Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

80000000.@ Threat: Trojan.Gen.2


  • This topic is locked This topic is locked
19 replies to this topic

#1 Aloha213

Aloha213

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 08 June 2012 - 12:32 AM

I have "Full Path: c:\windows\installer\{50725003-fe69-bb24-d09a-484234ece9d8}\u\80000000.@ Threat: Trojan.Gen.2" on my computer and I dont know how to remove it. I read another post about this Trojan on this form and I have taken some steps to make this process quicker. Below you will find the DDS Log and the FRST64 Log. Thank you so much in advance.

Here is the DDS Log:


DDS (Ver_09-12-01.01) - NTFSX64
Run by Matt at 19:17:39.51 on Thu 06/07/2012
Internet Explorer: 9.0.8112.16421
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16291.13017 [GMT -10:00]


============== Running Processes ===============

C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\notepad.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
\\.\globalroot\systemroot\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}\U
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\Users\Matt\Downloads\dds.scr
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=2a747be0000000000000b888e3100990
uDefault_Page_URL = hxxp://start.toshiba.com
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
mWinlogon: Userinit=userinit.exe
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files (x86)\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - c:\program files (x86)\vid-saver\Vid-Saver.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files (x86)\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\19.7.1.5\ips\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~3\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~3\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - c:\program files (x86)\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\19.7.1.5\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files (x86)\adobe\adobe contribute cs5.1\plugins\ieplugin\contributeieplugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files (x86)\babylontoolbar\babylontoolbar\1.5.3.17\BabylonToolbarTlbr.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [RESTART_STICKY_NOTES] c:\windows\system32\StikyNot.exe
uRun: [Weather] c:\program files (x86)\aws\weatherbug\Weather.exe 1
uRun: [Skype] "c:\program files (x86)\skype\phone\Skype.exe" /minimized /regrun
uRun: [OfficeSyncProcess] "c:\program files (x86)\microsoft office\office14\MSOSYNC.EXE"
uRun: [AdobeBridge]
mRun: [SVPWUTIL] c:\program files (x86)\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] c:\program files\toshiba\utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "c:\program files (x86)\toshiba\utilities\KeNotify.exe" LPCM
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "c:\program files (x86)\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "c:\program files (x86)\toshiba\toshiba app place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\toshiba\toshiba online backup\activation\TOBuActivation.exe" UNATTENDED
mRun: [PWRISOVM.EXE] c:\program files (x86)\poweriso\PWRISOVM.EXE -startup
mRun: [<NO NAME>]
mRun: [APSDaemon] "c:\program files (x86)\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [vmware-tray] "c:\program files (x86)\vmware\vmware workstation\vmware-tray.exe"
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "c:\program files (x86)\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~3\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files (x86)\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\windows\syswow64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~3\office14\GROOVEEX.DLL
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files (x86)\toshiba\toshiba media controller plug-in\x64\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
mRun-x64: [(Default)]
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun-x64: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun-x64: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe -s
mRun-x64: [RtHDVBg] c:\program files\realtek\audio\hda\RAVBg64.exe /FORPCEE3 /MAXX3
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun-x64: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun-x64: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun-x64: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe
mRun-x64: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun-x64: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
mRun-x64: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
AppInit_DLLs-X64: c:\windows\system32\nvinitx.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

============= SERVICES / DRIVERS ===============

R0 nvpciflt;nvpciflt;c:\windows\system32\drivers\nvpciflt.sys [2012-4-18 25960]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2012-5-16 56208]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nisx64\1307010.005\symds64.sys [2012-5-18 451192]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1307010.005\symefa64.sys [2012-5-18 1092728]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2011-3-23 36992]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2009-6-29 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\drivers\tos_sps64.sys [2012-4-18 482384]
R1 BHDrvx64;BHDrvx64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.0.0.128\definitions\bashdefs\20120531.001\BHDrvx64.sys [2012-6-5 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\nisx64\1307010.005\ccsetx64.sys [2012-5-18 167048]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_19.0.0.128\definitions\ipsdefs\20120607.001\IDSviA64.sys [2012-6-7 488568]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nisx64\1307010.005\ironx64.sys [2012-5-18 190072]
R1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\nisx64\1307010.005\symnets.sys [2012-5-18 405624]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 NIS;Norton Internet Security;c:\program files (x86)\norton internet security\engine\19.7.1.5\ccsvchst.exe [2012-5-18 138232]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\norton pc checkup\engine\2.0.13.11\SymcPCCULaunchSvc.exe [2012-4-18 123320]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe [2012-4-18 1997416]
R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\norton pc checkup\engine\2.0.13.11\ccSvcHst.exe [2012-4-18 126392]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2012-4-18 14112]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\intel\intel® management engine components\uns\UNS.exe [2012-4-18 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\common files\vmware\usb\vmware-usbarbitrator64.exe [2011-8-29 846448]
R3 CeKbFilter;CeKbFilter;c:\windows\system32\drivers\CeKbFilter.sys [2012-4-18 20592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-6-2 138912]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2012-4-18 38096]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2012-4-18 413800]
R3 TMachInfo;TMachInfo;c:\program files (x86)\toshiba\toshiba service station\TMachInfo.exe [2012-4-18 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2012-4-18 136176]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\skype\updater\Updater.exe [2012-5-3 158856]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\drivers\btfilter.sys [2012-4-18 42096]
S3 GamesAppService;GamesAppService;c:\program files (x86)\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\google\update\GoogleUpdate.exe [2012-4-18 136176]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2011-5-2 175192]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-5-25 31800]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe [2012-4-30 11839488]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-5-16 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2012-06-08 05:09:00 0 ----a-w- c:\users\matt\defogger_reenable
2012-06-08 02:46:31 0 d-----w- C:\FRST
2012-06-07 00:13:45 0 d-----w- c:\program files (x86)\common files\SolidWorks Shared
2012-06-06 03:27:45 0 d-----w- c:\users\matt\appdata\roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-06-06 03:24:13 0 d-----w- c:\users\matt\appdata\roaming\NVIDIA
2012-06-04 03:22:16 0 d-----w- c:\users\matt\appdata\roaming\EDrawings
2012-06-04 03:22:15 0 d-----w- c:\users\matt\appdata\roaming\DassaultSystemes
2012-06-04 03:22:15 0 d-----w- c:\programdata\DassaultSystemes
2012-06-04 03:11:30 0 ----a-w- c:\windows\eDrawingOfficeAutomator.INI
2012-06-04 03:11:20 0 d-----w- c:\program files (x86)\common files\eDrawings2012
2012-06-03 19:49:13 0 d-----w- c:\programdata\Pinnacle
2012-06-03 19:44:23 0 d-----w- c:\program files (x86)\common files\Avid
2012-06-01 00:51:33 0 d-sh--w- c:\windows\system32\%APPDATA%
2012-06-01 00:47:59 419488 ----a-w- c:\windows\syswow64\FlashPlayerApp.exe
2012-05-30 04:39:28 0 d-----w- c:\program files (x86)\Neuratron AudioScore Lite
2012-05-30 04:39:13 0 d-----w- c:\program files (x86)\Sibelius Software
2012-05-30 04:35:17 0 d-----w- c:\users\matt\appdata\roaming\Avid
2012-05-30 04:35:17 0 d-----w- c:\programdata\Avid
2012-05-30 04:35:17 0 d-----w- c:\program files\Avid
2012-05-30 04:35:17 0 d-----w- c:\program files (x86)\Avid
2012-05-30 04:02:17 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-05-30 04:01:48 354416 ----a-w- c:\windows\syswow64\vmnetdhcp.exe
2012-05-30 04:01:44 433264 ----a-w- c:\windows\syswow64\vmnat.exe
2012-05-30 04:01:44 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-05-30 04:01:42 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-05-30 04:01:40 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-05-30 04:01:35 1024 ----a-w- C:\.rnd
2012-05-30 04:00:52 0 d-----w- c:\programdata\VMware
2012-05-30 04:00:52 0 d-----w- c:\program files (x86)\VMware
2012-05-30 04:00:52 0 d-----w- c:\program files (x86)\common files\VMware
2012-05-30 04:00:33 0 d-----w- c:\program files\common files\VMware
2012-05-30 01:44:15 0 d-----w- c:\users\matt\VirtualBox VMs
2012-05-30 01:18:37 0 d-----w- c:\users\matt\.VirtualBox
2012-05-30 01:18:12 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-30 01:18:03 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-30 01:17:57 0 d-----w- c:\program files\Oracle
2012-05-30 00:51:39 0 d-----w- c:\program files (x86)\BabylonToolbar
2012-05-30 00:51:37 0 d-----w- c:\users\matt\appdata\roaming\BabylonToolbar
2012-05-30 00:51:16 0 d-----w- c:\users\matt\appdata\roaming\Babylon
2012-05-30 00:51:16 0 d-----w- c:\programdata\Babylon
2012-05-25 22:05:39 0 d-----w- c:\program files (x86)\WinSCP
2012-05-25 21:00:43 0 d-----w- c:\programdata\FLEXnet
2012-05-25 21:00:35 0 d-----w- c:\program files (x86)\common files\Macrovision Shared
2012-05-25 21:00:18 0 d-----w- c:\programdata\Rosetta Stone
2012-05-25 21:00:18 0 d-----w- c:\program files (x86)\Rosetta Stone
2012-05-25 20:03:04 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-25 20:03:04 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-05-25 20:03:04 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2012-05-25 20:02:48 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-25 20:02:48 0 d-----w- c:\program files\iPod
2012-05-25 20:02:47 0 d-----w- c:\programdata\Apple Computer
2012-05-25 20:02:47 0 d-----w- c:\program files\iTunes
2012-05-25 20:02:47 0 d-----w- c:\program files (x86)\iTunes
2012-05-25 20:01:40 0 d-----w- c:\program files\common files\Apple
2012-05-25 20:01:27 0 d-----w- c:\program files\Bonjour
2012-05-25 20:01:27 0 d-----w- c:\program files (x86)\Bonjour
2012-05-25 20:01:20 0 d-----w- c:\programdata\Apple
2012-05-25 19:58:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-25 18:54:13 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-25 18:54:12 0 d-----w- c:\program files\VS Revo Group
2012-05-25 18:23:08 0 d-----w- c:\users\matt\appdata\roaming\AnvSoft
2012-05-25 18:21:50 0 d-----w- c:\program files (x86)\AnvSoft
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll.8422
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll.7994
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll.6879
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll.649
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll.4604
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll.1390
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll.11014
2012-05-25 11:52:53 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-05-25 11:52:44 0 d-----w- c:\program files (x86)\DreamScene Seven
2012-05-25 08:59:50 0 d-----w- c:\users\matt\My Software
2012-05-25 03:50:26 0 d-----w- c:\users\matt\appdata\roaming\Adobe Mini Bridge CS5.1
2012-05-25 03:50:25 0 d-----w- c:\users\matt\appdata\roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-23 00:26:10 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-23 00:25:40 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-23 00:25:40 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-05-22 08:05:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-21 07:55:02 0 d-----r- c:\program files (x86)\Skype
2012-05-21 07:54:58 0 d-----w- c:\programdata\Skype
2012-05-20 21:37:32 0 d-----w- c:\programdata\PMS
2012-05-20 21:37:26 0 d-----w- c:\program files (x86)\PS3 Media Server
2012-05-19 07:35:09 0 d-----w- c:\program files (x86)\VideoLAN
2012-05-19 07:34:29 0 d-----w- c:\users\matt\appdata\roaming\WeatherBug
2012-05-19 07:34:27 0 d-----w- c:\program files (x86)\AWS
2012-05-19 07:33:46 287 ----a-w- C:\user.js
2012-05-17 19:20:42 0 d-----w- C:\IExp1.tmp
2012-05-17 19:20:39 0 d-----w- c:\windows\RegisteredPackages
2012-05-17 19:20:39 0 d-----w- C:\IExp0.tmp
2012-05-17 19:20:32 0 d-----w- c:\program files (x86)\Windows Media Components
2012-05-17 19:19:08 0 d--h--w- c:\programdata\Common Files
2012-05-17 19:16:06 0 d-----w- c:\program files (x86)\common files\Futuremark Shared
2012-05-17 19:15:53 0 d-----w- c:\program files (x86)\Futuremark
2012-05-17 19:03:26 0 d-----w- c:\users\matt\appdata\roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-16 22:17:15 0 d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-16 21:40:32 0 d-----w- c:\programdata\ALM
2012-05-16 21:35:28 0 d-----w- c:\users\matt\Adobe Flash Builder 4.5
2012-05-16 21:29:28 0 d-----w- c:\program files (x86)\Adobe Story
2012-05-16 21:28:06 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-05-16 21:28:06 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-05-16 21:28:06 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-16 21:28:06 0 d-----w- c:\program files (x86)\My Company Name
2012-05-16 21:28:06 0 d-----w- c:\program files (x86)\common files\Sonic Shared
2012-05-16 21:28:06 0 d-----w- c:\program files (x86)\common files\PX Storage Engine
2012-05-16 21:17:12 0 d-----w- c:\windows\syswow64\Wat
2012-05-16 21:17:12 0 d-----w- c:\windows\system32\Wat
2012-05-16 21:17:01 888144860 ----a-w- c:\windows\MEMORY.DMP
2012-05-16 21:12:56 0 d-----w- c:\program files (x86)\MSXML 4.0
2012-05-16 21:10:14 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 21:10:14 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-16 21:10:14 159232 ----a-w- c:\windows\syswow64\imagehlp.dll
2012-05-16 21:10:13 5120 ----a-w- c:\windows\syswow64\wmi.dll
2012-05-16 21:10:13 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-16 21:10:13 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-16 21:10:13 172544 ----a-w- c:\windows\syswow64\wintrust.dll
2012-05-16 21:04:50 0 d-----w- c:\program files\common files\Adobe
2012-05-16 21:04:46 0 d-----w- c:\program files\Adobe
2012-05-16 17:58:44 75776 ----a-w- c:\windows\syswow64\psisrndr.ax
2012-05-16 17:57:55 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-16 17:57:55 67072 ----a-w- c:\windows\syswow64\packager.dll
2012-05-16 17:57:55 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-16 17:57:55 1292080 ----a-w- c:\windows\syswow64\ntdll.dll
2012-05-16 11:26:52 0 d-----w- C:\AutoKMS
2012-05-16 11:26:48 0 d-----w- c:\program files (x86)\Detong
2012-05-16 11:26:47 0 d---a-w- c:\programdata\TEMP
2012-05-16 11:26:46 0 d-----w- c:\program files (x86)\Classic Menu for Office 2010
2012-05-16 11:22:12 0 d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-05-16 11:21:03 0 d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-05-16 11:20:47 0 d-----w- c:\program files\Microsoft Office
2012-05-16 11:20:30 0 d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-05-16 11:20:09 0 d-----w- c:\programdata\Microsoft Help
2012-05-16 11:12:57 796420 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2012-05-16 11:04:49 0 d-----w- c:\program files\WinRAR
2012-05-16 10:16:06 0 d-----w- c:\users\matt\appdata\roaming\PowerISO
2012-05-16 07:50:18 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-16 07:50:17 826880 ----a-w- c:\windows\syswow64\rdpcore.dll
2012-05-16 07:50:17 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-16 07:50:17 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-16 07:50:17 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-16 07:50:17 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-16 07:50:17 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-16 07:40:03 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-05-16 07:39:42 0 d-----w- c:\users\matt\appdata\roaming\WinBatch
2012-05-16 07:39:10 0 d-----w- c:\program files (x86)\1ClickDownload
2012-05-16 07:33:55 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-16 07:33:55 0 d-----w- c:\program files (x86)\PowerISO
2012-05-16 07:29:29 0 d-----w- c:\programdata\DAEMON Tools Pro
2012-05-16 07:26:58 0 d-----w- c:\program files (x86)\Vid-Saver
2012-05-16 07:26:56 0 d-----w- c:\program files (x86)\uTorrent
2012-05-16 07:24:40 0 d-----w- c:\users\matt\appdata\roaming\uTorrent
2012-05-16 06:52:11 0 d-----w- c:\users\matt\appdata\roaming\Tific
2012-05-16 06:51:59 0 d-----w- c:\program files (x86)\common files\Symantec Shared

==================== Find3M ====================

2012-06-08 03:22:24 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2012-06-08 03:22:24 7488 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2012-06-08 03:22:24 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-01 00:42:42 604 ---ha-w- c:\program files (x86)\_Z2
2012-05-01 04:26:28 252016 ----a-w- c:\windows\syswow64\vmnc.dll
2012-05-01 03:22:42 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-05-01 03:22:42 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-05-01 03:22:42 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-05-01 03:22:42 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-05-01 03:22:42 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-04-18 23:01:58 50 ----a-w- c:\windows\system32\drivers\DCX.LOG
2012-04-18 22:15:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2012-04-18 22:09:23 20592 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2012-03-31 06:05:57 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- c:\windows\system32\win32k.sys
2012-03-22 06:10:46 4682840 ----a-w- c:\windows\fonts\hyswlongfangsong.ttf
2012-03-13 06:56:40 947472 ----a-w- c:\windows\syswow64\msjava.dll
2010-11-21 07:06:44 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2010-11-21 07:06:44 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2010-11-21 07:06:44 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2010-11-21 07:06:44 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2011-08-22 03:00:32 262144 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_4f7e32f76654bd3c\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\WinMail.exe

============= FINISH: 19:18:13.96 ===============


FRST Log:

Scan result of Farbar Recovery Scan Tool Version: 06-06-2012 04
Ran by SYSTEM at 07-06-2012 18:46:51
Running from G:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\windows\system32\igfxtray.exe [167704 2011-07-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe [392472 2011-07-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\windows\system32\igfxpers.exe [416024 2011-07-02] (Intel Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11831400 2011-04-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 [2209896 2011-04-18] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [336952 2012-04-18] (Power Software Ltd)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2012-04-30] (VMware, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2904984 2011-09-05] (Adobe Systems Inc.)
HKU\Matt\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Matt\...\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1 [1653248 2009-12-29] (AWS Convergence Technologies, Inc.)
HKU\Matt\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17355912 2012-05-03] (Skype Technologies S.A.)
HKU\Matt\...\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [718720 2011-07-22] (Microsoft Corporation)
HKU\Matt\...\Run: [AdobeBridge] [x]
HKU\UpdatusUser\...\Run: [] [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
AppInit_DLLs: C:\windows\system32\nvinitx.dll

==================== Services (Whitelisted) ======

3 GamesAppService; "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe" [206072 2010-10-12] (WildTangent, Inc.)
2 IviRegMgr; "C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe" [110736 2010-05-20] (InterVideo)
2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation)
2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [123320 2011-07-19] (Symantec Corporation)
2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [132984 2011-07-19] (Symantec Corporation)
2 PSI_SVC_2; "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" [193824 2010-03-11] (Protexis Inc.)
2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2656280 2011-02-01] (Intel Corporation)
2 VMUSBArbService; "C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe" [846448 2011-08-30] (VMware, Inc.)
3 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-05-29] ()

