800 0940 RDPENCDD - ok
19:55:47.0900 0940 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:55:47.0935 0940 RDPREFMP - ok
19:55:48.0043 0940 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
19:55:48.0080 0940 RDPWD - ok
19:55:48.0185 0940 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
19:55:48.0196 0940 rdyboost - ok
19:55:48.0302 0940 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:55:48.0339 0940 RemoteAccess - ok
19:55:48.0418 0940 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:55:48.0457 0940 RemoteRegistry - ok
19:55:48.0538 0940 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:55:48.0574 0940 RpcEptMapper - ok
19:55:48.0610 0940 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:55:48.0622 0940 RpcLocator - ok
19:55:48.0741 0940 RpcSs (7266972e86890e2b30c0c322e906b027) C:\windows\System32\rpcss.dll
19:55:48.0792 0940 RpcSs - ok
19:55:48.0868 0940 RSELSVC - ok
19:55:48.0978 0940 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:55:49.0015 0940 rspndr - ok
19:55:49.0110 0940 RSUSBSTOR - ok
19:55:49.0195 0940 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\windows\system32\DRIVERS\Rt64win7.sys
19:55:49.0210 0940 RTL8167 - ok
19:55:49.0296 0940 rtl8192se (a9ede191b5478d18f0a1bff3b822f7a5) C:\windows\system32\DRIVERS\rtl8192se.sys
19:55:49.0317 0940 rtl8192se - ok
19:55:49.0388 0940 RtsUIR - ok
19:55:49.0427 0940 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:55:49.0439 0940 SamSs - ok
19:55:49.0553 0940 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:55:49.0560 0940 SASDIFSV - ok
19:55:49.0589 0940 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:55:49.0596 0940 SASKUTIL - ok
19:55:49.0707 0940 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
19:55:49.0717 0940 sbp2port - ok
19:55:49.0827 0940 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:55:49.0871 0940 SCardSvr - ok
19:55:49.0954 0940 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
19:55:49.0991 0940 scfilter - ok
19:55:50.0132 0940 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\windows\system32\schedsvc.dll
19:55:50.0158 0940 Schedule - ok
19:55:50.0260 0940 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\windows\System32\certprop.dll
19:55:50.0296 0940 SCPolicySvc - ok
19:55:50.0333 0940 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\windows\System32\SDRSVC.dll
19:55:50.0349 0940 SDRSVC - ok
19:55:50.0466 0940 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:55:50.0506 0940 secdrv - ok
19:55:50.0584 0940 seclogon (463b386ebc70f98da5dff85f7e654346) C:\windows\system32\seclogon.dll
19:55:50.0633 0940 seclogon - ok
19:55:50.0657 0940 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
19:55:50.0694 0940 SENS - ok
19:55:50.0785 0940 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:55:50.0800 0940 SensrSvc - ok
19:55:50.0848 0940 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
19:55:50.0859 0940 Serenum - ok
19:55:50.0969 0940 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
19:55:50.0986 0940 Serial - ok
19:55:51.0009 0940 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
19:55:51.0021 0940 sermouse - ok
19:55:51.0140 0940 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\windows\system32\sessenv.dll
19:55:51.0176 0940 SessionEnv - ok
19:55:51.0220 0940 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
19:55:51.0234 0940 sffdisk - ok
19:55:51.0343 0940 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
19:55:51.0357 0940 sffp_mmc - ok
19:55:51.0366 0940 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\windows\system32\DRIVERS\sffp_sd.sys
19:55:51.0380 0940 sffp_sd - ok
19:55:51.0391 0940 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
19:55:51.0404 0940 sfloppy - ok
19:55:51.0516 0940 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:55:51.0558 0940 SharedAccess - ok
19:55:51.0595 0940 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\windows\System32\shsvcs.dll
19:55:51.0617 0940 ShellHWDetection - ok
19:55:51.0734 0940 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
19:55:51.0743 0940 SiSRaid2 - ok
19:55:51.0849 0940 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
19:55:51.0858 0940 SiSRaid4 - ok
19:55:51.0969 0940 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:55:52.0006 0940 Smb - ok
19:55:52.0120 0940 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:55:52.0140 0940 SNMPTRAP - ok
19:55:52.0227 0940 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:55:52.0236 0940 spldr - ok
19:55:52.0328 0940 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\windows\System32\spoolsv.exe
19:55:52.0347 0940 Spooler - ok
19:55:52.0500 0940 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\windows\system32\sppsvc.exe
19:55:52.0634 0940 sppsvc - ok
19:55:52.0830 0940 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:55:52.0868 0940 sppuinotify - ok
19:55:52.0940 0940 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
19:55:52.0985 0940 srv - ok
19:55:53.0128 0940 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
19:55:53.0143 0940 srv2 - ok
19:55:53.0259 0940 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
19:55:53.0277 0940 srvnet - ok
19:55:53.0383 0940 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:55:53.0424 0940 SSDPSRV - ok
19:55:53.0535 0940 SSHDRV65 - ok
19:55:53.0644 0940 SSHDRV79 - ok
19:55:53.0680 0940 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:55:53.0721 0940 SstpSvc - ok
19:55:53.0824 0940 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
19:55:53.0832 0940 stexstor - ok
19:55:53.0954 0940 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\windows\System32\wiaservc.dll
19:55:53.0977 0940 stisvc - ok
19:55:54.0080 0940 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:55:54.0088 0940 swenum - ok
19:55:54.0206 0940 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:55:54.0250 0940 swprv - ok
19:55:54.0394 0940 SynTP (be7311da9d6833fa69ed04b744a1c8f8) C:\windows\system32\DRIVERS\SynTP.sys
19:55:54.0407 0940 SynTP - ok
19:55:54.0538 0940 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\windows\system32\sysmain.dll
19:55:54.0582 0940 SysMain - ok
19:55:54.0659 0940 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\windows\System32\TabSvc.dll
19:55:54.0676 0940 TabletInputService - ok
19:55:54.0701 0940 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\windows\System32\tapisrv.dll
19:55:54.0743 0940 TapiSrv - ok
19:55:54.0833 0940 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:55:54.0872 0940 TBS - ok
19:55:55.0026 0940 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\drivers\tcpip.sys
19:55:55.0063 0940 Tcpip - ok
19:55:55.0260 0940 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\windows\system32\DRIVERS\tcpip.sys
19:55:55.0308 0940 TCPIP6 - ok
19:55:55.0414 0940 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
19:55:55.0455 0940 tcpipreg - ok
19:55:55.0576 0940 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:55:55.0589 0940 tdcmdpst - ok
19:55:55.0695 0940 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:55:55.0734 0940 TDPIPE - ok
19:55:55.0831 0940 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
19:55:55.0867 0940 TDTCP - ok
19:55:55.0977 0940 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
19:55:56.0023 0940 tdx - ok
19:55:56.0121 0940 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
19:55:56.0146 0940 TermDD - ok
19:55:56.0241 0940 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\windows\System32\termsrv.dll
19:55:56.0289 0940 TermService - ok
19:55:56.0366 0940 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:55:56.0383 0940 Themes - ok
19:55:56.0469 0940 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:55:56.0508 0940 THREADORDER - ok
19:55:56.0640 0940 TMachInfo (32577b987ae5401038451bb392cb8d89) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:55:56.0647 0940 TMachInfo - ok
19:55:56.0760 0940 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
19:55:56.0769 0940 TODDSrv - ok
19:55:56.0918 0940 TosCoSrv (06c61275adc64f1e36240a2287998a5e) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:55:56.0931 0940 TosCoSrv - ok
19:55:57.0033 0940 TOSHIBA eco Utility Service (707800855afbd7648375efb1519b8d6d) C:\Program Files\TOSHIBA\TECO\TecoService.exe
19:55:57.0043 0940 TOSHIBA eco Utility Service - ok
19:55:57.0148 0940 TOSHIBA HDD SSD Alert Service (dd58e1250f604cbbadda04575e5e2376) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:55:57.0155 0940 TOSHIBA HDD SSD Alert Service - ok
19:55:57.0276 0940 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
19:55:57.0291 0940 tos_sps64 - ok
19:55:57.0403 0940 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
19:55:57.0422 0940 TPCHSrv - ok
19:55:57.0514 0940 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:55:57.0557 0940 TrkWks - ok
