Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Codec C or some other type of malware/adware


  • This topic is locked This topic is locked
38 replies to this topic

#1 ravens615

ravens615

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 14 April 2012 - 04:16 AM

Hello everyone,

So about a week ago I was streaming some videos online and I fell for the old Codec-C plugin required trick. I should have known better, but I was tired and clicked it stupidly anyways. I have ran MBAM and Spybot Search & Destroy, but the adware is still there. I see it on top of Yahoo as well as "Ads not by facebook" on my page and other pages.

Moreover, random words are hyperlinked in various posts on message boards or regular websites. Getting rid of this pest would be very helpful as it is slowing down my computer.

I have attached the proper DDS log, but I can not attach a GMER log as the scan isn't working (the top 8 boxes are grayed out so I can not check them for the proper scan). Any help would be appreciated.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Kareem at 14:35:45 on 2012-04-13
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3237 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla Anti-Spyware *Disabled/Updated* {B2E69928-50DC-94CA-6A80-AAB054008761}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\SafeConnect\scManager.sys
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\atieclxx.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ooVoo\ooVoo.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\SafeConnect\scClient.exe
C:\Users\Kareem\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
c:\program files (x86)\real\realplayer\RealPlay.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Facebook Update] "C:\Users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [Spotify] "C:\Users\Kareem\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Kareem\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Kareem\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SAFECO~1.LNK - C:\Program Files (x86)\SafeConnect\scClient.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
IE: {97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 164.67.128.3 164.67.128.1 164.67.128.2
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B} : DhcpNameServer = 164.67.128.3 164.67.128.1 164.67.128.2
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}\0516271626F6C616 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}\24C616A756 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}\5534C414F5355434552554F5255435 : DhcpNameServer = 164.67.128.2 164.67.128.3 164.67.128.1
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}\5534C414F575946494F5255435 : DhcpNameServer = 164.67.128.2 164.67.128.3 164.67.128.1
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}\56465727F616D6 : DhcpNameServer = 164.67.128.2 128.97.128.2 164.67.128.3
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}\5736C616F577966696 : DhcpNameServer = 10.80.1.1
TCP: Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}\C657E64697 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E23AB536-4089-4B9F-BB91-C841939F4B8D} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO-X64: vshare.tv Bar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Kareem\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe --> C:\windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-5 652360]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2011-6-7 135608]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-6-7 126392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-4-5 1153368]
R2 SCManager;SafeConnect Manager;C:\Program Files (x86)\SafeConnect\scManager.sys servicestart --> C:\Program Files (x86)\SafeConnect\scManager.sys servicestart [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-4-7 294328]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atikmdag.sys --> C:\windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\system32\drivers\AtihdW76.sys --> C:\windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys --> C:\windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys --> C:\windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys --> C:\windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys --> C:\windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2011-6-7 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-4-5 828336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-7 136176]
S3 LVUVC64;Logitech Webcam 200(UVC);C:\windows\system32\DRIVERS\lvuvc64.sys --> C:\windows\system32\DRIVERS\lvuvc64.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-13 21:24:49 57976 ----a-r- C:\windows\System32\drivers\SBREDrv.sys
2012-04-13 21:24:41 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2012-04-13 21:24:41 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2012-04-13 21:24:40 -------- d-----w- C:\ProgramData\STOPzilla!
2012-04-12 21:50:47 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-12 21:50:47 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-04-12 16:20:46 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-04-12 16:20:46 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 16:20:45 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-04-12 16:19:46 81408 ----a-w- C:\windows\System32\imagehlp.dll
2012-04-12 16:19:46 23408 ----a-w- C:\windows\System32\drivers\fs_rec.sys
2012-04-12 16:19:46 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2012-04-12 16:19:45 5120 ----a-w- C:\windows\SysWow64\wmi.dll
2012-04-12 16:19:45 5120 ----a-w- C:\windows\System32\wmi.dll
2012-04-12 16:19:45 220672 ----a-w- C:\windows\System32\wintrust.dll
2012-04-12 16:19:45 172544 ----a-w- C:\windows\SysWow64\wintrust.dll
2012-04-06 04:46:40 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-04-06 04:46:40 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-04-06 03:12:49 -------- d-----w- C:\Users\Kareem\AppData\Roaming\Malwarebytes
2012-04-06 03:12:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-06 03:12:28 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-04-06 03:12:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-05 00:13:45 -------- d-----w- C:\Program Files (x86)\MKV Player
2012-04-05 00:10:00 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-04-05 00:07:40 -------- d-----w- C:\Users\Kareem\AppData\Roaming\RealNetworks
2012-04-05 00:04:34 -------- d-----w- C:\Users\Kareem\AppData\Local\{892CA29F-A99E-42D7-AE1C-794D53E50CFD}
2012-04-04 20:13:38 23376 ----a-r- C:\windows\SysWow64\SZIO5.dll
2012-04-04 20:13:26 546640 ----a-r- C:\windows\SysWow64\SZComp5.dll
2012-04-04 20:13:22 481104 ----a-r- C:\windows\SysWow64\SZBase5.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 21:48:25 -------- d-----w- C:\ProgramData\Codecv
2012-04-02 21:48:17 -------- d-----w- C:\codec-info
2012-04-02 21:44:57 -------- d-----w- C:\ProgramData\Premium
2012-04-02 21:44:34 -------- d-----w- C:\ProgramData\InstallMate
2012-03-15 00:34:17 3145728 ----a-w- C:\windows\System32\win32k.sys
2012-03-15 00:34:15 1544192 ----a-w- C:\windows\System32\DWrite.dll
2012-03-15 00:34:15 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll
2012-03-15 00:34:14 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-03-15 00:34:14 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-03-15 00:34:14 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-03-15 00:33:43 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll
2012-03-15 00:33:43 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys
2012-03-15 00:33:43 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-03-15 00:33:43 1031680 ----a-w- C:\windows\System32\rdpcore.dll
.
==================== Find3M ====================
.
2012-04-05 00:09:15 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2012-04-05 00:09:15 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-02-23 21:09:44 29008 ----a-r- C:\windows\SysWow64\IS3XDat5.dll
2012-02-23 21:09:42 390992 ----a-r- C:\windows\SysWow64\IS3UI5.dll
2012-02-23 21:09:42 231248 ----a-r- C:\windows\SysWow64\IS3Win325.dll
2012-02-23 21:09:40 100176 ----a-r- C:\windows\SysWow64\IS3Svc5.dll
2012-02-23 21:09:34 132944 ----a-r- C:\windows\SysWow64\IS3HTUI5.dll
2012-02-23 21:09:34 104272 ----a-r- C:\windows\SysWow64\IS3Inet5.dll
2012-02-23 21:09:32 67408 ----a-r- C:\windows\SysWow64\IS3Hks5.dll
2012-02-23 21:09:32 456528 ----a-r- C:\windows\SysWow64\IS3DBA5.dll
2012-02-23 21:09:30 808784 ----a-r- C:\windows\SysWow64\IS3Base5.dll
2012-02-07 18:02:40 1070352 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX
2012-01-19 17:22:08 45936 ----a-r- C:\windows\System32\SBBD.EXE
.
============= FINISH: 14:37:45.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 14 April 2012 - 02:59 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 ravens615

ravens615
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 14 April 2012 - 07:04 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 20
Java version out of date!
Adobe Reader X (10.1.3)
Mozilla Firefox (11.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
``````````End of Log````````````


Will edit shortly with combofix log

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 14 April 2012 - 08:03 PM

don't edit the report (I will not see it) just make a new post



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 ravens615

ravens615
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 14 April 2012 - 10:31 PM

Combo fix log:
ComboFix 12-04-14.01 - Kareem 04/14/2012 19:34:32.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3922 [GMT -7:00]
Running from: c:\users\Kareem\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 02:49 . 2012-04-15 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 21:24 . 2012-01-12 16:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-12 21:50 . 2012-04-12 21:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-12 21:50 . 2012-04-12 21:50 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-12 16:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 16:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 16:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 16:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 16:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 16:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 16:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 16:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 16:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 16:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-06 04:46 . 2012-04-08 07:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-06 04:46 . 2012-04-06 04:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-06 03:12 . 2012-04-06 03:12 -------- d-----w- c:\users\Kareem\AppData\Roaming\Malwarebytes
2012-04-06 03:12 . 2012-04-06 04:41 -------- d-----w- c:\programdata\Malwarebytes
2012-04-06 03:12 . 2012-04-06 03:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-06 03:12 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 05:29 . 2012-04-05 05:29 -------- d-----w- c:\users\Kareem\AppData\Roaming\U3
2012-04-05 00:13 . 2012-04-05 00:13 -------- d-----w- c:\program files (x86)\MKV Player
2012-04-05 00:10 . 2012-04-05 00:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-04-05 00:07 . 2012-04-05 00:07 -------- d-----w- c:\users\Kareem\AppData\Roaming\RealNetworks
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-04-02 21:48 . 2012-04-02 21:50 -------- d-----w- c:\programdata\Codecv
2012-04-02 21:48 . 2012-04-02 21:48 -------- d-----w- C:\codec-info
2012-04-02 21:44 . 2012-04-02 21:44 -------- d-----w- c:\programdata\Premium
2012-04-02 21:44 . 2012-04-02 21:48 -------- d-----w- c:\programdata\InstallMate
2012-03-26 04:05 . 2012-03-26 04:05 -------- d-----w- c:\program files (x86)\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 00:09 . 2011-12-20 07:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-05 00:09 . 2011-12-20 07:14 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-02-17 06:38 . 2012-03-15 00:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 00:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 00:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 00:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 00:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 00:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-15 00:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-15 00:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-15 00:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-15 00:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-19 17:22 . 2012-01-19 17:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-04 00:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-04 1514152]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-07 39408]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-08 22465104]
"Facebook Update"="c:\users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-19 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-16 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-12 17351304]
"Spotify"="c:\users\Kareem\AppData\Roaming\Spotify\Spotify.exe" [2011-11-11 6823984]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-12 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-01-04 1391272]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-04-05 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Kareem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kareem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2012-03-31 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1011144955-1651433829-1386514232-1001Core.job
- c:\users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-19 21:08]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1011144955-1651433829-1386514232-1001UA.job
- c:\users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-19 21:08]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 15:11]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 15:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 2
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TOSHIBA Face Recognition - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\SafeConnect\scManager.sys
.
**************************************************************************
.
Completion time: 2012-04-14 20:19:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 03:18
.
Pre-Run: 302,962,053,120 bytes free
Post-Run: 302,810,750,976 bytes free
.