========================== Drivers (Whitelisted) =============

1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [1160824 2012-05-07] (Symantec Corporation)
3 BtFilter; C:\Windows\System32\Drivers\BtFilter.sys [42096 2010-10-18] (Atheros)
1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [167048 2011-11-29] (Symantec Corporation)
3 CeKbFilter; C:\Windows\System32\Drivers\CeKbFilter.sys [20592 2012-04-18] (Compal Electronics, INC.)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-05-30] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-06-02] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120607.001\IDSvia64.sys [488568 2012-05-15] (Symantec Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120607.018\ENG64.SYS [120440 2012-06-07] (Symantec Corporation)
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120607.018\EX64.SYS [2068600 2012-06-07] (Symantec Corporation)
0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56208 2011-11-03] (Rovi Corporation)
2 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo)
3 Revoflt; C:\Windows\System32\Drivers\Revoflt.sys [31800 2009-12-30] (VS Revo Group)
1 SCDEmu; C:\Windows\System32\Drivers\SCDEmu.sys [126912 2012-04-18] (Power Software Ltd)
3 SRTSP; C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS [737912 2012-03-28] (Symantec Corporation)
1 SRTSPX; C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS [37496 2012-03-28] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NISx64\1307010.005\SYMDS64.SYS [451192 2011-05-16] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NISx64\1307010.005\SYMEFA64.SYS [1092728 2012-03-28] (Symantec Corporation)
3 SymEvent; \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-06-07] (Symantec Corporation)
1 SymIRON; C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [190072 2012-03-28] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [405624 2012-03-28] (Symantec Corporation)
3 Tosrfusb; C:\Windows\System32\Drivers\Tosrfusb.sys [67384 2011-01-27] (TOSHIBA CORPORATION)
2 vstor2-mntapi10-shared; C:\Windows\SysWow64\Drivers\vstor2-mntapi10-shared.sys [33392 2011-07-08] (VMware, Inc.)
3 cpuz130; \??\C:\Users\Matt\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
3 Tosrfcom; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-06-07 20:42 - 2012-06-07 20:43 - 01396571 ____A C:\Users\Matt\Downloads\FRST64.exe
2012-06-07 19:41 - 2012-06-07 19:41 - 00869754 ____A C:\Users\Matt\Downloads\FRST.exe
2012-06-07 19:18 - 2012-06-07 19:18 - 00595456 ____A (OldTimer Tools) C:\Users\Matt\Downloads\OTL.exe
2012-06-07 19:07 - 2012-06-07 19:40 - 00187604 ____A C:\Windows\ntbtlog.txt
2012-06-07 18:46 - 2012-06-07 18:47 - 00000000 ____D C:\FRST
2012-06-07 03:50 - 2012-06-07 03:55 - 74263072 ____A (Microsoft Corporation) C:\Users\Matt\Downloads\msert.exe
2012-06-07 03:43 - 2012-06-07 03:44 - 00262144 ____A C:\Windows\Minidump\060712-33212-01.dmp
2012-06-07 03:43 - 2012-06-07 03:43 - 00000000 ____D C:\Windows\Minidump
2012-06-06 16:55 - 2012-06-06 16:55 - 00001456 ____A C:\Users\Matt\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-06-06 16:11 - 2012-06-06 16:12 - 27346432 ____A C:\Users\Matt\Downloads\SolidWorks Document Manager API.msi
2012-06-06 16:11 - 2012-06-06 16:11 - 00000000 ____D C:\Users\Matt\Documents\thedesignsofar
2012-06-06 16:10 - 2012-06-06 16:10 - 00259650 ____A C:\Users\Matt\Downloads\thedesignsofar.zip
2012-06-05 22:05 - 2012-06-05 22:06 - 00000000 ____D C:\Users\Matt\Downloads\Openmirrors.com__Lynda.com - CSS Core Concepts
2012-06-05 22:04 - 2012-06-05 22:15 - 00000000 ____D C:\Users\Matt\Downloads\CSS - CSS Page Layouts
2012-06-05 22:03 - 2012-06-05 22:03 - 00019697 ____A C:\Users\Matt\Downloads\CSS_Fundametals_Lynda_com_o-Demonoid.me-o_9406170.2018.torrent
2012-06-05 19:31 - 2012-06-05 19:31 - 00000000 ____D C:\Users\Matt\Documents\Adobe
2012-06-05 19:28 - 2012-06-05 19:28 - 00000000 ____D C:\Users\Matt\Documents\Adobe Scripts
2012-06-05 19:27 - 2012-06-05 19:27 - 00000000 ____D C:\Users\Matt\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-06-05 19:24 - 2012-06-05 19:24 - 00000000 ____D C:\Users\Public\Documents\Adobe
2012-06-05 19:24 - 2012-06-05 19:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\NVIDIA
2012-06-05 18:55 - 2012-06-05 18:55 - 00002037 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-06-05 16:47 - 2012-06-05 17:13 - 00000000 ____D C:\Users\Matt\Downloads\Lynda.com - Dreamweaver CS6 Essential Training (Complete with Exercise Files)
2012-06-05 13:09 - 2012-06-05 13:09 - 00202882 ____A C:\Users\Matt\Downloads\COE Humanity.pdf
2012-06-05 00:14 - 2012-06-05 00:20 - 00000000 ____D C:\Users\Matt\Downloads\The Blue Lagoon Special Edition 1980 DvDrip[Eng]-greenbud1969
2012-06-04 17:13 - 2012-06-04 17:13 - 00186549 ____A C:\Users\Matt\Downloads\COE.pdf
2012-06-04 16:44 - 2012-06-04 16:49 - 00000000 ____D C:\Users\Matt\Downloads\BitDefender Total Security 2012 Build 15.0.31.1282 Final x86 - BRiNGiT
2012-06-04 15:07 - 2012-06-04 15:10 - 00000000 ____D C:\Users\Matt\Downloads\LC_Excel2010_CID
2012-06-04 14:15 - 2012-06-04 14:15 - 00212868 ____A C:\Users\Matt\Downloads\scan0032.pdf
2012-06-03 21:06 - 2012-06-06 19:24 - 00000000 ____D C:\Users\Matt\Documents\XHTML
2012-06-03 20:05 - 2012-06-03 20:19 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Notepad++
2012-06-03 20:05 - 2012-06-03 20:05 - 00001080 ____A C:\Users\Matt\Desktop\Notepad++.lnk
2012-06-03 20:05 - 2012-06-03 20:05 - 00000000 ____D C:\Program Files (x86)\Notepad++
2012-06-03 19:22 - 2012-06-05 18:41 - 00000000 ____D C:\Users\All Users\DassaultSystemes
2012-06-03 19:22 - 2012-06-03 19:22 - 00000000 ____D C:\Users\Matt\AppData\Roaming\EDrawings
2012-06-03 19:22 - 2012-06-03 19:22 - 00000000 ____D C:\Users\Matt\AppData\Roaming\DassaultSystemes
2012-06-03 19:22 - 2012-06-03 19:22 - 00000000 ____D C:\Users\Matt\AppData\Local\DassaultSystemes
2012-06-03 19:11 - 2012-06-03 19:11 - 00000000 ____A C:\Windows\eDrawingOfficeAutomator.INI
2012-06-03 19:03 - 2012-06-03 19:03 - 59183744 ____A (Dassault Systèmes SolidWorks Corp. ) C:\Users\Matt\Downloads\eDrawingsFullEnglish.exe
2012-06-03 17:05 - 2012-06-03 17:12 - 00000000 ____D C:\Users\Matt\Downloads\Lynda.com_XHTML and HTML Essential Training
2012-06-03 11:49 - 2012-06-03 11:49 - 00000000 ____D C:\Users\All Users\Pinnacle
2012-05-31 16:51 - 2012-05-31 16:51 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-31 16:47 - 2012-05-31 16:47 - 00419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-31 16:47 - 2012-05-31 16:47 - 00000000 ____D C:\Windows\System32\Macromed
2012-05-31 16:42 - 2012-05-31 16:42 - 00000604 ___AH C:\Program Files (x86)\_Z2
2012-05-29 20:39 - 2012-05-29 20:39 - 00000000 ____D C:\Program Files (x86)\Sibelius Software
2012-05-29 20:39 - 2012-05-29 20:39 - 00000000 ____D C:\Program Files (x86)\Neuratron AudioScore Lite
2012-05-29 20:36 - 2012-06-03 15:51 - 00000000 ____D C:\Users\Matt\Documents\Scores
2012-05-29 20:35 - 2012-06-03 11:49 - 00000000 ____D C:\Users\All Users\Avid
2012-05-29 20:35 - 2012-06-03 11:45 - 00000000 ____D C:\Program Files (x86)\Avid
2012-05-29 20:35 - 2012-06-03 11:42 - 00000000 ____D C:\Users\Public\Documents\Sibelius Example Scores
2012-05-29 20:35 - 2012-05-31 16:45 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Avid
2012-05-29 20:35 - 2012-05-29 20:35 - 00000000 ____D C:\Program Files\Avid
2012-05-29 20:34 - 2012-05-29 20:34 - 00000000 ____D C:\Users\Matt\AppData\Local\start
2012-05-29 20:03 - 2012-05-31 16:42 - 00000000 ____D C:\Users\Matt\AppData\Roaming\VMware
2012-05-29 20:03 - 2012-05-31 16:42 - 00000000 ____D C:\Users\Matt\AppData\Local\VMware
2012-05-29 20:02 - 2012-04-30 22:42 - 00063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-05-29 20:01 - 2012-05-29 20:01 - 00001024 ____A C:\.rnd
2012-05-29 20:01 - 2012-04-30 22:42 - 00942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-05-29 20:01 - 2012-04-30 22:42 - 00433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-05-29 20:01 - 2012-04-30 22:42 - 00354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-05-29 20:01 - 2012-04-30 22:40 - 00030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-05-29 20:01 - 2011-08-30 01:11 - 00039024 ____A (VMware, Inc.) C:\Windows\System32\Drivers\hcmon.sys
2012-05-29 20:00 - 2012-06-07 20:44 - 00000000 ____D C:\Users\All Users\VMware
2012-05-29 20:00 - 2012-05-29 20:00 - 00000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2012-05-29 20:00 - 2012-05-29 20:00 - 00000000 ____D C:\Program Files\Common Files\VMware
2012-05-29 20:00 - 2012-05-29 20:00 - 00000000 ____D C:\Program Files (x86)\VMware
2012-05-29 17:47 - 2012-05-29 17:47 - 00000309 ____A C:\Users\Matt\2012-05-30-01-47-51.003-VirtualBox.exe-7936.log
2012-05-29 17:44 - 2012-05-29 19:45 - 00000000 ____D C:\Users\Matt\VirtualBox VMs
2012-05-29 17:18 - 2012-05-29 19:45 - 00000000 ____D C:\Users\Matt\.VirtualBox
2012-05-29 17:18 - 2012-05-22 16:26 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-05-29 17:18 - 2012-05-22 16:26 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-05-29 17:17 - 2012-05-29 17:17 - 00000000 ____D C:\Program Files\Oracle
2012-05-29 16:51 - 2012-05-29 16:51 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BabylonToolbar
2012-05-29 16:51 - 2012-05-29 16:51 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Babylon
2012-05-29 16:51 - 2012-05-29 16:51 - 00000000 ____D C:\Users\All Users\Babylon
2012-05-29 16:51 - 2012-05-29 16:51 - 00000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-05-26 23:40 - 2012-05-26 23:42 - 00013824 __ASH C:\Users\Matt\Downloads\Thumbs.db
2012-05-26 12:13 - 2012-05-26 12:13 - 00000000 ____D C:\Users\Matt\AppData\Local\Windows Live
2012-05-26 12:12 - 2012-05-26 12:13 - 00000000 ____D C:\Users\Matt\AppData\Local\{479BE9B8-16BB-475F-95FB-8084788DE730}
2012-05-25 14:19 - 2012-05-25 14:21 - 00000000 ____D C:\Users\Matt\Documents\Iphone Backup
2012-05-25 14:05 - 2012-05-26 22:56 - 00000600 ____A C:\Users\Matt\AppData\Roaming\winscp.rnd
2012-05-25 14:05 - 2012-05-25 14:05 - 00000000 ____D C:\Program Files (x86)\WinSCP
2012-05-25 13:00 - 2012-06-03 19:22 - 00000000 ____D C:\Users\All Users\FLEXnet
2012-05-25 13:00 - 2012-06-02 21:45 - 00000000 ____D C:\Users\All Users\Rosetta Stone
2012-05-25 13:00 - 2012-05-25 13:00 - 00000000 ____D C:\Program Files (x86)\Rosetta Stone
2012-05-25 12:46 - 2012-05-27 16:21 - 00000000 ____D C:\Users\Matt\AppData\Local\libimobiledevice
2012-05-25 12:03 - 2012-05-29 19:59 - 00000000 ____D C:\Users\Matt\Downloads\Dream files
2012-05-25 12:03 - 2012-05-25 12:47 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Apple Computer
2012-05-25 12:03 - 2012-05-25 12:03 - 00000000 ____D C:\Users\Matt\AppData\Local\Apple Computer
2012-05-25 12:03 - 2009-05-18 15:17 - 00034152 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-05-25 12:03 - 2008-04-17 14:12 - 00126312 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-05-25 12:03 - 2008-04-17 14:12 - 00107368 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-05-25 12:02 - 2012-05-25 12:03 - 00000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-25 12:02 - 2012-05-25 12:03 - 00000000 ____D C:\Program Files\iTunes
2012-05-25 12:02 - 2012-05-25 12:03 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-05-25 12:02 - 2012-05-25 12:02 - 00000000 ____D C:\Users\Matt\AppData\Local\Apple
2012-05-25 12:02 - 2012-05-25 12:02 - 00000000 ____D C:\Users\All Users\Apple Computer
2012-05-25 12:02 - 2012-05-25 12:02 - 00000000 ____D C:\Program Files\iPod
2012-05-25 12:02 - 2012-05-25 12:02 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-25 12:01 - 2012-05-25 12:02 - 00000000 ____D C:\Users\All Users\Apple
2012-05-25 12:01 - 2012-05-25 12:01 - 00000000 ____D C:\Program Files\Common Files\Apple
2012-05-25 12:01 - 2012-05-25 12:01 - 00000000 ____D C:\Program Files\Bonjour
2012-05-25 12:01 - 2012-05-25 12:01 - 00000000 ____D C:\Program Files (x86)\Bonjour
2012-05-25 11:58 - 2012-05-25 11:58 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-25 11:49 - 2012-05-29 18:10 - 00000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2012-05-25 10:54 - 2012-05-25 10:54 - 00000000 ____D C:\Users\Matt\AppData\Local\VS Revo Group
2012-05-25 10:54 - 2012-05-25 10:54 - 00000000 ____D C:\Program Files\VS Revo Group
2012-05-25 10:54 - 2009-12-30 12:21 - 00031800 ____A (VS Revo Group) C:\Windows\System32\Drivers\revoflt.sys
2012-05-25 10:23 - 2012-05-25 10:23 - 00000000 ____D C:\Users\Matt\Documents\Any Video Converter
2012-05-25 10:23 - 2012-05-25 10:23 - 00000000 ____D C:\Users\Matt\AppData\Roaming\AnvSoft
2012-05-25 10:21 - 2012-05-25 10:21 - 00000000 ____D C:\Program Files (x86)\AnvSoft
2012-05-25 04:08 - 2012-05-25 04:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-05-25 04:08 - 2012-05-25 04:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-05-25 03:52 - 2012-05-25 10:23 - 00000000 ____D C:\Program Files (x86)\DreamScene Seven
2012-05-25 03:52 - 2012-05-25 10:18 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.649
2012-05-25 03:52 - 2012-05-25 10:18 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll
2012-05-25 03:52 - 2012-05-25 09:49 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.1390
2012-05-25 03:52 - 2012-05-25 04:03 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.7994
2012-05-25 03:52 - 2012-05-25 04:03 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.4604
2012-05-25 03:52 - 2012-05-25 03:57 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.8422
2012-05-25 03:52 - 2012-05-25 03:55 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.6879
2012-05-25 03:52 - 2012-05-25 03:52 - 00275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.11014
2012-05-25 01:15 - 2012-06-05 18:51 - 00000000 ____D C:\Users\Matt\Desktop\Software Shortcuts
2012-05-25 01:09 - 2012-05-25 01:09 - 00000000 ____D C:\Users\Matt\Documents\Proof of Minor
2012-05-25 00:59 - 2012-06-02 20:53 - 00000000 ____D C:\Users\Matt\My Software
2012-05-25 00:56 - 2012-05-25 00:57 - 00000000 ____D C:\Users\Matt\Documents\PC Mark
2012-05-25 00:50 - 2012-05-25 00:50 - 00000000 ____D C:\Users\Matt\Documents\808 Juice
2012-05-24 19:50 - 2012-05-24 19:50 - 00000000 ____D C:\Users\Matt\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-24 19:50 - 2012-05-24 19:50 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-05-24 17:50 - 2012-05-24 17:51 - 00000000 ____D C:\Users\Matt\Documents\B
2012-05-22 16:26 - 2012-05-22 16:26 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-05-22 16:25 - 2012-05-22 16:25 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-05-22 16:25 - 2012-05-22 16:25 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-05-22 00:05 - 2012-05-22 00:05 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-20 23:55 - 2012-06-07 20:38 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2012-05-20 23:55 - 2012-05-20 23:55 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-05-20 23:54 - 2012-05-20 23:55 - 00000000 ____D C:\Users\All Users\Skype
2012-05-20 13:42 - 2012-05-20 13:42 - 00000000 ____D C:\Users\Matt\AppData\Local\MPlayer
2012-05-20 13:37 - 2012-05-20 13:42 - 00000000 ____D C:\Users\All Users\PMS
2012-05-20 13:37 - 2012-05-20 13:42 - 00000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-05-18 23:38 - 2012-05-25 09:55 - 00000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2012-05-18 23:35 - 2012-05-18 23:35 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-18 23:34 - 2012-06-01 23:16 - 00000000 ____D C:\Users\Matt\AppData\Local\WeatherBug
2012-05-18 23:34 - 2012-05-18 23:34 - 00000000 ____D C:\Users\Matt\AppData\Roaming\WeatherBug
2012-05-18 23:34 - 2012-05-18 23:34 - 00000000 ____D C:\Program Files (x86)\AWS
2012-05-18 23:33 - 2012-05-29 16:51 - 00000287 ____A C:\user.js
2012-05-18 23:33 - 2012-05-18 23:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-17 11:20 - 2012-05-17 11:20 - 00000000 ____D C:\Windows\RegisteredPackages
2012-05-17 11:20 - 2012-05-17 11:20 - 00000000 ____D C:\Program Files (x86)\Windows Media Components
2012-05-17 11:20 - 2012-05-17 11:20 - 00000000 ____D C:\IExp1.tmp
2012-05-17 11:20 - 2012-05-17 11:20 - 00000000 ____D C:\IExp0.tmp
2012-05-17 11:15 - 2012-05-17 11:15 - 00000000 ____D C:\Program Files (x86)\Futuremark
2012-05-17 11:03 - 2012-05-17 11:03 - 00000000 ____D C:\Users\Matt\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-17 10:56 - 2012-06-07 14:00 - 00000522 ____A C:\Windows\Tasks\One-Click Tweak.job
2012-05-16 14:17 - 2012-05-16 14:17 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-05-16 13:40 - 2012-05-16 13:40 - 00000000 ____D C:\Users\All Users\ALM
2012-05-16 13:35 - 2012-05-16 13:35 - 00000000 ____D C:\Users\Matt\Adobe Flash Builder 4.5
2012-05-16 13:29 - 2012-05-16 13:29 - 00000000 ____D C:\Program Files (x86)\Adobe Story
2012-05-16 13:28 - 2012-05-16 13:28 - 00000000 ____D C:\Program Files (x86)\My Company Name
2012-05-16 13:28 - 2011-11-03 05:01 - 00056208 ____N (Rovi Corporation) C:\Windows\System32\Drivers\PxHlpa64.sys
2012-05-16 13:28 - 2009-06-23 05:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdralw2k.sys
2012-05-16 13:28 - 2009-06-23 05:00 - 00010224 ____N (Sonic Solutions) C:\Windows\System32\Drivers\cdr4_xp.sys
2012-05-16 13:17 - 2012-06-07 03:43 - 888144860 ____A C:\Windows\MEMORY.DMP
2012-05-16 13:13 - 2012-05-16 13:13 - 00257724 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-05-16 13:12 - 2012-05-16 13:13 - 00293016 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-05-16 13:12 - 2012-05-16 13:12 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-05-16 13:12 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-16 13:12 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-16 13:12 - 2012-02-27 22:56 - 02311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-16 13:12 - 2012-02-27 22:50 - 01345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-16 13:12 - 2012-02-27 22:49 - 01390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-16 13:12 - 2012-02-27 22:48 - 01493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-16 13:12 - 2012-02-27 22:48 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-16 13:12 - 2012-02-27 22:47 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-16 13:12 - 2012-02-27 22:45 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-16 13:12 - 2012-02-27 22:43 - 02144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-16 13:12 - 2012-02-27 22:43 - 00096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-16 13:12 - 2012-02-27 22:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-16 13:12 - 2012-02-27 22:39 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-16 13:12 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-16 13:12 - 2012-02-27 17:27 - 09705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-16 13:12 - 2012-02-27 17:18 - 01799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-16 13:12 - 2012-02-27 17:12 - 01103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-16 13:12 - 2012-02-27 17:11 - 01427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-16 13:12 - 2012-02-27 17:11 - 01127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-16 13:12 - 2012-02-27 17:09 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-16 13:12 - 2012-02-27 17:08 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-16 13:12 - 2012-02-27 17:06 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-16 13:12 - 2012-02-27 17:04 - 01792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-16 13:12 - 2012-02-27 17:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-16 13:12 - 2012-02-27 17:03 - 00072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-16 13:12 - 2012-02-27 16:59 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-16 13:10 - 2012-02-29 22:46 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-05-16 13:10 - 2012-02-29 22:38 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-05-16 13:10 - 2012-02-29 22:33 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-05-16 13:10 - 2012-02-29 22:28 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-05-16 13:10 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-05-16 13:10 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-05-16 13:10 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-05-16 13:04 - 2012-06-05 19:03 - 00000000 ____D C:\Program Files\Common Files\Adobe
2012-05-16 13:04 - 2012-06-05 19:03 - 00000000 ____D C:\Program Files\Adobe
2012-05-16 10:28 - 2012-06-07 04:00 - 00000000 ____D C:\Users\Matt\AppData\Local\Adobe
2012-05-16 09:59 - 2012-03-30 22:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-16 09:59 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-16 09:59 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-16 09:59 - 2012-03-30 19:10 - 03146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-16 09:59 - 2012-03-02 22:35 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-16 09:59 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-16 09:59 - 2012-01-04 02:44 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-05-16 09:59 - 2012-01-04 02:44 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-05-16 09:59 - 2012-01-04 00:59 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-05-16 09:59 - 2012-01-04 00:58 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-05-16 09:59 - 2011-12-29 22:26 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-05-16 09:59 - 2011-12-29 21:27 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-05-16 09:59 - 2011-11-16 22:49 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-05-16 09:59 - 2011-11-16 22:49 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-05-16 09:59 - 2011-11-16 22:44 - 00459232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-05-16 09:59 - 2011-11-16 22:35 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-05-16 09:59 - 2011-11-16 22:35 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-05-16 09:59 - 2011-11-16 22:35 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-05-16 09:59 - 2011-11-16 22:35 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-05-16 09:59 - 2011-11-16 22:35 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-05-16 09:59 - 2011-11-16 22:35 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-05-16 09:59 - 2011-11-16 22:33 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-05-16 09:59 - 2011-11-16 21:35 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-05-16 09:59 - 2011-11-16 21:34 - 00224768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-05-16 09:59 - 2011-11-16 21:34 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-05-16 09:59 - 2011-11-16 21:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-16 09:59 - 2011-10-25 21:25 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-05-16 09:59 - 2011-10-25 21:25 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-05-16 09:59 - 2011-10-25 21:21 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-05-16 09:59 - 2011-10-25 20:32 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-05-16 09:59 - 2011-10-25 20:32 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-05-16 09:59 - 2011-07-08 18:46 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-05-16 09:59 - 2011-06-15 21:49 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-05-16 09:59 - 2011-06-15 20:33 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-05-16 09:59 - 2011-06-15 02:02 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-05-16 09:59 - 2011-06-15 02:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-05-16 09:59 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-05-16 09:59 - 2011-06-15 02:02 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-05-16 09:59 - 2011-06-15 00:55 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-05-16 09:59 - 2011-06-15 00:55 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-05-16 09:59 - 2011-06-15 00:55 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-05-16 09:59 - 2011-06-15 00:55 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-05-16 09:59 - 2011-06-15 00:55 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-05-16 09:59 - 2011-03-12 04:08 - 01465344 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2012-05-16 09:59 - 2011-03-12 03:23 - 00870912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2012-05-16 09:58 - 2012-03-30 03:35 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-16 09:58 - 2012-03-16 23:58 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-16 09:58 - 2011-12-27 19:59 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-05-16 09:58 - 2011-12-16 00:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-05-16 09:58 - 2011-12-15 23:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-05-16 09:58 - 2011-11-04 21:32 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-05-16 09:58 - 2011-11-04 20:26 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-05-16 09:58 - 2011-10-14 22:31 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-05-16 09:58 - 2011-10-14 21:38 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-05-16 09:58 - 2011-08-26 21:37 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-05-16 09:58 - 2011-08-26 21:37 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-05-16 09:58 - 2011-08-26 20:26 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-05-16 09:58 - 2011-08-26 20:26 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-05-16 09:58 - 2011-08-16 21:26 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-05-16 09:58 - 2011-08-16 21:25 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-05-16 09:58 - 2011-08-16 20:24 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-05-16 09:58 - 2011-08-16 20:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-05-16 09:58 - 2011-07-15 21:41 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-05-16 09:58 - 2011-07-15 21:41 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-05-16 09:58 - 2011-07-15 21:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-05-16 09:58 - 2011-07-15 21:39 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-05-16 09:58 - 2011-07-15 21:37 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-05-16 09:58 - 2011-07-15 21:37 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 21:21 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:29 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-05-16 09:58 - 2011-07-15 20:25 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-05-16 09:58 - 2011-07-15 20:24 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-05-16 09:58 - 2011-07-15 20:24 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-05-16 09:58 - 2011-07-15 20:24 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 20:15 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 18:21 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-05-16 09:58 - 2011-07-15 18:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-05-16 09:58 - 2011-07-15 18:17 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 18:17 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 18:17 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-05-16 09:58 - 2011-07-15 18:17 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-05-16 09:58 - 2011-06-23 21:34 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-05-16 09:58 - 2011-06-23 21:25 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-05-16 09:58 - 2011-02-22 20:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2012-05-16 09:57 - 2011-11-19 06:58 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-05-16 09:57 - 2011-11-19 06:01 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-05-16 09:57 - 2011-11-16 22:41 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-05-16 09:57 - 2011-11-16 22:41 - 00000000 __SHD C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8}
2012-05-16 09:57 - 2011-11-16 21:38 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-05-16 03:26 - 2012-06-07 20:44 - 00000250 ____A C:\Windows\Tasks\AutoKMS.job
2012-05-16 03:26 - 2012-05-16 09:50 - 00000000 ____D C:\AutoKMS
2012-05-16 03:26 - 2012-05-16 03:26 - 00000000 ____D C:\Program Files (x86)\Detong
2012-05-16 03:26 - 2012-05-16 03:26 - 00000000 ____D C:\Program Files (x86)\Classic Menu for Office 2010
2012-05-16 03:22 - 2012-05-16 03:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-16 03:22 - 2012-05-16 03:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-05-16 03:21 - 2012-05-16 03:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-16 03:20 - 2012-05-25 04:14 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-05-16 03:20 - 2012-05-16 03:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2012-05-16 03:20 - 2012-05-16 03:20 - 00000000 __RHD C:\MSOCache
2012-05-16 03:20 - 2012-05-16 03:20 - 00000000 ____D C:\Users\Matt\AppData\Local\Microsoft Help
2012-05-16 03:20 - 2012-05-16 03:20 - 00000000 ____D C:\Program Files\Microsoft Office
2012-05-16 03:20 - 2012-05-16 03:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-05-16 03:12 - 2012-05-29 20:01 - 00796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-16 03:05 - 2012-05-16 03:06 - 00000000 ____D C:\Users\Matt\AppData\Roaming\WinRAR
2012-05-16 03:04 - 2012-05-16 03:05 - 00000000 ____D C:\Program Files\WinRAR
2012-05-16 02:16 - 2012-05-16 02:16 - 00000000 ____D C:\Users\Matt\AppData\Roaming\PowerISO
2012-05-15 23:50 - 2012-02-16 22:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-05-15 23:50 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-05-15 23:50 - 2012-02-16 20:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-05-15 23:50 - 2012-02-16 20:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-05-15 23:50 - 2012-01-24 22:38 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-05-15 23:50 - 2012-01-24 22:38 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-05-15 23:50 - 2012-01-24 22:33 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-05-15 23:47 - 2012-05-15 22:19 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Toshiba
2012-05-15 23:41 - 2012-06-05 19:23 - 00124800 ____A C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-15 23:40 - 2012-06-07 05:05 - 00000000 ____D C:\Users\Matt\AppData\Local\TOSHIBA
2012-05-15 23:40 - 2012-06-03 16:29 - 00000000 ____D C:\Users\Matt\AppData\Local\VirtualStore
2012-05-15 23:40 - 2012-05-18 23:34 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2012-05-15 23:40 - 2012-05-15 23:40 - 00000013 __RSH C:\Windows\System32\Drivers\fbd.sys
2012-05-15 23:39 - 2012-06-03 16:33 - 00000000 ____D C:\Users\Matt\AppData\LocalLow
2012-05-15 23:39 - 2012-05-29 17:47 - 00000000 ____D C:\users\Matt
2012-05-15 23:39 - 2012-05-16 03:13 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-05-15 23:39 - 2012-05-15 23:39 - 00000020 ___SH C:\Users\Matt\ntuser.ini
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\Templates
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\Start Menu
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\PrintHood
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\NetHood
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\My Documents
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\Documents\My Videos
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\Documents\My Pictures
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\Documents\My Music
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\AppData\Local\Temporary Internet Files
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 __SHD C:\Users\Matt\AppData\Local\History
2012-05-15 23:39 - 2012-05-15 23:39 - 00000000 ____D C:\Users\Matt\AppData\Roaming\WinBatch
2012-05-15 23:39 - 2011-08-21 19:19 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Macromedia
2012-05-15 23:39 - 2010-11-20 23:16 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Media Center Programs
2012-05-15 23:33 - 2012-05-15 23:33 - 00000000 ____D C:\Program Files (x86)\PowerISO
2012-05-15 23:33 - 2012-04-18 19:57 - 00126912 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-05-15 23:29 - 2012-05-15 23:31 - 00000000 ____D C:\Users\All Users\DAEMON Tools Pro
2012-05-15 23:26 - 2012-05-15 23:27 - 00000000 ____D C:\Program Files (x86)\Vid-Saver
2012-05-15 23:26 - 2012-05-15 23:26 - 00000000 ____D C:\Users\Matt\AppData\Local\Vid-Saver
2012-05-15 23:26 - 2012-05-15 23:26 - 00000000 ____D C:\Program Files (x86)\uTorrent
2012-05-15 23:24 - 2012-06-07 03:02 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2012-05-15 23:13 - 2012-05-15 23:13 - 00000000 ____D C:\Users\Matt\AppData\Local\Apps\2.0
2012-05-15 22:52 - 2012-05-15 22:52 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Tific
2012-05-15 22:03 - 2012-05-15 22:03 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Google
2012-05-15 21:51 - 2012-06-06 17:17 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Adobe
2012-05-15 21:51 - 2012-05-16 10:27 - 00000000 ____D C:\Users\Matt\AppData\Local\Google