19:55:57.0655 0940 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\windows\servicing\TrustedInstaller.exe
19:55:57.0670 0940 TrustedInstaller - ok
19:55:58.0359 0940 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
19:55:58.0402 0940 tssecsrv - ok
19:55:58.0542 0940 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
19:55:58.0584 0940 tunnel - ok
19:55:58.0704 0940 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:55:58.0711 0940 TVALZ - ok
19:55:59.0300 0940 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
19:55:59.0308 0940 TVALZFL - ok
19:55:59.0414 0940 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
19:55:59.0423 0940 uagp35 - ok
19:55:59.0449 0940 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\windows\system32\DRIVERS\udfs.sys
19:55:59.0489 0940 udfs - ok
19:55:59.0588 0940 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:55:59.0602 0940 UI0Detect - ok
19:55:59.0727 0940 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
19:55:59.0736 0940 uliagpkx - ok
19:55:59.0856 0940 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
19:55:59.0868 0940 umbus - ok
19:55:59.0989 0940 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
19:56:00.0000 0940 UmPass - ok
19:56:00.0053 0940 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:56:00.0093 0940 upnphost - ok
19:56:00.0200 0940 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
19:56:00.0209 0940 USBAAPL64 - ok
19:56:00.0257 0940 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\windows\system32\DRIVERS\usbccgp.sys
19:56:00.0269 0940 usbccgp - ok
19:56:00.0345 0940 USBCCID - ok
19:56:00.0383 0940 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
19:56:00.0398 0940 usbcir - ok
19:56:00.0510 0940 usbehci (92969ba5ac44e229c55a332864f79677) C:\windows\system32\DRIVERS\usbehci.sys
19:56:00.0520 0940 usbehci - ok
19:56:00.0649 0940 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\windows\system32\DRIVERS\usbhub.sys
19:56:00.0663 0940 usbhub - ok
19:56:01.0203 0940 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\windows\system32\DRIVERS\usbohci.sys
19:56:01.0223 0940 usbohci - ok
19:56:01.0320 0940 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
19:56:01.0334 0940 usbprint - ok
19:56:01.0436 0940 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:56:01.0447 0940 USBSTOR - ok
19:56:01.0557 0940 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\windows\system32\drivers\usbuhci.sys
19:56:01.0567 0940 usbuhci - ok
19:56:01.0680 0940 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
19:56:01.0692 0940 usbvideo - ok
19:56:01.0773 0940 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:56:01.0812 0940 UxSms - ok
19:56:01.0851 0940 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\windows\system32\lsass.exe
19:56:01.0864 0940 VaultSvc - ok
19:56:01.0990 0940 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
19:56:01.0999 0940 vdrvroot - ok
19:56:02.0035 0940 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\windows\System32\vds.exe
19:56:02.0059 0940 vds - ok
19:56:02.0182 0940 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:56:02.0195 0940 vga - ok
19:56:02.0296 0940 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:56:02.0330 0940 VgaSave - ok
19:56:02.0362 0940 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
19:56:02.0374 0940 vhdmp - ok
19:56:02.0483 0940 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
19:56:02.0491 0940 viaide - ok
19:56:02.0516 0940 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
19:56:02.0526 0940 volmgr - ok
19:56:02.0642 0940 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
19:56:02.0655 0940 volmgrx - ok
19:56:02.0920 0940 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
19:56:02.0935 0940 volsnap - ok
19:56:03.0101 0940 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
19:56:03.0113 0940 vsmraid - ok
19:56:03.0230 0940 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\windows\system32\vssvc.exe
19:56:03.0260 0940 VSS - ok
19:56:03.0423 0940 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:56:03.0436 0940 vwifibus - ok
19:56:03.0566 0940 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:56:03.0581 0940 vwififlt - ok
19:56:03.0673 0940 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:56:03.0711 0940 W32Time - ok
19:56:03.0814 0940 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
19:56:03.0826 0940 WacomPen - ok
19:56:03.0952 0940 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:56:03.0986 0940 WANARP - ok
19:56:04.0010 0940 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
19:56:04.0051 0940 Wanarpv6 - ok
19:56:04.0164 0940 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:56:04.0190 0940 WatAdminSvc - ok
19:56:04.0307 0940 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\windows\system32\wbengine.exe
19:56:04.0336 0940 wbengine - ok
19:56:04.0424 0940 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:56:04.0452 0940 WbioSrvc - ok
19:56:04.0552 0940 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\windows\System32\wcncsvc.dll
19:56:04.0568 0940 wcncsvc - ok
19:56:04.0651 0940 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:56:04.0663 0940 WcsPlugInService - ok
19:56:04.0731 0940 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
19:56:04.0739 0940 Wd - ok
19:56:04.0873 0940 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:56:04.0892 0940 Wdf01000 - ok
19:56:04.0971 0940 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:56:04.0991 0940 WdiServiceHost - ok
19:56:04.0995 0940 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:56:05.0014 0940 WdiSystemHost - ok
19:56:05.0058 0940 WebClient (733006127f235be7c35354ebee7b9a7b) C:\windows\System32\webclnt.dll
19:56:05.0080 0940 WebClient - ok
19:56:05.0166 0940 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:56:05.0208 0940 Wecsvc - ok
19:56:05.0235 0940 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:56:05.0303 0940 wercplsupport - ok
19:56:05.0406 0940 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:56:05.0447 0940 WerSvc - ok
19:56:05.0565 0940 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:56:05.0602 0940 WfpLwf - ok
19:56:05.0702 0940 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:56:05.0710 0940 WIMMount - ok
19:56:05.0781 0940 WinDefend - ok
19:56:05.0789 0940 WinHttpAutoProxySvc - ok
19:56:05.0903 0940 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:56:05.0941 0940 Winmgmt - ok
19:56:06.0060 0940 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\windows\system32\WsmSvc.dll
19:56:06.0127 0940 WinRM - ok
19:56:06.0252 0940 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
19:56:06.0266 0940 WinUsb - ok
19:56:06.0365 0940 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:56:06.0391 0940 Wlansvc - ok
19:56:06.0498 0940 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
19:56:06.0509 0940 WmiAcpi - ok
19:56:06.0640 0940 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:56:06.0657 0940 wmiApSrv - ok
19:56:06.0717 0940 WMPNetworkSvc - ok
19:56:06.0798 0940 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:56:06.0811 0940 WPCSvc - ok
19:56:06.0906 0940 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\windows\system32\wpdbusenum.dll
19:56:06.0921 0940 WPDBusEnum - ok
19:56:06.0975 0940 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:56:07.0014 0940 ws2ifsl - ok
19:56:07.0133 0940 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\windows\system32\wscsvc.dll
19:56:07.0145 0940 wscsvc - ok
19:56:07.0199 0940 WSearch - ok
19:56:07.0280 0940 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\windows\system32\wuaueng.dll
19:56:07.0342 0940 wuauserv - ok
19:56:07.0442 0940 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
19:56:07.0477 0940 WudfPf - ok
19:56:07.0590 0940 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
19:56:07.0631 0940 WUDFRd - ok
19:56:07.0712 0940 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\windows\System32\WUDFSvc.dll
19:56:07.0749 0940 wudfsvc - ok
19:56:07.0839 0940 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:56:07.0860 0940 WwanSvc - ok
19:56:07.0951 0940 X6va001 - ok
19:56:08.0001 0940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
19:56:09.0595 0940 \Device\Harddisk0\DR0 - ok
19:56:09.0624 0940 Boot (0x1200) (97c9ad973f7bc30bb325429c5183fccc) \Device\Harddisk0\DR0\Partition0
19:56:09.0625 0940 \Device\Harddisk0\DR0\Partition0 - ok
19:56:09.0629 0940 ============================================================
19:56:09.0629 0940 Scan finished
19:56:09.0629 0940 ============================================================
19:56:09.0645 5820 Detected object count: 1
19:56:09.0645 5820 Actual detected object count: 1
19:56:16.0909 5820 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - skipped by user
19:56:16.0909 5820 bwcsrv ( Backdoor.Multi.ZAccess.gen ) - User select action: Skip