- - End Of File - - A997DE88ECF49130AFDE6E028F2F65B2


As for performance now, seems to be running smoother, and hyperlinked words are gone when I visit websites. However, still an issue with the "ads not by facebook" thing and other ads appearing in small dialog boxes on yahoo and other websites.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 14 April 2012 - 10:35 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 ravens615

ravens615
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 April 2012 - 04:09 AM

TDSSKiller

02:06:44.0686 7344 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
02:06:45.0375 7344 ============================================================
02:06:45.0376 7344 Current date / time: 2012/04/15 02:06:45.0375
02:06:45.0376 7344 SystemInfo:
02:06:45.0376 7344
02:06:45.0376 7344 OS Version: 6.1.7601 ServicePack: 1.0
02:06:45.0376 7344 Product type: Workstation
02:06:45.0376 7344 ComputerName: KAREEM-PC
02:06:45.0376 7344 UserName: Kareem
02:06:45.0376 7344 Windows directory: C:\windows
02:06:45.0376 7344 System windows directory: C:\windows
02:06:45.0376 7344 Running under WOW64
02:06:45.0376 7344 Processor architecture: Intel x64
02:06:45.0376 7344 Number of processors: 4
02:06:45.0376 7344 Page size: 0x1000
02:06:45.0376 7344 Boot type: Normal boot
02:06:45.0376 7344 ============================================================
02:06:46.0819 7344 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:06:46.0825 7344 \Device\Harddisk0\DR0:
02:06:46.0825 7344 MBR used
02:06:46.0825 7344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x385EB000
02:06:46.0851 7344 Initialize success
02:06:46.0851 7344 ============================================================
02:06:52.0983 3928 ============================================================
02:06:52.0983 3928 Scan started
02:06:52.0983 3928 Mode: Manual;
02:06:52.0983 3928 ============================================================
02:06:53.0894 3928 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
02:06:53.0897 3928 1394ohci - ok
02:06:54.0004 3928 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
02:06:54.0007 3928 ACPI - ok
02:06:54.0103 3928 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
02:06:54.0104 3928 AcpiPmi - ok
02:06:54.0191 3928 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:06:54.0192 3928 AdobeARMservice - ok
02:06:54.0310 3928 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
02:06:54.0314 3928 adp94xx - ok
02:06:54.0419 3928 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
02:06:54.0423 3928 adpahci - ok
02:06:54.0536 3928 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
02:06:54.0539 3928 adpu320 - ok
02:06:54.0616 3928 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
02:06:54.0618 3928 AeLookupSvc - ok
02:06:54.0714 3928 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
02:06:54.0721 3928 AFD - ok
02:06:54.0819 3928 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
02:06:54.0821 3928 agp440 - ok
02:06:54.0897 3928 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
02:06:54.0900 3928 ALG - ok
02:06:54.0964 3928 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
02:06:54.0965 3928 aliide - ok
02:06:55.0050 3928 AMD External Events Utility (e9f172f8067830ab6418fcf13b7c82f1) C:\windows\system32\atiesrxx.exe
02:06:55.0053 3928 AMD External Events Utility - ok
02:06:55.0109 3928 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
02:06:55.0110 3928 amdide - ok
02:06:55.0212 3928 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
02:06:55.0214 3928 AmdK8 - ok
02:06:55.0556 3928 amdkmdag (3ea481540bf571ce2ac422249c4e18a9) C:\windows\system32\DRIVERS\atikmdag.sys
02:06:55.0761 3928 amdkmdag - ok
02:06:55.0859 3928 amdkmdap (c5228c5fd5ca78002255089c4e74dc0e) C:\windows\system32\DRIVERS\atikmpag.sys
02:06:55.0862 3928 amdkmdap - ok
02:06:55.0954 3928 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
02:06:55.0955 3928 AmdPPM - ok
02:06:56.0048 3928 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
02:06:56.0050 3928 amdsata - ok
02:06:56.0145 3928 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
02:06:56.0147 3928 amdsbs - ok
02:06:56.0264 3928 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
02:06:56.0265 3928 amdxata - ok
02:06:56.0358 3928 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
02:06:56.0359 3928 AppID - ok
02:06:56.0431 3928 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
02:06:56.0433 3928 AppIDSvc - ok
02:06:56.0530 3928 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
02:06:56.0532 3928 Appinfo - ok
02:06:56.0633 3928 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:06:56.0635 3928 Apple Mobile Device - ok
02:06:56.0762 3928 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
02:06:56.0763 3928 arc - ok
02:06:56.0865 3928 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
02:06:56.0866 3928 arcsas - ok
02:06:56.0953 3928 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
02:06:56.0954 3928 AsyncMac - ok
02:06:56.0984 3928 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
02:06:56.0984 3928 atapi - ok
02:06:57.0114 3928 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
02:06:57.0116 3928 AtiHDAudioService - ok
02:06:57.0229 3928 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
02:06:57.0239 3928 AudioEndpointBuilder - ok
02:06:57.0252 3928 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
02:06:57.0258 3928 AudioSrv - ok
02:06:57.0491 3928 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
02:06:57.0528 3928 AVGIDSAgent - ok
02:06:57.0630 3928 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
02:06:57.0632 3928 AVGIDSDriver - ok
02:06:57.0717 3928 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
02:06:57.0718 3928 AVGIDSEH - ok
02:06:57.0756 3928 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
02:06:57.0757 3928 AVGIDSFilter - ok
02:06:57.0827 3928 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
02:06:57.0830 3928 Avgldx64 - ok
02:06:57.0860 3928 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
02:06:57.0861 3928 Avgmfx64 - ok
02:06:57.0959 3928 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
02:06:57.0960 3928 Avgrkx64 - ok
02:06:58.0065 3928 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
02:06:58.0069 3928 Avgtdia - ok
02:06:58.0130 3928 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
02:06:58.0133 3928 avgwd - ok
02:06:58.0213 3928 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
02:06:58.0215 3928 AxInstSV - ok
02:06:58.0317 3928 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
02:06:58.0321 3928 b06bdrv - ok
02:06:58.0424 3928 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
02:06:58.0429 3928 b57nd60a - ok
02:06:58.0523 3928 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
02:06:58.0526 3928 BDESVC - ok
02:06:58.0597 3928 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
02:06:58.0598 3928 Beep - ok
02:06:58.0700 3928 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
02:06:58.0710 3928 BFE - ok
02:06:58.0798 3928 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
02:06:58.0811 3928 BITS - ok
02:06:58.0897 3928 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
02:06:58.0899 3928 blbdrive - ok
02:06:58.0994 3928 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:06:59.0000 3928 Bonjour Service - ok
02:06:59.0105 3928 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
02:06:59.0107 3928 bowser - ok
02:06:59.0193 3928 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
02:06:59.0194 3928 BrFiltLo - ok
02:06:59.0203 3928 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
02:06:59.0205 3928 BrFiltUp - ok
02:06:59.0309 3928 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
02:06:59.0312 3928 BridgeMP - ok
02:06:59.0352 3928 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
02:06:59.0355 3928 Browser - ok
02:06:59.0429 3928 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
02:06:59.0432 3928 Brserid - ok
02:06:59.0442 3928 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
02:06:59.0443 3928 BrSerWdm - ok
02:06:59.0529 3928 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
02:06:59.0530 3928 BrUsbMdm - ok
02:06:59.0540 3928 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
02:06:59.0541 3928 BrUsbSer - ok
02:06:59.0634 3928 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
02:06:59.0635 3928 BTHMODEM - ok
02:06:59.0731 3928 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
02:06:59.0734 3928 bthserv - ok
02:06:59.0738 3928 catchme - ok
02:06:59.0817 3928 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
02:06:59.0819 3928 cdfs - ok
02:06:59.0921 3928 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
02:06:59.0924 3928 cdrom - ok
02:07:00.0005 3928 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
02:07:00.0007 3928 CertPropSvc - ok
02:07:00.0100 3928 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
02:07:00.0101 3928 circlass - ok
02:07:00.0145 3928 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
02:07:00.0149 3928 CLFS - ok
02:07:00.0210 3928 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:07:00.0211 3928 clr_optimization_v2.0.50727_32 - ok
02:07:00.0264 3928 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:07:00.0266 3928 clr_optimization_v2.0.50727_64 - ok
02:07:00.0358 3928 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:07:00.0361 3928 clr_optimization_v4.0.30319_32 - ok
02:07:00.0395 3928 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:07:00.0397 3928 clr_optimization_v4.0.30319_64 - ok
02:07:00.0486 3928 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
02:07:00.0487 3928 CmBatt - ok
02:07:00.0517 3928 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
02:07:00.0518 3928 cmdide - ok
02:07:00.0614 3928 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
02:07:00.0618 3928 CNG - ok
02:07:00.0703 3928 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
02:07:00.0703 3928 Compbatt - ok
02:07:00.0784 3928 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
02:07:00.0786 3928 CompositeBus - ok
02:07:00.0813 3928 COMSysApp - ok
02:07:00.0844 3928 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
02:07:00.0846 3928 crcdisk - ok
02:07:00.0941 3928 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
02:07:00.0944 3928 CryptSvc - ok
02:07:01.0063 3928 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:07:01.0071 3928 cvhsvc - ok
02:07:01.0161 3928 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
02:07:01.0170 3928 DcomLaunch - ok
02:07:01.0505 3928 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
02:07:01.0510 3928 defragsvc - ok
02:07:01.0585 3928 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
02:07:01.0587 3928 DfsC - ok
02:07:01.0674 3928 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
02:07:01.0680 3928 Dhcp - ok
02:07:01.0731 3928 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
02:07:01.0732 3928 discache - ok
02:07:01.0817 3928 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
02:07:01.0819 3928 Disk - ok
02:07:01.0855 3928 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
02:07:01.0858 3928 Dnscache - ok
02:07:01.0942 3928 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
02:07:01.0947 3928 dot3svc - ok
02:07:02.0013 3928 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
02:07:02.0017 3928 DPS - ok
02:07:02.0100 3928 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
02:07:02.0101 3928 drmkaud - ok
02:07:02.0203 3928 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
02:07:02.0212 3928 DXGKrnl - ok
02:07:02.0293 3928 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
02:07:02.0296 3928 EapHost - ok
02:07:02.0422 3928 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
02:07:02.0450 3928 ebdrv - ok
02:07:02.0529 3928 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
02:07:02.0531 3928 EFS - ok
02:07:02.0627 3928 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
02:07:02.0634 3928 ehRecvr - ok
02:07:02.0718 3928 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
02:07:02.0720 3928 ehSched - ok
02:07:02.0782 3928 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
02:07:02.0788 3928 elxstor - ok
02:07:02.0824 3928 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
02:07:02.0825 3928 ErrDev - ok
02:07:02.0896 3928 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
02:07:02.0902 3928 EventSystem - ok
02:07:02.0996 3928 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
02:07:02.0999 3928 exfat - ok
02:07:03.0038 3928 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
02:07:03.0042 3928 fastfat - ok
02:07:03.0144 3928 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
02:07:03.0151 3928 Fax - ok
02:07:03.0245 3928 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
02:07:03.0246 3928 fdc - ok
02:07:03.0279 3928 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
02:07:03.0313 3928 fdPHost - ok
02:07:03.0371 3928 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
02:07:03.0373 3928 FDResPub - ok
02:07:03.0407 3928 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
02:07:03.0408 3928 FileInfo - ok
02:07:03.0477 3928 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
02:07:03.0479 3928 Filetrace - ok
02:07:03.0504 3928 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
02:07:03.0505 3928 flpydisk - ok
02:07:03.0610 3928 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
02:07:03.0613 3928 FltMgr - ok
02:07:03.0703 3928 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
02:07:03.0718 3928 FontCache - ok
02:07:03.0827 3928 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:07:03.0828 3928 FontCache3.0.0.0 - ok
02:07:03.0892 3928 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
02:07:03.0894 3928 FsDepends - ok
02:07:03.0928 3928 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
02:07:03.0928 3928 Fs_Rec - ok
02:07:04.0025 3928 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
02:07:04.0028 3928 fvevol - ok
02:07:04.0096 3928 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
02:07:04.0097 3928 gagp30kx - ok
02:07:04.0178 3928 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
02:07:04.0181 3928 GamesAppService - ok
02:07:04.0245 3928 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:07:04.0247 3928 GEARAspiWDM - ok
02:07:04.0317 3928 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe
02:07:04.0320 3928 GFNEXSrv - ok
02:07:04.0405 3928 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
02:07:04.0416 3928 gpsvc - ok
02:07:04.0503 3928 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:07:04.0506 3928 gupdate - ok
02:07:04.0519 3928 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:07:04.0521 3928 gupdatem - ok
02:07:04.0552 3928 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:07:04.0555 3928 gusvc - ok
02:07:04.0636 3928 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
02:07:04.0637 3928 hcw85cir - ok
02:07:04.0729 3928 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
02:07:04.0735 3928 HdAudAddService - ok
02:07:04.0825 3928 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
02:07:04.0827 3928 HDAudBus - ok
02:07:04.0862 3928 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
02:07:04.0863 3928 HidBatt - ok
02:07:04.0928 3928 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
02:07:04.0929 3928 HidBth - ok
02:07:04.0940 3928 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
02:07:04.0941 3928 HidIr - ok
02:07:04.0988 3928 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
02:07:04.0990 3928 hidserv - ok
02:07:05.0079 3928 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
02:07:05.0081 3928 HidUsb - ok
02:07:05.0126 3928 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
02:07:05.0129 3928 hkmsvc - ok
02:07:05.0203 3928 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
02:07:05.0207 3928 HomeGroupListener - ok
02:07:05.0253 3928 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
02:07:05.0258 3928 HomeGroupProvider - ok
02:07:05.0329 3928 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
02:07:05.0331 3928 HpSAMD - ok
02:07:05.0432 3928 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
02:07:05.0442 3928 HTTP - ok
02:07:05.0518 3928 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
02:07:05.0519 3928 hwpolicy - ok
02:07:05.0607 3928 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
02:07:05.0609 3928 i8042prt - ok
02:07:05.0710 3928 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
02:07:05.0714 3928 iaStorV - ok
02:07:05.0835 3928 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:07:05.0843 3928 idsvc - ok
02:07:05.0924 3928 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
02:07:05.0926 3928 iirsp - ok
02:07:06.0024 3928 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
02:07:06.0036 3928 IKEEXT - ok
02:07:06.0180 3928 IntcAzAudAddService (16c324e22208e6e8336c3f2da14cfe2d) C:\windows\system32\drivers\RTKVHD64.sys
02:07:06.0204 3928 IntcAzAudAddService - ok
02:07:06.0291 3928 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
02:07:06.0293 3928 intelide - ok
02:07:06.0303 3928 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
02:07:06.0305 3928 intelppm - ok
02:07:06.0346 3928 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
02:07:06.0350 3928 IPBusEnum - ok
02:07:06.0417 3928 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
02:07:06.0419 3928 IpFilterDriver - ok
02:07:06.0458 3928 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
02:07:06.0466 3928 iphlpsvc - ok
02:07:06.0720 3928 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
02:07:06.0722 3928 IPMIDRV - ok
02:07:06.0811 3928 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
02:07:06.0814 3928 IPNAT - ok
02:07:06.0914 3928 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
02:07:06.0926 3928 iPod Service - ok
02:07:07.0012 3928 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