============ 3 Months Modified Files and Folders =============

2012-06-07 20:44 - 2012-05-29 20:00 - 0000000 ____D C:\Users\All Users\VMware
2012-06-07 20:44 - 2012-05-16 03:26 - 0000250 ____A C:\Windows\Tasks\AutoKMS.job
2012-06-07 20:44 - 2012-04-18 13:57 - 4221583360 __ASH C:\hiberfil.sys
2012-06-07 20:44 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-06-07 20:44 - 2009-07-13 20:51 - 0037155 ____A C:\Windows\setupact.log
2012-06-07 20:44 - 2009-07-13 20:45 - 0025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-07 20:44 - 2009-07-13 20:45 - 0025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-07 20:43 - 2012-06-07 20:42 - 1396571 ____A C:\Users\Matt\Downloads\FRST64.exe
2012-06-07 20:43 - 2012-04-18 14:10 - 1620610 ____A C:\Windows\WindowsUpdate.log
2012-06-07 20:38 - 2012-05-20 23:55 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Skype
2012-06-07 20:37 - 2012-04-18 14:22 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-07 20:03 - 2012-04-18 14:22 - 0000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-07 20:00 - 2009-07-13 21:13 - 0783066 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-07 19:41 - 2012-06-07 19:41 - 0869754 ____A C:\Users\Matt\Downloads\FRST.exe
2012-06-07 19:40 - 2012-06-07 19:07 - 0187604 ____A C:\Windows\ntbtlog.txt
2012-06-07 19:22 - 2012-04-18 14:21 - 0175736 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
2012-06-07 19:22 - 2012-04-18 14:21 - 0007488 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
2012-06-07 19:22 - 2012-04-18 14:21 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF
2012-06-07 19:22 - 2012-04-18 14:21 - 0000000 ____D C:\Program Files\Symantec
2012-06-07 19:22 - 2012-04-18 14:21 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-06-07 19:18 - 2012-06-07 19:18 - 0595456 ____A (OldTimer Tools) C:\Users\Matt\Downloads\OTL.exe
2012-06-07 18:47 - 2012-06-07 18:46 - 0000000 ____D C:\FRST
2012-06-07 14:00 - 2012-05-17 10:56 - 0000522 ____A C:\Windows\Tasks\One-Click Tweak.job
2012-06-07 05:05 - 2012-05-15 23:40 - 0000000 ____D C:\Users\Matt\AppData\Local\TOSHIBA
2012-06-07 04:00 - 2012-05-16 10:28 - 0000000 ____D C:\Users\Matt\AppData\Local\Adobe
2012-06-07 03:55 - 2012-06-07 03:50 - 74263072 ____A (Microsoft Corporation) C:\Users\Matt\Downloads\msert.exe
2012-06-07 03:47 - 2012-04-18 14:07 - 0000000 ____D C:\users\UpdatusUser
2012-06-07 03:44 - 2012-06-07 03:43 - 0262144 ____A C:\Windows\Minidump\060712-33212-01.dmp
2012-06-07 03:43 - 2012-06-07 03:43 - 0000000 ____D C:\Windows\Minidump
2012-06-07 03:43 - 2012-05-16 13:17 - 888144860 ____A C:\Windows\MEMORY.DMP
2012-06-07 03:02 - 2012-05-15 23:24 - 0000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2012-06-06 19:24 - 2012-06-03 21:06 - 0000000 ____D C:\Users\Matt\Documents\XHTML
2012-06-06 17:18 - 2011-08-21 19:18 - 0000000 ____D C:\Users\All Users\Adobe
2012-06-06 17:17 - 2012-05-15 21:51 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Adobe
2012-06-06 16:55 - 2012-06-06 16:55 - 0001456 ____A C:\Users\Matt\AppData\Local\Adobe Save for Web 13.0 Prefs
2012-06-06 16:12 - 2012-06-06 16:11 - 27346432 ____A C:\Users\Matt\Downloads\SolidWorks Document Manager API.msi
2012-06-06 16:11 - 2012-06-06 16:11 - 0000000 ____D C:\Users\Matt\Documents\thedesignsofar
2012-06-06 16:10 - 2012-06-06 16:10 - 0259650 ____A C:\Users\Matt\Downloads\thedesignsofar.zip
2012-06-05 22:15 - 2012-06-05 22:04 - 0000000 ____D C:\Users\Matt\Downloads\CSS - CSS Page Layouts
2012-06-05 22:06 - 2012-06-05 22:05 - 0000000 ____D C:\Users\Matt\Downloads\Openmirrors.com__Lynda.com - CSS Core Concepts
2012-06-05 22:03 - 2012-06-05 22:03 - 0019697 ____A C:\Users\Matt\Downloads\CSS_Fundametals_Lynda_com_o-Demonoid.me-o_9406170.2018.torrent
2012-06-05 19:43 - 2009-07-13 20:45 - 5151264 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-05 19:42 - 2010-11-20 19:47 - 0046648 ____A C:\Windows\PFRO.log
2012-06-05 19:31 - 2012-06-05 19:31 - 0000000 ____D C:\Users\Matt\Documents\Adobe
2012-06-05 19:28 - 2012-06-05 19:28 - 0000000 ____D C:\Users\Matt\Documents\Adobe Scripts
2012-06-05 19:27 - 2012-06-05 19:27 - 0000000 ____D C:\Users\Matt\AppData\Roaming\ResourceCentral.E6E1B28A311BC518DB6C6883EA3757FDE0E90ADC.1
2012-06-05 19:24 - 2012-06-05 19:24 - 0000000 ____D C:\Users\Public\Documents\Adobe
2012-06-05 19:24 - 2012-06-05 19:24 - 0000000 ____D C:\Users\Matt\AppData\Roaming\NVIDIA
2012-06-05 19:23 - 2012-05-15 23:41 - 0124800 ____A C:\Users\Matt\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-05 19:03 - 2012-05-16 13:04 - 0000000 ____D C:\Program Files\Common Files\Adobe
2012-06-05 19:03 - 2012-05-16 13:04 - 0000000 ____D C:\Program Files\Adobe
2012-06-05 19:02 - 2011-08-21 19:18 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-06-05 18:55 - 2012-06-05 18:55 - 0002037 ____A C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
2012-06-05 18:51 - 2012-05-25 01:15 - 0000000 ____D C:\Users\Matt\Desktop\Software Shortcuts
2012-06-05 18:41 - 2012-06-03 19:22 - 0000000 ____D C:\Users\All Users\DassaultSystemes
2012-06-05 17:13 - 2012-06-05 16:47 - 0000000 ____D C:\Users\Matt\Downloads\Lynda.com - Dreamweaver CS6 Essential Training (Complete with Exercise Files)
2012-06-05 13:09 - 2012-06-05 13:09 - 0202882 ____A C:\Users\Matt\Downloads\COE Humanity.pdf
2012-06-05 00:20 - 2012-06-05 00:14 - 0000000 ____D C:\Users\Matt\Downloads\The Blue Lagoon Special Edition 1980 DvDrip[Eng]-greenbud1969
2012-06-04 17:13 - 2012-06-04 17:13 - 0186549 ____A C:\Users\Matt\Downloads\COE.pdf
2012-06-04 16:49 - 2012-06-04 16:44 - 0000000 ____D C:\Users\Matt\Downloads\BitDefender Total Security 2012 Build 15.0.31.1282 Final x86 - BRiNGiT
2012-06-04 15:10 - 2012-06-04 15:07 - 0000000 ____D C:\Users\Matt\Downloads\LC_Excel2010_CID
2012-06-04 14:15 - 2012-06-04 14:15 - 0212868 ____A C:\Users\Matt\Downloads\scan0032.pdf
2012-06-03 20:19 - 2012-06-03 20:05 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Notepad++
2012-06-03 20:05 - 2012-06-03 20:05 - 0001080 ____A C:\Users\Matt\Desktop\Notepad++.lnk
2012-06-03 20:05 - 2012-06-03 20:05 - 0000000 ____D C:\Program Files (x86)\Notepad++
2012-06-03 19:22 - 2012-06-03 19:22 - 0000000 ____D C:\Users\Matt\AppData\Roaming\EDrawings
2012-06-03 19:22 - 2012-06-03 19:22 - 0000000 ____D C:\Users\Matt\AppData\Roaming\DassaultSystemes
2012-06-03 19:22 - 2012-06-03 19:22 - 0000000 ____D C:\Users\Matt\AppData\Local\DassaultSystemes
2012-06-03 19:22 - 2012-05-25 13:00 - 0000000 ____D C:\Users\All Users\FLEXnet
2012-06-03 19:11 - 2012-06-03 19:11 - 0000000 ____A C:\Windows\eDrawingOfficeAutomator.INI
2012-06-03 19:03 - 2012-06-03 19:03 - 59183744 ____A (Dassault Systèmes SolidWorks Corp. ) C:\Users\Matt\Downloads\eDrawingsFullEnglish.exe
2012-06-03 17:12 - 2012-06-03 17:05 - 0000000 ____D C:\Users\Matt\Downloads\Lynda.com_XHTML and HTML Essential Training
2012-06-03 16:33 - 2012-05-15 23:39 - 0000000 ____D C:\Users\Matt\AppData\LocalLow
2012-06-03 16:29 - 2012-05-15 23:40 - 0000000 ____D C:\Users\Matt\AppData\Local\VirtualStore
2012-06-03 15:51 - 2012-05-29 20:36 - 0000000 ____D C:\Users\Matt\Documents\Scores
2012-06-03 11:49 - 2012-06-03 11:49 - 0000000 ____D C:\Users\All Users\Pinnacle
2012-06-03 11:49 - 2012-05-29 20:35 - 0000000 ____D C:\Users\All Users\Avid
2012-06-03 11:45 - 2012-05-29 20:35 - 0000000 ____D C:\Program Files (x86)\Avid
2012-06-03 11:42 - 2012-05-29 20:35 - 0000000 ____D C:\Users\Public\Documents\Sibelius Example Scores
2012-06-02 21:45 - 2012-05-25 13:00 - 0000000 ____D C:\Users\All Users\Rosetta Stone
2012-06-02 20:53 - 2012-05-25 00:59 - 0000000 ____D C:\Users\Matt\My Software
2012-06-01 23:16 - 2012-05-18 23:34 - 0000000 ____D C:\Users\Matt\AppData\Local\WeatherBug
2012-05-31 16:51 - 2012-05-31 16:51 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-05-31 16:47 - 2012-05-31 16:47 - 0419488 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-05-31 16:47 - 2012-05-31 16:47 - 0000000 ____D C:\Windows\System32\Macromed
2012-05-31 16:47 - 2011-08-21 19:19 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-05-31 16:45 - 2012-05-29 20:35 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Avid
2012-05-31 16:42 - 2012-05-31 16:42 - 0000604 ___AH C:\Program Files (x86)\_Z2
2012-05-31 16:42 - 2012-05-29 20:03 - 0000000 ____D C:\Users\Matt\AppData\Roaming\VMware
2012-05-31 16:42 - 2012-05-29 20:03 - 0000000 ____D C:\Users\Matt\AppData\Local\VMware
2012-05-29 20:39 - 2012-05-29 20:39 - 0000000 ____D C:\Program Files (x86)\Sibelius Software
2012-05-29 20:39 - 2012-05-29 20:39 - 0000000 ____D C:\Program Files (x86)\Neuratron AudioScore Lite
2012-05-29 20:35 - 2012-05-29 20:35 - 0000000 ____D C:\Program Files\Avid
2012-05-29 20:34 - 2012-05-29 20:34 - 0000000 ____D C:\Users\Matt\AppData\Local\start
2012-05-29 20:01 - 2012-05-29 20:01 - 0001024 ____A C:\.rnd
2012-05-29 20:01 - 2012-05-16 03:12 - 0796420 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-29 20:00 - 2012-05-29 20:00 - 0000000 ____D C:\Users\Public\Documents\Shared Virtual Machines
2012-05-29 20:00 - 2012-05-29 20:00 - 0000000 ____D C:\Program Files\Common Files\VMware
2012-05-29 20:00 - 2012-05-29 20:00 - 0000000 ____D C:\Program Files (x86)\VMware
2012-05-29 19:59 - 2012-05-25 12:03 - 0000000 ____D C:\Users\Matt\Downloads\Dream files
2012-05-29 19:45 - 2012-05-29 17:44 - 0000000 ____D C:\Users\Matt\VirtualBox VMs
2012-05-29 19:45 - 2012-05-29 17:18 - 0000000 ____D C:\Users\Matt\.VirtualBox
2012-05-29 18:10 - 2012-05-25 11:49 - 0000000 ____D C:\Users\Matt\AppData\Local\CrashDumps
2012-05-29 17:47 - 2012-05-29 17:47 - 0000309 ____A C:\Users\Matt\2012-05-30-01-47-51.003-VirtualBox.exe-7936.log
2012-05-29 17:47 - 2012-05-15 23:39 - 0000000 ____D C:\users\Matt
2012-05-29 17:17 - 2012-05-29 17:17 - 0000000 ____D C:\Program Files\Oracle
2012-05-29 16:51 - 2012-05-29 16:51 - 0000000 ____D C:\Users\Matt\AppData\Roaming\BabylonToolbar
2012-05-29 16:51 - 2012-05-29 16:51 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Babylon
2012-05-29 16:51 - 2012-05-29 16:51 - 0000000 ____D C:\Users\All Users\Babylon
2012-05-29 16:51 - 2012-05-29 16:51 - 0000000 ____D C:\Program Files (x86)\BabylonToolbar
2012-05-29 16:51 - 2012-05-18 23:33 - 0000287 ____A C:\user.js
2012-05-27 16:21 - 2012-05-25 12:46 - 0000000 ____D C:\Users\Matt\AppData\Local\libimobiledevice
2012-05-26 23:42 - 2012-05-26 23:40 - 0013824 __ASH C:\Users\Matt\Downloads\Thumbs.db
2012-05-26 22:56 - 2012-05-25 14:05 - 0000600 ____A C:\Users\Matt\AppData\Roaming\winscp.rnd
2012-05-26 12:13 - 2012-05-26 12:13 - 0000000 ____D C:\Users\Matt\AppData\Local\Windows Live
2012-05-26 12:13 - 2012-05-26 12:12 - 0000000 ____D C:\Users\Matt\AppData\Local\{479BE9B8-16BB-475F-95FB-8084788DE730}
2012-05-25 14:21 - 2012-05-25 14:19 - 0000000 ____D C:\Users\Matt\Documents\Iphone Backup
2012-05-25 14:05 - 2012-05-25 14:05 - 0000000 ____D C:\Program Files (x86)\WinSCP
2012-05-25 13:00 - 2012-05-25 13:00 - 0000000 ____D C:\Program Files (x86)\Rosetta Stone
2012-05-25 12:47 - 2012-05-25 12:03 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Apple Computer
2012-05-25 12:03 - 2012-05-25 12:03 - 0000000 ____D C:\Users\Matt\AppData\Local\Apple Computer
2012-05-25 12:03 - 2012-05-25 12:02 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-25 12:03 - 2012-05-25 12:02 - 0000000 ____D C:\Program Files\iTunes
2012-05-25 12:03 - 2012-05-25 12:02 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-05-25 12:02 - 2012-05-25 12:02 - 0000000 ____D C:\Users\Matt\AppData\Local\Apple
2012-05-25 12:02 - 2012-05-25 12:02 - 0000000 ____D C:\Users\All Users\Apple Computer
2012-05-25 12:02 - 2012-05-25 12:02 - 0000000 ____D C:\Program Files\iPod
2012-05-25 12:02 - 2012-05-25 12:02 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-05-25 12:02 - 2012-05-25 12:01 - 0000000 ____D C:\Users\All Users\Apple
2012-05-25 12:01 - 2012-05-25 12:01 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-05-25 12:01 - 2012-05-25 12:01 - 0000000 ____D C:\Program Files\Bonjour
2012-05-25 12:01 - 2012-05-25 12:01 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-05-25 11:58 - 2012-05-25 11:58 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2012-05-25 10:54 - 2012-05-25 10:54 - 0000000 ____D C:\Users\Matt\AppData\Local\VS Revo Group
2012-05-25 10:54 - 2012-05-25 10:54 - 0000000 ____D C:\Program Files\VS Revo Group
2012-05-25 10:23 - 2012-05-25 10:23 - 0000000 ____D C:\Users\Matt\Documents\Any Video Converter
2012-05-25 10:23 - 2012-05-25 10:23 - 0000000 ____D C:\Users\Matt\AppData\Roaming\AnvSoft
2012-05-25 10:23 - 2012-05-25 03:52 - 0000000 ____D C:\Program Files (x86)\DreamScene Seven
2012-05-25 10:21 - 2012-05-25 10:21 - 0000000 ____D C:\Program Files (x86)\AnvSoft
2012-05-25 10:18 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.649
2012-05-25 10:18 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll
2012-05-25 09:55 - 2012-05-18 23:38 - 0000000 ____D C:\Users\Matt\AppData\Roaming\vlc
2012-05-25 09:49 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.1390
2012-05-25 09:44 - 2011-08-21 19:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-05-25 04:14 - 2012-05-16 03:20 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-05-25 04:12 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-05-25 04:11 - 2009-07-13 18:34 - 0000478 ____A C:\Windows\win.ini
2012-05-25 04:08 - 2012-05-25 04:08 - 0000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2012-05-25 04:08 - 2012-05-25 04:08 - 0000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2012-05-25 04:03 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.7994
2012-05-25 04:03 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.4604
2012-05-25 03:57 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.8422
2012-05-25 03:55 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.6879
2012-05-25 03:52 - 2012-05-25 03:52 - 0275360 ____A (Microsoft Corporation) C:\Windows\System32\DreamScene.dll.11014
2012-05-25 01:09 - 2012-05-25 01:09 - 0000000 ____D C:\Users\Matt\Documents\Proof of Minor
2012-05-25 00:57 - 2012-05-25 00:56 - 0000000 ____D C:\Users\Matt\Documents\PC Mark
2012-05-25 00:50 - 2012-05-25 00:50 - 0000000 ____D C:\Users\Matt\Documents\808 Juice
2012-05-24 20:24 - 2009-07-13 19:18 - 0000000 __SHD C:\$Recycle.Bin
2012-05-24 19:50 - 2012-05-24 19:50 - 0000000 ____D C:\Users\Matt\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-05-24 19:50 - 2012-05-24 19:50 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Adobe Mini Bridge CS5.1
2012-05-24 17:51 - 2012-05-24 17:50 - 0000000 ____D C:\Users\Matt\Documents\B
2012-05-23 20:33 - 2010-11-20 23:16 - 0000000 ___RD C:\Users\Public\Recorded TV
2012-05-23 20:26 - 2012-04-18 14:21 - 0000000 ____D C:\Windows\System32\Drivers\NISx64
2012-05-22 16:26 - 2012-05-29 17:18 - 0224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
2012-05-22 16:26 - 2012-05-29 17:18 - 0130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
2012-05-22 16:26 - 2012-05-22 16:26 - 0147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
2012-05-22 16:25 - 2012-05-22 16:25 - 0320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
2012-05-22 16:25 - 2012-05-22 16:25 - 0166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
2012-05-22 00:05 - 2012-05-22 00:05 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-05-20 23:55 - 2012-05-20 23:55 - 0000000 ___RD C:\Program Files (x86)\Skype
2012-05-20 23:55 - 2012-05-20 23:54 - 0000000 ____D C:\Users\All Users\Skype
2012-05-20 13:42 - 2012-05-20 13:42 - 0000000 ____D C:\Users\Matt\AppData\Local\MPlayer
2012-05-20 13:42 - 2012-05-20 13:37 - 0000000 ____D C:\Users\All Users\PMS
2012-05-20 13:42 - 2012-05-20 13:37 - 0000000 ____D C:\Program Files (x86)\PS3 Media Server
2012-05-19 10:15 - 2009-07-13 19:20 - 0000000 __RHD C:\Users\Public\Libraries
2012-05-19 00:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-05-18 23:35 - 2012-05-18 23:35 - 0000000 ____D C:\Program Files (x86)\VideoLAN
2012-05-18 23:34 - 2012-05-18 23:34 - 0000000 ____D C:\Users\Matt\AppData\Roaming\WeatherBug
2012-05-18 23:34 - 2012-05-18 23:34 - 0000000 ____D C:\Program Files (x86)\AWS
2012-05-18 23:34 - 2012-05-15 23:40 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Mozilla
2012-05-18 23:33 - 2012-05-18 23:33 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-05-18 23:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-05-17 11:20 - 2012-05-17 11:20 - 0000000 ____D C:\Windows\RegisteredPackages
2012-05-17 11:20 - 2012-05-17 11:20 - 0000000 ____D C:\Program Files (x86)\Windows Media Components
2012-05-17 11:20 - 2012-05-17 11:20 - 0000000 ____D C:\IExp1.tmp
2012-05-17 11:20 - 2012-05-17 11:20 - 0000000 ____D C:\IExp0.tmp
2012-05-17 11:20 - 2011-08-21 18:57 - 0000000 ___HD C:\Windows\msdownld.tmp
2012-05-17 11:16 - 2011-08-21 19:18 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-05-17 11:15 - 2012-05-17 11:15 - 0000000 ____D C:\Program Files (x86)\Futuremark
2012-05-17 11:03 - 2012-05-17 11:03 - 0000000 ____D C:\Users\Matt\AppData\Roaming\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-17 10:35 - 2012-04-18 14:21 - 0000000 ____D C:\Users\All Users\Norton
2012-05-16 16:06 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-05-16 14:17 - 2012-05-16 14:17 - 0000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
2012-05-16 13:40 - 2012-05-16 13:40 - 0000000 ____D C:\Users\All Users\ALM
2012-05-16 13:35 - 2012-05-16 13:35 - 0000000 ____D C:\Users\Matt\Adobe Flash Builder 4.5
2012-05-16 13:29 - 2012-05-16 13:29 - 0000000 ____D C:\Program Files (x86)\Adobe Story
2012-05-16 13:28 - 2012-05-16 13:28 - 0000000 ____D C:\Program Files (x86)\My Company Name
2012-05-16 13:17 - 2010-11-20 23:17 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-16 13:13 - 2012-05-16 13:13 - 0257724 ____A C:\Windows\msxml4-KB973688-enu.LOG
2012-05-16 13:13 - 2012-05-16 13:12 - 0293016 ____A C:\Windows\msxml4-KB954430-enu.LOG
2012-05-16 13:12 - 2012-05-16 13:12 - 0000000 ____D C:\Program Files (x86)\MSXML 4.0
2012-05-16 10:27 - 2012-05-15 21:51 - 0000000 ____D C:\Users\Matt\AppData\Local\Google
2012-05-16 09:50 - 2012-05-16 03:26 - 0000000 ____D C:\AutoKMS
2012-05-16 03:26 - 2012-05-16 03:26 - 0000000 ____D C:\Program Files (x86)\Detong
2012-05-16 03:26 - 2012-05-16 03:26 - 0000000 ____D C:\Program Files (x86)\Classic Menu for Office 2010
2012-05-16 03:22 - 2012-05-16 03:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2012-05-16 03:22 - 2012-05-16 03:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2012-05-16 03:22 - 2012-05-16 03:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-05-16 03:22 - 2011-08-21 19:24 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-05-16 03:22 - 2010-11-20 23:16 - 0000000 ____D C:\Windows\ShellNew
2012-05-16 03:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-05-16 03:21 - 2012-05-16 03:21 - 0000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2012-05-16 03:20 - 2012-05-16 03:20 - 0000000 __RHD C:\MSOCache
2012-05-16 03:20 - 2012-05-16 03:20 - 0000000 ____D C:\Users\Matt\AppData\Local\Microsoft Help
2012-05-16 03:20 - 2012-05-16 03:20 - 0000000 ____D C:\Program Files\Microsoft Office
2012-05-16 03:20 - 2012-05-16 03:20 - 0000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2012-05-16 03:13 - 2012-05-15 23:39 - 0000000 ____D C:\Program Files (x86)\1ClickDownload
2012-05-16 03:06 - 2012-05-16 03:05 - 0000000 ____D C:\Users\Matt\AppData\Roaming\WinRAR
2012-05-16 03:05 - 2012-05-16 03:04 - 0000000 ____D C:\Program Files\WinRAR
2012-05-16 02:16 - 2012-05-16 02:16 - 0000000 ____D C:\Users\Matt\AppData\Roaming\PowerISO
2012-05-15 23:48 - 2012-04-18 14:07 - 0000000 ____D C:\Users\UpdatusUser\AppData\LocalLow
2012-05-15 23:40 - 2012-05-15 23:40 - 0000013 __RSH C:\Windows\System32\Drivers\fbd.sys
2012-05-15 23:40 - 2011-08-22 11:25 - 0000000 ____D C:\Windows\Panther
2012-05-15 23:40 - 2011-08-21 19:19 - 0000000 ____D C:\Program Files (x86)\Toshiba
2012-05-15 23:40 - 2010-11-20 23:06 - 0000000 ____D C:\Windows\SysWOW64\sysprep
2012-05-15 23:40 - 2009-07-13 19:20 - 0000000 ___AD C:\Windows\System32\sysprep
2012-05-15 23:39 - 2012-05-15 23:39 - 0000020 ___SH C:\Users\Matt\ntuser.ini
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\Templates
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\Start Menu
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\PrintHood
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\NetHood
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\My Documents
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\Documents\My Videos
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\Documents\My Pictures
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\Documents\My Music
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\AppData\Local\Temporary Internet Files
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 __SHD C:\Users\Matt\AppData\Local\History
2012-05-15 23:39 - 2012-05-15 23:39 - 0000000 ____D C:\Users\Matt\AppData\Roaming\WinBatch
2012-05-15 23:39 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\restore
2012-05-15 23:33 - 2012-05-15 23:33 - 0000000 ____D C:\Program Files (x86)\PowerISO
2012-05-15 23:31 - 2012-05-15 23:29 - 0000000 ____D C:\Users\All Users\DAEMON Tools Pro
2012-05-15 23:27 - 2012-05-15 23:26 - 0000000 ____D C:\Program Files (x86)\Vid-Saver
2012-05-15 23:26 - 2012-05-15 23:26 - 0000000 ____D C:\Users\Matt\AppData\Local\Vid-Saver
2012-05-15 23:26 - 2012-05-15 23:26 - 0000000 ____D C:\Program Files (x86)\uTorrent
2012-05-15 23:13 - 2012-05-15 23:13 - 0000000 ____D C:\Users\Matt\AppData\Local\Apps\2.0
2012-05-15 22:52 - 2012-05-15 22:52 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Tific
2012-05-15 22:19 - 2012-05-15 23:47 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Toshiba
2012-05-15 22:03 - 2012-05-15 22:03 - 0000000 ____D C:\Users\Matt\AppData\Roaming\Google
2012-05-15 20:38 - 2009-07-13 21:01 - 0108227 ____A C:\Windows\SysWOW64\license.rtf
2012-05-15 20:38 - 2009-07-13 21:01 - 0108227 ____A C:\Windows\System32\license.rtf
2012-04-30 22:42 - 2012-05-29 20:02 - 0063088 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmx86.sys
2012-04-30 22:42 - 2012-05-29 20:01 - 0942192 ____A (VMware, Inc.) C:\Windows\System32\vnetlib64.dll
2012-04-30 22:42 - 2012-05-29 20:01 - 0433264 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2012-04-30 22:42 - 2012-05-29 20:01 - 0354416 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2012-04-30 22:40 - 2012-05-29 20:01 - 0030320 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetuserif.sys
2012-04-30 20:26 - 2012-04-30 20:26 - 0252016 ____A (VMware, Inc.) C:\Windows\SysWOW64\vmnc.dll
2012-04-30 19:22 - 2012-04-30 19:22 - 0062064 ____A (VMware, Inc.) C:\Windows\System32\vmnetbridge.dll
2012-04-30 19:22 - 2012-04-30 19:22 - 0048752 ____A (VMware, Inc.) C:\Windows\System32\vnetinst.dll
2012-04-30 19:22 - 2012-04-30 19:22 - 0045680 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetbridge.sys
2012-04-30 19:22 - 2012-04-30 19:22 - 0024176 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnet.sys
2012-04-30 19:22 - 2012-04-30 19:22 - 0020080 ____A (VMware, Inc.) C:\Windows\System32\Drivers\vmnetadapter.sys
2012-04-18 19:57 - 2012-05-15 23:33 - 0126912 ____A (Power Software Ltd) C:\Windows\System32\Drivers\scdemu.sys
2012-04-18 15:02 - 2009-07-13 20:46 - 0004059 ____A C:\Windows\DtcInstall.log
2012-04-18 15:01 - 2011-08-21 19:40 - 0000050 ____A C:\Windows\System32\Drivers\DCX.LOG
2012-04-18 14:57 - 2009-07-13 21:38 - 0025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-04-18 14:57 - 2009-07-13 21:32 - 0028672 ____A C:\Windows\System32\config\BCD-Template
2012-04-18 14:56 - 2012-04-18 14:56 - 0000000 ____D C:\Program Files (x86)\Toshiba Online Backup
2012-04-18 14:56 - 2011-08-21 19:19 - 0000000 ____D C:\Users\All Users\Toshiba
2012-04-18 14:56 - 2011-08-21 19:18 - 0000000 ____D C:\Program Files\TOSHIBA
2012-04-18 14:55 - 2012-04-18 14:55 - 0000000 ____D C:\Windows\System32\Drivers\NortonPCCheckupx64
2012-04-18 14:55 - 2012-04-18 14:55 - 0000000 ____D C:\Program Files (x86)\Norton PC Checkup
2012-04-18 14:55 - 2012-04-18 14:21 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-04-18 14:55 - 2012-04-18 14:21 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-18 14:51 - 2012-04-18 14:38 - 0000000 ____D C:\Users\All Users\WildTangent
2012-04-18 14:51 - 2012-04-18 14:38 - 0000000 ____D C:\Program Files (x86)\TOSHIBA Games
2012-04-18 14:38 - 2012-04-18 14:38 - 0000000 ____D C:\Program Files (x86)\WildTangent Games
2012-04-18 14:36 - 2012-04-18 14:35 - 0000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2012-04-18 14:35 - 2012-04-18 14:33 - 0000040 ___AH C:\Windows\System32\ivireg.ivr
2012-04-18 14:35 - 2012-04-18 14:33 - 0000000 ____D C:\Program Files (x86)\Corel
2012-04-18 14:35 - 2011-08-21 19:23 - 0203711 ____A C:\Windows\DirectX.log
2012-04-18 14:33 - 2012-04-18 14:33 - 0000000 ____D C:\Users\All Users\Corel
2012-04-18 14:25 - 2012-04-18 14:22 - 0000000 ____D C:\Users\All Users\Google
2012-04-18 14:22 - 2012-04-18 14:22 - 0000000 ____D C:\Program Files\Google
2012-04-18 14:22 - 2012-04-18 14:22 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-18 14:22 - 2011-08-21 18:56 - 0012875 ____A C:\Windows\IE9_main.log
2012-04-18 14:21 - 2012-04-18 14:21 - 0000000 ____D C:\Program Files (x86)\Norton Internet Security
2012-04-18 14:18 - 2012-04-18 14:18 - 0000000 ____D C:\Windows\SysWOW64\SDA
2012-04-18 14:18 - 2012-04-18 14:18 - 0000000 ____D C:\Users\All Users\Downloaded Installations
2012-04-18 14:18 - 2012-04-18 14:18 - 0000000 ____D C:\Program Files (x86)\Renesas Electronics
2012-04-18 14:18 - 2012-04-18 14:18 - 0000000 ____D C:\Program Files (x86)\JMicron
2012-04-18 14:17 - 2012-04-18 14:12 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-18 14:16 - 2012-04-18 14:16 - 0000000 ____D C:\Program Files (x86)\TOH Class Filter
2012-04-18 14:15 - 2012-04-18 14:15 - 0007886 ____A C:\Windows\DPINST.LOG
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\tr
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\sv
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\sk
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\ru
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\pt
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\pl
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\no
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\nl
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\it
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\hu
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\fr
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\fi
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\es
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\el
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\de
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\da
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Windows\System32\cs
2012-04-18 14:15 - 2012-04-18 14:15 - 0000000 ____D C:\Program Files\Synaptics
2012-04-18 14:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-04-18 14:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-04-18 14:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-04-18 14:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-04-18 14:15 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-04-18 14:14 - 2012-04-18 14:14 - 0000000 ____D C:\Windows\System32\nn-NO
2012-04-18 14:14 - 2012-04-18 14:14 - 0000000 ____D C:\Windows\Options
2012-04-18 14:14 - 2012-04-18 14:14 - 0000000 ____D C:\Users\All Users\Atheros
2012-04-18 14:14 - 2012-04-18 14:14 - 0000000 ____D C:\Program Files (x86)\Atheros
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-04-18 14:14 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-04-18 14:12 - 2012-04-18 14:12 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-04-18 14:12 - 2012-04-18 14:12 - 0000000 ____D C:\Program Files\Realtek
2012-04-18 14:12 - 2012-04-18 14:12 - 0000000 ____D C:\Program Files\Common Files\Wave Audio Ltd
2012-04-18 14:11 - 2012-04-18 14:08 - 0000000 ____D C:\Windows\SysWOW64\NV
2012-04-18 14:11 - 2012-04-18 14:08 - 0000000 ____D C:\Windows\System32\NV
2012-04-18 14:10 - 2012-04-18 14:09 - 0000000 ____D C:\Users\All Users\win7_64
2012-04-18 14:10 - 2012-04-18 14:09 - 0000000 ____D C:\Users\All Users\win7_32
2012-04-18 14:09 - 2012-04-18 14:09 - 0020592 ____A (Compal Electronics, INC.) C:\Windows\System32\Drivers\CeKbFilter.sys
2012-04-18 14:09 - 2012-04-18 14:09 - 0000000 ____D C:\Users\All Users\xp
2012-04-18 14:09 - 2012-04-18 14:09 - 0000000 ____D C:\Users\All Users\vista64
2012-04-18 14:09 - 2012-04-18 14:09 - 0000000 ____D C:\Users\All Users\vista32
2012-04-18 14:08 - 2012-04-18 14:08 - 0000000 ____D C:\Windows\System32\Microsoft.VC80.MFC
2012-04-18 14:08 - 2012-04-18 14:08 - 0000000 ____D C:\Windows\Downloaded Installations
2012-04-18 14:08 - 2012-04-18 14:07 - 0000000 ____D C:\Users\All Users\NVIDIA
2012-04-18 14:07 - 2012-04-18 14:07 - 0000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\Templates
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\Start Menu
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\PrintHood
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\NetHood
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\My Documents
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Videos
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Pictures
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\Documents\My Music
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\Temporary Internet Files
2012-04-18 14:07 - 2012-04-18 14:07 - 0000000 __SHD C:\Users\UpdatusUser\AppData\Local\History
2012-04-18 14:07 - 2012-04-18 14:06 - 0000000 ____D C:\Program Files\NVIDIA Corporation
2012-04-18 14:07 - 2012-04-18 14:06 - 0000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2012-04-18 14:06 - 2012-04-18 14:06 - 0000000 ____D C:\Users\All Users\NVIDIA Corporation
2012-04-18 14:06 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-18 14:05 - 2012-04-18 14:05 - 0018600 ____A C:\Windows\System32\results.xml
2012-04-18 14:04 - 2012-04-18 14:04 - 0000000 ____D C:\Program Files\Common Files\Intel
2012-04-18 14:04 - 2012-04-18 14:02 - 0000000 ____D C:\Intel
2012-04-18 14:04 - 2012-04-18 14:00 - 0000000 ____D C:\Program Files (x86)\Intel
2012-04-18 13:58 - 2011-08-21 18:51 - 0003652 ____A C:\Windows\TSSysprep.log
2012-03-30 22:05 - 2012-05-16 09:59 - 5559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-03-30 20:39 - 2012-05-16 09:59 - 3968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-03-30 20:39 - 2012-05-16 09:59 - 3913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-03-30 19:10 - 2012-05-16 09:59 - 3146240 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-03-30 03:35 - 2012-05-16 09:58 - 1918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-03-16 23:58 - 2012-05-16 09:58 - 0075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-03-12 22:56 - 2011-02-28 20:01 - 0947472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msjava.dll

