Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected withTrojan Patched_c.LXT and Browser Redirect


  • This topic is locked This topic is locked
22 replies to this topic

#1 armyman1031

armyman1031

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 18 July 2012 - 06:16 PM

This topic is being carried over from my previous post


I am using Windows 7 Home Premium SP1 and Mozilla Firefox 13.0.1. Every time I use Google search and click a search result it redirects me to some other site or search engine and even when i just do a search if i leave it on the results page a new tab opens with some other search engine. Also using AVG Anti-Virus Free 2012.0.2197 and real time protection detected "Trojan horse Patched_c.LXT" "c:\Windows\System32\services.exe", "Trojan horse BackDoor.Generic15.AXLA" "c:\Windows\assembly\GAC_32\Desktop.ini", "Trojan horse Generic28.ANIC" "c:\Windows\assembly\GAC_64\Desktop.ini"

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Administrator at 19:06:55 on 2012-07-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2660 [GMT -4:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
uRunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A324DFAE-E2EA-4167-89EB-2653D5802062} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A324DFAE-E2EA-4167-89EB-2653D5802062}\058696C6C696563716E6469516E6B6565637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A324DFAE-E2EA-4167-89EB-2653D5802062}\3535A4B454 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A324DFAE-E2EA-4167-89EB-2653D5802062}\35471697262796467656 : DhcpNameServer = 10.59.1.1
TCP: Interfaces\{A324DFAE-E2EA-4167-89EB-2653D5802062}\35471697262796467656D2130303 : DhcpNameServer = 10.59.1.1
TCP: Interfaces\{A324DFAE-E2EA-4167-89EB-2653D5802062}\74564797F65727F677E6 : DhcpNameServer = 208.59.247.45 208.59.247.46
TCP: Interfaces\{A324DFAE-E2EA-4167-89EB-2653D5802062}\E4544574541425 : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\6wrwt8bk.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-3 63928]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GFNEXSrv;GFNEX Service;C:\Windows\System32\GFNEXSrv.exe --> C:\Windows\System32\GFNEXSrv.exe [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-23 136176]
S2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2012-2-23 126392]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-17 1153368]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-2-23 2656280]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-23 250056]
S3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-23 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-8 113120]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2012-2-23 57216]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-10 138152]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\windows\system32\DRIVERS\WSDPrint.sys --> C:\windows\system32\DRIVERS\WSDPrint.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-18 22:47:59 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-18 22:45:21 -------- d-----w- C:\Users\Administrator\AppData\Local\Macromedia
2012-07-18 22:44:34 -------- d-----w- C:\Users\Administrator\AppData\Local\Mozilla
2012-07-18 20:04:58 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-18 20:04:36 772544 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-07-18 14:17:37 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-18 12:19:36 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-18 12:19:36 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-18 12:09:54 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-18 12:09:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-18 12:09:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-17 23:43:49 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-07-17 23:43:26 -------- d--h--w- C:\$AVG
2012-07-17 23:43:25 -------- d-----w- C:\windows\System32\drivers\AVG
2012-07-17 23:43:25 -------- d-----w- C:\ProgramData\AVG2012
2012-07-17 23:42:48 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-17 23:39:05 -------- d--h--w- C:\ProgramData\Common Files
2012-07-17 23:39:05 -------- d-----w- C:\ProgramData\MFAData
2012-07-17 22:36:20 -------- d-----w- C:\Program Files\Perfect Uninstaller
2012-07-17 22:15:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-17 22:15:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-17 20:15:36 -------- d-----w- C:\ProgramData\Symantec
2012-07-15 21:20:27 22 ----a-w- C:\windows\SysWow64\sycd5.dll
2012-07-15 21:18:59 82816 ----a-w- C:\windows\System32\drivers\pcouffin.sys
2012-07-15 18:37:43 -------- d-----w- C:\windows\SysWow64\drivers\plugin
2012-07-15 18:37:43 -------- d-----w- C:\Program Files (x86)\Syser
2012-07-15 18:30:02 53248 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2012-07-15 18:30:02 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-07-15 18:30:02 221184 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-15 18:30:01 598016 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2012-07-15 18:30:01 217088 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-07-15 18:30:01 126976 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2012-07-15 18:30:01 114688 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2012-07-15 16:38:00 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
2012-07-15 16:24:39 -------- d-----w- C:\ProgramData\Trymedia
2012-07-15 16:11:23 -------- d-----w- C:\Program Files (x86)\Trucks & Trailers
2012-07-15 06:19:50 255552 ----a-w- C:\windows\SysWow64\drivers\mcdbus.sys
2012-07-15 06:19:50 255552 ----a-w- C:\windows\System32\drivers\mcdbus.sys
2012-07-15 06:19:49 -------- d-----w- C:\Program Files (x86)\MagicDisc
2012-07-13 08:24:05 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4BEDF013-DC88-4B2F-B011-DD2372A222F2}\mpengine.dll
2012-07-13 07:03:09 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 22:46:48 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-01 03:57:21 258048 ----a-w- C:\windows\System32\Spool\prtprocs\x64\hpfppw73.dll
2012-07-01 03:12:51 -------- d-----w- C:\Program Files (x86)\MozBackup
2012-06-24 02:45:40 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-20 07:00:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-06-19 14:34:49 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-19 14:34:39 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-19 14:34:25 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-19 14:34:25 186752 ----a-w- C:\windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-14 02:49:13 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-06 02:06:20 687544 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
.
============= FINISH: 19:07:30.98 ===============

Attached Files


Edited by armyman1031, 18 July 2012 - 06:36 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 21 July 2012 - 11:46 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 armyman1031

armyman1031
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 July 2012 - 08:44 AM

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Secunia PSI (3.0.0.2004)
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 33
Java™ 7 Update 5
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#4 armyman1031

armyman1031
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 22 July 2012 - 10:51 AM

ComboFix froze so i reset and ran it in safemode
no browser redirect and haven't seen avg shield detect any virus