02:07:07.0014 3928 IRENUM - ok
02:07:07.0058 3928 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
02:07:07.0059 3928 isapnp - ok
02:07:07.0149 3928 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
02:07:07.0152 3928 iScsiPrt - ok
02:07:07.0184 3928 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
02:07:07.0185 3928 kbdclass - ok
02:07:07.0269 3928 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
02:07:07.0271 3928 kbdhid - ok
02:07:07.0307 3928 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:07:07.0308 3928 KeyIso - ok
02:07:07.0397 3928 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
02:07:07.0399 3928 KSecDD - ok
02:07:07.0481 3928 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
02:07:07.0483 3928 KSecPkg - ok
02:07:07.0546 3928 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
02:07:07.0547 3928 ksthunk - ok
02:07:07.0628 3928 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
02:07:07.0635 3928 KtmRm - ok
02:07:07.0724 3928 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
02:07:07.0729 3928 LanmanServer - ok
02:07:07.0815 3928 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
02:07:07.0819 3928 LanmanWorkstation - ok
02:07:07.0914 3928 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
02:07:07.0916 3928 lltdio - ok
02:07:07.0947 3928 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
02:07:07.0953 3928 lltdsvc - ok
02:07:08.0018 3928 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
02:07:08.0020 3928 lmhosts - ok
02:07:08.0070 3928 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
02:07:08.0072 3928 LSI_FC - ok
02:07:08.0151 3928 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
02:07:08.0153 3928 LSI_SAS - ok
02:07:08.0242 3928 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
02:07:08.0243 3928 LSI_SAS2 - ok
02:07:08.0345 3928 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
02:07:08.0347 3928 LSI_SCSI - ok
02:07:08.0429 3928 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
02:07:08.0430 3928 luafv - ok
02:07:08.0614 3928 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\windows\system32\DRIVERS\lvuvc64.sys
02:07:08.0705 3928 LVUVC64 - ok
02:07:08.0823 3928 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
02:07:08.0824 3928 MBAMProtector - ok
02:07:08.0886 3928 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:07:08.0892 3928 MBAMService - ok
02:07:08.0992 3928 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
02:07:08.0995 3928 Mcx2Svc - ok
02:07:09.0039 3928 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
02:07:09.0041 3928 megasas - ok
02:07:09.0128 3928 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
02:07:09.0131 3928 MegaSR - ok
02:07:09.0243 3928 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:07:09.0245 3928 Microsoft Office Groove Audit Service - ok
02:07:09.0340 3928 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:07:09.0342 3928 MMCSS - ok
02:07:09.0383 3928 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
02:07:09.0385 3928 Modem - ok
02:07:09.0471 3928 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
02:07:09.0472 3928 monitor - ok
02:07:09.0546 3928 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
02:07:09.0548 3928 mouclass - ok
02:07:09.0610 3928 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
02:07:09.0612 3928 mouhid - ok
02:07:09.0666 3928 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
02:07:09.0667 3928 mountmgr - ok
02:07:09.0729 3928 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
02:07:09.0731 3928 mpio - ok
02:07:09.0806 3928 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
02:07:09.0808 3928 mpsdrv - ok
02:07:09.0908 3928 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
02:07:09.0920 3928 MpsSvc - ok
02:07:09.0999 3928 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
02:07:10.0001 3928 MRxDAV - ok
02:07:10.0034 3928 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
02:07:10.0037 3928 mrxsmb - ok
02:07:10.0118 3928 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
02:07:10.0123 3928 mrxsmb10 - ok
02:07:10.0199 3928 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
02:07:10.0202 3928 mrxsmb20 - ok
02:07:10.0274 3928 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
02:07:10.0276 3928 msahci - ok
02:07:10.0359 3928 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
02:07:10.0361 3928 msdsm - ok
02:07:10.0404 3928 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
02:07:10.0407 3928 MSDTC - ok
02:07:10.0482 3928 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
02:07:10.0484 3928 Msfs - ok
02:07:10.0505 3928 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
02:07:10.0506 3928 mshidkmdf - ok
02:07:10.0576 3928 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
02:07:10.0577 3928 msisadrv - ok
02:07:10.0657 3928 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
02:07:10.0661 3928 MSiSCSI - ok
02:07:10.0670 3928 msiserver - ok
02:07:10.0758 3928 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
02:07:10.0760 3928 MSKSSRV - ok
02:07:10.0813 3928 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
02:07:10.0815 3928 MSPCLOCK - ok
02:07:10.0865 3928 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
02:07:10.0866 3928 MSPQM - ok
02:07:10.0923 3928 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
02:07:10.0929 3928 MsRPC - ok
02:07:10.0986 3928 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
02:07:10.0987 3928 mssmbios - ok
02:07:11.0060 3928 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
02:07:11.0061 3928 MSTEE - ok
02:07:11.0072 3928 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
02:07:11.0074 3928 MTConfig - ok
02:07:11.0106 3928 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
02:07:11.0107 3928 Mup - ok
02:07:11.0188 3928 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
02:07:11.0197 3928 napagent - ok
02:07:11.0302 3928 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
02:07:11.0307 3928 NativeWifiP - ok
02:07:11.0391 3928 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
02:07:11.0400 3928 NDIS - ok
02:07:11.0502 3928 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
02:07:11.0504 3928 NdisCap - ok
02:07:11.0553 3928 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
02:07:11.0555 3928 NdisTapi - ok
02:07:11.0609 3928 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
02:07:11.0610 3928 Ndisuio - ok
02:07:11.0691 3928 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
02:07:11.0694 3928 NdisWan - ok
02:07:11.0756 3928 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
02:07:11.0758 3928 NDProxy - ok
02:07:11.0839 3928 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
02:07:11.0841 3928 NetBIOS - ok
02:07:11.0865 3928 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
02:07:11.0869 3928 NetBT - ok
02:07:11.0940 3928 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:07:11.0941 3928 Netlogon - ok
02:07:12.0030 3928 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
02:07:12.0037 3928 Netman - ok
02:07:12.0082 3928 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
02:07:12.0087 3928 netprofm - ok
02:07:12.0181 3928 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:07:12.0182 3928 NetTcpPortSharing - ok
02:07:12.0267 3928 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
02:07:12.0269 3928 nfrd960 - ok
02:07:12.0359 3928 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
02:07:12.0364 3928 NlaSvc - ok
02:07:12.0409 3928 Norton PC Checkup Application Launcher - ok
02:07:12.0479 3928 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
02:07:12.0480 3928 Npfs - ok
02:07:12.0507 3928 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
02:07:12.0509 3928 nsi - ok
02:07:12.0587 3928 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
02:07:12.0588 3928 nsiproxy - ok
02:07:12.0653 3928 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
02:07:12.0675 3928 Ntfs - ok
02:07:12.0750 3928 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
02:07:12.0752 3928 Null - ok
02:07:12.0834 3928 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
02:07:12.0836 3928 nvraid - ok
02:07:12.0917 3928 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
02:07:12.0920 3928 nvstor - ok
02:07:12.0969 3928 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
02:07:12.0971 3928 nv_agp - ok
02:07:13.0087 3928 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:07:13.0092 3928 odserv - ok
02:07:13.0186 3928 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
02:07:13.0187 3928 ohci1394 - ok
02:07:13.0294 3928 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:07:13.0297 3928 ose - ok
02:07:13.0540 3928 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:07:13.0676 3928 osppsvc - ok
02:07:13.0763 3928 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:07:13.0769 3928 p2pimsvc - ok
02:07:13.0843 3928 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
02:07:13.0850 3928 p2psvc - ok
02:07:13.0925 3928 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
02:07:13.0927 3928 Parport - ok
02:07:14.0061 3928 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
02:07:14.0062 3928 partmgr - ok
02:07:14.0095 3928 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
02:07:14.0100 3928 PcaSvc - ok
02:07:14.0157 3928 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
02:07:14.0159 3928 PCCUJobMgr - ok
02:07:14.0227 3928 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
02:07:14.0229 3928 pci - ok
02:07:14.0251 3928 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
02:07:14.0252 3928 pciide - ok
02:07:14.0333 3928 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
02:07:14.0335 3928 pcmcia - ok
02:07:14.0362 3928 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
02:07:14.0363 3928 pcw - ok
02:07:14.0450 3928 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
02:07:14.0459 3928 PEAUTH - ok
02:07:14.0543 3928 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
02:07:14.0545 3928 PerfHost - ok
02:07:14.0970 3928 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
02:07:14.0973 3928 PGEffect - ok
02:07:15.0042 3928 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
02:07:15.0061 3928 pla - ok
02:07:15.0143 3928 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
02:07:15.0151 3928 PlugPlay - ok
02:07:15.0218 3928 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
02:07:15.0221 3928 PNRPAutoReg - ok
02:07:15.0252 3928 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:07:15.0257 3928 PNRPsvc - ok
02:07:15.0341 3928 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
02:07:15.0349 3928 PolicyAgent - ok
02:07:15.0424 3928 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
02:07:15.0428 3928 Power - ok
02:07:15.0512 3928 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
02:07:15.0514 3928 PptpMiniport - ok
02:07:15.0607 3928 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
02:07:15.0608 3928 Processor - ok
02:07:15.0687 3928 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
02:07:15.0692 3928 ProfSvc - ok
02:07:15.0728 3928 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:07:15.0730 3928 ProtectedStorage - ok
02:07:15.0817 3928 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
02:07:15.0819 3928 Psched - ok
02:07:15.0874 3928 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
02:07:15.0888 3928 ql2300 - ok
02:07:15.0972 3928 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
02:07:15.0974 3928 ql40xx - ok
02:07:16.0045 3928 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
02:07:16.0051 3928 QWAVE - ok
02:07:16.0094 3928 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
02:07:16.0095 3928 QWAVEdrv - ok
02:07:16.0180 3928 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
02:07:16.0182 3928 RasAcd - ok
02:07:16.0268 3928 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
02:07:16.0270 3928 RasAgileVpn - ok
02:07:16.0329 3928 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
02:07:16.0333 3928 RasAuto - ok
02:07:16.0417 3928 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
02:07:16.0419 3928 Rasl2tp - ok
02:07:16.0455 3928 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
02:07:16.0461 3928 RasMan - ok
02:07:16.0544 3928 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
02:07:16.0546 3928 RasPppoe - ok
02:07:16.0632 3928 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
02:07:16.0634 3928 RasSstp - ok
02:07:16.0763 3928 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
02:07:16.0853 3928 rdbss - ok
02:07:16.0947 3928 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
02:07:16.0948 3928 rdpbus - ok
02:07:17.0025 3928 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
02:07:17.0026 3928 RDPCDD - ok
02:07:17.0113 3928 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
02:07:17.0114 3928 RDPENCDD - ok
02:07:17.0137 3928 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
02:07:17.0138 3928 RDPREFMP - ok
02:07:17.0212 3928 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
02:07:17.0216 3928 RDPWD - ok
02:07:17.0314 3928 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
02:07:17.0316 3928 rdyboost - ok
02:07:17.0379 3928 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
02:07:17.0383 3928 RemoteAccess - ok
02:07:17.0414 3928 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
02:07:17.0419 3928 RemoteRegistry - ok
02:07:17.0503 3928 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
02:07:17.0507 3928 RpcEptMapper - ok
02:07:17.0544 3928 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
02:07:17.0546 3928 RpcLocator - ok
02:07:17.0615 3928 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
02:07:17.0622 3928 RpcSs - ok
02:07:17.0709 3928 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
02:07:17.0711 3928 rspndr - ok
02:07:17.0801 3928 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
02:07:17.0805 3928 RSUSBSTOR - ok
02:07:17.0895 3928 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
02:07:17.0899 3928 RTL8167 - ok
02:07:18.0026 3928 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
02:07:18.0042 3928 RTL8192Ce - ok
02:07:18.0118 3928 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:07:18.0120 3928 SamSs - ok
02:07:18.0198 3928 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
02:07:18.0200 3928 sbp2port - ok
02:07:18.0312 3928 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\windows\system32\drivers\SBREdrv.sys
02:07:18.0313 3928 SBRE - ok
02:07:18.0430 3928 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
02:07:18.0442 3928 SBSDWSCService - ok
02:07:18.0514 3928 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
02:07:18.0519 3928 SCardSvr - ok
02:07:18.0600 3928 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\windows\system32\drivers\SCDEmu.sys
02:07:18.0602 3928 SCDEmu - ok
02:07:18.0673 3928 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
02:07:18.0674 3928 scfilter - ok
02:07:18.0770 3928 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
02:07:18.0787 3928 Schedule - ok
02:07:18.0872 3928 SCManager - ok
02:07:18.0983 3928 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
02:07:18.0985 3928 SCPolicySvc - ok
02:07:19.0064 3928 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
02:07:19.0069 3928 SDRSVC - ok
02:07:19.0148 3928 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
02:07:19.0149 3928 secdrv - ok
02:07:19.0178 3928 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
02:07:19.0181 3928 seclogon - ok
02:07:19.0234 3928 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
02:07:19.0237 3928 SENS - ok
02:07:19.0302 3928 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
02:07:19.0306 3928 SensrSvc - ok
02:07:19.0361 3928 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
02:07:19.0362 3928 Serenum - ok
02:07:19.0404 3928 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
02:07:19.0406 3928 Serial - ok
02:07:19.0441 3928 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
02:07:19.0443 3928 sermouse - ok
02:07:19.0496 3928 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
02:07:19.0500 3928 SessionEnv - ok
02:07:19.0576 3928 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
02:07:19.0577 3928 sffdisk - ok
02:07:19.0588 3928 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
02:07:19.0589 3928 sffp_mmc - ok
02:07:19.0601 3928 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
02:07:19.0602 3928 sffp_sd - ok
02:07:19.0688 3928 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
02:07:19.0690 3928 sfloppy - ok
02:07:19.0791 3928 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
02:07:19.0799 3928 Sftfs - ok
02:07:19.0894 3928 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
02:07:19.0900 3928 sftlist - ok
02:07:19.0965 3928 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
02:07:19.0969 3928 Sftplay - ok
02:07:20.0048 3928 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
02:07:20.0049 3928 Sftredir - ok
02:07:20.0070 3928 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
02:07:20.0071 3928 Sftvol - ok
02:07:20.0131 3928 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
02:07:20.0134 3928 sftvsa - ok
02:07:20.0223 3928 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
02:07:20.0229 3928 SharedAccess - ok
02:07:20.0300 3928 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
02:07:20.0307 3928 ShellHWDetection - ok
02:07:20.0390 3928 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
02:07:20.0391 3928 SiSRaid2 - ok
02:07:20.0424 3928 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
02:07:20.0426 3928 SiSRaid4 - ok
02:07:20.0485 3928 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
02:07:20.0488 3928 Smb - ok
02:07:20.0581 3928 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
02:07:20.0584 3928 SNMPTRAP - ok
02:07:20.0619 3928 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