#6 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 12 April 2012 - 01:08 AM

Good Evening grogall!

I do not recognize that file, and unfortunately this is the only computer I have access to in the house.
There was no CURE option either, only skip, copy to quarantine, and delete.
Here is the report for the TDSSKiller.

Did you still want me to run OTL FIX with the TDSSKiller being unable to CURE?

Okay, for the time being, do not run the OTL fix. Instead proceed with these instructions below:

We're going to proceed a little differently right now.

Running FRST

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Let me know how that goes.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#7 grogall

grogall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 12 April 2012 - 06:01 AM

Hey ST, here is the Farbar recovery log

Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 12-04-2012 06:47:11
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKU\Ryan\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-01] ()
HKU\Ryan\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDcwMDgxNDU0LVhPMzYrMS1GUDkrNi1TVDErMi1OMUYrMS1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMg"&"prod=90"&"ver=10.0.1170 [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 bwcsrv; C:\Windows\System32\vaiomediaplatform-integratedserver-appserver.dll [6656 2009-07-13] (Oak Technology Inc.)

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-11-04] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [119296 2008-01-22] (Huawei Technologies Co., Ltd.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115072 2008-05-27] (Huawei Technologies Co., Ltd.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-11-04] ()
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SSHDRV65; C:\Windows\SysWow64\Drivers\SSHDRV65.sys [120320 2010-11-28] ()
1 SSHDRV79; C:\Windows\SysWow64\Drivers\SSHDRV79.sys [75264 2010-11-28] ()
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 PCD65X10; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X10.sys [x]
3 PCD65X11; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X11.sys [x]
3 PCD65X12; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X12.sys [x]
3 PCD65X2; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X2.sys [x]
3 PCD65X3; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X3.sys [x]
3 PCD65X4; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X4.sys [x]
3 PCD65X5; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X5.sys [x]
3 PCD65X6; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X6.sys [x]
3 PCD65X7; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X7.sys [x]
3 PCD65X8; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X8.sys [x]
3 PCD65X9; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X9.sys [x]
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
3 X6va001; \??\C:\Users\Ryan\AppData\Local\Temp\0019F23.tmp [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: iteatapi
NETSVC: bwcsrv
NETSVC: DCamUSBEMPIA
NETSVC: snpstd2

============ One Month Created Files and Folders ==============

2012-04-12 06:47 - 2012-04-12 06:47 - 0000000 ____D C:\FRST
2012-04-12 02:38 - 2012-03-15 11:34 - 1385843 ____A C:\Users\Ryan\Downloads\FRST64.exe
2012-04-11 17:01 - 2012-04-12 02:37 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_21.01.45_log.txt
2012-04-11 16:02 - 2012-04-11 16:02 - 0711240 ____A C:\Windows\isRS-000.tmp
2012-04-11 15:54 - 2012-04-11 15:57 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.54.59_log.txt
2012-04-11 15:50 - 2012-04-11 15:54 - 0243228 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.50.18_log.txt
2012-04-11 00:08 - 2012-04-11 00:14 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_04.08.46_log.txt
2012-04-10 21:08 - 2012-04-10 21:08 - 0029696 ____A C:\Users\Ryan\Downloads\HMW%2012_Lesson%207B%20Utilization%2002.doc
2012-04-10 13:36 - 2011-08-25 10:14 - 0607260 ____R (Swearware) C:\Users\Ryan\Downloads\dds.scr
2012-04-10 00:11 - 2012-03-21 22:18 - 0879714 ____A C:\Users\Ryan\Downloads\SecurityCheck.exe
2012-04-10 00:02 - 2012-04-10 00:02 - 0302592 ____A C:\Users\Ryan\Downloads\btinf825.exe
2012-04-09 23:57 - 2012-04-09 23:58 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-09 23:56 - 2012-04-09 15:27 - 15802256 ____A (SUPERAntiSpyware.com) C:\Users\Ryan\Downloads\SUPERAntiSpyware.exe
2012-04-09 00:32 - 2012-04-09 00:38 - 0123084 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_04.32.10_log.txt
2012-04-08 21:48 - 2012-04-08 21:53 - 0239556 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.48.05_log.txt
2012-04-08 21:37 - 2012-04-08 21:44 - 0122736 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.37.07_log.txt
2012-04-08 21:36 - 2012-04-08 21:36 - 0000348 ____A C:\TDSSKiller.2.6.25.0_09.04.2012_01.36.43_log.txt
2012-04-08 20:53 - 2012-04-08 20:53 - 0028672 ____A C:\Users\Ryan\Downloads\HMW%2011_Lesson%207B%20Utilization%2001.doc
2012-04-05 23:22 - 2012-04-05 23:22 - 0000000 ____D C:\Windows\system64
2012-04-05 21:44 - 2012-04-05 21:44 - 0176202 ____A C:\ComboFix.txt
2012-04-05 21:30 - 2012-04-06 03:21 - 0000000 ___SD C:\ComboFix
2012-04-05 21:09 - 2012-04-09 00:38 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-05 21:08 - 2012-04-05 21:10 - 0121794 ____A C:\TDSSKiller.2.7.26.0_06.04.2012_01.08.43_log.txt
2012-04-05 21:07 - 2012-04-05 21:08 - 0000348 ____A C:\TDSSKiller.2.6.25.0_06.04.2012_01.07.55_log.txt
2012-04-04 00:38 - 2012-04-11 16:04 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-04 00:36 - 2012-03-19 22:45 - 0119385 ____N C:\Users\Ryan\Downloads\hash
2012-04-04 00:33 - 2012-04-04 00:35 - 0000154 ____A C:\Users\Ryan\AppData\Local\svcxdcl32.dat
2012-04-01 21:39 - 2012-04-01 21:39 - 0013934 ____A C:\Users\Ryan\Downloads\Practice Translation Quiz L7A.docx
2012-04-01 09:56 - 2012-04-01 09:56 - 0016540 ____A C:\Users\Ryan\Downloads\CSE10_Budget_Exer2.xlsx
2012-03-29 21:25 - 2012-03-29 21:25 - 0029184 ____A C:\Users\Ryan\Downloads\HMW 10_Lesson 7A Utilization.doc
2012-03-23 00:29 - 2012-03-23 00:29 - 0002006 ____A C:\Users\Ryan\Desktop\Morrowind Launcher.exe - Shortcut.lnk
2012-03-23 00:21 - 2012-03-23 00:21 - 70017004 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part2.rar
2012-03-22 23:50 - 2012-03-23 00:23 - 0000000 ____D C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com
2012-03-22 23:49 - 2012-03-22 23:49 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-22 23:46 - 2012-03-22 23:46 - 1506653 ____A C:\Users\Ryan\Downloads\wrar411.exe
2012-03-22 23:42 - 2012-03-22 23:42 - 100431872 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part1.rar
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\FrostWire
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\AppData\Local\APN
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\.frostwire5
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Real
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\Users\All Users\Real
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\ProgramData\Real
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\Program Files (x86)\Real
2012-03-21 23:28 - 2012-03-21 23:28 - 0000000 ____D C:\Users\Ryan\AppData\Local\The Weather Channel
2012-03-21 23:26 - 2012-03-21 23:26 - 0001490 ____A C:\user.js
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Local\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\All Users\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\ProgramData\Babylon
2012-03-21 23:25 - 2012-03-21 23:38 - 0000000 ____D C:\Users\Ryan\AppData\Local\Conduit
2012-03-21 23:25 - 2012-03-21 23:25 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-03-18 23:20 - 2012-03-18 23:29 - 0000000 ____D C:\Program Files (x86)\ExpressFiles
2012-03-18 23:08 - 2012-04-06 03:21 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-03-18 23:08 - 2012-04-06 03:21 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-03-18 23:08 - 2012-03-18 23:08 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-18 14:56 - 2012-04-11 16:03 - 0000672 ____A C:\Windows\setupact.log
2012-03-18 14:56 - 2012-03-18 14:56 - 0000000 ____A C:\Windows\setuperr.log
2012-03-15 20:02 - 2012-03-15 20:22 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\xmldm
2012-03-15 20:02 - 2012-03-15 20:22 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\kock