ComboFix 12-07-21.01 - Isaiah 07/22/2012 11:15:55.2.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2835 [GMT -4:00]
Running from: c:\users\Isaiah\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\712A0B089B8E6629.log
.
---- Previous Run -------
.
c:\users\Isaiah\AppData\Local\TempDIR
c:\users\Isaiah\AppData\Roaming\inst.exe
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\@
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\L\00000004.@
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\L\1afb2d56
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\L\201d3dde
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\U\00000004.@
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\U\00000008.@
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\U\000000cb.@
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\U\80000000.@
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\U\80000032.@
c:\windows\Installer\{09b9d309-aeee-6cf6-923a-21b3aaff18c2}\U\80000064.@
c:\windows\SysWow64\sycd5.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 15:26 . 2012-07-22 15:26 -------- d-----w- c:\users\ReD_AnGeL\AppData\Local\temp
2012-07-22 15:26 . 2012-07-22 15:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-21 19:22 . 2012-07-21 19:27 -------- d-----w- c:\programdata\VirtualizedApplications
2012-07-21 17:12 . 2012-07-21 17:12 -------- d-----w- c:\users\Isaiah\AppData\Local\SoftGrid Client
2012-07-21 06:45 . 2011-10-21 15:23 94208 ----a-w- c:\windows\system32\drivers\lgvzandnetndis64.sys
2012-07-21 06:45 . 2011-10-10 18:01 36352 ----a-w- c:\windows\system32\drivers\lgvzandnetmdm64.sys
2012-07-21 06:45 . 2011-10-10 18:01 29696 ----a-w- c:\windows\system32\drivers\lgvzandnetdiag64.sys
2012-07-21 06:45 . 2011-10-10 18:01 29696 ----a-w- c:\windows\system32\drivers\lgvzandnetdiag264.sys
2012-07-21 06:45 . 2011-10-10 17:49 31744 ----a-w- c:\windows\system32\drivers\lgvzandnetadb.sys
2012-07-21 06:45 . 2010-08-02 20:38 1919968 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-07-21 06:41 . 2012-03-06 11:17 93184 ----a-w- c:\windows\system32\drivers\lgandnetndis64.sys
2012-07-21 06:41 . 2012-03-06 11:04 36352 ----a-w- c:\windows\system32\drivers\lgandnetmodem64.sys
2012-07-21 06:41 . 2012-03-06 11:04 29184 ----a-w- c:\windows\system32\drivers\lgandnetdiag64.sys
2012-07-21 06:41 . 2012-03-06 11:04 29184 ----a-w- c:\windows\system32\drivers\lgandnetdiag264.sys
2012-07-21 05:56 . 2012-07-22 00:34 -------- d-----w- c:\program files (x86)\LG Electronics
2012-07-21 05:55 . 2012-07-21 05:55 -------- d-----w- C:\LGMS840
2012-07-21 05:53 . 2011-05-10 17:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-07-21 05:53 . 2011-05-10 17:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-07-21 05:53 . 2011-05-10 17:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2012-07-21 05:53 . 2006-05-04 12:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2012-07-21 05:53 . 2005-10-04 05:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-07-21 05:53 . 2012-07-21 06:42 -------- d-----w- c:\programdata\LGMOBILEAX
2012-07-21 03:55 . 2012-07-21 04:03 -------- d-----w- c:\users\Isaiah\AppData\Local\VMware
2012-07-21 03:55 . 2012-07-21 04:03 -------- d-----w- c:\users\Isaiah\AppData\Roaming\VMware
2012-07-21 03:52 . 2012-06-09 06:37 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-07-21 03:51 . 2012-06-09 06:36 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-07-21 03:51 . 2012-06-09 06:37 433816 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-07-21 03:51 . 2012-06-09 06:35 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-07-21 03:51 . 2012-06-09 06:37 942744 ----a-w- c:\windows\system32\vnetlib64.dll
2012-07-21 03:51 . 2012-06-09 06:36 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-07-21 03:51 . 2011-08-30 03:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-07-21 03:51 . 2012-07-22 13:52 -------- d-----w- c:\programdata\VMware
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\program files (x86)\VMware
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-07-21 03:50 . 2012-07-21 03:50 -------- d-----w- c:\program files\Common Files\VMware
2012-07-21 03:31 . 2012-07-21 03:31 -------- d-----w- c:\users\Isaiah\AppData\Local\Secunia PSI
2012-07-21 03:30 . 2012-07-21 03:30 -------- d-----w- c:\program files (x86)\Secunia
2012-07-20 23:27 . 2012-07-20 23:27 -------- d-----w- c:\program files (x86)\EaseUS
2012-07-20 22:49 . 2012-06-18 17:34 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-07-20 22:49 . 2012-06-18 17:34 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-07-20 22:49 . 2012-06-18 17:34 12384 ------w- c:\windows\system32\pwdspio.sys
2012-07-20 22:49 . 2012-07-20 22:49 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 7.5
2012-07-20 04:30 . 2012-07-21 18:49 -------- d-----w- c:\users\Isaiah\AppData\Roaming\SoftGrid Client
2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\program files\Microsoft Office
2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-07-20 04:28 . 2012-07-20 04:30 -------- d-----w- c:\users\Isaiah\AppData\Roaming\TP
2012-07-18 22:09 . 2012-07-18 23:03 -------- d-----w- c:\users\Administrator
2012-07-18 20:05 . 2012-07-18 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-18 20:04 . 2012-07-18 20:04 -------- d-----w- c:\program files (x86)\Oracle
2012-07-18 20:04 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-18 20:03 . 2012-07-18 20:03 -------- d-----w- c:\programdata\McAfee
2012-07-18 14:17 . 2012-07-18 14:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-18 12:10 . 2012-07-18 12:10 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Malwarebytes
2012-07-18 12:09 . 2012-07-18 12:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 12:09 . 2012-07-18 12:09 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 12:09 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 23:48 . 2012-07-17 23:48 -------- d-----w- c:\users\Isaiah\AppData\Roaming\AVG2012
2012-07-17 23:43 . 2012-07-17 23:43 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-17 23:43 . 2012-07-17 23:43 -------- d-----w- C:\$AVG
2012-07-17 23:43 . 2012-07-22 13:27 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-17 23:43 . 2012-07-17 23:58 -------- d-----w- c:\programdata\AVG2012
2012-07-17 23:42 . 2012-07-17 23:42 -------- d-----w- c:\program files (x86)\AVG
2012-07-17 23:39 . 2012-07-22 13:27 -------- d-----w- c:\programdata\MFAData
2012-07-17 23:39 . 2012-07-17 23:39 -------- d--h--w- c:\programdata\Common Files
2012-07-17 23:05 . 2012-07-19 15:16 -------- d-----w- c:\users\Isaiah\AppData\Roaming\WildTangent
2012-07-17 22:45 . 2012-07-17 22:45 -------- d-----w- c:\users\Isaiah\AppData\Local\Microsoft Games
2012-07-17 22:15 . 2012-07-17 22:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-17 22:15 . 2012-07-17 22:17 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-17 20:15 . 2012-07-17 20:15 -------- d-----w- c:\programdata\Symantec
2012-07-17 20:14 . 2012-07-17 20:14 -------- d-----w- c:\users\Isaiah\AppData\Local\Chromium
2012-07-15 21:18 . 2012-07-15 21:31 82816 ----a-w- c:\users\Isaiah\AppData\Roaming\pcouffin.sys
2012-07-15 21:18 . 2012-07-15 21:31 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Vso
2012-07-15 21:18 . 2012-07-15 21:18 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-07-15 18:37 . 2012-07-15 19:42 -------- d-----w- c:\program files (x86)\Syser
2012-07-15 18:37 . 2012-07-15 19:42 -------- d-----w- c:\windows\SysWow64\drivers\plugin
2012-07-15 18:30 . 2012-07-15 18:30 53248 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2012-07-15 18:30 . 2012-07-15 18:30 32768 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-07-15 18:30 . 2012-07-15 18:30 221184 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-15 18:30 . 2012-07-15 18:30 598016 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2012-07-15 18:30 . 2012-07-15 18:30 217088 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-07-15 18:30 . 2012-07-15 18:30 126976 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2012-07-15 18:30 . 2012-07-15 18:30 114688 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2012-07-15 17:29 . 2012-07-15 18:36 -------- d-----w- c:\users\Isaiah\AppData\Roaming\PE Explorer
2012-07-15 16:38 . 2012-07-15 16:38 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-15 16:24 . 2012-07-15 16:24 -------- d-----w- c:\programdata\Trymedia
2012-07-15 07:16 . 2012-07-15 07:16 -------- d-----w- c:\program files\WinRAR
2012-07-15 06:56 . 2012-07-15 06:56 -------- d-----w- c:\users\Isaiah\AppData\Roaming\PCCUStubInstaller
2012-07-15 06:19 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-15 06:19 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-07-15 06:19 . 2012-07-15 06:20 -------- d-----w- c:\program files (x86)\MagicDisc
2012-07-13 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:45 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-01 04:02 . 2012-07-15 19:32 -------- d-----w- c:\users\Isaiah\AppData\Local\Diagnostics
2012-07-01 03:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2012-07-01 03:12 . 2012-07-19 15:54 -------- d-----w- c:\program files (x86)\MozBackup
2012-06-24 02:47 . 2012-06-24 02:47 -------- d-----w- c:\users\Isaiah\AppData\Local\Macromedia
2012-06-24 02:45 . 2012-07-14 02:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 02:45 . 2012-06-24 02:45 -------- d-----w- c:\windows\system32\Macromed
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 02:49 . 2011-11-03 12:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 07:01 . 2012-06-06 00:55 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2011-11-03 12:45 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 04:29 . 2012-06-09 04:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-06-09 03:52 . 2012-06-09 03:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-06-09 03:52 . 2012-06-09 03:52 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-06-09 03:52 . 2012-06-09 03:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-06-09 03:52 . 2012-06-09 03:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-06-09 03:52 . 2012-06-09 03:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-06-02 22:19 . 2012-06-19 14:34 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:34 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:34 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:34 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:34 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:34 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:34 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 14:34 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 14:34 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 19:17 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-14 04:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 04:08 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 04:08 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 03:20 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 03:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 03:31 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 03:31 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 03:31 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 13:20 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 13:20 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 13:20 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 13:20 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 13:20 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 13:20 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
.
c:\users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-15 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-03 483688]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-14 250056]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-03-06 29184]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys [2012-03-06 29184]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-03-06 36352]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys [2012-03-06 93184]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-07-15 82816]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-03 721768]
R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-03 269672]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-03 25960]
R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-03 22376]
R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-03 209768]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys [2011-10-10 31744]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2011-10-10 29696]
R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag264.sys [2011-10-10 29696]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2011-10-10 36352]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2011-10-21 94208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-03 1103464]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 02:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-07 416024]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\eck29doe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-24830797.sys
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-22 11:28:12
ComboFix-quarantined-files.txt 2012-07-22 15:28
.
Pre-Run: 551,488,520,192 bytes free
Post-Run: 551,035,121,664 bytes free
.
- - End Of File - - 2DB62A1BB8594551A9B46E192888C378

Edited by armyman1031, 22 July 2012 - 11:12 AM.


#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 22 July 2012 - 11:30 AM

Greetings armyman1031

That is good new that things are looking better, but I want to run some deeper scans just to make sure nothing shows up.

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 armyman1031

armyman1031
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 23 July 2012 - 04:57 PM

