th3fall3n777

Honorary Members

View Profile See their activity

Posts
32
Joined
May 24, 2013
Last visited
September 18, 2013

Reputation

0 Neutral

About th3fall3n777

Birthday 06/20/1979

Profile Information

Location
Wisconsin
Interests
Network Administrator, Malware Forensics and Removal, the Fine Arts

Is MBAM Enterprise Multi-Tenant?

th3fall3n777 posted a topic in Malwarebytes Anti-Malware for Business

I wasn't sure on the best way to word this, but does anyone know if MBAM's Enterprise edition would be useful for an MSSP company? I should clarify - I'm specifically wondering if it can be configured to manage endpoints for multiple different clients who could be coming from multi different public IPs - it would need a way of managing policy for each client individually through some type of grouping system (so each clients' endpoints could be managed separately). If it is multi-tenant, could individual clients be set up with their own admin console that would allow them to make changes to their own policies by connecting back to say, a centralized server running Malwarebytes Enterprise?
- September 6, 2013
- 4 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

D-FRED-BROWN, I ran these final utilities as you instructed, but I have to let you know that at noon today, the client came back to pick up the laptop. Before they arrived, I completed these steps, and installed ESET Endpoint Antivirus. I was able to complete a scan with this, and Malwarebytes before they came, and both came back clean. I did let them know that there is more work to be done here; I would like to remove old, unpatched programs from the system, and make sure it has the most current Windows Security patches, and third party application patches such as Java. They are going to arrange for some time for me to do this. I didn't want to leave you hanging though - as it sounds like it is going to be about a week before I get the laptop back, I'm not sure what the process is - should we close this thread? The laptop was running great...
- August 29, 2013
- 22 replies
MBAR ChangeLog?

th3fall3n777 posted a topic in Malwarebytes Anti-Rootkit BETA Support

Is there a change log available to keep up with the updates for this tool?
- August 28, 2013
- 1 reply
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