============ 3 Months Modified Files and Folders =============

2012-04-12 06:47 - 2012-04-12 06:47 - 0000000 ____D C:\FRST
2012-04-12 02:40 - 2010-02-25 20:56 - 1797518 ____A C:\Windows\WindowsUpdate.log
2012-04-12 02:40 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-12 02:37 - 2012-04-11 17:01 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_21.01.45_log.txt
2012-04-12 02:37 - 2011-08-23 21:11 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-12 02:37 - 2011-08-23 21:11 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-11 17:31 - 2010-06-28 08:38 - 0000000 ____D C:\Users\Ryan\AppData\Local\PMB Files
2012-04-11 16:10 - 2009-07-13 20:45 - 0016304 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-11 16:10 - 2009-07-13 20:45 - 0016304 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-11 16:04 - 2012-04-04 00:38 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-11 16:03 - 2012-03-18 14:56 - 0000672 ____A C:\Windows\setupact.log
2012-04-11 16:03 - 2011-08-12 19:47 - 0000000 ____D C:\Malwarebytes' Anti-Malware
2012-04-11 16:03 - 2010-02-25 20:51 - 3018608640 __ASH C:\hiberfil.sys
2012-04-11 16:03 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-11 16:02 - 2012-04-11 16:02 - 0711240 ____A C:\Windows\isRS-000.tmp
2012-04-11 16:02 - 2012-02-05 01:46 - 0000719 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-04-11 15:57 - 2012-04-11 15:54 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.54.59_log.txt
2012-04-11 15:54 - 2012-04-11 15:50 - 0243228 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.50.18_log.txt
2012-04-11 15:54 - 2011-12-24 17:00 - 0000000 ____D C:\Users\Ryan\Desktop\Virus stuff
2012-04-11 00:14 - 2012-04-11 00:08 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_04.08.46_log.txt
2012-04-11 00:08 - 2011-12-25 22:47 - 0000000 ____D C:\Users\Ryan\AppData\Local\Spotify
2012-04-10 23:28 - 2011-12-25 22:46 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Spotify
2012-04-10 23:03 - 2011-09-11 19:08 - 0000000 ____D C:\Users\Ryan\Desktop\GSU Homework
2012-04-10 23:03 - 2010-12-21 09:50 - 0018484 ____A C:\Users\Ryan\AppData\Roaming\wklnhst.dat
2012-04-10 21:08 - 2012-04-10 21:08 - 0029696 ____A C:\Users\Ryan\Downloads\HMW%2012_Lesson%207B%20Utilization%2002.doc
2012-04-10 21:08 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-10 20:19 - 2010-03-12 11:21 - 0000000 ____D C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
2012-04-10 00:02 - 2012-04-10 00:02 - 0302592 ____A C:\Users\Ryan\Downloads\btinf825.exe
2012-04-09 23:58 - 2012-04-09 23:57 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-09 23:52 - 2011-12-31 13:24 - 0002315 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-09 15:27 - 2012-04-09 23:56 - 15802256 ____A (SUPERAntiSpyware.com) C:\Users\Ryan\Downloads\SUPERAntiSpyware.exe
2012-04-09 00:38 - 2012-04-09 00:32 - 0123084 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_04.32.10_log.txt
2012-04-09 00:38 - 2012-04-05 21:09 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-08 21:53 - 2012-04-08 21:48 - 0239556 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.48.05_log.txt
2012-04-08 21:44 - 2012-04-08 21:37 - 0122736 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.37.07_log.txt
2012-04-08 21:36 - 2012-04-08 21:36 - 0000348 ____A C:\TDSSKiller.2.6.25.0_09.04.2012_01.36.43_log.txt
2012-04-08 20:53 - 2012-04-08 20:53 - 0028672 ____A C:\Users\Ryan\Downloads\HMW%2011_Lesson%207B%20Utilization%2001.doc
2012-04-06 03:21 - 2012-04-05 21:30 - 0000000 ___SD C:\ComboFix
2012-04-06 03:21 - 2012-03-18 23:08 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-04-06 03:21 - 2012-03-18 23:08 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-04-06 03:21 - 2011-12-26 18:07 - 0000000 ____D C:\Windows\ERDNT
2012-04-06 03:21 - 2010-06-28 08:38 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-06 03:21 - 2010-06-28 08:38 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-06 03:21 - 2009-07-13 19:18 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-06 03:20 - 2011-12-26 18:07 - 0000000 ____D C:\Qoobox
2012-04-06 03:20 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-05 23:22 - 2012-04-05 23:22 - 0000000 ____D C:\Windows\system64
2012-04-05 23:22 - 2010-03-10 11:43 - 0000000 ____D C:\users\Ryan
2012-04-05 23:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-05 21:53 - 2010-04-20 08:32 - 0000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2012-04-05 21:44 - 2012-04-05 21:44 - 0176202 ____A C:\ComboFix.txt
2012-04-05 21:37 - 2009-07-13 18:34 - 62652416 ____A C:\Windows\System32\config\software.bak
2012-04-05 21:37 - 2009-07-13 18:34 - 15204352 ____A C:\Windows\System32\config\system.bak
2012-04-05 21:37 - 2009-07-13 18:34 - 0274432 ____A C:\Windows\System32\config\default.bak
2012-04-05 21:37 - 2009-07-13 18:34 - 0057344 ____A C:\Windows\System32\config\sam.bak
2012-04-05 21:37 - 2009-07-13 18:34 - 0032768 ____A C:\Windows\System32\config\security.bak
2012-04-05 21:10 - 2012-04-05 21:08 - 0121794 ____A C:\TDSSKiller.2.7.26.0_06.04.2012_01.08.43_log.txt
2012-04-05 21:08 - 2012-04-05 21:07 - 0000348 ____A C:\TDSSKiller.2.6.25.0_06.04.2012_01.07.55_log.txt
2012-04-05 21:08 - 2011-12-25 16:40 - 0593922 ____A C:\Windows\ntbtlog.txt
2012-04-05 03:20 - 2009-11-23 17:28 - 0853002 ____A C:\Windows\PFRO.log
2012-04-04 23:32 - 2011-12-25 14:57 - 0000395 ____A C:\rkill.log
2012-04-04 11:56 - 2010-12-14 13:09 - 0024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-04-04 00:35 - 2012-04-04 00:33 - 0000154 ____A C:\Users\Ryan\AppData\Local\svcxdcl32.dat
2012-04-01 21:39 - 2012-04-01 21:39 - 0013934 ____A C:\Users\Ryan\Downloads\Practice Translation Quiz L7A.docx
2012-04-01 21:03 - 2010-03-10 14:49 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Google
2012-04-01 09:56 - 2012-04-01 09:56 - 0016540 ____A C:\Users\Ryan\Downloads\CSE10_Budget_Exer2.xlsx
2012-03-29 21:25 - 2012-03-29 21:25 - 0029184 ____A C:\Users\Ryan\Downloads\HMW 10_Lesson 7A Utilization.doc
2012-03-27 23:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-26 15:16 - 2009-11-23 17:16 - 0000000 ____D C:\Program Files\Google
2012-03-23 00:29 - 2012-03-23 00:29 - 0002006 ____A C:\Users\Ryan\Desktop\Morrowind Launcher.exe - Shortcut.lnk
2012-03-23 00:23 - 2012-03-22 23:50 - 0000000 ____D C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com
2012-03-23 00:21 - 2012-03-23 00:21 - 70017004 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part2.rar
2012-03-22 23:49 - 2012-03-22 23:49 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-22 23:46 - 2012-03-22 23:46 - 1506653 ____A C:\Users\Ryan\Downloads\wrar411.exe
2012-03-22 23:42 - 2012-03-22 23:42 - 100431872 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part1.rar
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Real
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\Users\All Users\Real
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\ProgramData\Real
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\Program Files (x86)\Real
2012-03-21 23:38 - 2012-03-21 23:25 - 0000000 ____D C:\Users\Ryan\AppData\Local\Conduit
2012-03-21 23:38 - 2010-03-10 11:43 - 0000000 ____D C:\Users\Ryan\AppData\LocalLow
2012-03-21 23:37 - 2010-03-10 14:49 - 0000000 ____D C:\Users\Ryan\AppData\Local\Google
2012-03-21 23:37 - 2009-11-23 17:16 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\FrostWire
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\AppData\Local\APN
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\.frostwire5
2012-03-21 23:28 - 2012-03-21 23:28 - 0000000 ____D C:\Users\Ryan\AppData\Local\The Weather Channel
2012-03-21 23:26 - 2012-03-21 23:26 - 0001490 ____A C:\user.js
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Local\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\All Users\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\ProgramData\Babylon
2012-03-21 23:25 - 2012-03-21 23:25 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-03-21 22:18 - 2012-04-10 00:11 - 0879714 ____A C:\Users\Ryan\Downloads\SecurityCheck.exe
2012-03-19 22:45 - 2012-04-04 00:36 - 0119385 ____N C:\Users\Ryan\Downloads\hash
2012-03-18 23:29 - 2012-03-18 23:20 - 0000000 ____D C:\Program Files (x86)\ExpressFiles
2012-03-18 23:08 - 2012-03-18 23:08 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-18 14:56 - 2012-03-18 14:56 - 0000000 ____A C:\Windows\setuperr.log
2012-03-15 20:22 - 2012-03-15 20:02 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\xmldm
2012-03-15 20:22 - 2012-03-15 20:02 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\kock
2012-03-15 11:34 - 2012-04-12 02:38 - 1385843 ____A C:\Users\Ryan\Downloads\FRST64.exe
2012-03-15 00:18 - 2011-09-17 09:31 - 0000121 ____A C:\Users\Ryan\webct_upload_applet.properties
2012-03-12 18:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-12 16:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-11 19:28 - 2011-05-03 07:09 - 0013063 ____A C:\Windows\IE9_main.log
2012-02-21 18:42 - 2010-03-10 14:47 - 0000174 ___SH C:\Users\Ryan\Start Menu\Programs\Startup\desktop.ini
2012-02-21 18:42 - 2010-03-10 14:47 - 0000174 ___SH C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-21 17:43 - 2009-07-13 20:45 - 0341416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-21 17:42 - 2011-06-20 13:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-19 07:03 - 2010-03-16 10:46 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-12 19:11 - 2012-02-12 19:11 - 0001045 ____A C:\Users\Public\Desktop\NJStar Japanese WP.lnk
2012-02-12 19:11 - 2012-02-12 19:11 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\NJStar
2012-02-12 19:11 - 2012-02-12 19:11 - 0000000 ____D C:\Program Files (x86)\NJStar Japanese WP
2012-02-10 22:38 - 2011-11-02 15:14 - 0000000 ____D C:\Users\Ryan\riotsGamesLogs
2012-02-10 20:48 - 2012-02-10 20:48 - 0341333 ____A C:\Users\Ryan\Documents\AllfilesTaxReturn2012.pdf
2012-01-19 22:04 - 2010-06-02 09:20 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2012-01-18 23:51 - 2012-01-18 23:51 - 0001754 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-18 23:51 - 2012-01-18 23:50 - 0000000 ____D C:\Program Files\iTunes
2012-01-18 23:51 - 2012-01-18 23:50 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-18 23:50 - 2012-01-18 23:50 - 0000000 ____D C:\Program Files\iPod
2012-01-18 23:47 - 2012-01-18 23:47 - 0000000 ____D C:\Program Files\Bonjour
2012-01-18 23:47 - 2012-01-18 23:47 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-01-18 23:47 - 2011-12-31 13:24 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-01-18 23:47 - 2011-01-29 12:21 - 0000000 ____D C:\Program Files (x86)\Safari
2012-01-18 23:25 - 2012-01-18 23:24 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\WinRAR
2012-01-18 18:56 - 2010-06-02 09:20 - 0000000 ____D C:\Users\Ryan\AppData\Local\Apple Computer
2012-01-18 18:52 - 2012-01-18 18:52 - 0001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-01-18 18:52 - 2012-01-18 18:52 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-18 18:50 - 2012-01-18 18:50 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-01-16 08:14 - 2010-12-07 19:05 - 0000000 ____D C:\Users\Ryan\Documents\My Games
2012-01-14 18:33 - 2010-09-03 14:17 - 0000000 ____D C:\Users\Ryan\Desktop\AnimaTromeo

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3838.36 MB
Available physical RAM: 3303.35 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3288.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105757W0A) (Fixed) (Total:287.7 GB) (Free:204.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.84 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 971 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 287 GB 1501 MB
Partition 3 Primary 8 GB 289 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105757W0A NTFS Partition 287 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 970 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 970 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-29 20:32

======================= End Of Log ==========================

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 12 April 2012 - 07:29 AM

Hi grogall!