02:07:20.0620 3928 spldr - ok
02:07:20.0705 3928 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
02:07:20.0714 3928 Spooler - ok
02:07:20.0897 3928 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
02:07:20.0978 3928 sppsvc - ok
02:07:21.0043 3928 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
02:07:21.0047 3928 sppuinotify - ok
02:07:21.0098 3928 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
02:07:21.0104 3928 srv - ok
02:07:21.0188 3928 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
02:07:21.0194 3928 srv2 - ok
02:07:21.0269 3928 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
02:07:21.0271 3928 srvnet - ok
02:07:21.0350 3928 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
02:07:21.0355 3928 SSDPSRV - ok
02:07:21.0376 3928 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
02:07:21.0380 3928 SstpSvc - ok
02:07:21.0439 3928 Steam Client Service - ok
02:07:21.0518 3928 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
02:07:21.0519 3928 stexstor - ok
02:07:21.0614 3928 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
02:07:21.0624 3928 stisvc - ok
02:07:21.0695 3928 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
02:07:21.0696 3928 swenum - ok
02:07:21.0782 3928 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
02:07:21.0792 3928 swprv - ok
02:07:21.0903 3928 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
02:07:21.0916 3928 SynTP - ok
02:07:22.0028 3928 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
02:07:22.0052 3928 SysMain - ok
02:07:22.0125 3928 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
02:07:22.0129 3928 TabletInputService - ok
02:07:22.0161 3928 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
02:07:22.0168 3928 TapiSrv - ok
02:07:22.0191 3928 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
02:07:22.0194 3928 TBS - ok
02:07:22.0314 3928 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
02:07:22.0331 3928 Tcpip - ok
02:07:22.0470 3928 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
02:07:22.0487 3928 TCPIP6 - ok
02:07:22.0562 3928 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
02:07:22.0564 3928 tcpipreg - ok
02:07:22.0634 3928 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
02:07:22.0636 3928 tdcmdpst - ok
02:07:22.0688 3928 TDEIO - ok
02:07:22.0768 3928 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
02:07:22.0769 3928 TDPIPE - ok
02:07:22.0851 3928 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
02:07:22.0852 3928 TDTCP - ok
02:07:22.0949 3928 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
02:07:22.0952 3928 tdx - ok
02:07:22.0983 3928 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
02:07:22.0984 3928 TermDD - ok
02:07:23.0088 3928 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
02:07:23.0099 3928 TermService - ok
02:07:23.0170 3928 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
02:07:23.0173 3928 Themes - ok
02:07:23.0207 3928 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:07:23.0209 3928 THREADORDER - ok
02:07:23.0294 3928 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
02:07:23.0295 3928 TMachInfo - ok
02:07:23.0359 3928 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
02:07:23.0363 3928 TODDSrv - ok
02:07:23.0442 3928 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
02:07:23.0449 3928 TosCoSrv - ok
02:07:23.0534 3928 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
02:07:23.0541 3928 TOSHIBA eco Utility Service - ok
02:07:23.0573 3928 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
02:07:23.0576 3928 TOSHIBA HDD SSD Alert Service - ok
02:07:23.0660 3928 TPCHSrv (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
02:07:23.0671 3928 TPCHSrv - ok
02:07:23.0754 3928 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
02:07:23.0758 3928 TrkWks - ok
02:07:23.0821 3928 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
02:07:23.0824 3928 TrustedInstaller - ok
02:07:23.0900 3928 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
02:07:23.0902 3928 tssecsrv - ok
02:07:23.0985 3928 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
02:07:23.0987 3928 TsUsbFlt - ok
02:07:23.0998 3928 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
02:07:23.0999 3928 TsUsbGD - ok
02:07:24.0098 3928 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
02:07:24.0101 3928 tunnel - ok
02:07:24.0196 3928 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
02:07:24.0197 3928 TVALZ - ok
02:07:24.0235 3928 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
02:07:24.0236 3928 TVALZFL - ok
02:07:24.0314 3928 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
02:07:24.0316 3928 uagp35 - ok
02:07:24.0403 3928 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
02:07:24.0411 3928 udfs - ok
02:07:24.0483 3928 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
02:07:24.0486 3928 UI0Detect - ok
02:07:24.0532 3928 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
02:07:24.0534 3928 uliagpkx - ok
02:07:24.0623 3928 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
02:07:24.0625 3928 umbus - ok
02:07:24.0705 3928 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
02:07:24.0706 3928 UmPass - ok
02:07:24.0777 3928 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
02:07:24.0784 3928 upnphost - ok
02:07:24.0881 3928 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
02:07:24.0883 3928 USBAAPL64 - ok
02:07:24.0969 3928 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
02:07:24.0972 3928 usbaudio - ok
02:07:25.0046 3928 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
02:07:25.0049 3928 usbccgp - ok
02:07:25.0144 3928 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
02:07:25.0146 3928 usbcir - ok
02:07:25.0190 3928 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
02:07:25.0192 3928 usbehci - ok
02:07:25.0238 3928 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
02:07:25.0243 3928 usbhub - ok
02:07:25.0320 3928 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
02:07:25.0322 3928 usbohci - ok
02:07:25.0416 3928 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
02:07:25.0419 3928 usbprint - ok
02:07:25.0508 3928 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
02:07:25.0511 3928 usbscan - ok
02:07:25.0549 3928 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
02:07:25.0553 3928 USBSTOR - ok
02:07:25.0636 3928 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
02:07:25.0639 3928 usbuhci - ok
02:07:25.0737 3928 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
02:07:25.0742 3928 usbvideo - ok
02:07:25.0810 3928 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
02:07:25.0816 3928 UxSms - ok
02:07:25.0862 3928 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:07:25.0865 3928 VaultSvc - ok
02:07:25.0959 3928 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
02:07:25.0960 3928 vdrvroot - ok
02:07:26.0028 3928 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
02:07:26.0036 3928 vds - ok
02:07:26.0127 3928 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
02:07:26.0129 3928 vga - ok
02:07:26.0205 3928 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
02:07:26.0206 3928 VgaSave - ok
02:07:26.0235 3928 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
02:07:26.0238 3928 vhdmp - ok
02:07:26.0323 3928 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
02:07:26.0324 3928 viaide - ok
02:07:26.0399 3928 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
02:07:26.0401 3928 volmgr - ok
02:07:26.0486 3928 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
02:07:26.0491 3928 volmgrx - ok
02:07:26.0570 3928 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
02:07:26.0575 3928 volsnap - ok
02:07:26.0664 3928 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
02:07:26.0667 3928 vsmraid - ok
02:07:26.0776 3928 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
02:07:26.0805 3928 VSS - ok
02:07:26.0878 3928 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
02:07:26.0880 3928 vwifibus - ok
02:07:27.0290 3928 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
02:07:27.0292 3928 vwififlt - ok
02:07:27.0376 3928 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
02:07:27.0383 3928 W32Time - ok
02:07:27.0476 3928 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
02:07:27.0478 3928 WacomPen - ok
02:07:27.0586 3928 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
02:07:27.0589 3928 WANARP - ok
02:07:27.0610 3928 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
02:07:27.0613 3928 Wanarpv6 - ok
02:07:27.0732 3928 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
02:07:27.0753 3928 WatAdminSvc - ok
02:07:27.0859 3928 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
02:07:27.0874 3928 wbengine - ok
02:07:27.0946 3928 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
02:07:27.0952 3928 WbioSrvc - ok
02:07:27.0982 3928 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
02:07:27.0990 3928 wcncsvc - ok
02:07:28.0057 3928 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
02:07:28.0065 3928 WcsPlugInService - ok
02:07:28.0114 3928 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
02:07:28.0115 3928 Wd - ok
02:07:28.0218 3928 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
02:07:28.0224 3928 Wdf01000 - ok
02:07:28.0287 3928 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:07:28.0292 3928 WdiServiceHost - ok
02:07:28.0297 3928 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:07:28.0300 3928 WdiSystemHost - ok
02:07:28.0328 3928 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
02:07:28.0334 3928 WebClient - ok
02:07:28.0403 3928 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
02:07:28.0409 3928 Wecsvc - ok
02:07:28.0433 3928 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
02:07:28.0437 3928 wercplsupport - ok
02:07:28.0513 3928 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
02:07:28.0517 3928 WerSvc - ok
02:07:28.0593 3928 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
02:07:28.0595 3928 WfpLwf - ok
02:07:28.0625 3928 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
02:07:28.0627 3928 WIMMount - ok
02:07:28.0678 3928 WinDefend - ok
02:07:28.0687 3928 WinHttpAutoProxySvc - ok
02:07:28.0774 3928 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
02:07:28.0778 3928 Winmgmt - ok
02:07:28.0914 3928 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
02:07:28.0952 3928 WinRM - ok
02:07:29.0067 3928 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
02:07:29.0070 3928 WinUsb - ok
02:07:29.0151 3928 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
02:07:29.0165 3928 Wlansvc - ok
02:07:29.0241 3928 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:07:29.0243 3928 wlcrasvc - ok
02:07:29.0375 3928 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:07:29.0402 3928 wlidsvc - ok
02:07:29.0486 3928 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
02:07:29.0488 3928 WmiAcpi - ok
02:07:29.0592 3928 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
02:07:29.0597 3928 wmiApSrv - ok
02:07:29.0644 3928 WMPNetworkSvc - ok
02:07:29.0708 3928 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
02:07:29.0714 3928 WPCSvc - ok
02:07:29.0758 3928 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
02:07:29.0766 3928 WPDBusEnum - ok
02:07:29.0826 3928 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
02:07:29.0829 3928 ws2ifsl - ok
02:07:29.0897 3928 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
02:07:29.0904 3928 wscsvc - ok
02:07:29.0917 3928 WSearch - ok
02:07:30.0010 3928 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
02:07:30.0049 3928 wuauserv - ok
02:07:30.0125 3928 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
02:07:30.0127 3928 WudfPf - ok
02:07:30.0236 3928 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
02:07:30.0240 3928 WUDFRd - ok
02:07:30.0318 3928 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
02:07:30.0322 3928 wudfsvc - ok
02:07:30.0348 3928 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
02:07:30.0355 3928 WwanSvc - ok
02:07:30.0396 3928 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
02:07:30.0453 3928 \Device\Harddisk0\DR0 - ok
02:07:30.0475 3928 Boot (0x1200) (6839740a69c59087d738a416cab5387e) \Device\Harddisk0\DR0\Partition0
02:07:30.0477 3928 \Device\Harddisk0\DR0\Partition0 - ok
02:07:30.0478 3928 ============================================================
02:07:30.0478 3928 Scan finished
02:07:30.0478 3928 ============================================================
02:07:30.0498 7372 Detected object count: 0
02:07:30.0499 7372 Actual detected object count: 0
02:07:55.0082 1912 ============================================================
02:07:55.0082 1912 Scan started
02:07:55.0082 1912 Mode: Manual;
02:07:55.0082 1912 ============================================================
02:07:55.0461 1912 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
02:07:55.0464 1912 1394ohci - ok
02:07:55.0548 1912 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
02:07:55.0551 1912 ACPI - ok
02:07:55.0626 1912 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
02:07:55.0626 1912 AcpiPmi - ok
02:07:55.0691 1912 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
02:07:55.0692 1912 AdobeARMservice - ok
02:07:55.0790 1912 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
02:07:55.0799 1912 adp94xx - ok
02:07:55.0888 1912 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
02:07:55.0893 1912 adpahci - ok
02:07:55.0991 1912 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
02:07:55.0993 1912 adpu320 - ok
02:07:56.0072 1912 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
02:07:56.0074 1912 AeLookupSvc - ok
02:07:56.0161 1912 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
02:07:56.0170 1912 AFD - ok
02:07:56.0253 1912 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
02:07:56.0255 1912 agp440 - ok
02:07:56.0320 1912 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
02:07:56.0321 1912 ALG - ok
02:07:56.0375 1912 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
02:07:56.0376 1912 aliide - ok
02:07:56.0450 1912 AMD External Events Utility (e9f172f8067830ab6418fcf13b7c82f1) C:\windows\system32\atiesrxx.exe
02:07:56.0453 1912 AMD External Events Utility - ok
02:07:56.0542 1912 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
02:07:56.0543 1912 amdide - ok
02:07:56.0635 1912 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
02:07:56.0636 1912 AmdK8 - ok
02:07:56.0952 1912 amdkmdag (3ea481540bf571ce2ac422249c4e18a9) C:\windows\system32\DRIVERS\atikmdag.sys
02:07:57.0027 1912 amdkmdag - ok
02:07:57.0114 1912 amdkmdap (c5228c5fd5ca78002255089c4e74dc0e) C:\windows\system32\DRIVERS\atikmpag.sys
02:07:57.0117 1912 amdkmdap - ok
02:07:57.0188 1912 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
02:07:57.0190 1912 AmdPPM - ok
02:07:57.0271 1912 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
02:07:57.0273 1912 amdsata - ok
02:07:57.0368 1912 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
02:07:57.0370 1912 amdsbs - ok
02:07:57.0453 1912 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
02:07:57.0455 1912 amdxata - ok
02:07:57.0536 1912 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
02:07:57.0537 1912 AppID - ok
02:07:57.0609 1912 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
02:07:57.0610 1912 AppIDSvc - ok
02:07:57.0630 1912 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
02:07:57.0631 1912 Appinfo - ok
02:07:57.0733 1912 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
02:07:57.0735 1912 Apple Mobile Device - ok
02:07:57.0817 1912 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
02:07:57.0819 1912 arc - ok
02:07:57.0910 1912 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
02:07:57.0912 1912 arcsas - ok
02:07:57.0975 1912 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
02:07:57.0976 1912 AsyncMac - ok
02:07:58.0062 1912 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
02:07:58.0063 1912 atapi - ok
02:07:58.0148 1912 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\windows\system32\drivers\AtihdW76.sys
02:07:58.0151 1912 AtiHDAudioService - ok
02:07:58.0245 1912 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
02:07:58.0256 1912 AudioEndpointBuilder - ok
02:07:58.0272 1912 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
02:07:58.0279 1912 AudioSrv - ok
02:07:58.0447 1912 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
02:07:58.0483 1912 AVGIDSAgent - ok
02:07:58.0563 1912 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\windows\system32\DRIVERS\AVGIDSDriver.Sys
02:07:58.0565 1912 AVGIDSDriver - ok
02:07:58.0640 1912 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\windows\system32\DRIVERS\AVGIDSEH.Sys
02:07:58.0641 1912 AVGIDSEH - ok
02:07:58.0678 1912 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\windows\system32\DRIVERS\AVGIDSFilter.Sys
02:07:58.0679 1912 AVGIDSFilter - ok
02:07:58.0749 1912 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\windows\system32\DRIVERS\avgldx64.sys
02:07:58.0752 1912 Avgldx64 - ok
02:07:58.0782 1912 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\windows\system32\DRIVERS\avgmfx64.sys
02:07:58.0783 1912 Avgmfx64 - ok
02:07:58.0848 1912 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\windows\system32\DRIVERS\avgrkx64.sys
02:07:58.0849 1912 Avgrkx64 - ok
02:07:58.0923 1912 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\windows\system32\DRIVERS\avgtdia.sys
02:07:58.0930 1912 Avgtdia - ok
02:07:58.0999 1912 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
02:07:59.0003 1912 avgwd - ok
02:07:59.0069 1912 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
02:07:59.0072 1912 AxInstSV - ok
02:07:59.0120 1912 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
02:07:59.0127 1912 b06bdrv - ok
02:07:59.0215 1912 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