AdwCleaner # AdwCleaner v3.001 - Report created 26/08/2013 at 17:28:58# Updated 24/08/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Fire Training - FIRETRAINING-PC# Running from : C:\Users\Fire Training\Desktop\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** Service Found : BringMeSports_1cService ***** [ Files / Folders ] ***** Folder Found C:\Program Files (x86)\BringMeSports_1cFolder Found C:\Users\Fire Training\AppData\LocalLow\BringMeSports_1c ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Found : HKCU\Software\AppDataLow\Software\BringMeSports_1cKey Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82C7004A-078E-468C-9C0F-2243618FF7CB}Key Found : HKLM\Software\BringMeSports_1cKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.DynamicBarButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.DynamicBarButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManagerKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.FeedManager.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenuKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLMenu.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanelKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.HTMLPanel.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.MultipleButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPluginKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.PseudoTransparentPlugin.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.Radio.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettingsKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.RadioSettings.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ScriptButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPluginKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SettingsPlugin.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SkinLauncherKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.SkinLauncher.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstallerKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.ThirdPartyInstaller.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.UrlAlertButtonKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.UrlAlertButton.1Key Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.XMLSessionPluginKey Found : HKLM\SOFTWARE\Classes\BringMeSports_1c.XMLSessionPlugin.1Key Found : HKLM\SOFTWARE\Classes\CLSID\{002D1BA6-4766-4D7D-82B8-F49439C66F97}Key Found : HKLM\SOFTWARE\Classes\CLSID\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87}Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\CLSID\{1856A7BD-DE8C-488B-AA7A-5682D13166FC}Key Found : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\CLSID\{39AE4193-9636-4786-A7E8-D0BED697CDF3}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5489857C-D16B-4F23-A322-9F3D3423DC6D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{5DC6445C-89CE-4895-9EEE-79449A453700}Key Found : HKLM\SOFTWARE\Classes\CLSID\{6285C254-4465-4F8B-A009-5F42AB02C291}Key Found : HKLM\SOFTWARE\Classes\CLSID\{716F0A7A-66F8-4C51-9EF2-BE22E0EA2F00}Key Found : HKLM\SOFTWARE\Classes\CLSID\{74CEF9D2-506A-4BC6-B577-4F6505317FBA}Key Found : HKLM\SOFTWARE\Classes\CLSID\{779A6469-E20C-4517-9D59-394EE65E216C}Key Found : HKLM\SOFTWARE\Classes\CLSID\{82C7004A-078E-468C-9C0F-2243618FF7CB}Key Found : HKLM\SOFTWARE\Classes\CLSID\{8E74A826-02AC-4EDF-8827-7CFDE086FB48}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A1912AF6-DFE3-48B1-BDFE-9A65259AC702}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B299D84A-69A5-4433-9A79-51EF2BB7841F}Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8CBCB5A-9192-4122-B3DE-BD139320EC09}Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D31FF80A-322D-4343-99BD-158557C460B2}Key Found : HKLM\SOFTWARE\Classes\CLSID\{D424710B-AF83-49A6-9F26-033E0CF794B1}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F653D037-97FA-4755-98C1-7F382EEB59A7}Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\Interface\{3436BC13-C898-4775-B1EA-BA224587010D}Key Found : HKLM\SOFTWARE\Classes\Interface\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{0F2C9A6B-A0ED-4189-B086-C0E76D80EB91}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1265AE6E-5141-468B-AB11-67ECE832F5E8}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{256B342B-85A7-4E4E-AA2E-101CDDEF5EFD}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4CD73219-4D3F-46EE-AC3E-768E2A2AB056}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A751D61-7A6B-4999-BFD0-ADF01A40F6F2}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{71E326B6-2DC3-40B7-93D8-3CEDA9C83F53}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92364364-56B2-4C54-AAE3-A7D03A30C023}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A50C4254-A6A2-48CB-A2D0-C5E0A53FD965}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A66EEC44-AA6D-4AF2-BF75-490E2CA17AE9}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BDFCF196-0622-41CF-BDA6-D1CDB44AB5E9}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{F6C482A5-17AE-43D3-A6AC-52A70674283C}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{164EA1FC-B0A0-4202-8C65-E4BA4D54A3AE}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1856A7BD-DE8C-488B-AA7A-5682D13166FC}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3436BC13-C898-4775-B1EA-BA224587010D}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89B7AE32-9C52-41D6-A64D-14D7BDEC9C58}Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FA460720-7B38-421D-981C-66F0AE288FB9}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F653D037-97FA-4755-98C1-7F382EEB59A7}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0A8CC25D-66FF-41DF-B3B4-416079EF8F87}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2F4D7835-42B0-4BA7-9587-1B01393F78EE}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6285C254-4465-4F8B-A009-5F42AB02C291}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{82C7004A-078E-468C-9C0F-2243618FF7CB}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B8CBCB5A-9192-4122-B3DE-BD139320EC09}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BC61CA7A-6B81-47EC-B62D-AE1A236CADB9}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F0C8CCC2-BAAA-4236-AD0A-22B5A401B9EF}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BringMeSports_1cbar UninstallKey Found : HKLM\SOFTWARE\MozillaPlugins\@BringMeSports_1c.com/PluginValue Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CC53BD19-7B23-43B0-AB7C-0E06C708CCED}]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bringMeSports Search Scope Monitor]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [bringMeSports_1c Browser Plugin Loader]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [1cffxtbr@BringMeSports_1c.com] ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16635 -\\ Google Chrome v28.0.1500.95 [ File : C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [8461 octets] - [26/08/2013 17:28:58] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8521 octets] ########## Junkware Removal Tool~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.5.4 (08.22.2013:1)OS: Windows 7 Home Premium x64Ran by Fire Training on Mon 08/26/2013 at 17:35:13.47~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] bringmesports_1cservice Successfully deleted: [service] bringmesports_1cservice ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{13119113-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{33119133-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23119123-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{03119103-0854-469D-807A-171568457991}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.dynamicbarbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.dynamicbarbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.feedmanagerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.feedmanager.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlmenuSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlmenu.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlpanelSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.htmlpanel.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.multiplebuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.multiplebutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.pseudotransparentpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.pseudotransparentplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radioSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radio.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radiosettingsSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.radiosettings.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.scriptbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.scriptbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.settingspluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.settingsplugin.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.skinlauncherSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.skinlauncher.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.thirdpartyinstallerSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.thirdpartyinstaller.