Please proceed with these instructions:

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
HKU\Ryan\...\Policies\system: [disableregistrytools] 0
HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=NFVWSzItQUxZTUYtU0xLTFUtQVoyVUItNkdPS0ItSkhGTkg"&"inst=NzctNDcwMDgxNDU0LVhPMzYrMS1GUDkrNi1TVDErMi1OMUYrMS1CQVI5RysxLVRCOSsyLUZMKzktRjEwTSs1LVFJWDErNC1YMjAxMCsyLUYxME0xMEQrMg"&"prod=90"&"ver=10.0.1170 [x]
SubSystems: [Windows] ==> ZeroAccess
2 bwcsrv; C:\Windows\System32\vaiomediaplatform-integratedserver-appserver.dll [6656 2009-07-13] (Oak Technology Inc.)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
3 PCD65X10; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X10.sys [x]
3 PCD65X11; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X11.sys [x]
3 PCD65X12; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X12.sys [x]
3 PCD65X2; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X2.sys [x]
3 PCD65X3; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X3.sys [x]
3 PCD65X4; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X4.sys [x]
3 PCD65X5; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X5.sys [x]
3 PCD65X6; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X6.sys [x]
3 PCD65X7; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X7.sys [x]
3 PCD65X8; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X8.sys [x]
3 PCD65X9; \??\C:\Users\Ryan\AppData\Local\Temp\PCD65X9.sys [x]
NETSVC: bwcsrv
2012-04-04 00:38 - 2012-04-11 16:04 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-04 00:33 - 2012-04-04 00:35 - 0000154 ____A C:\Users\Ryan\AppData\Local\svcxdcl32.dat
2012-03-15 20:02 - 2012-03-15 20:22 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\xmldm
2012-03-15 20:02 - 2012-03-15 20:22 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\kock
2012-04-11 16:04 - 2012-04-04 00:38 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-04 00:35 - 2012-04-04 00:33 - 0000154 ____A C:\Users\Ryan\AppData\Local\svcxdcl32.dat
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV:64bit: - [2009/07/13 21:39:46 | 000,006,656 | ---- | M] (Oak Technology Inc.) [Auto | Running] -- C:\Windows\SysNative\vaiomediaplatform-integratedserver-appserver.dll -- (bwcsrv)
    IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\URLSearchHook: {93c338de-5fb5-4fb5-ab4e-0eedc0bd9f3a} - No CLSID value found
    IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3150609
    IE - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\SearchScopes\{FF35629F-E29F-47A7-B0D8-C3B17D5F53D2}: "URL" = http://search.internet-search-results.com/?sid=10101199100&clsid={FF35629F-E29F-47A7-B0D8-C3B17D5F53D2}&s={searchTerms}
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {93C338DE-5FB5-4FB5-AB4E-0EEDC0BD9F3A} - No CLSID value found.
    O3 - HKU\S-1-5-21-1394663217-2439825344-4002662712-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found
    O37 - HKU\.DEFAULT\...exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*
    O37 - HKU\S-1-5-18\...exe [@ = qd] -- "C:\windows\SysWOW64\config\systemprofile\AppData\Local\xxg.exe" -a "%1" %*
    SafeBootMin:64bit: 34285097.sys - Driver
    SafeBootMin:64bit: 54270591.sys - Driver
    SafeBootMin:64bit: 76130706.sys - Driver
    SafeBootMin:64bit: 96967326.sys - Driver
    SafeBootMin: 34285097.sys - Driver
    SafeBootMin: 54270591.sys - Driver
    SafeBootMin: 76130706.sys - Driver
    SafeBootMin: 96967326.sys - Driver
    NetSvcs:64bit: bwcsrv - C:\Windows\SysNative\vaiomediaplatform-integratedserver-appserver.dll (Oak Technology Inc.)
    [2012/03/16 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\xmldm
    [2012/03/16 00:02:08 | 000,000,000 | ---D | C] -- C:\Users\Ryan\AppData\Roaming\kock
    [2012/04/10 05:07:26 | 000,000,000 | -HS- | M] () -- C:\windows\SysNative\dds_trash_log.cmd
    [2012/04/04 04:35:11 | 000,000,154 | ---- | M] () -- C:\Users\Ryan\AppData\Local\svcxdcl32.dat
    [2012/04/04 04:38:09 | 000,000,000 | -HS- | C] () -- C:\windows\SysNative\dds_trash_log.cmd
    [2012/04/04 04:33:00 | 000,000,154 | ---- | C] () -- C:\Users\Ryan\AppData\Local\svcxdcl32.dat
    [2011/12/31 18:24:12 | 000,010,514 | -HS- | C] () -- C:\ProgramData\14ci6806e20rkkb53dvmg13e81l53q6t
    [2011/12/31 18:07:38 | 000,000,000 | ---- | C] () -- C:\Users\Ryan\AppData\Local\{C9EE40BC-6C04-4600-8161-052A75A32850}
    [2011/12/24 21:11:21 | 000,000,000 | ---- | C] () -- C:\ProgramData\O4Ol0Glu.dat
    [2011/12/24 20:37:50 | 000,009,500 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\dwymsafh6s2r
    [2011/12/24 20:37:50 | 000,009,500 | -HS- | C] () -- C:\ProgramData\3559968465
    [2011/12/24 20:35:03 | 000,009,500 | -HS- | C] () -- C:\ProgramData\dwymsafh6s2r
    [2011/12/24 16:04:05 | 000,010,222 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\230276g6x323v423g161f3avq0c1
    [2011/12/24 16:00:56 | 000,010,222 | -HS- | C] () -- C:\ProgramData\230276g6x323v423g161f3avq0c1
    [2011/12/03 16:57:02 | 000,011,706 | -HS- | C] () -- C:\Users\Ryan\AppData\Local\8pu6m23tas8m06ceell8081ld325fyl88q4j
    [2011/12/03 16:46:34 | 000,011,706 | -HS- | C] () -- C:\ProgramData\8pu6m23tas8m06ceell8081ld325fyl88q4j
    [2011/08/12 17:51:38 | 000,000,168 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
    [2011/08/12 17:51:37 | 000,000,216 | ---- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
    [2011/08/12 17:51:32 | 000,000,400 | ---- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
    [2012/03/12 00:02:02 | 000,000,184 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_0O1BATGX.txt
    [2012/03/12 00:02:37 | 000,000,176 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_15NGTMPX.txt
    [2012/01/18 23:34:37 | 000,000,108 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_72JW0VFI.txt
    [2012/03/12 00:02:02 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120208_G7WTD3KM.txt
    [2012/01/01 03:58:43 | 000,000,116 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120209_SRJX3RTF.txt
    [2012/03/03 20:00:51 | 000,000,971 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.120209_UG7175LC.txt
    [2012/03/16 00:12:04 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121209_KEGVPJ3Q.txt
    [2012/03/16 00:11:22 | 000,000,563 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121209_TRU59BE3.txt
    [2012/03/16 00:14:36 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.121709_3YSDNR9H.txt
    [2012/03/16 00:20:05 | 000,000,757 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\xmldm\netbank_2012.03.16.122210_CN7D99RV.txt
    [2012/03/12 00:02:02 | 000,000,184 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\0O1BATGX.txt
    [2012/03/12 00:02:37 | 000,000,176 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\15NGTMPX.txt
    [2012/03/16 00:14:36 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\3YSDNR9H.txt
    [2012/01/18 23:34:37 | 000,000,108 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\72JW0VFI.txt
    [2012/03/16 00:20:05 | 000,000,757 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\CN7D99RV.txt
    [2012/03/12 00:02:02 | 000,000,088 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\G7WTD3KM.txt
    [2012/03/16 00:12:04 | 000,001,124 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\KEGVPJ3Q.txt
    [2012/01/01 03:58:43 | 000,000,116 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\SRJX3RTF.txt
    [2012/03/16 00:11:22 | 000,000,563 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\TRU59BE3.txt
    [2012/03/03 20:00:51 | 000,000,971 | ---- | M] () -- C:\Users\Ryan\AppData\Roaming\kock\UG7175LC.txt
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 grogall

grogall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 12 April 2012 - 06:33 PM

Hey ST, I was able to run the FSRT64, however the OTL fix seems to be frozen. I received a popup error at the start saying "cannot create file ipconfig /flushdns"
And the OTL has been stuck on resetting host files for over an hour. It says "resetting HOSTS file. Do not interrupt" so I'm using an iPad to post on here to not interfere.
That's also why I haven't included the fix log file. Was thinking that maybe the error popup might have something to do with it being stuck on resetting the host files?

#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 12 April 2012 - 11:40 PM

Hi!

I've had others complain about OTL getting hung up when getting to the part where it attempts to reset the host file.