02:07:59.0220 1912 b57nd60a - ok
02:07:59.0302 1912 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
02:07:59.0304 1912 BDESVC - ok
02:07:59.0331 1912 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
02:07:59.0332 1912 Beep - ok
02:07:59.0427 1912 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
02:07:59.0439 1912 BFE - ok
02:07:59.0532 1912 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
02:07:59.0541 1912 BITS - ok
02:07:59.0609 1912 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
02:07:59.0610 1912 blbdrive - ok
02:07:59.0682 1912 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
02:07:59.0687 1912 Bonjour Service - ok
02:07:59.0761 1912 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
02:07:59.0762 1912 bowser - ok
02:07:59.0782 1912 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
02:07:59.0783 1912 BrFiltLo - ok
02:07:59.0860 1912 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
02:07:59.0862 1912 BrFiltUp - ok
02:07:59.0874 1912 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
02:07:59.0876 1912 BridgeMP - ok
02:07:59.0920 1912 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
02:07:59.0922 1912 Browser - ok
02:07:59.0997 1912 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
02:08:00.0003 1912 Brserid - ok
02:08:00.0015 1912 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
02:08:00.0017 1912 BrSerWdm - ok
02:08:00.0031 1912 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
02:08:00.0033 1912 BrUsbMdm - ok
02:08:00.0046 1912 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
02:08:00.0047 1912 BrUsbSer - ok
02:08:00.0134 1912 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
02:08:00.0135 1912 BTHMODEM - ok
02:08:00.0165 1912 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
02:08:00.0166 1912 bthserv - ok
02:08:00.0170 1912 catchme - ok
02:08:00.0240 1912 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
02:08:00.0242 1912 cdfs - ok
02:08:00.0277 1912 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
02:08:00.0280 1912 cdrom - ok
02:08:00.0350 1912 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
02:08:00.0352 1912 CertPropSvc - ok
02:08:00.0400 1912 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
02:08:00.0402 1912 circlass - ok
02:08:00.0481 1912 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
02:08:00.0487 1912 CLFS - ok
02:08:00.0554 1912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
02:08:00.0556 1912 clr_optimization_v2.0.50727_32 - ok
02:08:00.0608 1912 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
02:08:00.0609 1912 clr_optimization_v2.0.50727_64 - ok
02:08:00.0691 1912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
02:08:00.0692 1912 clr_optimization_v4.0.30319_32 - ok
02:08:00.0738 1912 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
02:08:00.0740 1912 clr_optimization_v4.0.30319_64 - ok
02:08:00.0818 1912 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
02:08:00.0819 1912 CmBatt - ok
02:08:00.0894 1912 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
02:08:00.0895 1912 cmdide - ok
02:08:00.0971 1912 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
02:08:00.0978 1912 CNG - ok
02:08:01.0046 1912 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
02:08:01.0048 1912 Compbatt - ok
02:08:01.0073 1912 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
02:08:01.0075 1912 CompositeBus - ok
02:08:01.0125 1912 COMSysApp - ok
02:08:01.0166 1912 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
02:08:01.0167 1912 crcdisk - ok
02:08:01.0252 1912 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
02:08:01.0256 1912 CryptSvc - ok
02:08:01.0367 1912 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
02:08:01.0380 1912 cvhsvc - ok
02:08:01.0462 1912 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
02:08:01.0473 1912 DcomLaunch - ok
02:08:01.0549 1912 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
02:08:01.0552 1912 defragsvc - ok
02:08:01.0628 1912 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
02:08:01.0630 1912 DfsC - ok
02:08:01.0673 1912 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
02:08:01.0677 1912 Dhcp - ok
02:08:01.0752 1912 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
02:08:01.0753 1912 discache - ok
02:08:01.0772 1912 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
02:08:01.0774 1912 Disk - ok
02:08:01.0843 1912 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
02:08:01.0845 1912 Dnscache - ok
02:08:01.0863 1912 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
02:08:01.0866 1912 dot3svc - ok
02:08:01.0936 1912 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
02:08:01.0940 1912 DPS - ok
02:08:01.0988 1912 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
02:08:01.0989 1912 drmkaud - ok
02:08:02.0085 1912 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
02:08:02.0101 1912 DXGKrnl - ok
02:08:02.0171 1912 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
02:08:02.0175 1912 EapHost - ok
02:08:02.0318 1912 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
02:08:02.0351 1912 ebdrv - ok
02:08:02.0428 1912 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
02:08:02.0432 1912 EFS - ok
02:08:02.0519 1912 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
02:08:02.0530 1912 ehRecvr - ok
02:08:02.0595 1912 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
02:08:02.0597 1912 ehSched - ok
02:08:02.0670 1912 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
02:08:02.0675 1912 elxstor - ok
02:08:02.0756 1912 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
02:08:02.0757 1912 ErrDev - ok
02:08:02.0795 1912 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
02:08:02.0799 1912 EventSystem - ok
02:08:02.0884 1912 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
02:08:02.0886 1912 exfat - ok
02:08:03.0027 1912 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
02:08:03.0031 1912 fastfat - ok
02:08:03.0247 1912 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
02:08:03.0259 1912 Fax - ok
02:08:03.0344 1912 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
02:08:03.0346 1912 fdc - ok
02:08:03.0423 1912 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
02:08:03.0425 1912 fdPHost - ok
02:08:03.0448 1912 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
02:08:03.0451 1912 FDResPub - ok
02:08:03.0517 1912 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
02:08:03.0519 1912 FileInfo - ok
02:08:03.0576 1912 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
02:08:03.0578 1912 Filetrace - ok
02:08:03.0625 1912 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
02:08:03.0626 1912 flpydisk - ok
02:08:03.0687 1912 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
02:08:03.0690 1912 FltMgr - ok
02:08:03.0780 1912 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
02:08:03.0791 1912 FontCache - ok
02:08:03.0871 1912 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
02:08:03.0872 1912 FontCache3.0.0.0 - ok
02:08:03.0947 1912 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
02:08:03.0949 1912 FsDepends - ok
02:08:04.0038 1912 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
02:08:04.0039 1912 Fs_Rec - ok
02:08:04.0115 1912 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
02:08:04.0119 1912 fvevol - ok
02:08:04.0196 1912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
02:08:04.0198 1912 gagp30kx - ok
02:08:04.0268 1912 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
02:08:04.0272 1912 GamesAppService - ok
02:08:04.0345 1912 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
02:08:04.0347 1912 GEARAspiWDM - ok
02:08:04.0417 1912 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe
02:08:04.0422 1912 GFNEXSrv - ok
02:08:04.0520 1912 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
02:08:04.0534 1912 gpsvc - ok
02:08:04.0603 1912 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:08:04.0604 1912 gupdate - ok
02:08:04.0610 1912 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
02:08:04.0612 1912 gupdatem - ok
02:08:04.0629 1912 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
02:08:04.0631 1912 gusvc - ok
02:08:04.0713 1912 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
02:08:04.0714 1912 hcw85cir - ok
02:08:04.0807 1912 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
02:08:04.0810 1912 HdAudAddService - ok
02:08:04.0879 1912 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
02:08:04.0881 1912 HDAudBus - ok
02:08:04.0906 1912 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
02:08:04.0906 1912 HidBatt - ok
02:08:04.0974 1912 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
02:08:04.0977 1912 HidBth - ok
02:08:04.0991 1912 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
02:08:04.0992 1912 HidIr - ok
02:08:05.0032 1912 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
02:08:05.0035 1912 hidserv - ok
02:08:05.0101 1912 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
02:08:05.0102 1912 HidUsb - ok
02:08:05.0159 1912 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
02:08:05.0163 1912 hkmsvc - ok
02:08:05.0236 1912 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
02:08:05.0241 1912 HomeGroupListener - ok
02:08:05.0275 1912 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
02:08:05.0280 1912 HomeGroupProvider - ok
02:08:05.0351 1912 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
02:08:05.0353 1912 HpSAMD - ok
02:08:05.0399 1912 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
02:08:05.0406 1912 HTTP - ok
02:08:05.0473 1912 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
02:08:05.0474 1912 hwpolicy - ok
02:08:05.0495 1912 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
02:08:05.0497 1912 i8042prt - ok
02:08:05.0589 1912 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
02:08:05.0597 1912 iaStorV - ok
02:08:05.0712 1912 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
02:08:05.0720 1912 idsvc - ok
02:08:05.0801 1912 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
02:08:05.0803 1912 iirsp - ok
02:08:05.0856 1912 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
02:08:05.0865 1912 IKEEXT - ok
02:08:06.0010 1912 IntcAzAudAddService (16c324e22208e6e8336c3f2da14cfe2d) C:\windows\system32\drivers\RTKVHD64.sys
02:08:06.0033 1912 IntcAzAudAddService - ok
02:08:06.0113 1912 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
02:08:06.0114 1912 intelide - ok
02:08:06.0127 1912 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
02:08:06.0129 1912 intelppm - ok
02:08:06.0168 1912 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
02:08:06.0170 1912 IPBusEnum - ok
02:08:06.0239 1912 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
02:08:06.0241 1912 IpFilterDriver - ok
02:08:06.0281 1912 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
02:08:06.0290 1912 iphlpsvc - ok
02:08:06.0365 1912 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
02:08:06.0367 1912 IPMIDRV - ok
02:08:06.0379 1912 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
02:08:06.0382 1912 IPNAT - ok
02:08:06.0460 1912 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
02:08:06.0473 1912 iPod Service - ok
02:08:06.0545 1912 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
02:08:06.0546 1912 IRENUM - ok
02:08:06.0568 1912 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
02:08:06.0570 1912 isapnp - ok
02:08:06.0659 1912 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
02:08:06.0662 1912 iScsiPrt - ok
02:08:06.0739 1912 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
02:08:06.0740 1912 kbdclass - ok
02:08:06.0757 1912 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
02:08:06.0758 1912 kbdhid - ok
02:08:06.0828 1912 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:08:06.0830 1912 KeyIso - ok
02:08:06.0918 1912 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
02:08:06.0920 1912 KSecDD - ok
02:08:07.0002 1912 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
02:08:07.0004 1912 KSecPkg - ok
02:08:07.0067 1912 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
02:08:07.0069 1912 ksthunk - ok
02:08:07.0139 1912 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
02:08:07.0146 1912 KtmRm - ok
02:08:07.0213 1912 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
02:08:07.0219 1912 LanmanServer - ok
02:08:07.0260 1912 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
02:08:07.0265 1912 LanmanWorkstation - ok
02:08:07.0336 1912 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
02:08:07.0338 1912 lltdio - ok
02:08:07.0381 1912 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
02:08:07.0388 1912 lltdsvc - ok
02:08:07.0450 1912 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
02:08:07.0453 1912 lmhosts - ok
02:08:07.0504 1912 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
02:08:07.0506 1912 LSI_FC - ok
02:08:07.0584 1912 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
02:08:07.0587 1912 LSI_SAS - ok
02:08:07.0600 1912 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
02:08:07.0602 1912 LSI_SAS2 - ok
02:08:07.0616 1912 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
02:08:07.0618 1912 LSI_SCSI - ok
02:08:07.0694 1912 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
02:08:07.0696 1912 luafv - ok
02:08:07.0835 1912 LVUVC64 (edf73bfa1bd24d74d1d64dc0ed28a7cd) C:\windows\system32\DRIVERS\lvuvc64.sys
02:08:07.0871 1912 LVUVC64 - ok
02:08:07.0956 1912 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
02:08:07.0957 1912 MBAMProtector - ok
02:08:08.0010 1912 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
02:08:08.0020 1912 MBAMService - ok
02:08:08.0091 1912 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
02:08:08.0095 1912 Mcx2Svc - ok
02:08:08.0139 1912 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
02:08:08.0140 1912 megasas - ok
02:08:08.0429 1912 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
02:08:08.0434 1912 MegaSR - ok
02:08:08.0531 1912 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
02:08:08.0534 1912 Microsoft Office Groove Audit Service - ok
02:08:08.0617 1912 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:08:08.0621 1912 MMCSS - ok
02:08:08.0693 1912 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
02:08:08.0695 1912 Modem - ok
02:08:08.0715 1912 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
02:08:08.0716 1912 monitor - ok
02:08:08.0779 1912 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
02:08:08.0780 1912 mouclass - ok
02:08:08.0798 1912 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
02:08:08.0799 1912 mouhid - ok
02:08:08.0832 1912 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
02:08:08.0833 1912 mountmgr - ok
02:08:08.0917 1912 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
02:08:08.0919 1912 mpio - ok
02:08:08.0949 1912 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
02:08:08.0951 1912 mpsdrv - ok
02:08:09.0045 1912 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
02:08:09.0061 1912 MpsSvc - ok
02:08:09.0143 1912 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
02:08:09.0146 1912 MRxDAV - ok
02:08:09.0189 1912 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
02:08:09.0192 1912 mrxsmb - ok
02:08:09.0275 1912 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
02:08:09.0280 1912 mrxsmb10 - ok
02:08:09.0355 1912 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
02:08:09.0359 1912 mrxsmb20 - ok
02:08:09.0441 1912 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
02:08:09.0442 1912 msahci - ok
02:08:09.0526 1912 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
02:08:09.0529 1912 msdsm - ok
02:08:09.0604 1912 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
02:08:09.0609 1912 MSDTC - ok
02:08:09.0670 1912 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
02:08:09.0671 1912 Msfs - ok
02:08:09.0726 1912 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
02:08:09.0727 1912 mshidkmdf - ok
02:08:09.0764 1912 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
02:08:09.0765 1912 msisadrv - ok
02:08:09.0834 1912 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
02:08:09.0837 1912 MSiSCSI - ok
02:08:09.0857 1912 msiserver - ok
02:08:09.0924 1912 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
02:08:09.0925 1912 MSKSSRV - ok
02:08:09.0957 1912 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
02:08:09.0958 1912 MSPCLOCK - ok
02:08:10.0020 1912 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
02:08:10.0021 1912 MSPQM - ok
02:08:10.0102 1912 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
02:08:10.0108 1912 MsRPC - ok
02:08:10.0186 1912 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
02:08:10.0187 1912 mssmbios - ok
02:08:10.0216 1912 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
02:08:10.0217 1912 MSTEE - ok
02:08:10.0294 1912 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
02:08:10.0296 1912 MTConfig - ok
02:08:10.0328 1912 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
02:08:10.0331 1912 Mup - ok
02:08:10.0412 1912 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
02:08:10.0422 1912 napagent - ok
02:08:10.0504 1912 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
02:08:10.0510 1912 NativeWifiP - ok
02:08:10.0607 1912 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
02:08:10.0621 1912 NDIS - ok
02:08:10.0702 1912 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
02:08:10.0703 1912 NdisCap - ok
02:08:10.0787 1912 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
02:08:10.0788 1912 NdisTapi - ok
02:08:10.0831 1912 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
02:08:10.0832 1912 Ndisuio - ok
02:08:10.0902 1912 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
02:08:10.0904 1912 NdisWan - ok
02:08:10.0923 1912 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
02:08:10.0925 1912 NDProxy - ok