No Problems
17:00:05.0833 6216 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30
17:00:06.0660 6216 ============================================================
17:00:06.0660 6216 Current date / time: 2012/07/23 17:00:06.0660
17:00:06.0660 6216 SystemInfo:
17:00:06.0660 6216
17:00:06.0660 6216 OS Version: 6.1.7601 ServicePack: 1.0
17:00:06.0660 6216 Product type: Workstation
17:00:06.0660 6216 ComputerName: TIBURON
17:00:06.0660 6216 UserName: Isaiah
17:00:06.0660 6216 Windows directory: C:\windows
17:00:06.0660 6216 System windows directory: C:\windows
17:00:06.0660 6216 Running under WOW64
17:00:06.0660 6216 Processor architecture: Intel x64
17:00:06.0660 6216 Number of processors: 4
17:00:06.0660 6216 Page size: 0x1000
17:00:06.0660 6216 Boot type: Normal boot
17:00:06.0660 6216 ============================================================
17:00:07.0144 6216 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:00:07.0144 6216 ============================================================
17:00:07.0144 6216 \Device\Harddisk0\DR0:
17:00:07.0144 6216 MBR partitions:
17:00:07.0144 6216 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x48733000
17:00:07.0144 6216 ============================================================
17:00:07.0191 6216 C: <-> \Device\Harddisk0\DR0\Partition0
17:00:07.0191 6216 ============================================================
17:00:07.0191 6216 Initialize success
17:00:07.0191 6216 ============================================================
17:00:21.0652 1264 ============================================================
17:00:21.0652 1264 Scan started
17:00:21.0652 1264 Mode: Manual;
17:00:21.0652 1264 ============================================================
17:00:23.0118 1264 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
17:00:23.0118 1264 1394ohci - ok
17:00:23.0212 1264 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
17:00:23.0228 1264 ACPI - ok
17:00:23.0274 1264 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
17:00:23.0274 1264 AcpiPmi - ok
17:00:23.0352 1264 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:00:23.0352 1264 AdobeARMservice - ok
17:00:23.0508 1264 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:00:23.0508 1264 AdobeFlashPlayerUpdateSvc - ok
17:00:23.0618 1264 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
17:00:23.0633 1264 adp94xx - ok
17:00:23.0711 1264 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
17:00:23.0727 1264 adpahci - ok
17:00:23.0774 1264 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
17:00:23.0774 1264 adpu320 - ok
17:00:23.0820 1264 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
17:00:23.0836 1264 AeLookupSvc - ok
17:00:23.0961 1264 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
17:00:23.0976 1264 AFD - ok
17:00:24.0023 1264 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
17:00:24.0023 1264 agp440 - ok
17:00:24.0070 1264 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
17:00:24.0086 1264 ALG - ok
17:00:24.0117 1264 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
17:00:24.0117 1264 aliide - ok
17:00:24.0132 1264 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
17:00:24.0148 1264 amdide - ok
17:00:24.0195 1264 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
17:00:24.0210 1264 AmdK8 - ok
17:00:24.0226 1264 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
17:00:24.0242 1264 AmdPPM - ok
17:00:24.0273 1264 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
17:00:24.0288 1264 amdsata - ok
17:00:24.0320 1264 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
17:00:24.0335 1264 amdsbs - ok
17:00:24.0351 1264 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
17:00:24.0351 1264 amdxata - ok
17:00:24.0398 1264 AndNetDiag (8b3236c07ef8a2b714a8b64d8ea0f2ab) C:\windows\system32\DRIVERS\lgandnetdiag64.sys
17:00:24.0413 1264 AndNetDiag - ok
17:00:24.0429 1264 AndNetDiag2 (53c639d7904539056627368e0097551f) C:\windows\system32\DRIVERS\lgandnetdiag264.sys
17:00:24.0444 1264 AndNetDiag2 - ok
17:00:24.0460 1264 ANDNetModem (17d42f72b6dc32f1dac96e948e60037e) C:\windows\system32\DRIVERS\lgandnetmodem64.sys
17:00:24.0460 1264 ANDNetModem - ok
17:00:24.0507 1264 andnetndis (a1d5155bd93f7f1933c2d91aacc7fa62) C:\windows\system32\DRIVERS\lgandnetndis64.sys
17:00:24.0507 1264 andnetndis - ok
17:00:24.0585 1264 AnyDVD (30682a098e12e2c85fa65518e1618195) C:\windows\system32\Drivers\AnyDVD.sys
17:00:24.0585 1264 AnyDVD - ok
17:00:24.0632 1264 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
17:00:24.0632 1264 AppID - ok
17:00:24.0678 1264 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
17:00:24.0678 1264 AppIDSvc - ok
17:00:24.0694 1264 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
17:00:24.0694 1264 Appinfo - ok
17:00:24.0819 1264 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
17:00:24.0850 1264 arc - ok
17:00:24.0881 1264 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
17:00:24.0881 1264 arcsas - ok
17:00:25.0006 1264 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:00:25.0006 1264 aspnet_state - ok
17:00:25.0053 1264 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:00:25.0053 1264 AsyncMac - ok
17:00:25.0068 1264 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
17:00:25.0068 1264 atapi - ok
17:00:25.0209 1264 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
17:00:25.0240 1264 AudioEndpointBuilder - ok
17:00:25.0256 1264 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
17:00:25.0271 1264 AudioSrv - ok
17:00:25.0755 1264 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
17:00:25.0895 1264 AVGIDSAgent - ok
17:00:26.0036 1264 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
17:00:26.0036 1264 AVGIDSDriver - ok
17:00:26.0067 1264 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
17:00:26.0067 1264 AVGIDSFilter - ok
17:00:26.0098 1264 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
17:00:26.0098 1264 AVGIDSHA - ok
17:00:26.0145 1264 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
17:00:26.0160 1264 Avgldx64 - ok
17:00:26.0176 1264 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
17:00:26.0176 1264 Avgmfx64 - ok
17:00:26.0207 1264 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
17:00:26.0207 1264 Avgrkx64 - ok
17:00:26.0254 1264 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
17:00:26.0270 1264 Avgtdia - ok
17:00:26.0348 1264 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:00:26.0348 1264 avgwd - ok
17:00:26.0410 1264 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
17:00:26.0410 1264 AxInstSV - ok
17:00:26.0472 1264 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
17:00:26.0488 1264 b06bdrv - ok
17:00:26.0535 1264 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:00:26.0550 1264 b57nd60a - ok
17:00:26.0613 1264 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
17:00:26.0613 1264 BDESVC - ok
17:00:26.0628 1264 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:00:26.0628 1264 Beep - ok
17:00:26.0706 1264 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
17:00:26.0722 1264 BFE - ok
17:00:26.0800 1264 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
17:00:26.0816 1264 BITS - ok
17:00:26.0878 1264 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:00:26.0878 1264 blbdrive - ok
17:00:26.0925 1264 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
17:00:26.0925 1264 bowser - ok
17:00:26.0956 1264 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
17:00:26.0956 1264 BrFiltLo - ok
17:00:26.0987 1264 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
17:00:26.0987 1264 BrFiltUp - ok
17:00:27.0018 1264 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
17:00:27.0018 1264 BridgeMP - ok
17:00:27.0050 1264 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
17:00:27.0065 1264 Browser - ok
17:00:27.0096 1264 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:00:27.0112 1264 Brserid - ok
17:00:27.0174 1264 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:00:27.0190 1264 BrSerWdm - ok
17:00:27.0237 1264 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:00:27.0237 1264 BrUsbMdm - ok
17:00:27.0252 1264 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:00:27.0252 1264 BrUsbSer - ok
17:00:27.0268 1264 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
17:00:27.0284 1264 BTHMODEM - ok
17:00:27.0330 1264 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
17:00:27.0330 1264 bthserv - ok
17:00:27.0393 1264 catchme - ok
17:00:27.0455 1264 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:00:27.0455 1264 cdfs - ok
17:00:27.0502 1264 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
17:00:27.0502 1264 cdrom - ok
17:00:27.0533 1264 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
17:00:27.0549 1264 CertPropSvc - ok
17:00:27.0580 1264 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
17:00:27.0580 1264 circlass - ok
17:00:27.0642 1264 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:00:27.0642 1264 CLFS - ok
17:00:27.0705 1264 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:00:27.0720 1264 clr_optimization_v2.0.50727_32 - ok
17:00:27.0752 1264 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:00:27.0752 1264 clr_optimization_v2.0.50727_64 - ok
17:00:27.0830 1264 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:00:27.0845 1264 clr_optimization_v4.0.30319_32 - ok
17:00:27.0892 1264 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:00:27.0892 1264 clr_optimization_v4.0.30319_64 - ok
17:00:27.0923 1264 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:00:27.0923 1264 CmBatt - ok
17:00:27.0939 1264 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
17:00:27.0939 1264 cmdide - ok
17:00:28.0001 1264 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
17:00:28.0017 1264 CNG - ok
17:00:28.0048 1264 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
17:00:28.0048 1264 Compbatt - ok
17:00:28.0079 1264 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
17:00:28.0079 1264 CompositeBus - ok
17:00:28.0095 1264 COMSysApp - ok
17:00:28.0126 1264 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
17:00:28.0126 1264 crcdisk - ok
17:00:28.0188 1264 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
17:00:28.0188 1264 CryptSvc - ok
17:00:28.0329 1264 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
17:00:28.0344 1264 cvhsvc - ok
17:00:28.0407 1264 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
17:00:28.0422 1264 DcomLaunch - ok
17:00:28.0485 1264 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
17:00:28.0500 1264 defragsvc - ok
17:00:28.0547 1264 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
17:00:28.0547 1264 DfsC - ok
17:00:28.0610 1264 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
17:00:28.0610 1264 Dhcp - ok
17:00:28.0641 1264 DIRECTIO - ok
17:00:28.0672 1264 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:00:28.0672 1264 discache - ok
17:00:28.0703 1264 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
17:00:28.0703 1264 Disk - ok
17:00:28.0766 1264 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
17:00:28.0766 1264 Dnscache - ok
17:00:28.0797 1264 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
17:00:28.0797 1264 dot3svc - ok
17:00:28.0812 1264 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
17:00:28.0828 1264 DPS - ok
17:00:28.0859 1264 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:00:28.0859 1264 drmkaud - ok
17:00:28.0922 1264 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
17:00:28.0937 1264 DXGKrnl - ok
17:00:28.0984 1264 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
17:00:28.0984 1264 EapHost - ok
17:00:29.0249 1264 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
17:00:29.0312 1264 ebdrv - ok
17:00:29.0421 1264 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
17:00:29.0421 1264 EFS - ok
17:00:29.0530 1264 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
17:00:29.0546 1264 ehRecvr - ok
17:00:29.0577 1264 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
17:00:29.0577 1264 ehSched - ok
17:00:29.0639 1264 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\windows\system32\Drivers\ElbyCDIO.sys
17:00:29.0639 1264 ElbyCDIO - ok
17:00:29.0717 1264 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
17:00:29.0733 1264 elxstor - ok
17:00:29.0748 1264 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
17:00:29.0748 1264 ErrDev - ok
17:00:29.0811 1264 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
17:00:29.0826 1264 EventSystem - ok
17:00:29.0858 1264 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:00:29.0873 1264 exfat - ok