Please go ahead and exit out of the OTL window, and proceed with this tool below:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.
  • If you get an error message saying: "Illegal operation attempted on a registry key that was marked for deletion." please reboot your computer, and that should take care of that error message.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 grogall

grogall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 April 2012 - 02:40 AM

Hey ST, I had to restore the computer to a previous restore point after the OTL (or assuming it was from that) as windows was unable to restart.
Once restored, I ran the FRST64 again along with Combofix. I had to include Combo fix as an attachment as it said the post was too long to be posted.


FRST64 log

Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-13 03:08:39 R:2
Running from F:\

==============================================

HKEY_USERS\Ryan\Software\Microsoft\Windows\CurrentVersion\Policies\system\\disableregistrytools Value deleted successfully.
HKLM-x32\\\.\.\.\\RunOnce\\AvgUninstallURL Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
bwcsrv service not found.
catchme service deleted successfully.
PCD65X10 service deleted successfully.
PCD65X11 service deleted successfully.
PCD65X12 service deleted successfully.
PCD65X2 service deleted successfully.
PCD65X3 service deleted successfully.
PCD65X4 service deleted successfully.
PCD65X5 service deleted successfully.
PCD65X6 service deleted successfully.
PCD65X7 service deleted successfully.
PCD65X8 service deleted successfully.
PCD65X9 service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs bwcsrv not found.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\Users\Ryan\AppData\Local\svcxdcl32.dat not found.
C:\Users\Ryan\AppData\Roaming\xmldm not found.
C:\Users\Ryan\AppData\Roaming\kock not found.
C:\Windows\System32\dds_trash_log.cmd not found.
C:\Users\Ryan\AppData\Local\svcxdcl32.dat not found.

==== End of Fixlog ====

Attached Files



#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 13 April 2012 - 02:46 AM

Hi!

Thanks for those log files! Sorry to hear you had to go back a previous restore point after running the OTL fix.

Can you please do me a favor and run a new scan with Farbar Recovery Scan Tool and post the new log for me to review?

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 grogall

grogall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 April 2012 - 04:19 AM

Hey ST, soo... I got the Farbar scan, but once I exited out of that to restart into windows, I had the windows could not run screen come up again, tried repairing it
and a popup came up asking to restore, I clicked that, but it didn't give me an option as to which restore point to use like it has in the past, So if it did restore,
I'm not sure which point it was restored to. :/ At least it's restoring to a working time, so I'm happy with that.

This was the Farbar after the restore just now.


Scan result of Farbar Recovery Scan Tool Version: 15-03-2012
Ran by SYSTEM at 13-04-2012 05:12:32
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-20] (Synaptics Incorporated)
HKLM\...\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe [195080 2008-09-25] (LSI Corp.)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1481568 2009-08-26] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [352256 2009-07-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1294136 2009-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [2454840 2009-11-21] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED [529256 2009-08-09] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)
HKU\Ryan\...\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3077528 2011-11-01] ()
HKU\Ryan\...\Policies\system: [disableregistrytools] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.)
2 pxfhbus; C:\Windows\System32\rt2870.dll [6656 2009-07-13] (Oak Technology Inc.)

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2010-11-04] ()
3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
3 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [119296 2008-01-22] (Huawei Technologies Co., Ltd.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115072 2008-05-27] (Huawei Technologies Co., Ltd.)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2010-11-04] ()
1 SSHDRV65; C:\Windows\SysWow64\Drivers\SSHDRV65.sys [120320 2010-11-28] ()
1 SSHDRV79; C:\Windows\SysWow64\Drivers\SSHDRV79.sys [75264 2010-11-28] ()
3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [x]
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]
3 X6va001; \??\C:\Users\Ryan\AppData\Local\Temp\0019F23.tmp [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: iteatapi
NETSVC: pxfhbus
NETSVC: DCamUSBEMPIA
NETSVC: snpstd2

============ One Month Created Files and Folders ==============

2012-04-13 01:09 - 2012-04-13 01:10 - 0001911 ____A C:\Users\Ryan\Desktop\New Text Document.txt
2012-04-12 23:28 - 2012-04-12 23:28 - 0174271 ____A C:\ComboFix.txt
2012-04-12 23:11 - 2012-04-13 04:45 - 0000000 ___SD C:\ComboFix
2012-04-12 23:10 - 2012-04-13 00:52 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-12 23:06 - 2012-04-12 08:10 - 4460173 ____R (Swearware) C:\Users\Ryan\Desktop\ComboFix.exe
2012-04-12 13:59 - 2012-04-12 13:59 - 0000000 ____D C:\_OTL
2012-04-12 06:47 - 2012-04-13 05:12 - 0000000 ____D C:\FRST
2012-04-11 17:01 - 2012-04-12 02:37 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_21.01.45_log.txt
2012-04-11 15:54 - 2012-04-11 15:57 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.54.59_log.txt
2012-04-11 15:50 - 2012-04-11 15:54 - 0243228 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.50.18_log.txt
2012-04-11 00:08 - 2012-04-11 00:14 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_04.08.46_log.txt
2012-04-10 21:08 - 2012-04-10 21:08 - 0029696 ____A C:\Users\Ryan\Downloads\HMW%2012_Lesson%207B%20Utilization%2002.doc
2012-04-09 23:57 - 2012-04-13 02:56 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-09 00:32 - 2012-04-09 00:38 - 0123084 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_04.32.10_log.txt
2012-04-08 21:48 - 2012-04-08 21:53 - 0239556 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.48.05_log.txt
2012-04-08 21:37 - 2012-04-08 21:44 - 0122736 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.37.07_log.txt
2012-04-08 21:36 - 2012-04-08 21:36 - 0000348 ____A C:\TDSSKiller.2.6.25.0_09.04.2012_01.36.43_log.txt
2012-04-08 20:53 - 2012-04-08 20:53 - 0028672 ____A C:\Users\Ryan\Downloads\HMW%2011_Lesson%207B%20Utilization%2001.doc
2012-04-05 21:09 - 2012-04-05 21:09 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-05 21:08 - 2012-04-05 21:10 - 0121794 ____A C:\TDSSKiller.2.7.26.0_06.04.2012_01.08.43_log.txt
2012-04-05 21:07 - 2012-04-05 21:08 - 0000348 ____A C:\TDSSKiller.2.6.25.0_06.04.2012_01.07.55_log.txt
2012-04-04 00:36 - 2012-03-19 22:45 - 0119385 ____N C:\Users\Ryan\Downloads\hash
2012-04-01 21:39 - 2012-04-01 21:39 - 0013934 ____A C:\Users\Ryan\Downloads\Practice Translation Quiz L7A.docx
2012-04-01 09:56 - 2012-04-01 09:56 - 0016540 ____A C:\Users\Ryan\Downloads\CSE10_Budget_Exer2.xlsx
2012-03-29 21:25 - 2012-03-29 21:25 - 0029184 ____A C:\Users\Ryan\Downloads\HMW 10_Lesson 7A Utilization.doc
2012-03-23 00:29 - 2012-03-23 00:29 - 0002006 ____A C:\Users\Ryan\Desktop\Morrowind Launcher.exe - Shortcut.lnk
2012-03-23 00:21 - 2012-03-23 00:21 - 70017004 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part2.rar
2012-03-22 23:50 - 2012-03-23 00:23 - 0000000 ____D C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com
2012-03-22 23:49 - 2012-03-22 23:49 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-22 23:46 - 2012-03-22 23:46 - 1506653 ____A C:\Users\Ryan\Downloads\wrar411.exe
2012-03-22 23:42 - 2012-03-22 23:42 - 100431872 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part1.rar
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\FrostWire
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\AppData\Local\APN
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\.frostwire5
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Real
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\Users\All Users\Real
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\ProgramData\Real
2012-03-21 23:33 - 2012-03-21 23:38 - 0000000 ____D C:\Program Files (x86)\Real
2012-03-21 23:28 - 2012-03-21 23:28 - 0000000 ____D C:\Users\Ryan\AppData\Local\The Weather Channel
2012-03-21 23:26 - 2012-03-21 23:26 - 0001490 ____A C:\user.js
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Local\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\All Users\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\ProgramData\Babylon
2012-03-21 23:25 - 2012-03-21 23:38 - 0000000 ____D C:\Users\Ryan\AppData\Local\Conduit
2012-03-21 23:25 - 2012-03-21 23:25 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-03-18 23:20 - 2012-03-18 23:29 - 0000000 ____D C:\Program Files (x86)\ExpressFiles
2012-03-18 23:08 - 2012-04-13 04:45 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-03-18 23:08 - 2012-04-13 04:45 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-03-18 23:08 - 2012-03-18 23:08 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-18 14:56 - 2012-04-13 00:52 - 0000616 ____A C:\Windows\setupact.log
2012-03-18 14:56 - 2012-03-18 14:56 - 0000000 ____A C:\Windows\setuperr.log