02:08:10.0996 1912 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
02:08:10.0998 1912 NetBIOS - ok
02:08:11.0021 1912 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
02:08:11.0024 1912 NetBT - ok
02:08:11.0096 1912 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:08:11.0099 1912 Netlogon - ok
02:08:11.0176 1912 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
02:08:11.0183 1912 Netman - ok
02:08:11.0273 1912 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
02:08:11.0283 1912 netprofm - ok
02:08:11.0381 1912 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
02:08:11.0384 1912 NetTcpPortSharing - ok
02:08:11.0468 1912 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
02:08:11.0470 1912 nfrd960 - ok
02:08:11.0561 1912 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
02:08:11.0568 1912 NlaSvc - ok
02:08:11.0610 1912 Norton PC Checkup Application Launcher - ok
02:08:11.0690 1912 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
02:08:11.0692 1912 Npfs - ok
02:08:11.0751 1912 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
02:08:11.0754 1912 nsi - ok
02:08:11.0799 1912 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
02:08:11.0800 1912 nsiproxy - ok
02:08:11.0909 1912 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
02:08:11.0924 1912 Ntfs - ok
02:08:11.0995 1912 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
02:08:11.0997 1912 Null - ok
02:08:12.0079 1912 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
02:08:12.0083 1912 nvraid - ok
02:08:12.0174 1912 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
02:08:12.0177 1912 nvstor - ok
02:08:12.0258 1912 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
02:08:12.0261 1912 nv_agp - ok
02:08:12.0368 1912 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
02:08:12.0376 1912 odserv - ok
02:08:12.0453 1912 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
02:08:12.0455 1912 ohci1394 - ok
02:08:12.0551 1912 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
02:08:12.0554 1912 ose - ok
02:08:12.0755 1912 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
02:08:12.0797 1912 osppsvc - ok
02:08:12.0908 1912 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:08:12.0913 1912 p2pimsvc - ok
02:08:13.0032 1912 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
02:08:13.0037 1912 p2psvc - ok
02:08:13.0115 1912 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
02:08:13.0118 1912 Parport - ok
02:08:13.0195 1912 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
02:08:13.0197 1912 partmgr - ok
02:08:13.0230 1912 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
02:08:13.0235 1912 PcaSvc - ok
02:08:13.0291 1912 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
02:08:13.0294 1912 PCCUJobMgr - ok
02:08:13.0362 1912 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
02:08:13.0365 1912 pci - ok
02:08:13.0385 1912 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
02:08:13.0386 1912 pciide - ok
02:08:13.0490 1912 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
02:08:13.0494 1912 pcmcia - ok
02:08:13.0573 1912 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
02:08:13.0575 1912 pcw - ok
02:08:13.0664 1912 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
02:08:13.0675 1912 PEAUTH - ok
02:08:13.0754 1912 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
02:08:13.0756 1912 PerfHost - ok
02:08:13.0837 1912 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
02:08:13.0838 1912 PGEffect - ok
02:08:13.0897 1912 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
02:08:13.0912 1912 pla - ok
02:08:13.0988 1912 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
02:08:13.0994 1912 PlugPlay - ok
02:08:14.0063 1912 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
02:08:14.0067 1912 PNRPAutoReg - ok
02:08:14.0098 1912 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
02:08:14.0106 1912 PNRPsvc - ok
02:08:14.0199 1912 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
02:08:14.0209 1912 PolicyAgent - ok
02:08:14.0280 1912 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
02:08:14.0287 1912 Power - ok
02:08:14.0335 1912 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
02:08:14.0338 1912 PptpMiniport - ok
02:08:14.0407 1912 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
02:08:14.0409 1912 Processor - ok
02:08:14.0444 1912 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
02:08:14.0450 1912 ProfSvc - ok
02:08:14.0529 1912 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:08:14.0532 1912 ProtectedStorage - ok
02:08:14.0607 1912 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
02:08:14.0610 1912 Psched - ok
02:08:14.0681 1912 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
02:08:14.0704 1912 ql2300 - ok
02:08:14.0794 1912 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
02:08:14.0796 1912 ql40xx - ok
02:08:14.0845 1912 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
02:08:14.0849 1912 QWAVE - ok
02:08:14.0917 1912 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
02:08:14.0918 1912 QWAVEdrv - ok
02:08:15.0003 1912 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
02:08:15.0003 1912 RasAcd - ok
02:08:15.0091 1912 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
02:08:15.0092 1912 RasAgileVpn - ok
02:08:15.0152 1912 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
02:08:15.0155 1912 RasAuto - ok
02:08:15.0195 1912 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
02:08:15.0197 1912 Rasl2tp - ok
02:08:15.0266 1912 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
02:08:15.0271 1912 RasMan - ok
02:08:15.0311 1912 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
02:08:15.0312 1912 RasPppoe - ok
02:08:15.0388 1912 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
02:08:15.0391 1912 RasSstp - ok
02:08:15.0465 1912 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
02:08:15.0471 1912 rdbss - ok
02:08:15.0547 1912 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
02:08:15.0549 1912 rdpbus - ok
02:08:15.0626 1912 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
02:08:15.0627 1912 RDPCDD - ok
02:08:15.0645 1912 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
02:08:15.0646 1912 RDPENCDD - ok
02:08:15.0671 1912 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
02:08:15.0672 1912 RDPREFMP - ok
02:08:15.0745 1912 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
02:08:15.0748 1912 RDPWD - ok
02:08:15.0825 1912 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
02:08:15.0827 1912 rdyboost - ok
02:08:15.0890 1912 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
02:08:15.0893 1912 RemoteAccess - ok
02:08:15.0926 1912 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
02:08:15.0929 1912 RemoteRegistry - ok
02:08:16.0004 1912 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
02:08:16.0006 1912 RpcEptMapper - ok
02:08:16.0044 1912 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
02:08:16.0046 1912 RpcLocator - ok
02:08:16.0127 1912 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
02:08:16.0134 1912 RpcSs - ok
02:08:16.0210 1912 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
02:08:16.0213 1912 rspndr - ok
02:08:16.0290 1912 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
02:08:16.0294 1912 RSUSBSTOR - ok
02:08:16.0384 1912 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
02:08:16.0390 1912 RTL8167 - ok
02:08:16.0492 1912 RTL8192Ce (fa088015155c4c6dab5d1d9e68eb9d6b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
02:08:16.0503 1912 RTL8192Ce - ok
02:08:16.0573 1912 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:08:16.0577 1912 SamSs - ok
02:08:16.0653 1912 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
02:08:16.0656 1912 sbp2port - ok
02:08:16.0700 1912 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\windows\system32\drivers\SBREdrv.sys
02:08:16.0702 1912 SBRE - ok
02:08:16.0797 1912 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
02:08:16.0808 1912 SBSDWSCService - ok
02:08:16.0891 1912 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
02:08:16.0895 1912 SCardSvr - ok
02:08:16.0944 1912 SCDEmu (b2f50286dc82b93c013e3fc57ba1a956) C:\windows\system32\drivers\SCDEmu.sys
02:08:16.0945 1912 SCDEmu - ok
02:08:17.0017 1912 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
02:08:17.0018 1912 scfilter - ok
02:08:17.0070 1912 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
02:08:17.0082 1912 Schedule - ok
02:08:17.0149 1912 SCManager - ok
02:08:17.0228 1912 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
02:08:17.0230 1912 SCPolicySvc - ok
02:08:17.0275 1912 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
02:08:17.0281 1912 SDRSVC - ok
02:08:17.0347 1912 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
02:08:17.0349 1912 secdrv - ok
02:08:17.0377 1912 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
02:08:17.0380 1912 seclogon - ok
02:08:17.0433 1912 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
02:08:17.0436 1912 SENS - ok
02:08:17.0468 1912 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
02:08:17.0471 1912 SensrSvc - ok
02:08:17.0538 1912 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
02:08:17.0540 1912 Serenum - ok
02:08:17.0554 1912 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
02:08:17.0557 1912 Serial - ok
02:08:17.0570 1912 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
02:08:17.0572 1912 sermouse - ok
02:08:17.0628 1912 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
02:08:17.0631 1912 SessionEnv - ok
02:08:17.0709 1912 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
02:08:17.0710 1912 sffdisk - ok
02:08:17.0719 1912 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
02:08:17.0720 1912 sffp_mmc - ok
02:08:17.0732 1912 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
02:08:17.0733 1912 sffp_sd - ok
02:08:17.0821 1912 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
02:08:17.0822 1912 sfloppy - ok
02:08:17.0891 1912 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
02:08:17.0898 1912 Sftfs - ok
02:08:17.0982 1912 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
02:08:17.0987 1912 sftlist - ok
02:08:18.0053 1912 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
02:08:18.0056 1912 Sftplay - ok
02:08:18.0126 1912 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
02:08:18.0127 1912 Sftredir - ok
02:08:18.0158 1912 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
02:08:18.0159 1912 Sftvol - ok
02:08:18.0219 1912 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
02:08:18.0221 1912 sftvsa - ok
02:08:18.0311 1912 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
02:08:18.0315 1912 SharedAccess - ok
02:08:18.0391 1912 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
02:08:18.0400 1912 ShellHWDetection - ok
02:08:18.0445 1912 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
02:08:18.0446 1912 SiSRaid2 - ok
02:08:18.0760 1912 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
02:08:18.0762 1912 SiSRaid4 - ok
02:08:18.0840 1912 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
02:08:18.0842 1912 Smb - ok
02:08:18.0891 1912 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
02:08:18.0894 1912 SNMPTRAP - ok
02:08:18.0963 1912 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
02:08:18.0964 1912 spldr - ok
02:08:19.0048 1912 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
02:08:19.0055 1912 Spooler - ok
02:08:19.0218 1912 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
02:08:19.0249 1912 sppsvc - ok
02:08:19.0310 1912 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
02:08:19.0315 1912 sppuinotify - ok
02:08:19.0367 1912 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
02:08:19.0375 1912 srv - ok
02:08:19.0465 1912 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
02:08:19.0468 1912 srv2 - ok
02:08:19.0546 1912 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
02:08:19.0548 1912 srvnet - ok
02:08:19.0616 1912 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
02:08:19.0619 1912 SSDPSRV - ok
02:08:19.0642 1912 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
02:08:19.0645 1912 SstpSvc - ok
02:08:19.0682 1912 Steam Client Service - ok
02:08:19.0751 1912 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
02:08:19.0753 1912 stexstor - ok
02:08:19.0805 1912 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
02:08:19.0814 1912 stisvc - ok
02:08:19.0883 1912 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
02:08:19.0884 1912 swenum - ok
02:08:19.0937 1912 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
02:08:19.0944 1912 swprv - ok
02:08:20.0047 1912 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
02:08:20.0059 1912 SynTP - ok
02:08:20.0184 1912 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
02:08:20.0201 1912 SysMain - ok
02:08:20.0269 1912 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
02:08:20.0272 1912 TabletInputService - ok
02:08:20.0294 1912 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
02:08:20.0300 1912 TapiSrv - ok
02:08:20.0368 1912 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
02:08:20.0374 1912 TBS - ok
02:08:20.0474 1912 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
02:08:20.0497 1912 Tcpip - ok
02:08:20.0635 1912 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
02:08:20.0658 1912 TCPIP6 - ok
02:08:20.0729 1912 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
02:08:20.0731 1912 tcpipreg - ok
02:08:20.0800 1912 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
02:08:20.0801 1912 tdcmdpst - ok
02:08:20.0854 1912 TDEIO - ok
02:08:20.0934 1912 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
02:08:20.0935 1912 TDPIPE - ok
02:08:21.0006 1912 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
02:08:21.0007 1912 TDTCP - ok
02:08:21.0071 1912 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
02:08:21.0072 1912 tdx - ok
02:08:21.0149 1912 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
02:08:21.0150 1912 TermDD - ok
02:08:21.0199 1912 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
02:08:21.0207 1912 TermService - ok
02:08:21.0280 1912 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
02:08:21.0283 1912 Themes - ok
02:08:21.0306 1912 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
02:08:21.0308 1912 THREADORDER - ok
02:08:21.0394 1912 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
02:08:21.0396 1912 TMachInfo - ok
02:08:21.0470 1912 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
02:08:21.0475 1912 TODDSrv - ok
02:08:21.0556 1912 TosCoSrv (cdc97fa5c42b07fb0d4600e17c32f582) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
02:08:21.0564 1912 TosCoSrv - ok
02:08:21.0645 1912 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
02:08:21.0650 1912 TOSHIBA eco Utility Service - ok
02:08:21.0728 1912 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
02:08:21.0731 1912 TOSHIBA HDD SSD Alert Service - ok
02:08:21.0826 1912 TPCHSrv (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
02:08:21.0833 1912 TPCHSrv - ok
02:08:21.0908 1912 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
02:08:21.0912 1912 TrkWks - ok
02:08:21.0975 1912 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
02:08:21.0977 1912 TrustedInstaller - ok
02:08:22.0055 1912 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
02:08:22.0056 1912 tssecsrv - ok
02:08:22.0129 1912 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
02:08:22.0130 1912 TsUsbFlt - ok
02:08:22.0140 1912 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
02:08:22.0141 1912 TsUsbGD - ok
02:08:22.0164 1912 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
02:08:22.0166 1912 tunnel - ok
02:08:22.0240 1912 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
02:08:22.0242 1912 TVALZ - ok
02:08:22.0345 1912 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
02:08:22.0346 1912 TVALZFL - ok
02:08:22.0425 1912 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
02:08:22.0427 1912 uagp35 - ok
02:08:22.0514 1912 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
02:08:22.0517 1912 udfs - ok
02:08:22.0582 1912 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
02:08:22.0585 1912 UI0Detect - ok
02:08:22.0631 1912 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
02:08:22.0633 1912 uliagpkx - ok
02:08:22.0712 1912 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
02:08:22.0713 1912 umbus - ok
02:08:22.0793 1912 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
02:08:22.0794 1912 UmPass - ok
02:08:22.0877 1912 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
02:08:22.0882 1912 upnphost - ok
02:08:23.0092 1912 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\windows\system32\Drivers\usbaapl64.sys
02:08:23.0093 1912 USBAAPL64 - ok
02:08:23.0158 1912 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
02:08:23.0159 1912 usbaudio - ok
02:08:23.0201 1912 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
02:08:23.0203 1912 usbccgp - ok
02:08:23.0265 1912 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
02:08:23.0267 1912 usbcir - ok
02:08:23.0300 1912 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
02:08:23.0301 1912 usbehci - ok
02:08:23.0360 1912 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
02:08:23.0363 1912 usbhub - ok
02:08:23.0409 1912 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
02:08:23.0410 1912 usbohci - ok
02:08:23.0493 1912 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
02:08:23.0494 1912 usbprint - ok
02:08:23.0574 1912 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
02:08:23.0577 1912 usbscan - ok
02:08:23.0648 1912 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
02:08:23.0650 1912 USBSTOR - ok
02:08:23.0680 1912 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
02:08:23.0681 1912 usbuhci - ok
02:08:23.0769 1912 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