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.urlalertbuttonSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.urlalertbutton.1Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.xmlsessionpluginSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bringmesports_1c.xmlsessionplugin.1Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{8c9ef753-beb6-4582-b653-93ac59274437}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{002D1BA6-4766-4D7D-82B8-F49439C66F97} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Fire Training\AppData\Roaming\pccustubinstaller"Successfully deleted: [Folder] "C:\Users\Fire Training\appdata\locallow\bringmesports_1c"Successfully deleted: [Folder] "C:\Program Files (x86)\bringmesports_1c" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 08/26/2013 at 17:41:55.57End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ OTL Log OTL logfile created on: 8/26/2013 5:47:00 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fire Training\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.48 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 74.05% Memory free6.96 Gb Paging File | 5.98 Gb Available in Paging File | 86.00% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 450.17 Gb Total Space | 397.08 Gb Free Space | 88.21% Space Free | Partition Type: NTFSDrive D: | 702.82 Mb Total Space | 414.31 Mb Free Space | 58.95% Space Free | Partition Type: UDF Computer Name: FIRETRAINING-PC | User Name: Fire Training | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/04/04 23:35:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fire Training\Desktop\OTL.exePRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe -- (TPCHSrv)SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)SRV:64bit: - [2011/04/20 18:16:30 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/09/09 19:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)SRV - [2013/06/19 17:15:49 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/04/20 19:00:52 | 009,256,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2011/04/20 17:39:58 | 000,300,544 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/23 19:14:44 | 001,142,376 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/01/13 21:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2010/11/17 10:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)DRV:64bit: - [2010/10/29 18:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes,DefaultScope = {69A840FF-1E32-498C-9B4A-2AB5FE7D2A05}IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOIE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SRIE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\SearchScopes\{69A840FF-1E32-498C-9B4A-2AB5FE7D2A05}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS455IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()FF - HKLM\Software\MozillaPlugins\@BringMeSports_1c.com/Plugin: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\NP1cStub.dll File not foundFF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\1cffxtbr@BringMeSports_1c.com: C:\Program Files (x86)\BringMeSports_1c\bar\1.bin ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}CHR - homepage: http://start.toshiba.com/?cid=C001B2YCHR - Extension: Docs = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\CHR - Extension: Google Drive = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\CHR - Extension: YouTube = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\CHR - Extension: Google Search = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\CHR - Extension: Gmail = C:\Users\Fire Training\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/08/23 09:13:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)O2 - BHO: (Toolbar BHO) - {f653d037-97fa-4755-98c1-7f382eeb59a7} - C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbar.dll File not foundO3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (BringMeSports) - {cc53bd19-7b23-43b0-ab7c-0e06c708cced} - C:\Program Files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3:64bit: - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)O4 - HKLM..\Run: [bringMeSports Search Scope Monitor] "C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe" /m=2 /w /h File not foundO4 - HKLM..\Run: [bringMeSports_1c Browser Plugin Loader] C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe File not foundO4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)O4 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001..\Run: [HP Officejet 6600 (NET)] C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)O4 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001..\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe (TechSmith Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-4191840987-790802291-1396358146-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C2AA0AF-732B-4421-A281-DEC28E55DDE1}: DhcpNameServer = 192.168.1.247O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{286FF110-340D-4BA8-96BD-8C48967A95A9}: DhcpNameServer = 192.168.1.247O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/08/26 17:45:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fire Training\Desktop\OTL.exe[2013/08/26 17:35:08 | 000,000,000 | ---D | C] -- C:\windows\ERUNT[2013/08/26 17:34:25 | 001,021,434 | ---- | C] (Thisisu) -- C:\Users\Fire Training\Desktop\JRT.exe[2013/08/26 17:28:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/08/26 17:09:46 | 054,048,025 | ---- | C] (ESET) -- C:\Users\Fire Training\Desktop\eea_package_nt64_msp.exe[2013/08/23 09:26:03 | 000,000,000 | ---D | C] -- C:\windows\temp[2013/08/23 09:14:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN[2013/08/21 16:03:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe[2013/08/21 16:03:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe[2013/08/21 16:03:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe[2013/08/21 16:03:40 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/08/21 16:03:22 | 000,000,000 | ---D | C] -- C:\windows\erdnt[2013/08/21 16:02:59 | 005,109,506 | R--- | C] (Swearware) -- C:\Users\Fire Training\Desktop\ComboFix.exe[2013/08/21 14:48:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/08/21 14:48:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/08/21 14:48:38 | 000,000,000 | ---D | C] -- C:\Users\Fire Training\Desktop\mbar[2013/08/21 14:48:17 | 012,081,912 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Fire Training\Desktop\mbar-1.06.1.1005.exe[2013/08/21 14:44:33 | 002,748,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fire Training\Desktop\tdsskiller.exe[2013/08/18 12:13:53 | 000,000,000 | ---D | C] -- C:\FRST[2013/08/14 15:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/08/26 17:46:10 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2013/08/26 17:44:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2013/08/26 17:25:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2013/08/26 17:20:10 | 001,021,434 | ---- | M] (Thisisu) -- C:\Users\Fire Training\Desktop\JRT.exe[2013/08/26 17:09:10 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/08/26 17:09:10 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/08/26 17:07:55 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2013/08/26 11:17:47 | 000,824,762 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2013/08/26 11:17:47 | 000,178,694 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2013/08/26 11:17:47 | 000,006,222 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2013/08/26 09:17:49 | 000,994,642 | ---- | M] () -- C:\Users\Fire Training\Desktop\AdwCleaner.exe[2013/08/23 09:13:53 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts[2013/08/23 09:12:55 | 2801,364,992 | -HS- | M] () -- C:\hiberfil.sys[2013/08/22 08:53:41 | 000,891,115 | ---- | M] () -- C:\Users\Fire Training\Desktop\SecurityCheck.exe[2013/08/21 14:40:55 | 005,109,506 | R--- | M] (Swearware) -- C:\Users\Fire Training\Desktop\ComboFix.exe[2013/08/21 14:39:58 | 012,081,912 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Fire Training\Desktop\mbar-1.06.1.1005.exe[2013/08/21 14:37:49 | 002,748,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fire Training\Desktop\tdsskiller.exe[2013/08/07 18:15:30 | 000,418,144 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/08/26 17:26:44 | 000,994,642 | ---- | C] () -- C:\Users\Fire Training\Desktop\AdwCleaner.exe[2013/08/22 08:57:53 | 000,891,115 | ---- | C] () -- C:\Users\Fire Training\Desktop\SecurityCheck.exe[2013/08/21 16:03:48 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2013/08/21 16:03:48 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2013/08/21 16:03:48 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2013/08/21 16:03:48 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2013/08/21 16:03:47 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2012/08/31 15:54:14 | 000,773,522 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2012/08/17 15:11:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini[2011/09/12 08:50:17 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe[2011/09/12 08:45:45 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll[2011/09/12 08:44:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin[2011/09/12 08:42:35 | 000,003,155 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
- August 27, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