C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}
C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}\@
C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}\L
C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}\U
C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}\U\00000001.@
C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}\U\800000cb.@

C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8}
C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8}\@
C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8}\L
C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8}\n
C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8}\U

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe
[2011-08-21 19:06] - [2011-03-01 00:07] - 0027648 ____A (Microsoft Corporation) 6F68F63794097E54F36474ED4384B759

C:\Windows\SysWOW64\svchost.exe
[2011-08-21 19:06] - [2011-03-01 00:05] - 0021504 ____A (Microsoft Corporation) ECDB182F885292145826C58252B53000

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2011-08-21 19:03] - [2011-02-24 22:25] - 0296320 ____A (Microsoft Corporation) DF8126BD41180351A093A3AD2FC8903B


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 7%
Total physical RAM: 16290.69 MB
Available physical RAM: 15138.52 MB
Total Pagefile: 16288.89 MB
Available Pagefile: 15123.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (TI106240W0D) (Fixed) (Total:449.22 GB) (Free:259.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: (LaCie) (Removable) (Total:7.51 GB) (Free:2.1 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: () (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 465 GB 0 B
Disk 2 Online 7701 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 465 GB 1024 KB
Partition 1 Logical 465 GB 2048 KB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y NTFS Partition 465 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 449 GB 1501 MB
Partition 3 Primary 15 GB 450 GB

======================================================================================================

Disk: 1
Partition 1
Type : 27
Hidden: Yes
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E System NTFS Partition 1500 MB Healthy Hidden

======================================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C TI106240W0D NTFS Partition 449 GB Healthy

======================================================================================================

Disk: 1
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7701 MB 0 B

======================================================================================================

Disk: 2
There is no partition selected.

There is no partition selected.
Please select a partition and try again.

======================================================================================================

==========================================================

Last Boot: 2012-05-29 02:40

======================= End Of Log ==========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 08 June 2012 - 02:57 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8}
C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8}


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the BartPE CD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Aloha213

Aloha213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 08 June 2012 - 06:41 AM

Aloha,

I did as you requested and ran the fix. After rebooting, Norton is still detecting "80000000.@ Threat: Trojan.Gen.2" It has only detected it once though rather than often like it has been doing. It also said it removed it, but it has said that for the past few days every 15 min or so. It only appeared once in the past 2 hours. I hope its gone, either way...I owe you!

As requested, here is the fix log. Thank you very much!

Matt

Fix Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 06-06-2012 04
Ran by SYSTEM at 2012-06-08 00:17:06 Run:1
Running from G:\

==============================================

C:\Windows\Installer\{50725003-fe69-bb24-d09a-484234ece9d8} moved successfully.
C:\Users\Matt\AppData\Local\{50725003-fe69-bb24-d09a-484234ece9d8} moved successfully.

==== End of Fixlog ====

#4 Aloha213

Aloha213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 08 June 2012 - 07:10 AM

UPDATE:

My computer just informed me that "Windows has encountered a critical error and will restart in one minute"


Thanks,
Matt

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 08 June 2012 - 07:29 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Aloha213

Aloha213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 08 June 2012 - 08:13 AM

Aloha,

I ran combofix and it seemed to run fine; Found a couple infected files and deleted an infected folder. After combofix restarted my computer and produced a log, received the error "Illegal operation attempted on a registery key that has been marked for deletion" on every task I attempted. Restarted the computer and all seems clear. I hope the problem is resolved, I haven't received any notifications from Norton since I have turned it back on. Dare I say great job?

Thanks,
Matt

Combofix Log:

ComboFix 12-06-08.01 - Matt 06/08/2012 2:44.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16291.13744 [GMT -10:00]
Running from: c:\users\Matt\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 12:52 . 2012-06-08 12:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-08 12:52 . 2012-06-08 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 02:46 . 2012-06-08 02:47 -------- d-----w- C:\FRST
2012-06-07 00:13 . 2012-06-07 00:13 -------- d-----w- c:\program files (x86)\Common Files\SolidWorks Shared
2012-06-04 04:05 . 2012-06-04 04:05 -------- d-----w- c:\program files (x86)\Notepad++
2012-06-04 03:22 . 2012-06-06 02:41 -------- d-----w- c:\programdata\DassaultSystemes
2012-06-04 03:11 . 2012-06-04 03:11 -------- d-----w- c:\program files (x86)\Common Files\eDrawings2012
2012-06-03 19:49 . 2012-06-03 19:49 -------- d-----w- c:\programdata\Pinnacle
2012-06-03 19:44 . 2012-06-03 19:44 -------- d-----w- c:\program files (x86)\Common Files\Avid
2012-06-01 00:51 . 2012-06-01 00:51 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-01 00:47 . 2012-06-01 00:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 00:47 . 2012-06-01 00:47 -------- d-----w- c:\windows\system32\Macromed
2012-05-30 04:39 . 2012-05-30 04:39 -------- d-----w- c:\program files (x86)\Neuratron AudioScore Lite
2012-05-30 04:39 . 2012-05-30 04:39 -------- d-----w- c:\program files (x86)\Sibelius Software
2012-05-30 04:35 . 2012-06-03 19:49 -------- d-----w- c:\programdata\Avid
2012-05-30 04:35 . 2012-06-03 19:45 -------- d-----w- c:\program files (x86)\Avid
2012-05-30 04:35 . 2012-05-30 04:35 -------- d-----w- c:\program files\Avid
2012-05-30 04:02 . 2012-05-01 06:42 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-05-30 04:01 . 2012-05-01 06:42 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-05-30 04:01 . 2012-05-01 06:42 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-05-30 04:01 . 2012-05-01 06:40 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-05-30 04:01 . 2012-05-01 06:42 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-05-30 04:01 . 2011-08-30 09:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-05-30 04:00 . 2012-06-08 12:53 -------- d-----w- c:\programdata\VMware
2012-05-30 04:00 . 2012-05-30 04:00 -------- d-----w- c:\program files (x86)\VMware
2012-05-30 04:00 . 2012-05-30 04:00 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-05-30 04:00 . 2012-05-30 04:00 -------- d-----w- c:\program files\Common Files\VMware
2012-05-30 01:18 . 2012-05-23 00:26 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-30 01:18 . 2012-05-23 00:26 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-30 01:17 . 2012-05-30 01:17 -------- d-----w- c:\program files\Oracle
2012-05-30 00:51 . 2012-05-30 00:51 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-05-30 00:51 . 2012-05-30 00:51 -------- d-----w- c:\programdata\Babylon
2012-05-25 22:05 . 2012-05-25 22:05 -------- d-----w- c:\program files (x86)\WinSCP
2012-05-25 21:00 . 2012-06-04 03:22 -------- d-----w- c:\programdata\FLEXnet
2012-05-25 21:00 . 2012-05-25 21:00 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-05-25 21:00 . 2012-06-03 05:45 -------- d-----w- c:\programdata\Rosetta Stone
2012-05-25 21:00 . 2012-05-25 21:00 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-05-25 20:03 . 2009-05-18 23:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-25 20:03 . 2008-04-17 22:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-05-25 20:03 . 2008-04-17 22:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-05-25 20:02 . 2012-05-25 20:03 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-25 20:02 . 2012-05-25 20:02 -------- d-----w- c:\program files\iPod
2012-05-25 20:02 . 2012-05-25 20:03 -------- d-----w- c:\program files\iTunes
2012-05-25 20:02 . 2012-05-25 20:03 -------- d-----w- c:\program files (x86)\iTunes
2012-05-25 20:02 . 2012-05-25 20:02 -------- d-----w- c:\programdata\Apple Computer
2012-05-25 20:02 . 2012-05-25 20:02 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-25 20:01 . 2012-05-25 20:01 -------- d-----w- c:\program files\Common Files\Apple
2012-05-25 20:01 . 2012-05-25 20:01 -------- d-----w- c:\program files\Bonjour
2012-05-25 20:01 . 2012-05-25 20:01 -------- d-----w- c:\program files (x86)\Bonjour
2012-05-25 20:01 . 2012-05-25 20:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-25 20:01 . 2012-05-25 20:02 -------- d-----w- c:\programdata\Apple
2012-05-25 18:54 . 2009-12-30 20:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-25 18:54 . 2012-05-25 18:54 -------- d-----w- c:\program files\VS Revo Group
2012-05-25 18:21 . 2012-05-25 18:21 -------- d-----w- c:\program files (x86)\AnvSoft
2012-05-25 12:08 . 2012-05-25 12:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-05-25 11:52 . 2012-05-25 18:18 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-05-25 11:52 . 2012-05-25 18:23 -------- d-----w- c:\program files (x86)\DreamScene Seven
2012-05-23 00:26 . 2012-05-23 00:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-23 00:25 . 2012-05-23 00:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-23 00:25 . 2012-05-23 00:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-05-21 07:55 . 2012-05-21 07:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-21 07:55 . 2012-05-21 07:55 -------- d-----r- c:\program files (x86)\Skype
2012-05-21 07:54 . 2012-05-21 07:55 -------- d-----w- c:\programdata\Skype
2012-05-20 21:37 . 2012-05-20 21:42 -------- d-----w- c:\programdata\PMS
2012-05-20 21:37 . 2012-05-20 21:42 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-05-19 07:35 . 2012-05-19 07:35 -------- d-----w- c:\program files (x86)\VideoLAN
2012-05-19 07:34 . 2012-05-19 07:34 -------- d-----w- c:\program files (x86)\AWS
2012-05-19 07:33 . 2012-05-30 00:51 287 ----a-w- C:\user.js
2012-05-18 11:10 . 2012-05-24 04:25 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005
2012-05-17 19:20 . 2012-05-17 19:20 -------- d-----w- C:\IExp1.tmp
2012-05-17 19:20 . 2012-05-17 19:20 -------- d-----w- C:\IExp0.tmp
2012-05-17 19:20 . 2012-05-17 19:20 -------- d-----w- c:\program files (x86)\Windows Media Components
2012-05-17 19:19 . 2012-05-17 19:19 -------- d--h--w- c:\programdata\Common Files
2012-05-17 19:16 . 2012-05-17 19:16 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-05-17 19:15 . 2012-05-17 19:15 -------- d-----w- c:\program files (x86)\Futuremark
2012-05-16 22:17 . 2012-05-16 22:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-16 21:40 . 2012-05-16 21:40 -------- d-----w- c:\programdata\ALM
2012-05-16 21:29 . 2012-05-16 21:29 -------- d-----w- c:\program files (x86)\Adobe Story
2012-05-16 21:28 . 2012-06-06 02:53 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-05-16 21:28 . 2012-05-16 21:28 -------- d-----w- c:\program files (x86)\My Company Name
2012-05-16 21:28 . 2012-05-16 21:28 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-05-16 21:28 . 2011-11-03 13:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-05-16 21:28 . 2009-06-23 13:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-05-16 21:28 . 2009-06-23 13:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-16 21:17 . 2012-05-16 21:17 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-16 21:17 . 2012-05-16 21:17 -------- d-----w- c:\windows\system32\Wat
2012-05-16 21:10 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-16 21:10 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 21:10 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-16 21:10 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-16 21:10 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-16 21:10 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-16 21:10 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-16 21:04 . 2012-06-06 03:03 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-16 17:58 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-16 17:57 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-16 17:57 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-16 17:57 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-16 17:57 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-16 17:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-16 17:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-16 17:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-16 17:57 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-16 17:57 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-16 11:26 . 2012-05-16 17:50 -------- d-----w- C:\AutoKMS
2012-05-16 11:26 . 2012-05-16 11:26 -------- d-----w- c:\program files (x86)\Detong
2012-05-16 11:26 . 2012-05-16 11:26 -------- d-----w- c:\program files (x86)\Classic Menu for Office 2010
2012-05-16 11:22 . 2012-05-16 11:22 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-05-16 11:22 . 2012-05-16 11:22 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-05-16 11:21 . 2012-05-16 11:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-05-16 11:20 . 2012-05-16 11:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-05-16 11:20 . 2012-05-25 12:14 -------- d-----w- c:\programdata\Microsoft Help
2012-05-16 11:20 . 2012-05-16 11:20 -------- d-----r- C:\MSOCache
2012-05-16 11:10 . 2012-05-16 11:22 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-05-16 07:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-16 07:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-16 07:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-16 07:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-16 07:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-16 07:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-16 07:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-16 07:40 . 2012-05-16 07:40 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-05-16 07:39 . 2012-06-08 05:09 -------- d-----w- c:\users\Matt
2012-05-16 07:39 . 2012-05-16 11:13 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-05-16 07:33 . 2012-05-16 07:33 -------- d-----w- c:\program files (x86)\PowerISO
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 03:22 . 2012-04-18 22:21 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-01 00:47 . 2011-08-22 03:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-16 10:12 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-01 04:26 . 2012-05-01 04:26 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-05-01 03:22 . 2012-05-01 03:22 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-05-01 03:22 . 2012-05-01 03:22 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-05-01 03:22 . 2012-05-01 03:22 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-05-01 03:22 . 2012-05-01 03:22 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-05-01 03:22 . 2012-05-01 03:22 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-04-18 22:09 . 2012-04-18 22:09 20592 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2012-03-13 06:56 . 2011-03-01 04:01 947472 ----a-w- c:\windows\SysWow64\msjava.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[-] 2009-07-14 . 014A9CB92514E27C0107614DF764BC06 . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-05-01 103536]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 cpuz130;cpuz130;c:\users\Matt\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-05-01 11839488]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-05-08 1160824]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120607.001\IDSvia64.sys [2012-05-16 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-07 1997416]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-03 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\AutoKMS.job
- c:\autokms\AutoKMS.exe [2012-05-16 11:26]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 22:22]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 22:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-28 11831400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=2a747be0000000000000b888e3100990
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-06-08 02:59:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-08 12:59
.
Pre-Run: 277,118,783,488 bytes free
Post-Run: 277,160,079,360 bytes free
.
- - End Of File - - 7DB476374CF719315297BD1CC249D7CC

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 08 June 2012 - 12:26 PM

Greetings Matt

it should be on its way to being clean but we have some more checking to be sure.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Aloha213

Aloha213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 08 June 2012 - 03:59 PM

Aloha,

Good morning Gringo. Here are the logs that you requested and again, many thanks!