17:00:29.0904 1264 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:00:29.0904 1264 fastfat - ok
17:00:29.0982 1264 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
17:00:29.0998 1264 Fax - ok
17:00:30.0029 1264 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
17:00:30.0029 1264 fdc - ok
17:00:30.0076 1264 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
17:00:30.0076 1264 fdPHost - ok
17:00:30.0092 1264 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
17:00:30.0107 1264 FDResPub - ok
17:00:30.0138 1264 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:00:30.0138 1264 FileInfo - ok
17:00:30.0154 1264 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:00:30.0154 1264 Filetrace - ok
17:00:30.0185 1264 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
17:00:30.0185 1264 flpydisk - ok
17:00:30.0232 1264 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
17:00:30.0248 1264 FltMgr - ok
17:00:30.0326 1264 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
17:00:30.0357 1264 FontCache - ok
17:00:30.0419 1264 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:00:30.0419 1264 FontCache3.0.0.0 - ok
17:00:30.0482 1264 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:00:30.0482 1264 FsDepends - ok
17:00:30.0528 1264 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
17:00:30.0528 1264 Fs_Rec - ok
17:00:30.0560 1264 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
17:00:30.0575 1264 fvevol - ok
17:00:30.0591 1264 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
17:00:30.0591 1264 gagp30kx - ok
17:00:30.0653 1264 GFNEXSrv (fa07ec01952729ddddc5bf4bae06b09e) C:\Windows\System32\GFNEXSrv.exe
17:00:30.0653 1264 GFNEXSrv - ok
17:00:30.0731 1264 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
17:00:30.0762 1264 gpsvc - ok
17:00:30.0794 1264 hcmon (adb4348da1345877b04e22203afc8993) C:\windows\system32\drivers\hcmon.sys
17:00:30.0794 1264 hcmon - ok
17:00:30.0840 1264 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:00:30.0840 1264 hcw85cir - ok
17:00:30.0903 1264 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
17:00:30.0903 1264 HdAudAddService - ok
17:00:30.0950 1264 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
17:00:30.0950 1264 HDAudBus - ok
17:00:30.0981 1264 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
17:00:30.0981 1264 HidBatt - ok
17:00:31.0028 1264 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
17:00:31.0028 1264 HidBth - ok
17:00:31.0043 1264 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
17:00:31.0043 1264 HidIr - ok
17:00:31.0074 1264 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
17:00:31.0074 1264 hidserv - ok
17:00:31.0121 1264 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
17:00:31.0137 1264 HidUsb - ok
17:00:31.0199 1264 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
17:00:31.0199 1264 hkmsvc - ok
17:00:31.0262 1264 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
17:00:31.0277 1264 HomeGroupListener - ok
17:00:31.0340 1264 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
17:00:31.0340 1264 HomeGroupProvider - ok
17:00:31.0386 1264 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
17:00:31.0386 1264 HpSAMD - ok
17:00:31.0480 1264 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
17:00:31.0496 1264 HTTP - ok
17:00:31.0542 1264 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
17:00:31.0542 1264 hwpolicy - ok
17:00:31.0574 1264 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
17:00:31.0574 1264 i8042prt - ok
17:00:31.0636 1264 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
17:00:31.0652 1264 iaStor - ok
17:00:31.0714 1264 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
17:00:31.0730 1264 iaStorV - ok
17:00:31.0823 1264 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:00:31.0839 1264 idsvc - ok
17:00:32.0385 1264 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys
17:00:32.0681 1264 igfx - ok
17:00:32.0806 1264 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
17:00:32.0806 1264 iirsp - ok
17:00:32.0900 1264 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
17:00:32.0915 1264 IKEEXT - ok
17:00:33.0118 1264 IntcAzAudAddService (028e40182a6f0374978c755f85b9f07c) C:\windows\system32\drivers\RTKVHD64.sys
17:00:33.0196 1264 IntcAzAudAddService - ok
17:00:33.0321 1264 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
17:00:33.0321 1264 intelide - ok
17:00:33.0352 1264 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
17:00:33.0352 1264 intelppm - ok
17:00:33.0399 1264 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
17:00:33.0399 1264 IPBusEnum - ok
17:00:33.0446 1264 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:00:33.0446 1264 IpFilterDriver - ok
17:00:33.0508 1264 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
17:00:33.0524 1264 iphlpsvc - ok
17:00:33.0555 1264 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
17:00:33.0555 1264 IPMIDRV - ok
17:00:33.0602 1264 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:00:33.0602 1264 IPNAT - ok
17:00:33.0633 1264 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:00:33.0633 1264 IRENUM - ok
17:00:33.0648 1264 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
17:00:33.0648 1264 isapnp - ok
17:00:33.0680 1264 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
17:00:33.0680 1264 iScsiPrt - ok
17:00:33.0711 1264 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
17:00:33.0711 1264 kbdclass - ok
17:00:33.0726 1264 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
17:00:33.0726 1264 kbdhid - ok
17:00:33.0758 1264 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:00:33.0758 1264 KeyIso - ok
17:00:33.0804 1264 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
17:00:33.0804 1264 KSecDD - ok
17:00:33.0836 1264 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
17:00:33.0836 1264 KSecPkg - ok
17:00:33.0867 1264 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:00:33.0882 1264 ksthunk - ok
17:00:33.0945 1264 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
17:00:33.0945 1264 KtmRm - ok
17:00:34.0007 1264 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
17:00:34.0007 1264 LanmanServer - ok
17:00:34.0054 1264 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
17:00:34.0054 1264 LanmanWorkstation - ok
17:00:34.0116 1264 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:00:34.0116 1264 lltdio - ok
17:00:34.0179 1264 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
17:00:34.0179 1264 lltdsvc - ok
17:00:34.0210 1264 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
17:00:34.0210 1264 lmhosts - ok
17:00:34.0319 1264 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
17:00:34.0319 1264 LMS - ok
17:00:34.0366 1264 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
17:00:34.0382 1264 LSI_FC - ok
17:00:34.0413 1264 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
17:00:34.0413 1264 LSI_SAS - ok
17:00:34.0444 1264 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
17:00:34.0444 1264 LSI_SAS2 - ok
17:00:34.0475 1264 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
17:00:34.0475 1264 LSI_SCSI - ok
17:00:34.0506 1264 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:00:34.0506 1264 luafv - ok
17:00:34.0569 1264 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\windows\system32\DRIVERS\mcdbus.sys
17:00:34.0600 1264 mcdbus - ok
17:00:34.0631 1264 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
17:00:34.0647 1264 Mcx2Svc - ok
17:00:34.0678 1264 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
17:00:34.0678 1264 megasas - ok
17:00:34.0725 1264 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
17:00:34.0740 1264 MegaSR - ok
17:00:34.0772 1264 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
17:00:34.0772 1264 MEIx64 - ok
17:00:34.0818 1264 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
17:00:34.0818 1264 MMCSS - ok
17:00:34.0850 1264 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:00:34.0850 1264 Modem - ok
17:00:34.0896 1264 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:00:34.0896 1264 monitor - ok
17:00:34.0928 1264 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:00:34.0928 1264 mouclass - ok
17:00:34.0959 1264 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:00:34.0959 1264 mouhid - ok
17:00:34.0990 1264 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
17:00:34.0990 1264 mountmgr - ok
17:00:35.0021 1264 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
17:00:35.0037 1264 mpio - ok
17:00:35.0052 1264 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:00:35.0052 1264 mpsdrv - ok
17:00:35.0099 1264 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
17:00:35.0099 1264 MRxDAV - ok
17:00:35.0146 1264 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
17:00:35.0146 1264 mrxsmb - ok
17:00:35.0193 1264 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:00:35.0208 1264 mrxsmb10 - ok
17:00:35.0224 1264 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:00:35.0240 1264 mrxsmb20 - ok
17:00:35.0255 1264 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
17:00:35.0255 1264 msahci - ok
17:00:35.0318 1264 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
17:00:35.0318 1264 msdsm - ok
17:00:35.0427 1264 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
17:00:35.0427 1264 MSDTC - ok
17:00:35.0474 1264 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:00:35.0474 1264 Msfs - ok
17:00:35.0489 1264 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:00:35.0489 1264 mshidkmdf - ok
17:00:35.0520 1264 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
17:00:35.0520 1264 msisadrv - ok
17:00:35.0552 1264 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
17:00:35.0567 1264 MSiSCSI - ok
17:00:35.0567 1264 msiserver - ok
17:00:35.0614 1264 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:00:35.0614 1264 MSKSSRV - ok
17:00:35.0630 1264 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:00:35.0630 1264 MSPCLOCK - ok
17:00:35.0645 1264 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:00:35.0645 1264 MSPQM - ok
17:00:35.0692 1264 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
17:00:35.0708 1264 MsRPC - ok
17:00:35.0739 1264 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
17:00:35.0739 1264 mssmbios - ok
17:00:35.0754 1264 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:00:35.0770 1264 MSTEE - ok
17:00:35.0801 1264 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
17:00:35.0801 1264 MTConfig - ok
17:00:35.0817 1264 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:00:35.0817 1264 Mup - ok
17:00:35.0864 1264 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
17:00:35.0879 1264 napagent - ok
17:00:35.0942 1264 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:00:35.0957 1264 NativeWifiP - ok
17:00:36.0035 1264 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
17:00:36.0066 1264 NDIS - ok
17:00:36.0098 1264 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:00:36.0098 1264 NdisCap - ok
17:00:36.0129 1264 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:00:36.0129 1264 NdisTapi - ok
17:00:36.0176 1264 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
17:00:36.0176 1264 Ndisuio - ok
17:00:36.0207 1264 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
17:00:36.0207 1264 NdisWan - ok
17:00:36.0238 1264 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
17:00:36.0238 1264 NDProxy - ok
17:00:36.0269 1264 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:00:36.0269 1264 NetBIOS - ok
17:00:36.0300 1264 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
17:00:36.0300 1264 NetBT - ok
17:00:36.0332 1264 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:00:36.0332 1264 Netlogon - ok
17:00:36.0378 1264 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
17:00:36.0394 1264 Netman - ok
17:00:36.0503 1264 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:00:36.0503 1264 NetMsmqActivator - ok
17:00:36.0534 1264 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:00:36.0534 1264 NetPipeActivator - ok
17:00:36.0581 1264 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
17:00:36.0597 1264 netprofm - ok
17:00:36.0612 1264 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:00:36.0628 1264 NetTcpActivator - ok
17:00:36.0628 1264 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:00:36.0628 1264 NetTcpPortSharing - ok
17:00:36.0690 1264 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
17:00:36.0690 1264 nfrd960 - ok
17:00:36.0753 1264 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
17:00:36.0753 1264 NlaSvc - ok
17:00:36.0784 1264 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:00:36.0784 1264 Npfs - ok