============ 3 Months Modified Files and Folders =============

2012-04-13 05:12 - 2012-04-12 06:47 - 0000000 ____D C:\FRST
2012-04-13 04:45 - 2012-04-12 23:11 - 0000000 ___SD C:\ComboFix
2012-04-13 04:45 - 2012-03-18 23:08 - 0000000 ____D C:\Users\All Users\Tarma Installer
2012-04-13 04:45 - 2012-03-18 23:08 - 0000000 ____D C:\ProgramData\Tarma Installer
2012-04-13 04:45 - 2011-12-26 18:07 - 0000000 ____D C:\Windows\ERDNT
2012-04-13 04:45 - 2010-06-28 08:38 - 0000000 ____D C:\Users\All Users\PMB Files
2012-04-13 04:45 - 2010-06-28 08:38 - 0000000 ____D C:\ProgramData\PMB Files
2012-04-13 04:45 - 2009-07-13 19:18 - 0000000 ____D C:\$RECYCLE.BIN
2012-04-13 04:44 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-04-13 04:43 - 2011-12-26 18:07 - 0000000 ____D C:\Qoobox
2012-04-13 02:56 - 2012-04-09 23:57 - 0000000 ____D C:\Program Files\SUPERAntiSpyware
2012-04-13 02:56 - 2011-12-24 17:00 - 0000000 ____D C:\Users\Ryan\Desktop\Virus stuff
2012-04-13 02:56 - 2011-08-12 19:47 - 0000000 ____D C:\Malwarebytes' Anti-Malware
2012-04-13 02:56 - 2010-03-11 00:26 - 0000000 ____D C:\Users\Ryan\AppData\Local\TOSHIBA_Corporation
2012-04-13 01:11 - 2010-02-25 20:56 - 1744972 ____A C:\Windows\WindowsUpdate.log
2012-04-13 01:10 - 2012-04-13 01:09 - 0001911 ____A C:\Users\Ryan\Desktop\New Text Document.txt
2012-04-13 01:10 - 2010-06-28 08:38 - 0000000 ____D C:\Users\Ryan\AppData\Local\PMB Files
2012-04-13 01:10 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-04-13 01:04 - 2011-08-23 21:11 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-13 00:59 - 2009-07-13 20:45 - 0016304 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-13 00:59 - 2009-07-13 20:45 - 0016304 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-13 00:57 - 2009-07-13 21:13 - 0726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-13 00:53 - 2011-08-23 21:11 - 0000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-13 00:52 - 2012-04-12 23:10 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-13 00:52 - 2012-03-18 14:56 - 0000616 ____A C:\Windows\setupact.log
2012-04-13 00:52 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-13 00:51 - 2010-02-25 20:51 - 3018608640 __ASH C:\hiberfil.sys
2012-04-13 00:48 - 2010-03-10 11:43 - 0000000 ____D C:\users\Ryan
2012-04-13 00:46 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-12 23:28 - 2012-04-12 23:28 - 0174271 ____A C:\ComboFix.txt
2012-04-12 23:20 - 2009-07-13 18:34 - 62652416 ____A C:\Windows\System32\config\software.bak
2012-04-12 23:20 - 2009-07-13 18:34 - 15204352 ____A C:\Windows\System32\config\system.bak
2012-04-12 23:20 - 2009-07-13 18:34 - 0274432 ____A C:\Windows\System32\config\default.bak
2012-04-12 23:20 - 2009-07-13 18:34 - 0057344 ____A C:\Windows\System32\config\sam.bak
2012-04-12 23:20 - 2009-07-13 18:34 - 0032768 ____A C:\Windows\System32\config\security.bak
2012-04-12 13:59 - 2012-04-12 13:59 - 0000000 ____D C:\_OTL
2012-04-12 08:10 - 2012-04-12 23:06 - 4460173 ____R (Swearware) C:\Users\Ryan\Desktop\ComboFix.exe
2012-04-12 02:37 - 2012-04-11 17:01 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_21.01.45_log.txt
2012-04-11 15:57 - 2012-04-11 15:54 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.54.59_log.txt
2012-04-11 15:54 - 2012-04-11 15:50 - 0243228 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_19.50.18_log.txt
2012-04-11 00:14 - 2012-04-11 00:08 - 0123018 ____A C:\TDSSKiller.2.7.28.0_11.04.2012_04.08.46_log.txt
2012-04-11 00:08 - 2011-12-25 22:47 - 0000000 ____D C:\Users\Ryan\AppData\Local\Spotify
2012-04-10 23:03 - 2011-09-11 19:08 - 0000000 ____D C:\Users\Ryan\Desktop\GSU Homework
2012-04-10 23:03 - 2010-12-21 09:50 - 0018484 ____A C:\Users\Ryan\AppData\Roaming\wklnhst.dat
2012-04-10 21:08 - 2012-04-10 21:08 - 0029696 ____A C:\Users\Ryan\Downloads\HMW%2012_Lesson%207B%20Utilization%2002.doc
2012-04-10 20:19 - 2010-03-12 11:21 - 0000000 ____D C:\Users\Ryan\AppData\Local\ElevatedDiagnostics
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-09 23:57 - 2012-04-09 23:57 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-09 00:38 - 2012-04-09 00:32 - 0123084 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_04.32.10_log.txt
2012-04-08 21:53 - 2012-04-08 21:48 - 0239556 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.48.05_log.txt
2012-04-08 21:44 - 2012-04-08 21:37 - 0122736 ____A C:\TDSSKiller.2.7.26.0_09.04.2012_01.37.07_log.txt
2012-04-08 21:36 - 2012-04-08 21:36 - 0000348 ____A C:\TDSSKiller.2.6.25.0_09.04.2012_01.36.43_log.txt
2012-04-08 20:53 - 2012-04-08 20:53 - 0028672 ____A C:\Users\Ryan\Downloads\HMW%2011_Lesson%207B%20Utilization%2001.doc
2012-04-05 21:53 - 2010-04-20 08:32 - 0000000 ____D C:\Users\Ryan\AppData\Local\CrashDumps
2012-04-05 21:10 - 2012-04-05 21:08 - 0121794 ____A C:\TDSSKiller.2.7.26.0_06.04.2012_01.08.43_log.txt
2012-04-05 21:09 - 2012-04-05 21:09 - 0000000 ____D C:\TDSSKiller_Quarantine
2012-04-05 21:08 - 2012-04-05 21:07 - 0000348 ____A C:\TDSSKiller.2.6.25.0_06.04.2012_01.07.55_log.txt
2012-04-05 21:08 - 2011-12-25 16:40 - 0593922 ____A C:\Windows\ntbtlog.txt
2012-04-05 21:05 - 2011-12-31 13:24 - 0002315 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-05 03:20 - 2009-11-23 17:28 - 0853002 ____A C:\Windows\PFRO.log
2012-04-04 23:32 - 2011-12-25 14:57 - 0000395 ____A C:\rkill.log
2012-04-04 00:28 - 2011-12-25 22:46 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Spotify
2012-04-01 21:39 - 2012-04-01 21:39 - 0013934 ____A C:\Users\Ryan\Downloads\Practice Translation Quiz L7A.docx
2012-04-01 21:03 - 2010-03-10 14:49 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Google
2012-04-01 09:56 - 2012-04-01 09:56 - 0016540 ____A C:\Users\Ryan\Downloads\CSE10_Budget_Exer2.xlsx
2012-03-29 21:25 - 2012-03-29 21:25 - 0029184 ____A C:\Users\Ryan\Downloads\HMW 10_Lesson 7A Utilization.doc
2012-03-27 23:13 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-03-26 15:16 - 2009-11-23 17:16 - 0000000 ____D C:\Program Files\Google
2012-03-23 00:29 - 2012-03-23 00:29 - 0002006 ____A C:\Users\Ryan\Desktop\Morrowind Launcher.exe - Shortcut.lnk
2012-03-23 00:23 - 2012-03-22 23:50 - 0000000 ____D C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com
2012-03-23 00:21 - 2012-03-23 00:21 - 70017004 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part2.rar
2012-03-22 23:49 - 2012-03-22 23:49 - 0000000 ____D C:\Program Files (x86)\WinRAR
2012-03-22 23:46 - 2012-03-22 23:46 - 1506653 ____A C:\Users\Ryan\Downloads\wrar411.exe
2012-03-22 23:42 - 2012-03-22 23:42 - 100431872 ____A C:\Users\Ryan\Downloads\Elder_Scroll_III_www.dl4all.com.part1.rar
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Real
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\Users\All Users\Real
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\ProgramData\Real
2012-03-21 23:38 - 2012-03-21 23:33 - 0000000 ____D C:\Program Files (x86)\Real
2012-03-21 23:38 - 2012-03-21 23:25 - 0000000 ____D C:\Users\Ryan\AppData\Local\Conduit
2012-03-21 23:38 - 2010-03-10 11:43 - 0000000 ____D C:\Users\Ryan\AppData\LocalLow
2012-03-21 23:37 - 2010-03-10 14:49 - 0000000 ____D C:\Users\Ryan\AppData\Local\Google
2012-03-21 23:37 - 2009-11-23 17:16 - 0000000 ____D C:\Program Files (x86)\Google
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\FrostWire
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\AppData\Local\APN
2012-03-21 23:35 - 2012-03-21 23:35 - 0000000 ____D C:\Users\Ryan\.frostwire5
2012-03-21 23:28 - 2012-03-21 23:28 - 0000000 ____D C:\Users\Ryan\AppData\Local\The Weather Channel
2012-03-21 23:26 - 2012-03-21 23:26 - 0001490 ____A C:\user.js
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\Ryan\AppData\Local\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\Users\All Users\Babylon
2012-03-21 23:26 - 2012-03-21 23:26 - 0000000 ____D C:\ProgramData\Babylon
2012-03-21 23:25 - 2012-03-21 23:25 - 0000000 ____D C:\Program Files (x86)\Conduit
2012-03-19 22:45 - 2012-04-04 00:36 - 0119385 ____N C:\Users\Ryan\Downloads\hash
2012-03-18 23:29 - 2012-03-18 23:20 - 0000000 ____D C:\Program Files (x86)\ExpressFiles
2012-03-18 23:08 - 2012-03-18 23:08 - 0000000 ____D C:\Program Files (x86)\fbphotozoom
2012-03-18 14:56 - 2012-03-18 14:56 - 0000000 ____A C:\Windows\setuperr.log
2012-03-15 00:18 - 2011-09-17 09:31 - 0000121 ____A C:\Users\Ryan\webct_upload_applet.properties
2012-03-12 18:12 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-03-12 16:00 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-03-11 19:28 - 2011-05-03 07:09 - 0013063 ____A C:\Windows\IE9_main.log
2012-02-21 18:42 - 2010-03-10 14:47 - 0000174 ___SH C:\Users\Ryan\Start Menu\Programs\Startup\desktop.ini
2012-02-21 18:42 - 2010-03-10 14:47 - 0000174 ___SH C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-02-21 17:43 - 2009-07-13 20:45 - 0341416 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-21 17:42 - 2011-06-20 13:33 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-19 07:03 - 2010-03-16 10:46 - 54585368 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-02-12 19:11 - 2012-02-12 19:11 - 0001045 ____A C:\Users\Public\Desktop\NJStar Japanese WP.lnk
2012-02-12 19:11 - 2012-02-12 19:11 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\NJStar
2012-02-12 19:11 - 2012-02-12 19:11 - 0000000 ____D C:\Program Files (x86)\NJStar Japanese WP
2012-02-10 22:38 - 2011-11-02 15:14 - 0000000 ____D C:\Users\Ryan\riotsGamesLogs
2012-02-10 20:48 - 2012-02-10 20:48 - 0341333 ____A C:\Users\Ryan\Documents\AllfilesTaxReturn2012.pdf
2012-02-05 01:46 - 2012-02-05 01:46 - 0000719 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-01-19 22:04 - 2010-06-02 09:20 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\Apple Computer
2012-01-18 23:51 - 2012-01-18 23:51 - 0001754 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-01-18 23:51 - 2012-01-18 23:50 - 0000000 ____D C:\Program Files\iTunes
2012-01-18 23:51 - 2012-01-18 23:50 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-01-18 23:50 - 2012-01-18 23:50 - 0000000 ____D C:\Program Files\iPod
2012-01-18 23:47 - 2012-01-18 23:47 - 0000000 ____D C:\Program Files\Bonjour
2012-01-18 23:47 - 2012-01-18 23:47 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-01-18 23:47 - 2011-12-31 13:24 - 0002491 ____A C:\Users\Public\Desktop\Safari.lnk
2012-01-18 23:47 - 2011-01-29 12:21 - 0000000 ____D C:\Program Files (x86)\Safari
2012-01-18 23:25 - 2012-01-18 23:24 - 0000000 ____D C:\Users\Ryan\AppData\Roaming\WinRAR
2012-01-18 18:56 - 2010-06-02 09:20 - 0000000 ____D C:\Users\Ryan\AppData\Local\Apple Computer
2012-01-18 18:52 - 2012-01-18 18:52 - 0001816 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-01-18 18:52 - 2012-01-18 18:52 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-01-18 18:50 - 2012-01-18 18:50 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-01-16 08:14 - 2010-12-07 19:05 - 0000000 ____D C:\Users\Ryan\Documents\My Games