02:08:23.0771 1912 usbvideo - ok
02:08:23.0809 1912 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
02:08:23.0812 1912 UxSms - ok
02:08:23.0884 1912 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
02:08:23.0886 1912 VaultSvc - ok
02:08:23.0969 1912 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
02:08:23.0970 1912 vdrvroot - ok
02:08:24.0039 1912 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
02:08:24.0046 1912 vds - ok
02:08:24.0126 1912 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
02:08:24.0127 1912 vga - ok
02:08:24.0204 1912 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
02:08:24.0205 1912 VgaSave - ok
02:08:24.0234 1912 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
02:08:24.0237 1912 vhdmp - ok
02:08:24.0322 1912 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
02:08:24.0323 1912 viaide - ok
02:08:24.0397 1912 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
02:08:24.0399 1912 volmgr - ok
02:08:24.0506 1912 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
02:08:24.0510 1912 volmgrx - ok
02:08:24.0624 1912 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
02:08:24.0627 1912 volsnap - ok
02:08:24.0707 1912 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
02:08:24.0709 1912 vsmraid - ok
02:08:24.0814 1912 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
02:08:24.0833 1912 VSS - ok
02:08:24.0932 1912 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
02:08:24.0934 1912 vwifibus - ok
02:08:25.0011 1912 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
02:08:25.0013 1912 vwififlt - ok
02:08:25.0076 1912 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
02:08:25.0082 1912 W32Time - ok
02:08:25.0164 1912 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
02:08:25.0165 1912 WacomPen - ok
02:08:25.0196 1912 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
02:08:25.0197 1912 WANARP - ok
02:08:25.0203 1912 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
02:08:25.0205 1912 Wanarpv6 - ok
02:08:25.0324 1912 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
02:08:25.0337 1912 WatAdminSvc - ok
02:08:25.0481 1912 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
02:08:25.0496 1912 wbengine - ok
02:08:25.0579 1912 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
02:08:25.0583 1912 WbioSrvc - ok
02:08:25.0615 1912 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
02:08:25.0620 1912 wcncsvc - ok
02:08:25.0690 1912 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
02:08:25.0693 1912 WcsPlugInService - ok
02:08:25.0736 1912 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
02:08:25.0737 1912 Wd - ok
02:08:25.0840 1912 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
02:08:25.0846 1912 Wdf01000 - ok
02:08:25.0909 1912 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:08:25.0912 1912 WdiServiceHost - ok
02:08:25.0917 1912 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
02:08:25.0921 1912 WdiSystemHost - ok
02:08:25.0949 1912 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
02:08:25.0954 1912 WebClient - ok
02:08:26.0025 1912 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
02:08:26.0029 1912 Wecsvc - ok
02:08:26.0055 1912 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
02:08:26.0058 1912 wercplsupport - ok
02:08:26.0124 1912 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
02:08:26.0127 1912 WerSvc - ok
02:08:26.0159 1912 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
02:08:26.0160 1912 WfpLwf - ok
02:08:26.0335 1912 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
02:08:26.0336 1912 WIMMount - ok
02:08:26.0389 1912 WinDefend - ok
02:08:26.0398 1912 WinHttpAutoProxySvc - ok
02:08:26.0506 1912 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
02:08:26.0508 1912 Winmgmt - ok
02:08:26.0626 1912 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
02:08:26.0646 1912 WinRM - ok
02:08:26.0732 1912 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
02:08:26.0734 1912 WinUsb - ok
02:08:26.0818 1912 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
02:08:26.0829 1912 Wlansvc - ok
02:08:26.0907 1912 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
02:08:26.0909 1912 wlcrasvc - ok
02:08:27.0053 1912 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
02:08:27.0075 1912 wlidsvc - ok
02:08:27.0197 1912 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
02:08:27.0198 1912 WmiAcpi - ok
02:08:27.0312 1912 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
02:08:27.0315 1912 wmiApSrv - ok
02:08:27.0365 1912 WMPNetworkSvc - ok
02:08:27.0441 1912 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
02:08:27.0444 1912 WPCSvc - ok
02:08:27.0479 1912 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
02:08:27.0483 1912 WPDBusEnum - ok
02:08:27.0559 1912 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
02:08:27.0560 1912 ws2ifsl - ok
02:08:27.0629 1912 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
02:08:27.0633 1912 wscsvc - ok
02:08:27.0642 1912 WSearch - ok
02:08:27.0721 1912 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
02:08:27.0745 1912 wuauserv - ok
02:08:27.0825 1912 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
02:08:27.0827 1912 WudfPf - ok
02:08:27.0903 1912 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
02:08:27.0905 1912 WUDFRd - ok
02:08:27.0974 1912 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
02:08:27.0977 1912 wudfsvc - ok
02:08:28.0049 1912 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
02:08:28.0054 1912 WwanSvc - ok
02:08:28.0085 1912 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
02:08:28.0135 1912 \Device\Harddisk0\DR0 - ok
02:08:28.0153 1912 Boot (0x1200) (6839740a69c59087d738a416cab5387e) \Device\Harddisk0\DR0\Partition0
02:08:28.0154 1912 \Device\Harddisk0\DR0\Partition0 - ok
02:08:28.0156 1912 ============================================================
02:08:28.0156 1912 Scan finished
02:08:28.0157 1912 ============================================================
02:08:28.0171 4560 Detected object count: 0
02:08:28.0171 4560 Actual detected object count: 0

#8 ravens615

ravens615
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 April 2012 - 04:56 AM

aswMBR crashed my computer twice. Upon both scans, it would go about 10 minutes in and then bluescreen the computer. I did not try a third scan for this reason.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 15 April 2012 - 05:04 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Codecv
C:\codec-info
c:\programdata\Premium
c:\programdata\InstallMate
c:\program files (x86)\ConduitEngine
c:\program files (x86)\Ask.com

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2818425
uInternet Settings,ProxyOverride = <local>;*.local

Firefox::
FF - ProfilePath - c:\users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ravens615

ravens615
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 April 2012 - 03:54 PM

ComboFix 12-04-14.01 - Kareem 04/15/2012 12:47:34.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5610.3971 [GMT -7:00]
Running from: c:\users\Kareem\Desktop\Anti Virus\ComboFix.exe
Command switches used :: c:\users\Kareem\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\codec-info
c:\codec-info\codec_info.html
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\cb_1691.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngin.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\ldrConduitEngin.dll
c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
c:\program files (x86)\ConduitEngine\toolbar.cfg
c:\programdata\Codecv
c:\programdata\Codecv\background.html
c:\programdata\Codecv\bccldkoinakjmmgebambiaggjobhikfg.crx
c:\programdata\Codecv\bhoclass.dll
c:\programdata\Codecv\content.js
c:\programdata\Codecv\settings.ini
c:\programdata\InstallMate
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\_Setup.dll
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\_Setupx.dll
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\0.ini
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\20120402144433.log
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\20120402144802.log
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.dat
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.exe
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\Setup.ico
c:\programdata\InstallMate\{C1E28B35-42CA-43F0-8B8B-85F6E7255916}\TsuDll.dll
c:\programdata\Premium
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 20:17 . 2012-04-15 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-13 21:24 . 2012-01-12 16:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
2012-04-12 21:50 . 2012-04-12 21:50 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-04-12 21:50 . 2012-04-12 21:50 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-04-12 16:20 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 16:20 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 16:20 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 16:19 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 16:19 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 16:19 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 16:19 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 16:19 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 16:19 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 16:19 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-06 04:46 . 2012-04-08 07:03 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-06 04:46 . 2012-04-06 04:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-06 03:12 . 2012-04-06 03:12 -------- d-----w- c:\users\Kareem\AppData\Roaming\Malwarebytes
2012-04-06 03:12 . 2012-04-06 04:41 -------- d-----w- c:\programdata\Malwarebytes
2012-04-06 03:12 . 2012-04-06 03:12 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-06 03:12 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-05 05:29 . 2012-04-05 05:29 -------- d-----w- c:\users\Kareem\AppData\Roaming\U3
2012-04-05 00:13 . 2012-04-05 00:13 -------- d-----w- c:\program files (x86)\MKV Player
2012-04-05 00:10 . 2012-04-05 00:10 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-04-05 00:07 . 2012-04-05 00:07 -------- d-----w- c:\users\Kareem\AppData\Roaming\RealNetworks
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-26 04:05 . 2012-03-26 04:05 -------- d-----w- c:\program files (x86)\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 00:09 . 2011-12-20 07:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-04-05 00:09 . 2011-12-20 07:14 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-16 10:02 . 2012-03-16 10:02 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-16 10:02 . 2012-03-16 10:02 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-16 10:02 . 2012-03-16 10:02 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-16 10:02 . 2012-03-16 10:02 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-16 10:02 . 2012-03-16 10:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-16 10:02 . 2012-03-16 10:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-16 10:02 . 2012-03-16 10:02 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-16 10:02 . 2012-03-16 10:02 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-16 10:02 . 2012-03-16 10:02 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-16 10:02 . 2012-03-16 10:02 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-16 10:02 . 2012-03-16 10:02 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-16 10:02 . 2012-03-16 10:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-16 10:02 . 2012-03-16 10:02 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-16 10:02 . 2012-03-16 10:02 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-16 10:02 . 2012-03-16 10:02 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-16 10:02 . 2012-03-16 10:02 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-16 10:02 . 2012-03-16 10:02 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-03-16 10:02 . 2012-03-16 10:02 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-16 10:02 . 2012-03-16 10:02 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-16 10:02 . 2012-03-16 10:02 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-16 10:02 . 2012-03-16 10:02 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-16 10:02 . 2012-03-16 10:02 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-16 10:02 . 2012-03-16 10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-16 10:02 . 2012-03-16 10:02 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-16 10:02 . 2012-03-16 10:02 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-16 10:02 . 2012-03-16 10:02 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-16 10:02 . 2012-03-16 10:02 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-16 10:02 . 2012-03-16 10:02 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-16 10:02 . 2012-03-16 10:02 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-16 10:02 . 2012-03-16 10:02 448512 ----a-w- c:\windows\system32\html.iec
2012-03-16 10:02 . 2012-03-16 10:02 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-16 10:02 . 2012-03-16 10:02 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-16 10:02 . 2012-03-16 10:02 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-16 10:02 . 2012-03-16 10:02 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-17 06:38 . 2012-03-15 00:33 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-15 00:33 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-15 00:33 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-15 00:33 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-15 00:34 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-15 00:34 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 18:02 . 2012-02-07 18:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-15 00:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-25 06:38 . 2012-03-15 00:34 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-15 00:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-01-25 06:33 . 2012-03-15 00:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-01-19 17:22 . 2012-01-19 17:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-15_02.53.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-15 20:19 . 2012-04-15 20:19 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-04-15 02:50 . 2012-04-15 02:50 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-21 03:09 . 2012-04-15 03:23 54160 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 09:53 47412 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-07-16 01:25 . 2012-04-15 09:32 11786 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1011144955-1651433829-1386514232-1001_UserData.bin
+ 2009-07-14 04:46 . 2012-04-15 19:17 95344 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2012-04-15 02:51 . 2012-04-15 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-15 20:19 . 2012-04-15 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-15 02:51 . 2012-04-15 02:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 20:19 . 2012-04-15 20:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-16 05:04 . 2012-04-15 16:11 306950 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-04-15 02:15 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 19:09 624856 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 19:09 106942 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-15 02:15 106942 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-15 02:50 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-15 20:19 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-06-07 14:49 . 2012-04-15 02:50 3041016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-06-07 14:49 . 2012-04-15 20:19 3041016 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-07-16 02:53 . 2012-04-15 20:19 61598736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1011144955-1651433829-1386514232-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{7aeb3efd-e564-43f1-b658-5058a7c5743b}"= "c:\program files (x86)\vshare.tv_Bar\prxtbvsha.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{7aeb3efd-e564-43f1-b658-5058a7c5743b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 94208 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-07 39408]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2012-02-08 22465104]
"Facebook Update"="c:\users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-19 137536]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-09-16 1242448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-09-12 17351304]
"Spotify"="c:\users\Kareem\AppData\Roaming\Spotify\Spotify.exe" [2011-11-11 6823984]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-12 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-11-29 1294712]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2010-08-17 3218792]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-25 2416480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-04-05 296056]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Kareem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Kareem\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SafeConnect.lnk - c:\program files (x86)\SafeConnect\scClient.exe [2011-7-20 296088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 136176]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-04-06 828336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe [2012-03-31 135608]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-02-03 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 SCManager;SafeConnect Manager;c:\program files (x86)\SafeConnect\scManager.sys servicestart [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-04-07 294328]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1011144955-1651433829-1386514232-1001Core.job
- c:\users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-19 21:08]
.