17:00:36.0800 1264 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
17:00:36.0800 1264 nsi - ok
17:00:36.0831 1264 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:00:36.0831 1264 nsiproxy - ok
17:00:36.0940 1264 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
17:00:36.0971 1264 Ntfs - ok
17:00:37.0096 1264 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:00:37.0112 1264 Null - ok
17:00:37.0158 1264 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
17:00:37.0158 1264 nvraid - ok
17:00:37.0221 1264 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
17:00:37.0236 1264 nvstor - ok
17:00:37.0268 1264 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
17:00:37.0283 1264 nv_agp - ok
17:00:37.0314 1264 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
17:00:37.0314 1264 ohci1394 - ok
17:00:37.0408 1264 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:00:37.0408 1264 ose - ok
17:00:37.0704 1264 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
17:00:37.0782 1264 osppsvc - ok
17:00:37.0923 1264 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
17:00:37.0923 1264 p2pimsvc - ok
17:00:37.0970 1264 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
17:00:37.0985 1264 p2psvc - ok
17:00:38.0048 1264 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
17:00:38.0048 1264 Parport - ok
17:00:38.0079 1264 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
17:00:38.0079 1264 partmgr - ok
17:00:38.0126 1264 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
17:00:38.0126 1264 PcaSvc - ok
17:00:38.0141 1264 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
17:00:38.0157 1264 pci - ok
17:00:38.0172 1264 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
17:00:38.0172 1264 pciide - ok
17:00:38.0219 1264 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
17:00:38.0235 1264 pcmcia - ok
17:00:38.0282 1264 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\windows\system32\Drivers\pcouffin.sys
17:00:38.0282 1264 pcouffin - ok
17:00:38.0313 1264 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:00:38.0313 1264 pcw - ok
17:00:38.0360 1264 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:00:38.0375 1264 PEAUTH - ok
17:00:38.0484 1264 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
17:00:38.0484 1264 PerfHost - ok
17:00:38.0609 1264 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
17:00:38.0609 1264 PGEffect - ok
17:00:38.0703 1264 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
17:00:38.0734 1264 pla - ok
17:00:38.0796 1264 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
17:00:38.0812 1264 PlugPlay - ok
17:00:38.0828 1264 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
17:00:38.0843 1264 PNRPAutoReg - ok
17:00:38.0890 1264 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
17:00:38.0890 1264 PNRPsvc - ok
17:00:38.0952 1264 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
17:00:38.0952 1264 PolicyAgent - ok
17:00:38.0999 1264 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
17:00:39.0015 1264 Power - ok
17:00:39.0077 1264 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
17:00:39.0077 1264 PptpMiniport - ok
17:00:39.0108 1264 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
17:00:39.0108 1264 Processor - ok
17:00:39.0186 1264 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
17:00:39.0202 1264 ProfSvc - ok
17:00:39.0233 1264 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:00:39.0233 1264 ProtectedStorage - ok
17:00:39.0280 1264 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
17:00:39.0280 1264 Psched - ok
17:00:39.0327 1264 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys
17:00:39.0327 1264 PSI - ok
17:00:39.0358 1264 pwdrvio (d8589a43b352e7f2317194c98447149f) C:\windows\system32\pwdrvio.sys
17:00:39.0389 1264 pwdrvio - ok
17:00:39.0405 1264 pwdspio (4b8fda635f4d2e7d638b2b3817b5afc8) C:\windows\system32\pwdspio.sys
17:00:39.0405 1264 pwdspio - ok
17:00:39.0514 1264 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
17:00:39.0545 1264 ql2300 - ok
17:00:39.0686 1264 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
17:00:39.0701 1264 ql40xx - ok
17:00:39.0748 1264 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
17:00:39.0764 1264 QWAVE - ok
17:00:39.0779 1264 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:00:39.0795 1264 QWAVEdrv - ok
17:00:39.0810 1264 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:00:39.0810 1264 RasAcd - ok
17:00:39.0857 1264 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:00:39.0857 1264 RasAgileVpn - ok
17:00:39.0904 1264 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
17:00:39.0904 1264 RasAuto - ok
17:00:39.0920 1264 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
17:00:39.0935 1264 Rasl2tp - ok
17:00:39.0966 1264 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
17:00:39.0982 1264 RasMan - ok
17:00:40.0029 1264 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:00:40.0029 1264 RasPppoe - ok
17:00:40.0060 1264 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:00:40.0060 1264 RasSstp - ok
17:00:40.0091 1264 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
17:00:40.0107 1264 rdbss - ok
17:00:40.0122 1264 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
17:00:40.0122 1264 rdpbus - ok
17:00:40.0138 1264 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:00:40.0154 1264 RDPCDD - ok
17:00:40.0169 1264 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:00:40.0169 1264 RDPENCDD - ok
17:00:40.0185 1264 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:00:40.0185 1264 RDPREFMP - ok
17:00:40.0247 1264 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
17:00:40.0247 1264 RDPWD - ok
17:00:40.0310 1264 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
17:00:40.0310 1264 rdyboost - ok
17:00:40.0356 1264 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
17:00:40.0372 1264 RemoteAccess - ok
17:00:40.0419 1264 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
17:00:40.0419 1264 RemoteRegistry - ok
17:00:40.0434 1264 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
17:00:40.0450 1264 RpcEptMapper - ok
17:00:40.0481 1264 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
17:00:40.0481 1264 RpcLocator - ok
17:00:40.0528 1264 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
17:00:40.0544 1264 RpcSs - ok
17:00:40.0590 1264 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:00:40.0590 1264 rspndr - ok
17:00:40.0653 1264 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
17:00:40.0653 1264 RSUSBSTOR - ok
17:00:40.0715 1264 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
17:00:40.0731 1264 RTL8167 - ok
17:00:40.0824 1264 RTL8192Ce (e7d79600575f755614dd5d79b044d588) C:\windows\system32\DRIVERS\rtl8192Ce.sys
17:00:40.0856 1264 RTL8192Ce - ok
17:00:40.0871 1264 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:00:40.0871 1264 SamSs - ok
17:00:40.0902 1264 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
17:00:40.0918 1264 sbp2port - ok
17:00:41.0043 1264 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:00:41.0074 1264 SBSDWSCService - ok
17:00:41.0105 1264 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
17:00:41.0121 1264 SCardSvr - ok
17:00:41.0214 1264 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
17:00:41.0214 1264 scfilter - ok
17:00:41.0292 1264 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
17:00:41.0324 1264 Schedule - ok
17:00:41.0339 1264 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
17:00:41.0339 1264 SCPolicySvc - ok
17:00:41.0386 1264 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
17:00:41.0402 1264 SDRSVC - ok
17:00:41.0448 1264 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:00:41.0448 1264 secdrv - ok
17:00:41.0480 1264 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
17:00:41.0480 1264 seclogon - ok
17:00:41.0729 1264 Secunia PSI Agent (f70a51eb03ee7046784ef62efce9528e) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
17:00:41.0792 1264 Secunia PSI Agent - ok
17:00:41.0854 1264 Secunia Update Agent (ad56ceb08eeb517332355fde9e5939c8) C:\Program Files (x86)\Secunia\PSI\sua.exe
17:00:41.0870 1264 Secunia Update Agent - ok
17:00:41.0994 1264 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
17:00:42.0010 1264 SENS - ok
17:00:42.0041 1264 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
17:00:42.0041 1264 SensrSvc - ok
17:00:42.0104 1264 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
17:00:42.0104 1264 Serenum - ok
17:00:42.0150 1264 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
17:00:42.0150 1264 Serial - ok
17:00:42.0166 1264 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
17:00:42.0166 1264 sermouse - ok
17:00:42.0228 1264 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
17:00:42.0228 1264 SessionEnv - ok
17:00:42.0244 1264 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
17:00:42.0244 1264 sffdisk - ok
17:00:42.0260 1264 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
17:00:42.0260 1264 sffp_mmc - ok
17:00:42.0275 1264 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
17:00:42.0275 1264 sffp_sd - ok
17:00:42.0306 1264 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
17:00:42.0306 1264 sfloppy - ok
17:00:42.0384 1264 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\windows\system32\DRIVERS\Sftfslh.sys
17:00:42.0400 1264 Sftfs - ok
17:00:42.0509 1264 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
17:00:42.0525 1264 sftlist - ok
17:00:42.0556 1264 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\windows\system32\DRIVERS\Sftplaylh.sys
17:00:42.0572 1264 Sftplay - ok
17:00:42.0587 1264 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\windows\system32\DRIVERS\Sftredirlh.sys
17:00:42.0587 1264 Sftredir - ok
17:00:42.0603 1264 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\windows\system32\DRIVERS\Sftvollh.sys
17:00:42.0603 1264 Sftvol - ok
17:00:42.0681 1264 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
17:00:42.0681 1264 sftvsa - ok
17:00:42.0759 1264 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
17:00:42.0774 1264 SharedAccess - ok
17:00:42.0821 1264 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
17:00:42.0837 1264 ShellHWDetection - ok
17:00:42.0868 1264 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
17:00:42.0868 1264 SiSRaid2 - ok
17:00:42.0884 1264 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
17:00:42.0899 1264 SiSRaid4 - ok
17:00:42.0946 1264 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
17:00:42.0946 1264 SkypeUpdate - ok
17:00:42.0993 1264 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:00:42.0993 1264 Smb - ok
17:00:43.0040 1264 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
17:00:43.0040 1264 SNMPTRAP - ok
17:00:43.0071 1264 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:00:43.0071 1264 spldr - ok
17:00:43.0118 1264 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
17:00:43.0133 1264 Spooler - ok
17:00:43.0305 1264 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
17:00:43.0336 1264 sppsvc - ok
17:00:43.0445 1264 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
17:00:43.0445 1264 sppuinotify - ok
17:00:43.0508 1264 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
17:00:43.0523 1264 srv - ok
17:00:43.0554 1264 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
17:00:43.0554 1264 srv2 - ok
17:00:43.0586 1264 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
17:00:43.0586 1264 srvnet - ok
17:00:43.0648 1264 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
17:00:43.0648 1264 SSDPSRV - ok
17:00:43.0679 1264 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
17:00:43.0679 1264 SstpSvc - ok
17:00:43.0726 1264 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
17:00:43.0726 1264 stexstor - ok
17:00:43.0742 1264 StillCam (decacb6921ded1a38642642685d77dac) C:\windows\system32\DRIVERS\serscan.sys
17:00:43.0757 1264 StillCam - ok
17:00:43.0820 1264 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
17:00:43.0835 1264 stisvc - ok
17:00:43.0851 1264 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:00:43.0866 1264 swenum - ok
17:00:43.0913 1264 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
17:00:43.0929 1264 swprv - ok
17:00:44.0038 1264 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
17:00:44.0069 1264 SynTP - ok
17:00:44.0272 1264 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
17:00:44.0303 1264 SysMain - ok
17:00:44.0428 1264 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
17:00:44.0428 1264 TabletInputService - ok
17:00:44.0475 1264 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