TDSS Killer Log:


10:18:14.0948 1600 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
10:18:15.0858 1600 ============================================================
10:18:15.0858 1600 Current date / time: 2012/06/08 10:18:15.0858
10:18:15.0858 1600 SystemInfo:
10:18:15.0858 1600
10:18:15.0858 1600 OS Version: 6.1.7601 ServicePack: 1.0
10:18:15.0858 1600 Product type: Workstation
10:18:15.0858 1600 ComputerName: HIKARU
10:18:15.0859 1600 UserName: Matt
10:18:15.0859 1600 Windows directory: C:\windows
10:18:15.0859 1600 System windows directory: C:\windows
10:18:15.0859 1600 Running under WOW64
10:18:15.0859 1600 Processor architecture: Intel x64
10:18:15.0859 1600 Number of processors: 8
10:18:15.0859 1600 Page size: 0x1000
10:18:15.0859 1600 Boot type: Normal boot
10:18:15.0859 1600 ============================================================
10:18:16.0421 1600 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:18:16.0821 1600 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:18:16.0837 1600 ============================================================
10:18:16.0837 1600 \Device\Harddisk0\DR0:
10:18:16.0852 1600 MBR partitions:
10:18:16.0852 1600 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x38272800
10:18:16.0852 1600 \Device\Harddisk1\DR1:
10:18:16.0852 1600 MBR partitions:
10:18:16.0852 1600 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0x3A385000
10:18:16.0852 1600 ============================================================
10:18:16.0903 1600 C: <-> \Device\Harddisk0\DR0\Partition0
10:18:16.0930 1600 D: <-> \Device\Harddisk1\DR1\Partition0
10:18:16.0930 1600 ============================================================
10:18:16.0930 1600 Initialize success
10:18:16.0930 1600 ============================================================
10:18:19.0551 1704 ============================================================
10:18:19.0551 1704 Scan started
10:18:19.0551 1704 Mode: Manual;
10:18:19.0551 1704 ============================================================
10:18:19.0990 1704 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
10:18:20.0006 1704 1394ohci - ok
10:18:20.0072 1704 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
10:18:20.0080 1704 ACPI - ok
10:18:20.0117 1704 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
10:18:20.0121 1704 AcpiPmi - ok
10:18:20.0200 1704 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
10:18:20.0212 1704 adp94xx - ok
10:18:20.0260 1704 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
10:18:20.0270 1704 adpahci - ok
10:18:20.0318 1704 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
10:18:20.0324 1704 adpu320 - ok
10:18:20.0364 1704 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
10:18:20.0367 1704 AeLookupSvc - ok
10:18:20.0499 1704 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
10:18:20.0510 1704 AFD - ok
10:18:20.0557 1704 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
10:18:20.0560 1704 agp440 - ok
10:18:20.0587 1704 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
10:18:20.0590 1704 ALG - ok
10:18:20.0625 1704 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
10:18:20.0627 1704 aliide - ok
10:18:20.0649 1704 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
10:18:20.0651 1704 amdide - ok
10:18:20.0684 1704 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
10:18:20.0687 1704 AmdK8 - ok
10:18:20.0708 1704 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
10:18:20.0711 1704 AmdPPM - ok
10:18:20.0748 1704 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
10:18:20.0752 1704 amdsata - ok
10:18:20.0794 1704 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
10:18:20.0800 1704 amdsbs - ok
10:18:20.0816 1704 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
10:18:20.0818 1704 amdxata - ok
10:18:20.0848 1704 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
10:18:20.0851 1704 AppID - ok
10:18:20.0882 1704 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
10:18:20.0885 1704 AppIDSvc - ok
10:18:20.0905 1704 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
10:18:20.0907 1704 Appinfo - ok
10:18:20.0988 1704 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:18:20.0991 1704 Apple Mobile Device - ok
10:18:21.0045 1704 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
10:18:21.0048 1704 arc - ok
10:18:21.0086 1704 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
10:18:21.0089 1704 arcsas - ok
10:18:21.0192 1704 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:18:21.0195 1704 aspnet_state - ok
10:18:21.0226 1704 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
10:18:21.0228 1704 AsyncMac - ok
10:18:21.0263 1704 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
10:18:21.0264 1704 atapi - ok
10:18:21.0572 1704 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
10:18:21.0604 1704 athr - ok
10:18:21.0764 1704 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:18:21.0777 1704 AudioEndpointBuilder - ok
10:18:21.0788 1704 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
10:18:21.0792 1704 AudioSrv - ok
10:18:21.0828 1704 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
10:18:21.0830 1704 AxInstSV - ok
10:18:21.0892 1704 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
10:18:21.0903 1704 b06bdrv - ok
10:18:21.0937 1704 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
10:18:21.0945 1704 b57nd60a - ok
10:18:21.0960 1704 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
10:18:21.0964 1704 BDESVC - ok
10:18:21.0998 1704 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
10:18:21.0999 1704 Beep - ok
10:18:22.0095 1704 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
10:18:22.0108 1704 BFE - ok
10:18:22.0338 1704 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120531.001\BHDrvx64.sys
10:18:22.0354 1704 BHDrvx64 - ok
10:18:22.0520 1704 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
10:18:22.0537 1704 BITS - ok
10:18:22.0586 1704 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
10:18:22.0587 1704 blbdrive - ok
10:18:22.0690 1704 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:18:22.0699 1704 Bonjour Service - ok
10:18:22.0736 1704 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
10:18:22.0739 1704 bowser - ok
10:18:22.0773 1704 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
10:18:22.0776 1704 BrFiltLo - ok
10:18:22.0791 1704 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
10:18:22.0793 1704 BrFiltUp - ok
10:18:22.0834 1704 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
10:18:22.0836 1704 BridgeMP - ok
10:18:22.0880 1704 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
10:18:22.0883 1704 Browser - ok
10:18:22.0915 1704 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
10:18:22.0922 1704 Brserid - ok
10:18:22.0938 1704 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
10:18:22.0941 1704 BrSerWdm - ok
10:18:22.0946 1704 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
10:18:22.0948 1704 BrUsbMdm - ok
10:18:22.0967 1704 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
10:18:22.0968 1704 BrUsbSer - ok
10:18:23.0011 1704 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
10:18:23.0015 1704 BtFilter - ok
10:18:23.0037 1704 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
10:18:23.0039 1704 BTHMODEM - ok
10:18:23.0076 1704 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
10:18:23.0079 1704 bthserv - ok
10:18:23.0095 1704 catchme - ok
10:18:23.0147 1704 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
10:18:23.0163 1704 ccSet_NIS - ok
10:18:23.0212 1704 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
10:18:23.0215 1704 cdfs - ok
10:18:23.0255 1704 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
10:18:23.0259 1704 cdrom - ok
10:18:23.0291 1704 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
10:18:23.0292 1704 CeKbFilter - ok
10:18:23.0324 1704 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:18:23.0327 1704 CertPropSvc - ok
10:18:23.0344 1704 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
10:18:23.0347 1704 circlass - ok
10:18:23.0392 1704 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
10:18:23.0400 1704 CLFS - ok
10:18:23.0480 1704 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:18:23.0501 1704 clr_optimization_v2.0.50727_32 - ok
10:18:23.0545 1704 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:18:23.0566 1704 clr_optimization_v2.0.50727_64 - ok
10:18:23.0643 1704 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:18:23.0647 1704 clr_optimization_v4.0.30319_32 - ok
10:18:23.0684 1704 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:18:23.0687 1704 clr_optimization_v4.0.30319_64 - ok
10:18:23.0725 1704 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
10:18:23.0727 1704 CmBatt - ok
10:18:23.0744 1704 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
10:18:23.0746 1704 cmdide - ok
10:18:23.0810 1704 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
10:18:23.0819 1704 CNG - ok
10:18:23.0835 1704 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
10:18:23.0836 1704 Compbatt - ok
10:18:23.0855 1704 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
10:18:23.0856 1704 CompositeBus - ok
10:18:23.0870 1704 COMSysApp - ok
10:18:23.0937 1704 cpuz130 - ok
10:18:23.0971 1704 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
10:18:23.0973 1704 crcdisk - ok
10:18:24.0019 1704 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
10:18:24.0021 1704 CryptSvc - ok
10:18:24.0078 1704 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:18:24.0088 1704 DcomLaunch - ok
10:18:24.0127 1704 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
10:18:24.0134 1704 defragsvc - ok
10:18:24.0158 1704 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
10:18:24.0161 1704 DfsC - ok
10:18:24.0201 1704 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
10:18:24.0201 1704 Dhcp - ok
10:18:24.0233 1704 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
10:18:24.0248 1704 discache - ok
10:18:24.0289 1704 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
10:18:24.0291 1704 Disk - ok
10:18:24.0313 1704 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
10:18:24.0316 1704 Dnscache - ok
10:18:24.0338 1704 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
10:18:24.0343 1704 dot3svc - ok
10:18:24.0370 1704 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
10:18:24.0372 1704 DPS - ok
10:18:24.0388 1704 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
10:18:24.0389 1704 drmkaud - ok
10:18:24.0451 1704 DXGKrnl (85dbf6ec7bdfa6187f4a1ec8f3145cd0) C:\windows\System32\drivers\dxgkrnl.sys
10:18:24.0459 1704 DXGKrnl - ok
10:18:24.0483 1704 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
10:18:24.0484 1704 EapHost - ok
10:18:24.0669 1704 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
10:18:24.0705 1704 ebdrv - ok
10:18:24.0801 1704 eeCtrl (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
10:18:24.0809 1704 eeCtrl - ok
10:18:24.0924 1704 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
10:18:24.0928 1704 EFS - ok
10:18:25.0033 1704 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
10:18:25.0049 1704 ehRecvr - ok
10:18:25.0071 1704 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
10:18:25.0073 1704 ehSched - ok
10:18:25.0151 1704 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
10:18:25.0163 1704 elxstor - ok
10:18:25.0269 1704 EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
10:18:25.0272 1704 EraserUtilRebootDrv - ok
10:18:25.0292 1704 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
10:18:25.0295 1704 ErrDev - ok
10:18:25.0364 1704 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
10:18:25.0372 1704 EventSystem - ok
10:18:25.0421 1704 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
10:18:25.0425 1704 exfat - ok
10:18:25.0458 1704 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
10:18:25.0464 1704 fastfat - ok
10:18:25.0522 1704 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
10:18:25.0536 1704 Fax - ok
10:18:25.0564 1704 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
10:18:25.0566 1704 fdc - ok
10:18:25.0596 1704 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
10:18:25.0598 1704 fdPHost - ok
10:18:25.0622 1704 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
10:18:25.0624 1704 FDResPub - ok
10:18:25.0657 1704 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
10:18:25.0659 1704 FileInfo - ok
10:18:25.0686 1704 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
10:18:25.0688 1704 Filetrace - ok
10:18:25.0797 1704 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:18:25.0810 1704 FLEXnet Licensing Service - ok
10:18:25.0833 1704 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
10:18:25.0836 1704 flpydisk - ok
10:18:25.0871 1704 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
10:18:25.0877 1704 FltMgr - ok
10:18:25.0974 1704 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
10:18:25.0990 1704 FontCache - ok
10:18:26.0056 1704 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:18:26.0057 1704 FontCache3.0.0.0 - ok
10:18:26.0099 1704 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
10:18:26.0102 1704 FsDepends - ok
10:18:26.0148 1704 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
10:18:26.0149 1704 Fs_Rec - ok
10:18:26.0201 1704 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
10:18:26.0206 1704 fvevol - ok
10:18:26.0247 1704 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
10:18:26.0251 1704 gagp30kx - ok
10:18:26.0329 1704 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:18:26.0335 1704 GamesAppService - ok
10:18:26.0362 1704 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
10:18:26.0363 1704 GEARAspiWDM - ok
10:18:26.0446 1704 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
10:18:26.0462 1704 gpsvc - ok
10:18:26.0520 1704 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:18:26.0523 1704 gupdate - ok
10:18:26.0530 1704 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:18:26.0532 1704 gupdatem - ok
10:18:26.0572 1704 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:18:26.0577 1704 gusvc - ok
10:18:26.0611 1704 hcmon (adb4348da1345877b04e22203afc8993) C:\windows\system32\drivers\hcmon.sys
10:18:26.0613 1704 hcmon - ok
10:18:26.0654 1704 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
10:18:26.0656 1704 hcw85cir - ok
10:18:26.0707 1704 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
10:18:26.0715 1704 HdAudAddService - ok
10:18:26.0753 1704 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
10:18:26.0756 1704 HDAudBus - ok
10:18:26.0774 1704 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
10:18:26.0777 1704 HidBatt - ok
10:18:26.0800 1704 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
10:18:26.0804 1704 HidBth - ok
10:18:26.0818 1704 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
10:18:26.0821 1704 HidIr - ok
10:18:26.0845 1704 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
10:18:26.0847 1704 hidserv - ok
10:18:26.0879 1704 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
10:18:26.0880 1704 HidUsb - ok
10:18:26.0912 1704 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
10:18:26.0916 1704 hkmsvc - ok
10:18:26.0956 1704 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
10:18:26.0962 1704 HomeGroupListener - ok
10:18:27.0004 1704 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
10:18:27.0010 1704 HomeGroupProvider - ok
10:18:27.0038 1704 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
10:18:27.0042 1704 HpSAMD - ok
10:18:27.0108 1704 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
10:18:27.0124 1704 HTTP - ok
10:18:27.0150 1704 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
10:18:27.0150 1704 hwpolicy - ok
10:18:27.0191 1704 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
10:18:27.0194 1704 i8042prt - ok
10:18:27.0255 1704 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
10:18:27.0263 1704 iaStor - ok
10:18:27.0304 1704 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
10:18:27.0313 1704 iaStorV - ok
10:18:27.0431 1704 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:18:27.0450 1704 idsvc - ok
10:18:27.0604 1704 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120607.001\IDSvia64.sys
10:18:27.0612 1704 IDSVia64 - ok
10:18:28.0401 1704 igfx (93c8115d4baeb1bd047ab0a9b265ee7a) C:\windows\system32\DRIVERS\igdkmd64.sys
10:18:28.0611 1704 igfx - ok
10:18:28.0745 1704 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
10:18:28.0748 1704 iirsp - ok
10:18:28.0840 1704 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
10:18:28.0858 1704 IKEEXT - ok
10:18:29.0049 1704 IntcAzAudAddService (a1fa448078c94e4d011ebd241821ff9e) C:\windows\system32\drivers\RTKVHD64.sys
10:18:29.0067 1704 IntcAzAudAddService - ok
10:18:29.0205 1704 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
10:18:29.0209 1704 IntcDAud - ok
10:18:29.0240 1704 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
10:18:29.0241 1704 intelide - ok
10:18:29.0266 1704 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
10:18:29.0267 1704 intelppm - ok
10:18:29.0300 1704 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
10:18:29.0302 1704 IPBusEnum - ok
10:18:29.0333 1704 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:18:29.0334 1704 IpFilterDriver - ok
10:18:29.0381 1704 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
10:18:29.0386 1704 iphlpsvc - ok
10:18:29.0407 1704 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
10:18:29.0408 1704 IPMIDRV - ok
10:18:29.0428 1704 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
10:18:29.0431 1704 IPNAT - ok
10:18:29.0545 1704 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:18:29.0559 1704 iPod Service - ok
10:18:29.0584 1704 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
10:18:29.0585 1704 IRENUM - ok
10:18:29.0615 1704 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
10:18:29.0616 1704 isapnp - ok
10:18:29.0651 1704 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
10:18:29.0659 1704 iScsiPrt - ok
10:18:29.0722 1704 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
10:18:29.0725 1704 IviRegMgr - ok
10:18:29.0780 1704 JMCR (935301dd8306ceeaef0b84dd6abffdc6) C:\windows\system32\DRIVERS\jmcr.sys
10:18:29.0783 1704 JMCR - ok
10:18:29.0812 1704 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
10:18:29.0814 1704 kbdclass - ok
10:18:29.0834 1704 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
10:18:29.0836 1704 kbdhid - ok
10:18:29.0866 1704 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:18:29.0868 1704 KeyIso - ok
10:18:29.0890 1704 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
10:18:29.0892 1704 KSecDD - ok
10:18:29.0915 1704 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
10:18:29.0918 1704 KSecPkg - ok
10:18:29.0933 1704 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
10:18:29.0934 1704 ksthunk - ok
10:18:29.0989 1704 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
10:18:30.0001 1704 KtmRm - ok
10:18:30.0040 1704 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
10:18:30.0048 1704 LanmanServer - ok
10:18:30.0091 1704 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
10:18:30.0097 1704 LanmanWorkstation - ok
10:18:30.0136 1704 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
10:18:30.0138 1704 lltdio - ok
10:18:30.0230 1704 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
10:18:30.0239 1704 lltdsvc - ok
10:18:30.0263 1704 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
10:18:30.0265 1704 lmhosts - ok
10:18:30.0362 1704 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
10:18:30.0370 1704 LMS - ok
10:18:30.0452 1704 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
10:18:30.0454 1704 LPCFilter - ok
10:18:30.0496 1704 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
10:18:30.0496 1704 LSI_FC - ok
10:18:30.0512 1704 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
10:18:30.0527 1704 LSI_SAS - ok
10:18:30.0543 1704 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
10:18:30.0543 1704 LSI_SAS2 - ok
10:18:30.0574 1704 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
10:18:30.0579 1704 LSI_SCSI - ok
10:18:30.0608 1704 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
10:18:30.0612 1704 luafv - ok
10:18:30.0639 1704 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
10:18:30.0655 1704 Mcx2Svc - ok
10:18:30.0682 1704 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
10:18:30.0685 1704 megasas - ok
10:18:30.0744 1704 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
10:18:30.0752 1704 MegaSR - ok
10:18:30.0801 1704 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
10:18:30.0803 1704 MEIx64 - ok
10:18:30.0875 1704 Microsoft SharePoint Workspace Audit Service - ok
10:18:30.0908 1704 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:18:30.0912 1704 MMCSS - ok
10:18:30.0940 1704 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
10:18:30.0943 1704 Modem - ok
10:18:30.0969 1704 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
10:18:30.0971 1704 monitor - ok
10:18:31.0012 1704 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
10:18:31.0014 1704 mouclass - ok
10:18:31.0029 1704 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
10:18:31.0031 1704 mouhid - ok
10:18:31.0049 1704 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
10:18:31.0052 1704 mountmgr - ok
10:18:31.0083 1704 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
10:18:31.0088 1704 mpio - ok
10:18:31.0107 1704 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
10:18:31.0110 1704 mpsdrv - ok
10:18:31.0200 1704 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
10:18:31.0212 1704 MpsSvc - ok
10:18:31.0238 1704 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
10:18:31.0241 1704 MRxDAV - ok
10:18:31.0253 1704 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
10:18:31.0256 1704 mrxsmb - ok
10:18:31.0294 1704 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:18:31.0300 1704 mrxsmb10 - ok
10:18:31.0329 1704 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:18:31.0332 1704 mrxsmb20 - ok
10:18:31.0344 1704 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
10:18:31.0345 1704 msahci - ok
10:18:31.0373 1704 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
10:18:31.0377 1704 msdsm - ok
10:18:31.0399 1704 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
10:18:31.0404 1704 MSDTC - ok
10:18:31.0435 1704 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
10:18:31.0437 1704 Msfs - ok
10:18:31.0449 1704 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
10:18:31.0451 1704 mshidkmdf - ok
10:18:31.0465 1704 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
10:18:31.0466 1704 msisadrv - ok
10:18:31.0497 1704 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
10:18:31.0502 1704 MSiSCSI - ok
10:18:31.0506 1704 msiserver - ok
10:18:31.0521 1704 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
10:18:31.0523 1704 MSKSSRV - ok
10:18:31.0555 1704 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
10:18:31.0557 1704 MSPCLOCK - ok
10:18:31.0564 1704 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
10:18:31.0566 1704 MSPQM - ok
10:18:31.0599 1704 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
10:18:31.0606 1704 MsRPC - ok
10:18:31.0627 1704 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
10:18:31.0628 1704 mssmbios - ok
10:18:31.0646 1704 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
10:18:31.0648 1704 MSTEE - ok
10:18:31.0662 1704 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
10:18:31.0663 1704 MTConfig - ok
10:18:31.0690 1704 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
10:18:31.0691 1704 Mup - ok
10:18:31.0730 1704 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
10:18:31.0738 1704 napagent - ok
10:18:31.0806 1704 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
10:18:31.0814 1704 NativeWifiP - ok
10:18:31.0941 1704 NAVENG (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120608.003\ENG64.SYS
10:18:31.0944 1704 NAVENG - ok
10:18:32.0089 1704 NAVEX15 (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120608.003\EX64.SYS
10:18:32.0109 1704 NAVEX15 - ok
10:18:32.0312 1704 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
10:18:32.0325 1704 NDIS - ok
10:18:32.0353 1704 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
10:18:32.0355 1704 NdisCap - ok
10:18:32.0380 1704 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
10:18:32.0382 1704 NdisTapi - ok
10:18:32.0394 1704 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
10:18:32.0397 1704 Ndisuio - ok
10:18:32.0410 1704 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
10:18:32.0413 1704 NdisWan - ok
10:18:32.0443 1704 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
10:18:32.0445 1704 NDProxy - ok
10:18:32.0460 1704 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
10:18:32.0462 1704 NetBIOS - ok
10:18:32.0479 1704 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
10:18:32.0483 1704 NetBT - ok
10:18:32.0508 1704 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:18:32.0510 1704 Netlogon - ok
10:18:32.0557 1704 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
10:18:32.0563 1704 Netman - ok
10:18:32.0647 1704 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:32.0653 1704 NetMsmqActivator - ok
10:18:32.0668 1704 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:32.0671 1704 NetPipeActivator - ok
10:18:32.0701 1704 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
10:18:32.0709 1704 netprofm - ok
10:18:32.0714 1704 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:32.0717 1704 NetTcpActivator - ok
10:18:32.0722 1704 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:18:32.0724 1704 NetTcpPortSharing - ok
10:18:32.0784 1704 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
10:18:32.0788 1704 nfrd960 - ok
10:18:32.0865 1704 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
10:18:32.0869 1704 NIS - ok
10:18:32.0915 1704 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
10:18:32.0923 1704 NlaSvc - ok
10:18:32.0965 1704 Norton PC Checkup Application Launcher - ok
10:18:32.0983 1704 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
10:18:32.0985 1704 Npfs - ok
10:18:33.0002 1704 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
10:18:33.0006 1704 nsi - ok
10:18:33.0022 1704 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
10:18:33.0023 1704 nsiproxy - ok
10:18:33.0150 1704 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
10:18:33.0172 1704 Ntfs - ok
10:18:33.0288 1704 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
10:18:33.0289 1704 Null - ok
10:18:33.0338 1704 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
10:18:33.0341 1704 nusb3hub - ok