2012-04-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1011144955-1651433829-1386514232-1001UA.job
- c:\users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-19 21:08]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 15:11]
.
2012-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-07 15:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-10-31 21:02 97792 ----a-w- c:\users\Kareem\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-12 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-10 2186856]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TOSHIBA Face Recognition"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 2
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
Wow6432Node-HKLM-Run-ApnUpdater - c:\program files (x86)\Ask.com\Updater\Updater.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{7AEB3EFD-E564-43F1-B658-5058A7C5743B} - (no file)
AddRemove-conduitEngine - c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.10.26\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\SafeConnect\scManager.sys
.
**************************************************************************
.
Completion time: 2012-04-15 13:47:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 20:46
ComboFix2.txt 2012-04-15 03:19
.
Pre-Run: 302,404,378,624 bytes free
Post-Run: 302,467,448,832 bytes free
.
- - End Of File - - 08B8E4E4B54075791758A3ADE0A014CE


TextEnhance hyperlinked crap is still here, as is AdChoices ads on select websites.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 15 April 2012 - 05:17 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 ravens615

ravens615
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 April 2012 - 10:32 PM

OTL logfile created on: 4/15/2012 3:50:26 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Kareem\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.48 Gb Total Physical Memory | 3.59 Gb Available Physical Memory | 65.60% Memory free
10.96 Gb Paging File | 8.64 Gb Available in Paging File | 78.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.96 Gb Total Space | 281.76 Gb Free Space | 62.48% Space Free | Partition Type: NTFS

Computer Name: KAREEM-PC | User Name: Kareem | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kareem\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Users\Kareem\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\ooVoo\ooVoo.exe (ooVoo LLC)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\SafeConnect\scManager.sys (Impulse Point, LLC)
PRC - C:\Program Files (x86)\SafeConnect\SCClient.exe (Impulse Point, LLC)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (GFNEXSrv) -- C:\Windows\SysNative\GFNEXSrv.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SCManager) -- C:\Program Files (x86)\SafeConnect\scManager.sys (Impulse Point, LLC)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (GFI Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (SCDEmu) -- C:\windows\SysNative\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (LVUVC64) Logitech Webcam 200(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {C1E0A39A-3349-4DAD-A332-FB5D86835650}
IE:64bit: - HKLM\..\SearchScopes\{C1E0A39A-3349-4DAD-A332-FB5D86835650}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {49A751C7-AB82-4480-A992-97A51B830142}
IE - HKLM\..\SearchScopes\{49A751C7-AB82-4480-A992-97A51B830142}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\SearchScopes,DefaultScope = {A4AF4532-E927-40B2-923B-8D21F5D046E3}
IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\SearchScopes\{49A751C7-AB82-4480-A992-97A51B830142}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\SearchScopes\{A4AF4532-E927-40B2-923B-8D21F5D046E3}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_en
IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Bing"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.ucla.edu/cgi/proxy"
FF - prefs.js..network.proxy.type: 2


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kareem\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/01/31 11:12:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/04 17:09:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/12 14:50:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/12 14:50:06 | 000,000,000 | ---D | M]

[2011/07/15 18:40:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Extensions
[2012/04/04 00:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions
[2011/10/24 18:32:07 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
[2012/04/04 00:21:29 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\info@allpremiumplay.info
[2012/03/02 00:55:07 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
[2012/01/11 17:05:18 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com
[2011/10/23 23:41:46 | 000,000,929 | ---- | M] () -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\searchplugins\conduit.xml
[2011/09/28 23:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/09/28 23:37:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\KAREEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WKQRTJAL.DEFAULT\EXTENSIONS\{F759CA51-3A91-4DD1-AE78-9DB5EEE9EBF0}.XPI
() (No name found) -- C:\USERS\KAREEM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WKQRTJAL.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2012/04/12 14:50:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 03:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\mozilla firefox\plugins\npvsharetvplg.dll
[2012/04/12 14:50:44 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/12 14:50:44 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: downloadUpdater (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Kareem\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: Codecv = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\bccldkoinakjmmgebambiaggjobhikfg\1.0_0\
CHR - Extension: YouTube = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: vshare plugin = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\
CHR - Extension: Skype Click to Call = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\
CHR - Extension: Gmail = C:\Users\Kareem\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/15 13:21:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll File not found
O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\Toolbar\WebBrowser: (vshare.tv Bar Toolbar) - {7AEB3EFD-E564-43F1-B658-5058A7C5743B} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TOSHIBA Face Recognition] C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001..\Run: [Facebook Update] C:\Users\Kareem\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001..\Run: [Spotify] C:\Users\Kareem\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Kareem\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Kareem\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\Toshiba\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4664CD45-EB2F-4C64-BA4C-220B59B1BC4B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E23AB536-4089-4B9F-BB91-C841939F4B8D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/15 15:48:52 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Kareem\Desktop\OTL.exe
[2012/04/15 13:47:39 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/04/15 13:21:08 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/04/15 12:07:22 | 000,000,000 | ---D | C] -- C:\Users\Kareem\Desktop\Anti Virus
[2012/04/14 17:12:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/04/14 17:12:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/04/14 17:12:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/04/14 01:28:55 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012/04/14 01:27:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/13 14:24:49 | 000,057,976 | R--- | C] (GFI Software) -- C:\windows\SysNative\drivers\SBREDrv.sys
[2012/04/12 09:22:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/04/12 09:22:36 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/04/12 09:22:34 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2012/04/12 09:22:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/04/12 09:22:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/04/12 09:22:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/04/12 09:22:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/04/12 09:22:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2012/04/12 09:22:31 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2012/04/12 09:22:31 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2012/04/12 09:22:31 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2012/04/12 09:20:46 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/04/12 09:20:46 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/04/12 09:20:45 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/12 09:19:46 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imagehlp.dll
[2012/04/12 09:19:46 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys
[2012/04/12 09:19:45 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wintrust.dll
[2012/04/05 21:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/05 21:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/05 21:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/04/05 20:12:49 | 000,000,000 | ---D | C] -- C:\Users\Kareem\AppData\Roaming\Malwarebytes
[2012/04/05 20:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/05 20:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/05 20:12:28 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/04/05 20:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/04 22:29:58 | 000,000,000 | ---D | C] -- C:\Users\Kareem\AppData\Roaming\U3
[2012/04/04 17:13:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKV Player
[2012/04/04 17:13:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MKV Player
[2012/04/04 17:10:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/04/04 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Kareem\AppData\Roaming\RealNetworks
[2012/04/04 17:04:34 | 000,000,000 | ---D | C] -- C:\Users\Kareem\AppData\Local\{892CA29F-A99E-42D7-AE1C-794D53E50CFD}
[2012/04/02 23:54:39 | 000,000,000 | ---D | C] -- C:\Users\Kareem\Desktop\LS 2
[2012/03/25 21:05:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/03/25 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/15 15:48:53 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Kareem\Desktop\OTL.exe
[2012/04/15 15:46:07 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/15 15:46:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/04/15 14:13:02 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1011144955-1651433829-1386514232-1001UA.job
[2012/04/15 14:13:00 | 000,000,910 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1011144955-1651433829-1386514232-1001Core.job
[2012/04/15 14:00:20 | 000,727,374 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/04/15 14:00:20 | 000,624,856 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/04/15 14:00:20 | 000,106,942 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/15 13:56:59 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 13:56:59 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/15 13:49:59 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/15 13:49:26 | 117,010,431 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/15 13:21:04 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/04/15 12:34:10 | 000,001,086 | ---- | M] () -- C:\Users\Kareem\Desktop\ComboFix - Shortcut.lnk
[2012/04/15 12:12:11 | 095,083,502 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/04/15 02:49:27 | 706,072,391 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/04/12 17:26:58 | 000,321,752 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/05 21:46:49 | 000,001,297 | ---- | M] () -- C:\Users\Kareem\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/05 14:12:37 | 000,023,927 | ---- | M] () -- C:\Users\Kareem\Desktop\mjd.jpg
[2012/04/04 17:10:23 | 000,001,046 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/04/04 17:09:41 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2012/04/04 17:09:26 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2012/04/04 17:09:26 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2012/04/04 17:09:23 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2012/03/24 01:09:40 | 000,002,359 | ---- | M] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/15 12:34:10 | 000,001,086 | ---- | C] () -- C:\Users\Kareem\Desktop\ComboFix - Shortcut.lnk
[2012/04/14 17:12:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/04/14 17:12:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/04/14 17:12:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/04/14 17:12:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/04/14 17:12:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/04/05 21:46:49 | 000,001,297 | ---- | C] () -- C:\Users\Kareem\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/05 14:09:53 | 000,023,927 | ---- | C] () -- C:\Users\Kareem\Desktop\mjd.jpg
[2012/04/04 17:10:23 | 000,001,046 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/03/26 02:54:52 | 149,468,689 | ---- | C] () -- C:\Users\Kareem\Desktop\Sadava Life The Science of Biology 9th txtbk.PDF
[2012/03/25 21:08:10 | 053,127,577 | ---- | C] () -- C:\Users\Kareem\Desktop\Vollhardt Organic Chemistry Structure Function 6th txtbk.PDF
[2012/03/24 01:09:40 | 000,002,359 | ---- | C] () -- C:\Users\Public\Desktop\Toshiba Laptop Checkup.lnk
[2011/07/23 09:30:06 | 000,005,632 | ---- | C] () -- C:\Users\Kareem\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/15 23:02:00 | 000,000,293 | ---- | C] () -- C:\windows\game.ini
[2011/07/15 20:23:59 | 000,743,534 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/06/07 07:51:23 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/06/07 07:46:24 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/06/07 07:44:06 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
[2011/06/07 07:42:38 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2011/02/03 19:56:58 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

< End of report >

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 15 April 2012 - 10:42 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKLM\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = <http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425>
    IE - HKU\S-1-5-21-1011144955-1651433829-1386514232-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = <http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425>
    FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
    [2011/10/24 18:32:07 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
    [2012/04/04 00:21:29 | 000,000,000 | ---D | M] (Codecv) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\info@allpremiumplay.info
    [2012/03/02 00:55:07 | 000,000,000 | ---D | M] ("Reddit Enhancement Suite") -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack
    [2012/01/11 17:05:18 | 000,000,000 | ---D | M] (ooVoo toolbar, powered by Ask.com) -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com
    [2011/10/23 23:41:46 | 000,000,929 | ---- | M] () -- C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\searchplugins\conduit.xml
    O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll File not found
    O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll File not found
    O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 ravens615

ravens615
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 15 April 2012 - 10:53 PM

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ deleted successfully.
C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1011144955-1651433829-1386514232-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "vshare.tv Bar Customized Web Search" removed from browser.search.defaultthis.engineName
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults\preferences folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\defaults folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome\content folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}\chrome folder moved successfully.
Folder move failed. C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} scheduled to be moved on reboot.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\info@allpremiumplay.info\content folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\info@allpremiumplay.info folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-reddit_res-lib folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-reddit_res-data folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib\windows folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib\utils folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib\traits folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib\tabs folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib\events folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib\dom folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib\content folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-lib folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-api-utils-data folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-addon-kit-lib folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources\jid1-xufzosoflzsoxg-at-jetpack-addon-kit-data folder moved successfully.
Folder move failed. C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources scheduled to be moved on reboot.
Folder move failed. C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack scheduled to be moved on reboot.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-08-Nov-2011-22-35-59-GMT folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-09-Sep-2011-22-08-24-GMT folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com\chrome folder moved successfully.
Folder move failed. C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com scheduled to be moved on reboot.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
File C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
File C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kareem\Desktop\cmd.bat deleted successfully.
C:\Users\Kareem\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kareem

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kareem
->Flash cache emptied: 8314929 bytes

User: Public

Total Flash Files Cleaned = 8.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04152012_204740

Files\Folders moved on Reboot...
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack\resources folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\jid1-xUfzOsOFlzSOXg@jetpack folder moved successfully.
C:\Users\Kareem\AppData\Roaming\Mozilla\Firefox\Profiles\wkqrtjal.default\extensions\toolbar@ask.com folder moved successfully.

Registry entries deleted on Reboot...


Seems to have done the trick. AdChoices and TextEnhance seem to be gone, system looks to be running smoother thus far. Thank you very very very much for your assistance. It really means a lot!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:25 AM

Posted 15 April 2012 - 11:00 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

BitTorrent
Conduit Engine
Java™ 6 Update 20
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users