17:00:44.0490 1264 TapiSrv - ok
17:00:44.0490 1264 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
17:00:44.0506 1264 TBS - ok
17:00:44.0646 1264 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
17:00:44.0678 1264 Tcpip - ok
17:00:44.0896 1264 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
17:00:44.0927 1264 TCPIP6 - ok
17:00:45.0052 1264 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
17:00:45.0052 1264 tcpipreg - ok
17:00:45.0099 1264 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
17:00:45.0099 1264 tdcmdpst - ok
17:00:45.0130 1264 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:00:45.0130 1264 TDPIPE - ok
17:00:45.0192 1264 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
17:00:45.0192 1264 TDTCP - ok
17:00:45.0255 1264 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
17:00:45.0255 1264 tdx - ok
17:00:45.0270 1264 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
17:00:45.0270 1264 TermDD - ok
17:00:45.0364 1264 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
17:00:45.0380 1264 TermService - ok
17:00:45.0395 1264 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
17:00:45.0395 1264 Themes - ok
17:00:45.0426 1264 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
17:00:45.0442 1264 THREADORDER - ok
17:00:45.0520 1264 TMachInfo (71c321649b28638ee80a2eeb164c1dc8) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
17:00:45.0520 1264 TMachInfo - ok
17:00:45.0567 1264 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
17:00:45.0567 1264 TODDSrv - ok
17:00:45.0676 1264 TosCoSrv (1c73689b900428c7d054a41c4687f55c) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
17:00:45.0692 1264 TosCoSrv - ok
17:00:45.0738 1264 TOSHIBA HDD SSD Alert Service (29d0886cf250fcef1bf9e65ab8d2c0c8) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
17:00:45.0738 1264 TOSHIBA HDD SSD Alert Service - ok
17:00:45.0848 1264 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
17:00:45.0848 1264 tos_sps64 - ok
17:00:45.0894 1264 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
17:00:45.0910 1264 TrkWks - ok
17:00:45.0972 1264 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
17:00:45.0972 1264 TrustedInstaller - ok
17:00:46.0019 1264 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
17:00:46.0019 1264 tssecsrv - ok
17:00:46.0066 1264 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
17:00:46.0066 1264 TsUsbFlt - ok
17:00:46.0082 1264 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
17:00:46.0082 1264 TsUsbGD - ok
17:00:46.0128 1264 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
17:00:46.0128 1264 tunnel - ok
17:00:46.0160 1264 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
17:00:46.0160 1264 TVALZ - ok
17:00:46.0175 1264 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
17:00:46.0175 1264 uagp35 - ok
17:00:46.0238 1264 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
17:00:46.0238 1264 udfs - ok
17:00:46.0284 1264 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
17:00:46.0284 1264 UI0Detect - ok
17:00:46.0316 1264 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
17:00:46.0316 1264 uliagpkx - ok
17:00:46.0362 1264 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
17:00:46.0362 1264 umbus - ok
17:00:46.0394 1264 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
17:00:46.0394 1264 UmPass - ok
17:00:46.0612 1264 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
17:00:46.0659 1264 UNS - ok
17:00:46.0799 1264 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
17:00:46.0799 1264 upnphost - ok
17:00:46.0862 1264 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
17:00:46.0862 1264 usbccgp - ok
17:00:46.0893 1264 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
17:00:46.0893 1264 usbcir - ok
17:00:46.0924 1264 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
17:00:46.0924 1264 usbehci - ok
17:00:46.0971 1264 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
17:00:46.0971 1264 usbhub - ok
17:00:47.0002 1264 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
17:00:47.0018 1264 usbohci - ok
17:00:47.0033 1264 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:00:47.0033 1264 usbprint - ok
17:00:47.0064 1264 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
17:00:47.0064 1264 usbscan - ok
17:00:47.0096 1264 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:00:47.0096 1264 USBSTOR - ok
17:00:47.0158 1264 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
17:00:47.0158 1264 usbuhci - ok
17:00:47.0205 1264 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
17:00:47.0220 1264 usbvideo - ok
17:00:47.0252 1264 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
17:00:47.0252 1264 UxSms - ok
17:00:47.0283 1264 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
17:00:47.0283 1264 VaultSvc - ok
17:00:47.0314 1264 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
17:00:47.0314 1264 vdrvroot - ok
17:00:47.0376 1264 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
17:00:47.0376 1264 vds - ok
17:00:47.0423 1264 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:00:47.0423 1264 vga - ok
17:00:47.0439 1264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:00:47.0454 1264 VgaSave - ok
17:00:47.0486 1264 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
17:00:47.0486 1264 vhdmp - ok
17:00:47.0501 1264 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
17:00:47.0517 1264 viaide - ok
17:00:47.0595 1264 VMAuthdService (1562a089b46c821487aff8d01ee5547e) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
17:00:47.0595 1264 VMAuthdService - ok
17:00:47.0642 1264 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\windows\system32\DRIVERS\vmci.sys
17:00:47.0642 1264 vmci - ok
17:00:47.0673 1264 vmkbd (de41918b7abae9056eb1e62540d229d3) C:\windows\system32\drivers\VMkbd.sys
17:00:47.0673 1264 vmkbd - ok
17:00:47.0688 1264 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\windows\system32\DRIVERS\vmnetadapter.sys
17:00:47.0704 1264 VMnetAdapter - ok
17:00:47.0735 1264 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\windows\system32\DRIVERS\vmnetbridge.sys
17:00:47.0735 1264 VMnetBridge - ok
17:00:47.0735 1264 VMnetDHCP - ok
17:00:47.0766 1264 VMnetuserif (0ab32d9f175c015d97eb712f5e636313) C:\windows\system32\drivers\vmnetuserif.sys
17:00:47.0766 1264 VMnetuserif - ok
17:00:47.0860 1264 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
17:00:47.0876 1264 VMUSBArbService - ok
17:00:47.0907 1264 VMware NAT Service - ok
17:00:47.0938 1264 vmx86 (840dd8ad9b1e26f82c598242369ea770) C:\windows\system32\drivers\vmx86.sys
17:00:47.0954 1264 vmx86 - ok
17:00:47.0985 1264 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
17:00:47.0985 1264 volmgr - ok
17:00:48.0032 1264 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
17:00:48.0047 1264 volmgrx - ok
17:00:48.0063 1264 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
17:00:48.0078 1264 volsnap - ok
17:00:48.0110 1264 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
17:00:48.0110 1264 vsmraid - ok
17:00:48.0219 1264 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
17:00:48.0250 1264 VSS - ok
17:00:48.0390 1264 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:00:48.0390 1264 vwifibus - ok
17:00:48.0422 1264 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:00:48.0422 1264 vwififlt - ok
17:00:48.0484 1264 vzandnetadb (bad06c7710837d3f1fc0bd5c4ae3a709) C:\windows\system32\Drivers\lgvzandnetadb.sys
17:00:48.0484 1264 vzandnetadb - ok
17:00:48.0531 1264 vzandnetdiag (81843561a47a00aa302bfb7c5b678126) C:\windows\system32\DRIVERS\lgvzandnetdiag64.sys
17:00:48.0531 1264 vzandnetdiag - ok
17:00:48.0562 1264 vzandnetdiag2 (777178a779d1b7ffce9e22487066fb85) C:\windows\system32\DRIVERS\lgvzandnetdiag264.sys
17:00:48.0578 1264 vzandnetdiag2 - ok
17:00:48.0593 1264 vzandnetmodem (818ca779c2457f328335fa48d507ef07) C:\windows\system32\DRIVERS\lgvzandnetmdm64.sys
17:00:48.0593 1264 vzandnetmodem - ok
17:00:48.0624 1264 vzandnetndis (2862f437e09e0ddb3a9772abc57f160d) C:\windows\system32\DRIVERS\lgvzandnetndis64.sys
17:00:48.0640 1264 vzandnetndis - ok
17:00:48.0702 1264 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
17:00:48.0718 1264 W32Time - ok
17:00:48.0734 1264 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
17:00:48.0749 1264 WacomPen - ok
17:00:48.0780 1264 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:00:48.0780 1264 WANARP - ok
17:00:48.0796 1264 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
17:00:48.0796 1264 Wanarpv6 - ok
17:00:48.0905 1264 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
17:00:48.0936 1264 WatAdminSvc - ok
17:00:49.0030 1264 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
17:00:49.0077 1264 wbengine - ok
17:00:49.0280 1264 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
17:00:49.0295 1264 WbioSrvc - ok
17:00:49.0326 1264 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
17:00:49.0342 1264 wcncsvc - ok
17:00:49.0358 1264 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
17:00:49.0373 1264 WcsPlugInService - ok
17:00:49.0420 1264 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
17:00:49.0420 1264 Wd - ok
17:00:49.0498 1264 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:00:49.0514 1264 Wdf01000 - ok
17:00:49.0545 1264 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:00:49.0560 1264 WdiServiceHost - ok
17:00:49.0560 1264 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
17:00:49.0560 1264 WdiSystemHost - ok
17:00:49.0607 1264 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
17:00:49.0607 1264 WebClient - ok
17:00:49.0638 1264 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
17:00:49.0638 1264 Wecsvc - ok
17:00:49.0654 1264 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
17:00:49.0654 1264 wercplsupport - ok
17:00:49.0685 1264 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
17:00:49.0685 1264 WerSvc - ok
17:00:49.0748 1264 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:00:49.0763 1264 WfpLwf - ok
17:00:49.0779 1264 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:00:49.0779 1264 WIMMount - ok
17:00:49.0841 1264 WinDefend - ok
17:00:49.0857 1264 WinHttpAutoProxySvc - ok
17:00:49.0935 1264 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
17:00:49.0935 1264 Winmgmt - ok
17:00:50.0075 1264 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
17:00:50.0122 1264 WinRM - ok
17:00:50.0309 1264 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
17:00:50.0340 1264 Wlansvc - ok
17:00:50.0434 1264 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
17:00:50.0434 1264 wlcrasvc - ok
17:00:50.0637 1264 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
17:00:50.0668 1264 wlidsvc - ok
17:00:50.0824 1264 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
17:00:50.0824 1264 WmiAcpi - ok
17:00:50.0886 1264 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
17:00:50.0902 1264 wmiApSrv - ok
17:00:50.0949 1264 WMPNetworkSvc - ok
17:00:50.0980 1264 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
17:00:50.0980 1264 WPCSvc - ok
17:00:51.0011 1264 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
17:00:51.0011 1264 WPDBusEnum - ok
17:00:51.0042 1264 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:00:51.0042 1264 ws2ifsl - ok
17:00:51.0105 1264 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
17:00:51.0105 1264 wscsvc - ok
17:00:51.0198 1264 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\windows\system32\DRIVERS\WSDPrint.sys
17:00:51.0198 1264 WSDPrintDevice - ok
17:00:51.0214 1264 WSearch - ok
17:00:51.0386 1264 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
17:00:51.0432 1264 wuauserv - ok
17:00:51.0557 1264 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
17:00:51.0573 1264 WudfPf - ok
17:00:51.0620 1264 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
17:00:51.0620 1264 WUDFRd - ok
17:00:51.0651 1264 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
17:00:51.0666 1264 wudfsvc - ok
17:00:51.0698 1264 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
17:00:51.0698 1264 WwanSvc - ok
17:00:51.0776 1264 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
17:00:51.0978 1264 \Device\Harddisk0\DR0 - ok
17:00:51.0994 1264 Boot (0x1200) (2423424004f267d537af242b28a7f4ed) \Device\Harddisk0\DR0\Partition0
17:00:51.0994 1264 \Device\Harddisk0\DR0\Partition0 - ok
17:00:51.0994 1264 ============================================================
17:00:51.0994 1264 Scan finished
17:00:51.0994 1264 ============================================================
17:00:52.0025 5040 Detected object count: 0
17:00:52.0025 5040 Actual detected object count: 0