10:18:33.0370 1704 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
10:18:33.0375 1704 nusb3xhc - ok
10:18:34.0091 1704 nvlddmkm (685cc16c261952f833ef56af4ec3bf0d) C:\windows\system32\DRIVERS\nvlddmkm.sys
10:18:34.0147 1704 nvlddmkm - ok
10:18:34.0295 1704 nvpciflt (d9c08f27936810db50363fdcf2496d0e) C:\windows\system32\DRIVERS\nvpciflt.sys
10:18:34.0298 1704 nvpciflt - ok
10:18:34.0346 1704 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
10:18:34.0351 1704 nvraid - ok
10:18:34.0374 1704 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
10:18:34.0381 1704 nvstor - ok
10:18:34.0492 1704 NVSvc (9ec6631832cebe137cbfed2d9186b76e) C:\windows\system32\nvvsvc.exe
10:18:34.0507 1704 NVSvc - ok
10:18:34.0669 1704 nvUpdatusService (6336a844fb153957dfbb1652ad5b46bb) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
10:18:34.0689 1704 nvUpdatusService - ok
10:18:34.0826 1704 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
10:18:34.0831 1704 nv_agp - ok
10:18:34.0845 1704 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
10:18:34.0849 1704 ohci1394 - ok
10:18:34.0931 1704 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:18:34.0938 1704 ose - ok
10:18:35.0298 1704 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:18:35.0351 1704 osppsvc - ok
10:18:35.0485 1704 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:18:35.0493 1704 p2pimsvc - ok
10:18:35.0537 1704 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
10:18:35.0547 1704 p2psvc - ok
10:18:35.0595 1704 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
10:18:35.0599 1704 Parport - ok
10:18:35.0638 1704 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
10:18:35.0641 1704 partmgr - ok
10:18:35.0660 1704 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
10:18:35.0666 1704 PcaSvc - ok
10:18:35.0753 1704 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
10:18:35.0756 1704 PCCUJobMgr - ok
10:18:35.0787 1704 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
10:18:35.0792 1704 pci - ok
10:18:35.0814 1704 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
10:18:35.0816 1704 pciide - ok
10:18:35.0861 1704 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
10:18:35.0868 1704 pcmcia - ok
10:18:35.0889 1704 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
10:18:35.0890 1704 pcw - ok
10:18:35.0939 1704 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
10:18:35.0950 1704 PEAUTH - ok
10:18:36.0028 1704 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
10:18:36.0032 1704 PerfHost - ok
10:18:36.0089 1704 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
10:18:36.0091 1704 PGEffect - ok
10:18:36.0214 1704 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
10:18:36.0236 1704 pla - ok
10:18:36.0307 1704 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
10:18:36.0317 1704 PlugPlay - ok
10:18:36.0337 1704 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
10:18:36.0342 1704 PNRPAutoReg - ok
10:18:36.0377 1704 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
10:18:36.0384 1704 PNRPsvc - ok
10:18:36.0443 1704 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
10:18:36.0455 1704 PolicyAgent - ok
10:18:36.0487 1704 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
10:18:36.0491 1704 Power - ok
10:18:36.0544 1704 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
10:18:36.0547 1704 PptpMiniport - ok
10:18:36.0571 1704 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
10:18:36.0574 1704 Processor - ok
10:18:36.0608 1704 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
10:18:36.0613 1704 ProfSvc - ok
10:18:36.0641 1704 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:18:36.0643 1704 ProtectedStorage - ok
10:18:36.0665 1704 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
10:18:36.0668 1704 Psched - ok
10:18:36.0741 1704 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
10:18:36.0746 1704 PSI_SVC_2 - ok
10:18:36.0779 1704 PxHlpa64 (bc08f7f3c53cbee68670ed1314e290fd) C:\windows\system32\Drivers\PxHlpa64.sys
10:18:36.0781 1704 PxHlpa64 - ok
10:18:36.0893 1704 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
10:18:36.0914 1704 ql2300 - ok
10:18:37.0043 1704 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
10:18:37.0047 1704 ql40xx - ok
10:18:37.0096 1704 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
10:18:37.0106 1704 QWAVE - ok
10:18:37.0124 1704 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
10:18:37.0126 1704 QWAVEdrv - ok
10:18:37.0143 1704 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
10:18:37.0144 1704 RasAcd - ok
10:18:37.0182 1704 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
10:18:37.0184 1704 RasAgileVpn - ok
10:18:37.0217 1704 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
10:18:37.0223 1704 RasAuto - ok
10:18:37.0246 1704 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
10:18:37.0250 1704 Rasl2tp - ok
10:18:37.0284 1704 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
10:18:37.0294 1704 RasMan - ok
10:18:37.0312 1704 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
10:18:37.0314 1704 RasPppoe - ok
10:18:37.0335 1704 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
10:18:37.0337 1704 RasSstp - ok
10:18:37.0355 1704 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
10:18:37.0360 1704 rdbss - ok
10:18:37.0371 1704 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
10:18:37.0372 1704 rdpbus - ok
10:18:37.0397 1704 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
10:18:37.0398 1704 RDPCDD - ok
10:18:37.0413 1704 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
10:18:37.0413 1704 RDPENCDD - ok
10:18:37.0420 1704 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
10:18:37.0421 1704 RDPREFMP - ok
10:18:37.0459 1704 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
10:18:37.0462 1704 RDPWD - ok
10:18:37.0518 1704 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
10:18:37.0523 1704 rdyboost - ok
10:18:37.0554 1704 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\windows\system32\drivers\regi.sys
10:18:37.0556 1704 regi - ok
10:18:37.0599 1704 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
10:18:37.0605 1704 RemoteAccess - ok
10:18:37.0643 1704 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
10:18:37.0650 1704 RemoteRegistry - ok
10:18:37.0697 1704 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\windows\system32\DRIVERS\revoflt.sys
10:18:37.0699 1704 Revoflt - ok
10:18:37.0724 1704 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
10:18:37.0729 1704 RpcEptMapper - ok
10:18:37.0750 1704 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
10:18:37.0754 1704 RpcLocator - ok
10:18:37.0801 1704 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
10:18:37.0811 1704 RpcSs - ok
10:18:37.0854 1704 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
10:18:37.0857 1704 rspndr - ok
10:18:37.0910 1704 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\windows\system32\DRIVERS\Rt64win7.sys
10:18:37.0916 1704 RTL8167 - ok
10:18:37.0942 1704 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:18:37.0944 1704 SamSs - ok
10:18:37.0956 1704 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
10:18:37.0959 1704 sbp2port - ok
10:18:37.0993 1704 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
10:18:38.0000 1704 SCardSvr - ok
10:18:38.0062 1704 SCDEmu (741b338d675fe20b779e7effa55032fe) C:\windows\system32\drivers\SCDEmu.sys
10:18:38.0065 1704 SCDEmu - ok
10:18:38.0079 1704 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
10:18:38.0081 1704 scfilter - ok
10:18:38.0181 1704 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
10:18:38.0200 1704 Schedule - ok
10:18:38.0232 1704 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
10:18:38.0233 1704 SCPolicySvc - ok
10:18:38.0266 1704 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
10:18:38.0267 1704 sdbus - ok
10:18:38.0299 1704 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
10:18:38.0302 1704 SDRSVC - ok
10:18:38.0318 1704 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
10:18:38.0319 1704 secdrv - ok
10:18:38.0329 1704 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
10:18:38.0331 1704 seclogon - ok
10:18:38.0354 1704 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
10:18:38.0356 1704 SENS - ok
10:18:38.0372 1704 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
10:18:38.0374 1704 SensrSvc - ok
10:18:38.0401 1704 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
10:18:38.0401 1704 Serenum - ok
10:18:38.0433 1704 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
10:18:38.0436 1704 Serial - ok
10:18:38.0471 1704 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
10:18:38.0473 1704 sermouse - ok
10:18:38.0514 1704 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
10:18:38.0521 1704 SessionEnv - ok
10:18:38.0541 1704 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
10:18:38.0542 1704 sffdisk - ok
10:18:38.0548 1704 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
10:18:38.0549 1704 sffp_mmc - ok
10:18:38.0554 1704 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
10:18:38.0555 1704 sffp_sd - ok
10:18:38.0560 1704 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
10:18:38.0561 1704 sfloppy - ok
10:18:38.0642 1704 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
10:18:38.0650 1704 SharedAccess - ok
10:18:38.0690 1704 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
10:18:38.0697 1704 ShellHWDetection - ok
10:18:38.0728 1704 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
10:18:38.0729 1704 SiSRaid2 - ok
10:18:38.0748 1704 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
10:18:38.0750 1704 SiSRaid4 - ok
10:18:38.0814 1704 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
10:18:38.0818 1704 SkypeUpdate - ok
10:18:38.0858 1704 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
10:18:38.0861 1704 Smb - ok
10:18:38.0914 1704 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
10:18:38.0919 1704 SNMPTRAP - ok
10:18:38.0932 1704 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
10:18:38.0934 1704 spldr - ok
10:18:38.0989 1704 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
10:18:39.0003 1704 Spooler - ok
10:18:39.0189 1704 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
10:18:39.0204 1704 sppsvc - ok
10:18:39.0316 1704 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
10:18:39.0322 1704 sppuinotify - ok
10:18:39.0458 1704 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
10:18:39.0470 1704 SRTSP - ok
10:18:39.0485 1704 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
10:18:39.0487 1704 SRTSPX - ok
10:18:39.0535 1704 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
10:18:39.0542 1704 srv - ok
10:18:39.0566 1704 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
10:18:39.0573 1704 srv2 - ok
10:18:39.0586 1704 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
10:18:39.0589 1704 srvnet - ok
10:18:39.0642 1704 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
10:18:39.0649 1704 SSDPSRV - ok
10:18:39.0661 1704 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
10:18:39.0666 1704 SstpSvc - ok
10:18:39.0679 1704 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
10:18:39.0680 1704 stexstor - ok
10:18:39.0738 1704 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
10:18:39.0749 1704 stisvc - ok
10:18:39.0763 1704 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
10:18:39.0764 1704 swenum - ok
10:18:39.0887 1704 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
10:18:39.0898 1704 SwitchBoard - ok
10:18:39.0958 1704 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
10:18:39.0972 1704 swprv - ok
10:18:40.0058 1704 SymDS (8b2430762099598da40686f754632efd) C:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
10:18:40.0067 1704 SymDS - ok
10:18:40.0153 1704 SymEFA (f90c7a190399165d3ab2245048d34786) C:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
10:18:40.0174 1704 SymEFA - ok
10:18:40.0212 1704 SymEvent (898bb48c797483420df523b2bbc1ecdb) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
10:18:40.0216 1704 SymEvent - ok
10:18:40.0243 1704 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
10:18:40.0247 1704 SymIRON - ok
10:18:40.0287 1704 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
10:18:40.0293 1704 SymNetS - ok
10:18:40.0414 1704 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
10:18:40.0425 1704 SynTP - ok
10:18:40.0632 1704 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
10:18:40.0657 1704 SysMain - ok
10:18:40.0698 1704 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
10:18:40.0702 1704 TabletInputService - ok
10:18:40.0725 1704 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
10:18:40.0732 1704 TapiSrv - ok
10:18:40.0751 1704 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
10:18:40.0755 1704 TBS - ok
10:18:40.0910 1704 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
10:18:40.0940 1704 Tcpip - ok
10:18:41.0161 1704 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
10:18:41.0175 1704 TCPIP6 - ok
10:18:41.0247 1704 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
10:18:41.0248 1704 tcpipreg - ok
10:18:41.0282 1704 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
10:18:41.0284 1704 tdcmdpst - ok
10:18:41.0295 1704 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
10:18:41.0297 1704 TDPIPE - ok
10:18:41.0328 1704 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
10:18:41.0330 1704 TDTCP - ok
10:18:41.0353 1704 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
10:18:41.0355 1704 tdx - ok
10:18:41.0377 1704 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
10:18:41.0379 1704 TermDD - ok
10:18:41.0438 1704 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
10:18:41.0450 1704 TermService - ok
10:18:41.0471 1704 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
10:18:41.0474 1704 Themes - ok
10:18:41.0516 1704 Thpdrv (7f35ca8296a52c7161088eb1d952e8ed) C:\windows\system32\DRIVERS\thpdrv.sys
10:18:41.0518 1704 Thpdrv - ok
10:18:41.0543 1704 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
10:18:41.0544 1704 Thpevm - ok
10:18:41.0592 1704 Thpsrv (0b4734ae9ec70b843df02e7b1c056377) C:\windows\system32\ThpSrv.exe
10:18:41.0600 1704 Thpsrv - ok
10:18:41.0626 1704 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
10:18:41.0628 1704 THREADORDER - ok
10:18:41.0703 1704 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:18:41.0705 1704 TMachInfo - ok
10:18:41.0738 1704 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
10:18:41.0742 1704 TODDSrv - ok
10:18:41.0845 1704 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:18:41.0857 1704 TosCoSrv - ok
10:18:41.0903 1704 TOSHIBA Bluetooth Service (a22deb5ec05febfdca1d3ff70fa1ff46) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
10:18:41.0908 1704 TOSHIBA Bluetooth Service - ok
10:18:41.0978 1704 TOSHIBA eco Utility Service (63aafcf3ea5dbb17123e0bae9afe4d58) C:\Program Files\TOSHIBA\TECO\TecoService.exe
10:18:41.0984 1704 TOSHIBA eco Utility Service - ok
10:18:42.0047 1704 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:18:42.0051 1704 TOSHIBA HDD SSD Alert Service - ok
10:18:42.0191 1704 Tosrfcom - ok
10:18:42.0224 1704 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
10:18:42.0226 1704 tosrfec - ok
10:18:42.0249 1704 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
10:18:42.0251 1704 Tosrfusb - ok
10:18:42.0322 1704 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
10:18:42.0332 1704 tos_sps64 - ok
10:18:42.0418 1704 TPCHSrv (098b8a408c17e125a3d9a8e1166780c8) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
10:18:42.0431 1704 TPCHSrv - ok
10:18:42.0547 1704 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
10:18:42.0551 1704 TrkWks - ok
10:18:42.0598 1704 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
10:18:42.0602 1704 TrustedInstaller - ok
10:18:42.0644 1704 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
10:18:42.0645 1704 tssecsrv - ok
10:18:42.0677 1704 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
10:18:42.0679 1704 TsUsbFlt - ok
10:18:42.0695 1704 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
10:18:42.0697 1704 TsUsbGD - ok
10:18:42.0730 1704 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
10:18:42.0733 1704 tunnel - ok
10:18:42.0776 1704 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
10:18:42.0778 1704 TVALZ - ok
10:18:42.0803 1704 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
10:18:42.0805 1704 TVALZFL - ok
10:18:42.0821 1704 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
10:18:42.0823 1704 uagp35 - ok
10:18:42.0870 1704 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
10:18:42.0877 1704 udfs - ok
10:18:42.0915 1704 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
10:18:42.0920 1704 UI0Detect - ok
10:18:42.0947 1704 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
10:18:42.0949 1704 uliagpkx - ok
10:18:42.0977 1704 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
10:18:42.0978 1704 umbus - ok
10:18:43.0000 1704 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
10:18:43.0001 1704 UmPass - ok
10:18:43.0225 1704 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
10:18:43.0257 1704 UNS - ok
10:18:43.0382 1704 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
10:18:43.0390 1704 upnphost - ok
10:18:43.0438 1704 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
10:18:43.0439 1704 USBAAPL64 - ok
10:18:43.0483 1704 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
10:18:43.0486 1704 usbccgp - ok
10:18:43.0522 1704 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
10:18:43.0525 1704 usbcir - ok
10:18:43.0548 1704 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
10:18:43.0550 1704 usbehci - ok
10:18:43.0600 1704 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
10:18:43.0608 1704 usbhub - ok
10:18:43.0623 1704 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
10:18:43.0625 1704 usbohci - ok
10:18:43.0632 1704 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
10:18:43.0634 1704 usbprint - ok
10:18:43.0651 1704 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:18:43.0654 1704 USBSTOR - ok
10:18:43.0670 1704 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
10:18:43.0671 1704 usbuhci - ok
10:18:43.0722 1704 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
10:18:43.0727 1704 usbvideo - ok
10:18:43.0762 1704 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
10:18:43.0765 1704 UxSms - ok
10:18:43.0792 1704 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
10:18:43.0794 1704 VaultSvc - ok
10:18:43.0849 1704 VBoxDrv (ba20a718e25228b9d69d72e4f19edeb5) C:\windows\system32\DRIVERS\VBoxDrv.sys
10:18:43.0852 1704 VBoxDrv - ok
10:18:43.0877 1704 VBoxNetAdp (48630b4530c80aaf3dde9633e4291d8c) C:\windows\system32\DRIVERS\VBoxNetAdp.sys
10:18:43.0879 1704 VBoxNetAdp - ok
10:18:43.0901 1704 VBoxNetFlt (8b86a00d13e2dcbfe320061f3435faff) C:\windows\system32\DRIVERS\VBoxNetFlt.sys
10:18:43.0903 1704 VBoxNetFlt - ok
10:18:43.0961 1704 VBoxUSBMon (cec73cea22b7258c0a8f2354dc49d25c) C:\windows\system32\DRIVERS\VBoxUSBMon.sys
10:18:43.0964 1704 VBoxUSBMon - ok
10:18:43.0984 1704 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
10:18:43.0986 1704 vdrvroot - ok
10:18:44.0046 1704 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
10:18:44.0061 1704 vds - ok
10:18:44.0093 1704 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
10:18:44.0095 1704 vga - ok
10:18:44.0110 1704 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
10:18:44.0111 1704 VgaSave - ok
10:18:44.0145 1704 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
10:18:44.0149 1704 vhdmp - ok
10:18:44.0176 1704 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
10:18:44.0176 1704 viaide - ok
10:18:44.0269 1704 VMAuthdService (94cf2d157c8fd9089afa5da78aa64c65) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
10:18:44.0272 1704 VMAuthdService - ok
10:18:44.0307 1704 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\windows\system32\DRIVERS\vmci.sys
10:18:44.0310 1704 vmci - ok
10:18:44.0338 1704 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\windows\system32\DRIVERS\vmnetadapter.sys
10:18:44.0340 1704 VMnetAdapter - ok
10:18:44.0357 1704 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\windows\system32\DRIVERS\vmnetbridge.sys
10:18:44.0358 1704 VMnetBridge - ok
10:18:44.0363 1704 VMnetDHCP - ok
10:18:44.0386 1704 VMnetuserif (a17ee27acb84b230ac65936a3484495f) C:\windows\system32\drivers\vmnetuserif.sys
10:18:44.0388 1704 VMnetuserif - ok
10:18:44.0493 1704 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
10:18:44.0505 1704 VMUSBArbService - ok
10:18:44.0512 1704 VMware NAT Service - ok
10:18:45.0184 1704 VMwareHostd (8c01ae115e9e6806a25a9b5136fd6fc0) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
10:18:45.0373 1704 VMwareHostd - ok
10:18:45.0518 1704 vmx86 (9843a0d68ea81817f9b713fc37372cbb) C:\windows\system32\drivers\vmx86.sys
10:18:45.0522 1704 vmx86 - ok
10:18:45.0570 1704 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
10:18:45.0573 1704 volmgr - ok
10:18:45.0606 1704 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
10:18:45.0614 1704 volmgrx - ok
10:18:45.0636 1704 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
10:18:45.0642 1704 volsnap - ok
10:18:45.0669 1704 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
10:18:45.0671 1704 vsmraid - ok
10:18:45.0794 1704 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
10:18:45.0821 1704 VSS - ok
10:18:45.0939 1704 vstor2-mntapi10-shared (6107e33a30c0b923f31c872e1980d2d1) C:\windows\syswow64\drivers\vstor2-mntapi10-shared.sys
10:18:45.0941 1704 vstor2-mntapi10-shared - ok
10:18:46.0031 1704 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
10:18:46.0033 1704 vwifibus - ok
10:18:46.0087 1704 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
10:18:46.0097 1704 vwififlt - ok
10:18:46.0162 1704 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
10:18:46.0192 1704 W32Time - ok
10:18:46.0212 1704 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
10:18:46.0214 1704 WacomPen - ok
10:18:46.0264 1704 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:18:46.0267 1704 WANARP - ok
10:18:46.0272 1704 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
10:18:46.0274 1704 Wanarpv6 - ok
10:18:46.0386 1704 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
10:18:46.0404 1704 WatAdminSvc - ok
10:18:46.0508 1704 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
10:18:46.0528 1704 wbengine - ok
10:18:46.0633 1704 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
10:18:46.0642 1704 WbioSrvc - ok
10:18:46.0669 1704 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
10:18:46.0677 1704 wcncsvc - ok
10:18:46.0698 1704 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
10:18:46.0702 1704 WcsPlugInService - ok
10:18:46.0744 1704 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
10:18:46.0745 1704 Wd - ok
10:18:46.0784 1704 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\windows\system32\DRIVERS\wdcsam64.sys
10:18:46.0786 1704 WDC_SAM - ok
10:18:46.0843 1704 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
10:18:46.0856 1704 Wdf01000 - ok
10:18:46.0873 1704 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:18:46.0876 1704 WdiServiceHost - ok
10:18:46.0879 1704 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
10:18:46.0882 1704 WdiSystemHost - ok
10:18:46.0922 1704 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
10:18:46.0928 1704 WebClient - ok
10:18:46.0954 1704 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
10:18:46.0959 1704 Wecsvc - ok
10:18:46.0980 1704 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
10:18:46.0983 1704 wercplsupport - ok
10:18:47.0011 1704 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
10:18:47.0014 1704 WerSvc - ok
10:18:47.0066 1704 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
10:18:47.0067 1704 WfpLwf - ok
10:18:47.0083 1704 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
10:18:47.0085 1704 WIMMount - ok
10:18:47.0141 1704 WinDefend - ok
10:18:47.0156 1704 WinHttpAutoProxySvc - ok
10:18:47.0222 1704 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
10:18:47.0227 1704 Winmgmt - ok
10:18:47.0361 1704 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
10:18:47.0401 1704 WinRM - ok
10:18:47.0549 1704 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
10:18:47.0551 1704 WinUsb - ok
10:18:47.0621 1704 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
10:18:47.0638 1704 Wlansvc - ok
10:18:47.0720 1704 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:18:47.0724 1704 wlcrasvc - ok
10:18:47.0921 1704 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:18:47.0950 1704 wlidsvc - ok
10:18:48.0089 1704 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
10:18:48.0091 1704 WmiAcpi - ok
10:18:48.0177 1704 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
10:18:48.0184 1704 wmiApSrv - ok
10:18:48.0232 1704 WMPNetworkSvc - ok
10:18:48.0270 1704 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
10:18:48.0276 1704 WPCSvc - ok
10:18:48.0303 1704 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
10:18:48.0309 1704 WPDBusEnum - ok
10:18:48.0326 1704 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
10:18:48.0328 1704 ws2ifsl - ok
10:18:48.0361 1704 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
10:18:48.0367 1704 wscsvc - ok
10:18:48.0373 1704 WSearch - ok
10:18:48.0520 1704 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
10:18:48.0548 1704 wuauserv - ok
10:18:48.0681 1704 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
10:18:48.0685 1704 WudfPf - ok
10:18:48.0724 1704 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
10:18:48.0728 1704 WUDFRd - ok
10:18:48.0766 1704 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
10:18:48.0771 1704 wudfsvc - ok
10:18:48.0806 1704 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
10:18:48.0816 1704 WwanSvc - ok
10:18:48.0857 1704 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
10:18:49.0076 1704 \Device\Harddisk0\DR0 - ok
10:18:49.0082 1704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
10:18:49.0086 1704 \Device\Harddisk1\DR1 - ok
10:18:49.0098 1704 Boot (0x1200) (7e792925ae698c15b6612104901ba36e) \Device\Harddisk0\DR0\Partition0
10:18:49.0099 1704 \Device\Harddisk0\DR0\Partition0 - ok
10:18:49.0103 1704 Boot (0x1200) (27a9f6a2b01b0a6656963cc232c5dbf1) \Device\Harddisk1\DR1\Partition0
10:18:49.0104 1704 \Device\Harddisk1\DR1\Partition0 - ok
10:18:49.0105 1704 ============================================================
10:18:49.0105 1704 Scan finished
10:18:49.0105 1704 ============================================================
10:18:49.0116 5732 Detected object count: 0
10:18:49.0116 5732 Actual detected object count: 0