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 13%
Total physical RAM: 3838.36 MB
Available physical RAM: 3301.94 MB
Total Pagefile: 3836.51 MB
Available Pagefile: 3280.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI105757W0A) (Fixed) (Total:287.7 GB) (Free:203.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:0.95 GB) (Free:0.84 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 971 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 287 GB 1501 MB
Partition 3 Primary 8 GB 289 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI105757W0A NTFS Partition 287 GB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 970 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 970 MB Healthy

======================================================================================================

==========================================================

Last Boot: 2012-03-29 20:32

======================= End Of Log ==========================

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:08:10 AM

Posted 13 April 2012 - 07:59 AM

Hi!

Thanks for posting that log file for me.

This fix should get you booting back into Windows.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
HKU\Ryan\...\Policies\system: [disableregistrytools] 0
SubSystems: [Windows] ==> ZeroAccess
2 pxfhbus; C:\Windows\System32\rt2870.dll [6656 2009-07-13] (Oak Technology Inc.)
3 X6va001; \??\C:\Users\Ryan\AppData\Local\Temp\0019F23.tmp [x]
NETSVC: iteatapi
NETSVC: pxfhbus
NETSVC: DCamUSBEMPIA
NETSVC: snpstd2
2012-04-12 23:10 - 2012-04-13 00:52 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-04-13 00:52 - 2012-04-12 23:10 - 0000000 __ASH C:\Windows\System32\dds_trash_log.cmd
2012-02-21 18:42 - 2010-03-10 14:47 - 0000174 ___SH C:\Users\Ryan\Start Menu\Programs\Startup\desktop.ini
2012-02-21 18:42 - 2010-03-10 14:47 - 0000174 ___SH C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Then do me a favor and run this scan:


Running aswMBR.exe

Download aswMBR.exe (4.5mb) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 grogall

grogall
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 13 April 2012 - 03:39 PM

Hey ST, here are the log results. Looks like the aswMBR found several infections.
And windows was restarted with no problems :)


Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 15-03-2012
Ran by SYSTEM at 2012-04-13 16:10:42 R:3
Running from F:\

==============================================

HKEY_USERS\Ryan\Software\Microsoft\Windows\CurrentVersion\Policies\system\\disableregistrytools Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
pxfhbus service deleted successfully.
X6va001 service deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs iteatapi Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs pxfhbus Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs DCamUSBEMPIA Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs snpstd2 Deleted successfully.
C:\Windows\System32\dds_trash_log.cmd moved successfully.
C:\Windows\System32\dds_trash_log.cmd not found.
C:\Users\Ryan\Start Menu\Programs\Startup\desktop.ini moved successfully.
C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini not found.

==== End of Fixlog ====


aswMBR


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-13 16:12:21
-----------------------------
16:12:21.731 OS Version: Windows x64 6.1.7600
16:12:21.731 Number of processors: 2 586 0x602
16:12:21.731 ComputerName: RYAN-PC UserName: Ryan
16:12:26.473 Initialize success
16:14:46.010 AVAST engine defs: 12041300
16:14:50.331 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:14:50.331 Disk 0 Vendor: TOSHIBA_MK3263GSXN GC002M Size: 305245MB BusType: 11
16:14:50.347 Disk 0 MBR read successfully
16:14:50.347 Disk 0 MBR scan
16:14:50.347 Disk 0 Windows XP default MBR code
16:14:50.363 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
16:14:50.378 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 294603 MB offset 3074048
16:14:50.409 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 9141 MB offset 606420992
16:14:50.441 Disk 0 scanning C:\windows\system32\drivers
16:15:02.999 Service scanning
16:15:40.127 Modules scanning
16:15:40.127 Disk 0 trace - called modules:
16:15:40.189 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:15:40.189 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004ab4060]
16:15:40.532 3 CLASSPNP.SYS[fffff8800199143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a0e060]
16:15:41.827 AVAST engine scan C:\windows
16:15:45.321 AVAST engine scan C:\windows\system32
16:15:57.146 File: C:\windows\system32\consrv.dll **INFECTED** Win32:Sirefef-HO [Rtk]
16:16:13.651 File: C:\windows\system32\emAudio.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:16:21.311 File: C:\windows\system32\ikfilesec.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:17:06.411 File: C:\windows\system32\redbook.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:17:08.096 File: C:\windows\system32\rt2870.dll **INFECTED** Win64:ZAccess-E [Rtk]
16:17:56.007 File: C:\windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-FQ [Drp]
16:17:59.517 File: C:\windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-HO [Rtk]
16:20:14.816 File: C:\windows\assembly\temp\U\80000032.@ **INFECTED** Win32:DNSChanger-VJ [Trj]
16:20:14.894 File: C:\windows\assembly\temp\U\80000064.@ **INFECTED** Win32:Malware-gen
16:20:16.906 AVAST engine scan C:\windows\system32\drivers
16:20:41.898 AVAST engine scan C:\Users\Ryan
16:24:00.860 File: C:\Users\Ryan\AppData\Local\Temp\nsn2871.tmp\tceskqa.dll **INFECTED** Win32:Trojan-gen
16:27:09.231 File: C:\Users\Ryan\AppData\Roaming\Google\Google\tceskqa.dll **INFECTED** Win32:Trojan-gen
16:28:55.061 AVAST engine scan C:\ProgramData
16:29:38.882 Scan finished successfully
16:34:17.841 Disk 0 MBR has been saved successfully to "C:\Users\Ryan\Desktop\MBR.dat"
16:34:17.857 The log file has been saved successfully to "C:\Users\Ryan\Desktop\aswMBR.txt"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users