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 23 July 2012 - 05:14 PM

Greetings


did you get to run the aswMBR program?



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 armyman1031

armyman1031
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 23 July 2012 - 05:54 PM

No problems :thumbup2: thank you Gringo
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-23 17:58:03
-----------------------------
17:58:03.034 OS Version: Windows x64 6.1.7601 Service Pack 1
17:58:03.034 Number of processors: 4 586 0x2A07
17:58:03.035 ComputerName: TIBURON UserName: Isaiah
17:58:07.505 Initialize success
17:58:16.851 AVAST engine defs: 12072302
17:58:23.617 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:58:23.620 Disk 0 Vendor: TOSHIBA_ GT00 Size: 610480MB BusType: 3
17:58:23.630 Disk 0 MBR read successfully
17:58:23.633 Disk 0 MBR scan
17:58:23.644 Disk 0 Windows VISTA default MBR code
17:58:23.661 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
17:58:23.677 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 593510 MB offset 3074048
17:58:23.707 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 15469 MB offset 1218582528
17:58:23.777 Disk 0 scanning C:\windows\system32\drivers
17:58:39.136 Service scanning
17:59:15.598 Modules scanning
17:59:15.615 Disk 0 trace - called modules:
17:59:15.654 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
17:59:15.660 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006086060]
17:59:15.665 3 CLASSPNP.SYS[fffff880017bd43f] -> nt!IofCallDriver -> [0xfffffa8004e28e40]
17:59:15.669 5 ACPI.sys[fffff88000fa07a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004e2d050]
17:59:16.840 AVAST engine scan C:\windows
17:59:46.698 AVAST engine scan C:\windows\system32
18:07:16.165 AVAST engine scan C:\windows\system32\drivers
18:08:27.917 AVAST engine scan C:\Users\Isaiah
18:31:03.611 AVAST engine scan C:\ProgramData
18:31:57.883 Scan finished successfully
18:51:31.757 Disk 0 MBR has been saved successfully to "C:\Users\Isaiah\Desktop\MBR.dat"
18:51:31.764 The log file has been saved successfully to "C:\Users\Isaiah\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 23 July 2012 - 07:08 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 26 July 2012 - 12:16 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 armyman1031

armyman1031
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 26 July 2012 - 12:46 PM

Sorry i haven't been online been kinda busy just need a little more time.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 26 July 2012 - 01:14 PM

Greetings

No problem and I will see you soon


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 armyman1031

armyman1031
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 28 July 2012 - 02:24 PM

ok i have a issue now when i log into my user account on my computer and try to load any exe file i get this error "Illegal operation attempted on a registry key that has been marked for deletion" but its only on my user if i log into my wife's account exe files work fine