aswMBR Log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-08 10:20:13
-----------------------------
10:20:13.160 OS Version: Windows x64 6.1.7601 Service Pack 1
10:20:13.160 Number of processors: 8 586 0x2A07
10:20:13.161 ComputerName: HIKARU UserName: Matt
10:20:14.259 Initialize success
10:20:52.921 AVAST engine defs: 12060800
10:21:10.859 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:21:10.865 Disk 0 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
10:21:10.871 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
10:21:10.876 Disk 1 Vendor: TOSHIBA_ MH00 Size: 476940MB BusType: 3
10:21:10.891 Disk 0 MBR read successfully
10:21:10.898 Disk 0 MBR scan
10:21:10.909 Disk 0 Windows VISTA default MBR code
10:21:10.923 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
10:21:10.947 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460005 MB offset 3074048
10:21:10.982 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15434 MB offset 945164288
10:21:11.034 Disk 0 scanning C:\windows\system32\drivers
10:21:20.501 Service scanning
10:21:48.546 Modules scanning
10:21:48.564 Disk 0 trace - called modules:
10:21:48.601 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
10:21:48.608 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800dffc060]
10:21:48.619 3 CLASSPNP.SYS[fffff8800182c43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa800de83710]
10:21:48.629 5 thpdrv.sys[fffff88001d252b0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800d96c050]
10:21:49.648 AVAST engine scan C:\windows
10:21:52.214 AVAST engine scan C:\windows\system32
10:24:26.401 AVAST engine scan C:\windows\system32\drivers
10:24:40.276 AVAST engine scan C:\Users\Matt
10:27:36.728 AVAST engine scan C:\ProgramData
10:50:16.336 Scan finished successfully
10:54:51.762 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
10:54:51.765 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBRlog.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 08 June 2012 - 04:50 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\BabylonToolbar
c:\programdata\Babylon

FCopy::
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe | c:\windows\system32\services.exe

DDS::
uStart Page = hxxp://search.babylon.com/?affID=109935&babsrc=HP_ss&mntrId=2a747be0000000000000b888e3100990

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Aloha213

Aloha213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 09 June 2012 - 12:40 AM

Aloha,

Here is the new Combofix log. Thanks :)


ComboFix Log:

ComboFix 12-06-08.02 - Matt 06/08/2012 12:34:47.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16291.11709 [GMT -10:00]
Running from: c:\users\Matt\Downloads\ComboFix.exe
Command switches used :: c:\users\Matt\Desktop\CFscript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BabylonToolbar
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
c:\program files (x86)\BabylonToolbar\BabylonToolbar\BabylonTB.xpi
c:\programdata\Babylon
.
.
--------------- FCopy ---------------
.
c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe --> c:\windows\system32\services.exe
.
((((((((((((((((((((((((( Files Created from 2012-05-08 to 2012-06-08 )))))))))))))))))))))))))))))))
.
.
2012-06-08 23:09 . 2012-06-08 23:09 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-08 23:09 . 2012-06-08 23:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-08 02:46 . 2012-06-08 02:47 -------- d-----w- C:\FRST
2012-06-07 00:13 . 2012-06-07 00:13 -------- d-----w- c:\program files (x86)\Common Files\SolidWorks Shared
2012-06-04 04:05 . 2012-06-04 04:05 -------- d-----w- c:\program files (x86)\Notepad++
2012-06-04 03:22 . 2012-06-06 02:41 -------- d-----w- c:\programdata\DassaultSystemes
2012-06-04 03:11 . 2012-06-04 03:11 -------- d-----w- c:\program files (x86)\Common Files\eDrawings2012
2012-06-03 19:49 . 2012-06-03 19:49 -------- d-----w- c:\programdata\Pinnacle
2012-06-03 19:44 . 2012-06-03 19:44 -------- d-----w- c:\program files (x86)\Common Files\Avid
2012-06-01 00:51 . 2012-06-01 00:51 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-01 00:47 . 2012-06-01 00:47 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-01 00:47 . 2012-06-01 00:47 -------- d-----w- c:\windows\system32\Macromed
2012-05-30 04:39 . 2012-05-30 04:39 -------- d-----w- c:\program files (x86)\Neuratron AudioScore Lite
2012-05-30 04:39 . 2012-05-30 04:39 -------- d-----w- c:\program files (x86)\Sibelius Software
2012-05-30 04:35 . 2012-06-03 19:49 -------- d-----w- c:\programdata\Avid
2012-05-30 04:35 . 2012-06-03 19:45 -------- d-----w- c:\program files (x86)\Avid
2012-05-30 04:35 . 2012-05-30 04:35 -------- d-----w- c:\program files\Avid
2012-05-30 04:02 . 2012-05-01 06:42 63088 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-05-30 04:01 . 2012-05-01 06:42 354416 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-05-30 04:01 . 2012-05-01 06:42 433264 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-05-30 04:01 . 2012-05-01 06:40 30320 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-05-30 04:01 . 2012-05-01 06:42 942192 ----a-w- c:\windows\system32\vnetlib64.dll
2012-05-30 04:01 . 2011-08-30 09:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-05-30 04:00 . 2012-06-08 13:04 -------- d-----w- c:\programdata\VMware
2012-05-30 04:00 . 2012-05-30 04:00 -------- d-----w- c:\program files (x86)\VMware
2012-05-30 04:00 . 2012-05-30 04:00 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-05-30 04:00 . 2012-05-30 04:00 -------- d-----w- c:\program files\Common Files\VMware
2012-05-30 01:18 . 2012-05-23 00:26 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2012-05-30 01:18 . 2012-05-23 00:26 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2012-05-30 01:17 . 2012-05-30 01:17 -------- d-----w- c:\program files\Oracle
2012-05-25 22:05 . 2012-05-25 22:05 -------- d-----w- c:\program files (x86)\WinSCP
2012-05-25 21:00 . 2012-06-04 03:22 -------- d-----w- c:\programdata\FLEXnet
2012-05-25 21:00 . 2012-05-25 21:00 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-05-25 21:00 . 2012-06-03 05:45 -------- d-----w- c:\programdata\Rosetta Stone
2012-05-25 21:00 . 2012-05-25 21:00 -------- d-----w- c:\program files (x86)\Rosetta Stone
2012-05-25 20:03 . 2009-05-18 23:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-05-25 20:03 . 2008-04-17 22:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-05-25 20:03 . 2008-04-17 22:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-05-25 20:02 . 2012-05-25 20:03 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-05-25 20:02 . 2012-05-25 20:02 -------- d-----w- c:\program files\iPod
2012-05-25 20:02 . 2012-05-25 20:03 -------- d-----w- c:\program files\iTunes
2012-05-25 20:02 . 2012-05-25 20:03 -------- d-----w- c:\program files (x86)\iTunes
2012-05-25 20:02 . 2012-05-25 20:02 -------- d-----w- c:\programdata\Apple Computer
2012-05-25 20:02 . 2012-05-25 20:02 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-25 20:01 . 2012-05-25 20:01 -------- d-----w- c:\program files\Common Files\Apple
2012-05-25 20:01 . 2012-05-25 20:01 -------- d-----w- c:\program files\Bonjour
2012-05-25 20:01 . 2012-05-25 20:01 -------- d-----w- c:\program files (x86)\Bonjour
2012-05-25 20:01 . 2012-05-25 20:02 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-25 20:01 . 2012-05-25 20:02 -------- d-----w- c:\programdata\Apple
2012-05-25 18:54 . 2009-12-30 20:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-05-25 18:54 . 2012-05-25 18:54 -------- d-----w- c:\program files\VS Revo Group
2012-05-25 18:21 . 2012-05-25 18:21 -------- d-----w- c:\program files (x86)\AnvSoft
2012-05-25 12:08 . 2012-05-25 12:08 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-05-25 11:52 . 2012-05-25 18:18 275360 ----a-w- c:\windows\system32\DreamScene.dll
2012-05-25 11:52 . 2012-05-25 18:23 -------- d-----w- c:\program files (x86)\DreamScene Seven
2012-05-23 00:26 . 2012-05-23 00:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-05-23 00:25 . 2012-05-23 00:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-05-23 00:25 . 2012-05-23 00:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-05-21 07:55 . 2012-05-21 07:55 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-05-21 07:55 . 2012-05-21 07:55 -------- d-----r- c:\program files (x86)\Skype
2012-05-21 07:54 . 2012-05-21 07:55 -------- d-----w- c:\programdata\Skype
2012-05-20 21:37 . 2012-05-20 21:42 -------- d-----w- c:\programdata\PMS
2012-05-20 21:37 . 2012-05-20 21:42 -------- d-----w- c:\program files (x86)\PS3 Media Server
2012-05-19 07:35 . 2012-05-19 07:35 -------- d-----w- c:\program files (x86)\VideoLAN
2012-05-19 07:34 . 2012-05-19 07:34 -------- d-----w- c:\program files (x86)\AWS
2012-05-19 07:33 . 2012-05-30 00:51 287 ----a-w- C:\user.js
2012-05-18 11:10 . 2012-05-24 04:25 -------- d-----w- c:\windows\system32\drivers\NISx64\1307010.005
2012-05-17 19:20 . 2012-05-17 19:20 -------- d-----w- C:\IExp1.tmp
2012-05-17 19:20 . 2012-05-17 19:20 -------- d-----w- C:\IExp0.tmp
2012-05-17 19:20 . 2012-05-17 19:20 -------- d-----w- c:\program files (x86)\Windows Media Components
2012-05-17 19:19 . 2012-05-17 19:19 -------- d--h--w- c:\programdata\Common Files
2012-05-17 19:16 . 2012-05-17 19:16 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-05-17 19:15 . 2012-05-17 19:15 -------- d-----w- c:\program files (x86)\Futuremark
2012-05-16 22:17 . 2012-05-16 22:17 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-05-16 21:40 . 2012-05-16 21:40 -------- d-----w- c:\programdata\ALM
2012-05-16 21:29 . 2012-05-16 21:29 -------- d-----w- c:\program files (x86)\Adobe Story
2012-05-16 21:28 . 2012-06-06 02:53 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-05-16 21:28 . 2012-05-16 21:28 -------- d-----w- c:\program files (x86)\My Company Name
2012-05-16 21:28 . 2012-05-16 21:28 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-05-16 21:28 . 2011-11-03 13:01 56208 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-05-16 21:28 . 2009-06-23 13:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-05-16 21:28 . 2009-06-23 13:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-05-16 21:17 . 2012-05-16 21:17 -------- d-----w- c:\windows\SysWow64\Wat
2012-05-16 21:17 . 2012-05-16 21:17 -------- d-----w- c:\windows\system32\Wat
2012-05-16 21:10 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-05-16 21:10 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-05-16 21:10 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-05-16 21:10 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-05-16 21:10 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-05-16 21:10 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-05-16 21:10 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-05-16 21:04 . 2012-06-06 03:03 -------- d-----w- c:\program files\Common Files\Adobe
2012-05-16 17:58 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-05-16 17:57 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-16 17:57 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-16 17:57 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-16 17:57 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-16 17:57 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-05-16 17:57 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-05-16 17:57 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-05-16 17:57 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-05-16 17:57 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-05-16 11:26 . 2012-05-16 17:50 -------- d-----w- C:\AutoKMS
2012-05-16 11:26 . 2012-05-16 11:26 -------- d-----w- c:\program files (x86)\Detong
2012-05-16 11:26 . 2012-05-16 11:26 -------- d-----w- c:\program files (x86)\Classic Menu for Office 2010
2012-05-16 11:22 . 2012-05-16 11:22 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-05-16 11:22 . 2012-05-16 11:22 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-05-16 11:21 . 2012-05-16 11:21 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-05-16 11:20 . 2012-05-16 11:20 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-05-16 11:20 . 2012-05-25 12:14 -------- d-----w- c:\programdata\Microsoft Help
2012-05-16 11:20 . 2012-05-16 11:20 -------- d-----r- C:\MSOCache
2012-05-16 11:10 . 2012-05-16 11:22 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-05-16 07:50 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-05-16 07:50 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-05-16 07:50 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-05-16 07:50 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-05-16 07:50 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-05-16 07:50 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-05-16 07:50 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-05-16 07:40 . 2012-05-16 07:40 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2012-05-16 07:39 . 2012-06-08 05:09 -------- d-----w- c:\users\Matt
2012-05-16 07:39 . 2012-05-16 11:13 -------- d-----w- c:\program files (x86)\1ClickDownload
2012-05-16 07:33 . 2012-05-16 07:33 -------- d-----w- c:\program files (x86)\PowerISO
2012-05-16 07:33 . 2012-04-19 03:57 126912 ----a-w- c:\windows\system32\drivers\scdemu.sys
2012-05-16 07:29 . 2012-05-16 07:31 -------- d-----w- c:\programdata\DAEMON Tools Pro
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-08 03:22 . 2012-04-18 22:21 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-01 00:47 . 2011-08-22 03:19 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-16 10:12 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-01 04:26 . 2012-05-01 04:26 252016 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-05-01 03:22 . 2012-05-01 03:22 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-05-01 03:22 . 2012-05-01 03:22 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-05-01 03:22 . 2012-05-01 03:22 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-05-01 03:22 . 2012-05-01 03:22 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-05-01 03:22 . 2012-05-01 03:22 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-04-18 22:09 . 2012-04-18 22:09 20592 ----a-w- c:\windows\system32\drivers\CeKbFilter.sys
2012-03-13 06:56 . 2011-03-01 04:01 947472 ----a-w- c:\windows\SysWow64\msjava.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-08_12.54.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-08 13:05 43016 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-08 13:05 42218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-06-08 12:55 42218 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-05-24 04:18 . 2012-06-08 13:03 6054 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-05-16 07:41 . 2012-06-08 13:05 8036 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-446712709-3515747674-812188975-1001_UserData.bin
+ 2012-06-08 13:04 . 2012-06-08 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 12:53 . 2012-06-08 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-08 12:53 . 2012-06-08 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-08 13:04 . 2012-06-08 13:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-16 10:12 . 2012-06-08 20:09 291204 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-06-08 12:53 523772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-08 13:03 523772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-05-16 07:51 . 2012-06-08 12:53 1471064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-05-16 07:51 . 2012-06-08 13:03 1471064 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2009-12-29 1653248]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-22 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2011-04-02 80840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-04-19 336952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-05-01 103536]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-09-05 937920]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-19 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 cpuz130;cpuz130;c:\users\Matt\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 136176]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-05-01 11839488]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120531.001\BHDrvx64.sys [2012-05-08 1160824]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120607.001\IDSvia64.sys [2012-05-16 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2011-07-19 123320]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-07 1997416]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-07-19 126392]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2011-05-24 294848]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-06-03 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2011-07-01 828856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 19139939
*NewlyCreated* - ASWMBR
*Deregistered* - 19139939
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-08 c:\windows\Tasks\AutoKMS.job
- c:\autokms\AutoKMS.exe [2012-05-16 11:26]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 22:22]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 22:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-28 11831400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-04-18 2209896]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-08 13:10:55
ComboFix-quarantined-files.txt 2012-06-08 23:10
ComboFix2.txt 2012-06-08 12:59
.
Pre-Run: 277,462,302,720 bytes free
Post-Run: 277,148,782,592 bytes free
.
- - End Of File - - 28425E952E4841B2B18EE2A62F5AA87B

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 10 June 2012 - 04:51 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 12 June 2012 - 11:19 PM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Aloha213

Aloha213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 13 June 2012 - 10:33 PM

Aloha Gringo,

Sorry for the late reply. Thanks!

Here is the report you requested:

µTorrent
Any Video Converter 3.3.9
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Avid License Control
Babylon toolbar on IE
BabylonObjectInstaller
Bejeweled 3
bl
Chuzzle Deluxe
Classic Menu for Office Enterprise 2010
Corel WinDVD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
FATE - The Traitor Soul
Fishdom ™ 2
Futuremark SystemInfo
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 25
JMicron Flash Media Controller Driver
Junk Mail filter update
Label@Once 1.0
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
Neuratron AudioScore Lite
Norton Internet Security
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
Office Tab
PCMark05
PDF Settings CS5
PDF Settings CS6
Penguins!
ph
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
PowerISO
PS3 Media Server
PxMergeModule
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sibelius 7 OpenType Fonts
Sibelius Scorch (all browsers)
Skype Launcher
Skype™ 5.9
SolidWorks 2012 Document Manager API
SolidWorks eDrawings 2012
Tom Clancy's Splinter Cell
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Utility Common Driver
Vid-Saver
Virtual Villagers 5 - New Believers
VLC media player 1.1.11
VMware Workstation
WeatherBug
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinSCP 4.3.7
Zuma's Revenge








µTorrent
Any Video Converter 3.3.9
Apple Application Support
Apple Software Update
Atheros Driver Installation Program
Avid License Control
Babylon toolbar on IE
BabylonObjectInstaller
Bejeweled 3
bl
Chuzzle Deluxe
Classic Menu for Office Enterprise 2010
Corel WinDVD
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
FATE - The Traitor Soul
Fishdom ™ 2
Futuremark SystemInfo
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 25
JMicron Flash Media Controller Driver
Junk Mail filter update
Label@Once 1.0
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
Neuratron AudioScore Lite
Norton Internet Security
Notepad++
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
Office Tab
PCMark05
PDF Settings CS5
PDF Settings CS6
Penguins!
ph
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime x86
Polar Bowler
PowerISO
PS3 Media Server
PxMergeModule
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Renesas Electronics USB 3.0 Host Controller Driver
Rosetta Stone Version 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Sibelius 7 OpenType Fonts
Sibelius Scorch (all browsers)
Skype Launcher
Skype™ 5.9
SolidWorks 2012 Document Manager API
SolidWorks eDrawings 2012
Tom Clancy's Splinter Cell
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA VIDEO PLAYER
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
TOSHIBARegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Utility Common Driver
Vid-Saver
Virtual Villagers 5 - New Believers
VLC media player 1.1.11
VMware Workstation
WeatherBug
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
WinSCP 4.3.7
Zuma's Revenge

#14 Aloha213

Aloha213
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 13 June 2012 - 10:35 PM

Sorry pasted 2x ^^

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:21 AM

Posted 14 June 2012 - 03:10 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Babylon toolbar on IE
BabylonObjectInstaller
Java™ 6 Update 25
WeatherBug
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users