ComboFix 12-07-27.03 - Isaiah 07/28/2012 14:57:47.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4008.2727 [GMT -4:00]
Running from: c:\users\Isaiah\Downloads\ComboFix.exe
Command switches used :: c:\users\Isaiah\Desktop\Repair Tools\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 19:03 . 2012-07-28 19:03 -------- d-----w- c:\users\ReD_AnGeL\AppData\Local\temp
2012-07-28 19:03 . 2012-07-28 19:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-28 18:13 . 2012-07-28 18:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-28 18:13 . 2012-07-28 18:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 18:51 . 2012-07-27 18:51 9230024 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-07-23 22:43 . 2012-07-23 22:43 -------- d-----w- c:\program files\Microsoft Silverlight
2012-07-23 22:43 . 2012-07-23 22:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-23 21:26 . 2012-07-23 21:26 119808 ----a-r- c:\users\Isaiah\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-23 21:26 . 2012-07-23 21:26 -------- d-----w- c:\users\Isaiah\AppData\Local\Apps
2012-07-23 01:23 . 2012-07-23 01:23 119808 ----a-r- c:\users\ReD_AnGeL\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-07-23 01:23 . 2012-07-23 01:23 -------- d-----w- c:\users\ReD_AnGeL\AppData\Local\Apps
2012-07-23 00:47 . 2012-07-23 00:47 -------- d-----w- c:\users\ReD_AnGeL\AppData\Local\Macromedia
2012-07-23 00:45 . 2012-07-23 00:45 -------- d-----w- c:\users\ReD_AnGeL\AppData\Roaming\AVG2012
2012-07-22 17:02 . 2012-07-22 17:02 -------- d-----w- c:\program files (x86)\ISO to USB
2012-07-21 19:22 . 2012-07-21 19:27 -------- d-----w- c:\programdata\VirtualizedApplications
2012-07-21 17:12 . 2012-07-21 17:12 -------- d-----w- c:\users\Isaiah\AppData\Local\SoftGrid Client
2012-07-21 06:45 . 2011-10-21 15:23 94208 ----a-w- c:\windows\system32\drivers\lgvzandnetndis64.sys
2012-07-21 06:45 . 2011-10-10 18:01 36352 ----a-w- c:\windows\system32\drivers\lgvzandnetmdm64.sys
2012-07-21 06:45 . 2011-10-10 18:01 29696 ----a-w- c:\windows\system32\drivers\lgvzandnetdiag64.sys
2012-07-21 06:45 . 2011-10-10 18:01 29696 ----a-w- c:\windows\system32\drivers\lgvzandnetdiag264.sys
2012-07-21 06:45 . 2011-10-10 17:49 31744 ----a-w- c:\windows\system32\drivers\lgvzandnetadb.sys
2012-07-21 06:45 . 2010-08-02 20:38 1919968 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2012-07-21 06:41 . 2012-03-06 11:17 93184 ----a-w- c:\windows\system32\drivers\lgandnetndis64.sys
2012-07-21 06:41 . 2012-03-06 11:04 36352 ----a-w- c:\windows\system32\drivers\lgandnetmodem64.sys
2012-07-21 06:41 . 2012-03-06 11:04 29184 ----a-w- c:\windows\system32\drivers\lgandnetdiag64.sys
2012-07-21 06:41 . 2012-03-06 11:04 29184 ----a-w- c:\windows\system32\drivers\lgandnetdiag264.sys
2012-07-21 05:56 . 2012-07-22 00:34 -------- d-----w- c:\program files (x86)\LG Electronics
2012-07-21 05:55 . 2012-07-21 05:55 -------- d-----w- C:\LGMS840
2012-07-21 05:53 . 2011-05-10 17:37 655872 ----a-w- c:\windows\SysWow64\msvcr90.dll
2012-07-21 05:53 . 2011-05-10 17:37 568832 ----a-w- c:\windows\SysWow64\msvcp90.dll
2012-07-21 05:53 . 2011-05-10 17:37 224768 ----a-w- c:\windows\SysWow64\msvcm90.dll
2012-07-21 05:53 . 2006-05-04 12:33 53248 ----a-w- c:\windows\SysWow64\CommonDL.dll
2012-07-21 05:53 . 2005-10-04 05:39 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-07-21 05:53 . 2012-07-21 06:42 -------- d-----w- c:\programdata\LGMOBILEAX
2012-07-21 03:55 . 2012-07-21 04:03 -------- d-----w- c:\users\Isaiah\AppData\Local\VMware
2012-07-21 03:55 . 2012-07-21 04:03 -------- d-----w- c:\users\Isaiah\AppData\Roaming\VMware
2012-07-21 03:52 . 2012-06-09 06:37 63128 ----a-w- c:\windows\system32\drivers\vmx86.sys
2012-07-21 03:51 . 2012-06-09 06:36 354456 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2012-07-21 03:51 . 2012-06-09 06:37 433816 ----a-w- c:\windows\SysWow64\vmnat.exe
2012-07-21 03:51 . 2012-06-09 06:35 30360 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2012-07-21 03:51 . 2012-06-09 06:37 942744 ----a-w- c:\windows\system32\vnetlib64.dll
2012-07-21 03:51 . 2012-06-09 06:36 32920 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2012-07-21 03:51 . 2011-08-30 03:11 39024 ----a-w- c:\windows\system32\drivers\hcmon.sys
2012-07-21 03:51 . 2012-07-28 19:04 -------- d-----w- c:\programdata\VMware
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\program files (x86)\VMware
2012-07-21 03:51 . 2012-07-21 03:51 -------- d-----w- c:\program files (x86)\Common Files\VMware
2012-07-21 03:50 . 2012-07-21 03:50 -------- d-----w- c:\program files\Common Files\VMware
2012-07-21 03:31 . 2012-07-21 03:31 -------- d-----w- c:\users\Isaiah\AppData\Local\Secunia PSI
2012-07-21 03:30 . 2012-07-21 03:30 -------- d-----w- c:\program files (x86)\Secunia
2012-07-20 23:27 . 2012-07-20 23:27 -------- d-----w- c:\program files (x86)\EaseUS
2012-07-20 22:49 . 2012-06-18 17:34 19032 ------w- c:\windows\system32\pwdrvio.sys
2012-07-20 22:49 . 2012-06-18 17:34 2966720 ----a-w- c:\windows\system32\pwNative.exe
2012-07-20 22:49 . 2012-06-18 17:34 12384 ------w- c:\windows\system32\pwdspio.sys
2012-07-20 22:49 . 2012-07-20 22:49 -------- d-----w- c:\program files (x86)\MiniTool Partition Wizard Home Edition 7.5
2012-07-20 04:30 . 2012-07-21 18:49 -------- d-----w- c:\users\Isaiah\AppData\Roaming\SoftGrid Client
2012-07-20 04:29 . 2012-07-20 04:29 -------- d-----w- c:\program files\Microsoft Office
2012-07-20 04:29 . 2012-07-27 07:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-07-20 04:28 . 2012-07-20 04:30 -------- d-----w- c:\users\Isaiah\AppData\Roaming\TP
2012-07-18 22:09 . 2012-07-26 17:41 -------- d-----w- c:\users\Administrator
2012-07-18 20:05 . 2012-07-18 20:05 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-18 20:04 . 2012-07-18 20:04 -------- d-----w- c:\program files (x86)\Oracle
2012-07-18 20:04 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-18 20:03 . 2012-07-18 20:03 -------- d-----w- c:\programdata\McAfee
2012-07-18 14:17 . 2012-07-18 14:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-18 12:10 . 2012-07-18 12:10 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Malwarebytes
2012-07-18 12:09 . 2012-07-18 12:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-18 12:09 . 2012-07-18 12:09 -------- d-----w- c:\programdata\Malwarebytes
2012-07-18 12:09 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-17 23:48 . 2012-07-17 23:48 -------- d-----w- c:\users\Isaiah\AppData\Roaming\AVG2012
2012-07-17 23:43 . 2012-07-17 23:43 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-17 23:43 . 2012-07-17 23:43 -------- d-----w- C:\$AVG
2012-07-17 23:43 . 2012-07-28 16:22 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-17 23:43 . 2012-07-17 23:58 -------- d-----w- c:\programdata\AVG2012
2012-07-17 23:42 . 2012-07-17 23:42 -------- d-----w- c:\program files (x86)\AVG
2012-07-17 23:39 . 2012-07-28 16:22 -------- d-----w- c:\programdata\MFAData
2012-07-17 23:39 . 2012-07-17 23:39 -------- d--h--w- c:\programdata\Common Files
2012-07-17 23:05 . 2012-07-19 15:16 -------- d-----w- c:\users\Isaiah\AppData\Roaming\WildTangent
2012-07-17 22:45 . 2012-07-17 22:45 -------- d-----w- c:\users\Isaiah\AppData\Local\Microsoft Games
2012-07-17 22:15 . 2012-07-26 17:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-07-17 22:15 . 2012-07-17 22:20 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-07-17 20:15 . 2012-07-17 20:15 -------- d-----w- c:\programdata\Symantec
2012-07-17 20:14 . 2012-07-17 20:14 -------- d-----w- c:\users\Isaiah\AppData\Local\Chromium
2012-07-15 21:18 . 2012-07-15 21:31 82816 ----a-w- c:\users\Isaiah\AppData\Roaming\pcouffin.sys
2012-07-15 21:18 . 2012-07-15 21:31 -------- d-----w- c:\users\Isaiah\AppData\Roaming\Vso
2012-07-15 21:18 . 2012-07-15 21:18 82816 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2012-07-15 18:37 . 2012-07-15 19:42 -------- d-----w- c:\program files (x86)\Syser
2012-07-15 18:37 . 2012-07-15 19:42 -------- d-----w- c:\windows\SysWow64\drivers\plugin
2012-07-15 18:30 . 2012-07-15 18:30 53248 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2012-07-15 18:30 . 2012-07-15 18:30 32768 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2012-07-15 18:30 . 2012-07-15 18:30 221184 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-07-15 18:30 . 2012-07-15 18:30 598016 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ikernel.exe
2012-07-15 18:30 . 2012-07-15 18:30 217088 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2012-07-15 18:30 . 2012-07-15 18:30 126976 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2012-07-15 18:30 . 2012-07-15 18:30 114688 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2012-07-15 17:29 . 2012-07-15 18:36 -------- d-----w- c:\users\Isaiah\AppData\Roaming\PE Explorer
2012-07-15 16:38 . 2012-07-15 16:38 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-15 16:24 . 2012-07-15 16:24 -------- d-----w- c:\programdata\Trymedia
2012-07-15 07:16 . 2012-07-15 07:16 -------- d-----w- c:\program files\WinRAR
2012-07-15 06:56 . 2012-07-15 06:56 -------- d-----w- c:\users\Isaiah\AppData\Roaming\PCCUStubInstaller
2012-07-15 06:19 . 2009-02-24 22:35 255552 ----a-w- c:\windows\SysWow64\drivers\mcdbus.sys
2012-07-15 06:19 . 2009-02-24 22:35 255552 ----a-w- c:\windows\system32\drivers\mcdbus.sys
2012-07-15 06:19 . 2012-07-15 06:20 -------- d-----w- c:\program files (x86)\MagicDisc
2012-07-13 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 22:45 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-07-01 04:02 . 2012-07-15 19:32 -------- d-----w- c:\users\Isaiah\AppData\Local\Diagnostics
2012-07-01 03:57 . 2009-07-14 01:41 258048 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfppw73.dll
2012-07-01 03:12 . 2012-07-19 15:54 -------- d-----w- c:\program files (x86)\MozBackup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-13 07:01 . 2012-06-06 00:55 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2011-11-03 12:45 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 04:29 . 2012-06-09 04:29 252056 ----a-w- c:\windows\SysWow64\vmnc.dll
2012-06-09 03:52 . 2012-06-09 03:52 62064 ----a-w- c:\windows\system32\vmnetbridge.dll
2012-06-09 03:52 . 2012-06-09 03:52 48752 ----a-w- c:\windows\system32\vnetinst.dll
2012-06-09 03:52 . 2012-06-09 03:52 45680 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2012-06-09 03:52 . 2012-06-09 03:52 24176 ----a-w- c:\windows\system32\drivers\vmnet.sys
2012-06-09 03:52 . 2012-06-09 03:52 20080 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2012-06-02 22:19 . 2012-06-19 14:34 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 14:34 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 14:34 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 14:34 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 14:34 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 14:34 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 14:34 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 14:34 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 14:34 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-01 19:17 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-04 11:06 . 2012-06-14 04:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 04:08 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 04:08 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-14 03:20 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-22_15.26.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-17 23:05 . 2012-07-27 18:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-17 23:05 . 2012-07-21 03:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-11-21 03:09 . 2012-07-28 18:12 41578 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-28 18:12 39782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-01 12:30 . 2011-10-01 12:30 22376 c:\windows\system32\drivers\Sftvollh.sys
- 2009-12-03 02:23 . 2009-12-03 02:23 22376 c:\windows\system32\drivers\Sftvollh.sys
- 2009-12-03 02:23 . 2009-12-03 02:23 25960 c:\windows\system32\drivers\Sftredirlh.sys
+ 2011-10-01 12:30 . 2011-10-01 12:30 25960 c:\windows\system32\drivers\Sftredirlh.sys
+ 2012-06-01 17:58 . 2012-07-27 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 17:58 . 2012-07-21 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-06-01 17:58 . 2012-07-21 08:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-06-01 17:58 . 2012-07-27 18:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 18:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-21 08:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-07-28 18:13 90808 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-01-24 21:16 . 2011-01-24 21:16 14336 c:\windows\Installer\6b91bc1.msp
+ 2012-04-11 08:55 . 2012-04-11 08:55 41472 c:\windows\Installer\4f1b112.msi
+ 2011-01-24 21:16 . 2011-01-24 21:16 14336 c:\windows\Installer\2db28a8.msp
+ 2012-07-27 07:01 . 2012-07-27 07:01 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
- 2012-07-20 04:29 . 2012-07-20 04:29 89952 c:\windows\Installer\{90140000-006D-0409-1000-0000000FF1CE}\cvhicon.exe
+ 2012-06-01 17:57 . 2012-07-28 18:12 6888 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-676282684-2026648853-322479139-1000_UserData.bin
+ 2012-07-28 19:03 . 2012-07-28 19:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-22 15:14 . 2012-07-22 15:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 19:03 . 2012-07-28 19:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-22 15:14 . 2012-07-22 15:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-28 18:13 . 2012-07-28 18:13 686792 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe
- 2012-06-24 02:45 . 2012-07-14 02:49 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-07-28 18:13 . 2012-07-28 18:13 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-07-14 04:54 . 2012-07-21 03:30 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-27 18:51 573440 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-06-06 12:10 . 2012-07-28 16:16 243356 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-06-01 19:09 . 2012-07-23 23:47 237970 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-22 13:57 663492 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 18:15 663492 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-28 18:15 122656 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-22 13:57 122656 c:\windows\system32\perfc009.dat
+ 2012-07-28 18:13 . 2012-07-28 18:13 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_Plugin.exe
+ 2011-10-01 12:30 . 2011-10-01 12:30 268648 c:\windows\system32\drivers\Sftplaylh.sys
+ 2011-10-01 12:30 . 2011-10-01 12:30 764264 c:\windows\system32\drivers\Sftfslh.sys
+ 2009-07-14 05:12 . 2012-07-27 18:51 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:12 . 2011-11-03 12:25 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-22 15:13 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-28 19:03 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-04-19 08:54 . 2011-04-19 08:54 227328 c:\windows\Installer\3627d8.msi
+ 2011-04-19 08:21 . 2011-04-19 08:21 235520 c:\windows\Installer\3627d1.msi
+ 2010-02-28 06:33 . 2010-02-28 06:33 821664 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHSVC.EXE
+ 2010-02-28 06:33 . 2010-02-28 06:33 379808 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVHBS.EXE
+ 2011-10-01 12:30 . 2011-10-01 12:30 1122152 c:\windows\SysWOW64\sftldr_wow64.dll
+ 2012-07-28 18:13 . 2012-07-28 18:13 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
+ 2012-07-28 18:13 . 2012-07-28 18:13 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
- 2009-07-14 04:54 . 2012-07-21 03:30 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 18:51 3538944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-01 12:30 . 2011-10-01 12:30 1765736 c:\windows\system32\sftldr.dll
+ 2009-07-14 04:45 . 2012-07-28 18:13 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-07-21 03:57 7185859 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2012-06-02 12:48 . 2012-07-28 18:07 8682054 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-676282684-2026648853-322479139-1001-8192.dat
+ 2012-06-02 12:48 . 2012-07-28 19:03 1735700 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-676282684-2026648853-322479139-1000-12288.dat
+ 2009-12-09 16:40 . 2009-12-09 16:40 2878976 c:\windows\Installer\5dd8d6.msi
+ 2009-12-09 16:40 . 2009-12-09 16:40 2878976 c:\windows\Installer\4ab8003.msi
+ 2010-02-28 06:33 . 2010-02-28 06:33 3207072 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.EXE
+ 2010-02-28 06:33 . 2010-02-28 06:33 4817336 c:\windows\Installer\$PatchCache$\Managed\00004109D60090400100000000F01FEC\14.0.4763\CVH.DLL
+ 2009-07-14 04:54 . 2012-07-27 18:51 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-21 03:30 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-28 18:13 . 2012-07-28 18:13 12315336 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll
+ 2012-06-02 12:48 . 2012-07-28 19:03 16445724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-676282684-2026648853-322479139-1000-8192.dat
+ 2012-07-23 22:43 . 2012-07-23 22:43 53217792 c:\windows\Installer\4f1b11a.msp
+ 2012-01-12 06:01 . 2012-01-12 06:01 21030912 c:\windows\Installer\2db28d0.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe" [2012-04-27 6065784]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
.
c:\users\Isaiah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2012-7-15 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys [2012-03-06 29184]
R3 AndNetDiag2;LGE AndroidNet For Diagnostics Port;c:\windows\system32\DRIVERS\lgandnetdiag264.sys [2012-03-06 29184]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys [2012-03-06 36352]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys [2012-03-06 93184]
R3 DIRECTIO;DIRECTIO;c:\bit_temp\DirectIo.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-07-15 82816]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-06-18 19032]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-06-18 12384]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-07-12 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-06-10 138152]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 vzandnetadb;ADB Interface DriverNet for VZW;c:\windows\system32\Drivers\lgvzandnetadb.sys [2011-10-10 31744]
R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2011-10-10 29696]
R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag264.sys [2011-10-10 29696]
R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2011-10-10 36352]
R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2011-10-21 94208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-06 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-06-24 482384]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe [2010-09-10 162824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-30 846448]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-11-03 1103464]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-07 416024]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.toshiba.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Isaiah\AppData\Roaming\Mozilla\Firefox\Profiles\eck29doe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Player\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-07-28 15:07:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 19:07
ComboFix2.txt 2012-07-22 15:28
.
Pre-Run: 549,321,535,488 bytes free
Post-Run: 548,986,970,112 bytes free
.
- - End Of File - - 6E10265D4287BB282B604E14CDC12EA9

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:29 AM

Posted 28 July 2012 - 02:45 PM

restart the computer and let me know if it clears up


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 armyman1031

armyman1031
  • Topic Starter

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Local time:02:29 AM

Posted 28 July 2012 - 03:14 PM

Yeah that cleared it up thank you for all your help and patience Gringo




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users