ComboFix 13-08-21.01 - Fire Training 08/22/2013 17:01:23.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.2307 [GMT -5:00] Running from: c:\users\Fire Training\Desktop\ComboFix.exe Command switches used :: c:\users\Fire Training\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\System32\Drivers\05934246.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_05934246 . . ((((((((((((((((((((((((( Files Created from 2013-07-23 to 2013-08-23 ))))))))))))))))))))))))))))))) . . 2013-08-22 22:14 . 2013-08-22 22:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-08-21 19:48 . 2013-08-21 20:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-08-21 19:48 . 2013-08-21 19:48 -------- d-----w- c:\programdata\Malwarebytes 2013-08-18 17:13 . 2013-08-18 17:13 -------- d-----w- C:\FRST 2013-08-14 20:37 . 2013-08-14 20:37 -------- d-----w- c:\programdata\HitmanPro 2013-08-09 16:44 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8AE10A-874F-4A9D-B5D8-A4CFCD70BCE2}\mpengine.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-26 01:02 . 2012-09-18 10:40 78185248 ----a-w- c:\windows\system32\MRT.exe 2013-07-10 21:49 . 2013-07-10 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-07-10 21:49 . 2013-07-10 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-07-10 21:49 . 2013-07-10 21:49 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-07-10 21:49 . 2013-07-10 21:49 81408 ----a-w- c:\windows\system32\icardie.dll 2013-07-10 21:49 . 2013-07-10 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-07-10 21:49 . 2013-07-10 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-07-10 21:49 . 2013-07-10 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-07-10 21:49 . 2013-07-10 21:49 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-07-10 21:49 . 2013-07-10 21:49 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-07-10 21:49 . 2013-07-10 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-07-10 21:49 . 2013-07-10 21:49 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-07-10 21:49 . 2013-07-10 21:49 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-07-10 21:49 . 2013-07-10 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-07-10 21:49 . 2013-07-10 21:49 53248 ----a-w- c:\windows\system32\jsproxy.dll 2013-07-10 21:49 . 2013-07-10 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-07-10 21:49 . 2013-07-10 21:49 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-07-10 21:49 . 2013-07-10 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-07-10 21:49 . 2013-07-10 21:49 441856 ----a-w- c:\windows\system32\html.iec 2013-07-10 21:49 . 2013-07-10 21:49 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-07-10 21:49 . 2013-07-10 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-07-10 21:49 . 2013-07-10 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-07-10 21:49 . 2013-07-10 21:49 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-07-10 21:49 . 2013-07-10 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-07-10 21:49 . 2013-07-10 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-07-10 21:49 . 2013-07-10 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-07-10 21:49 . 2013-07-10 21:49 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-07-10 21:49 . 2013-07-10 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-07-10 21:49 . 2013-07-10 21:49 235008 ----a-w- c:\windows\system32\url.dll 2013-07-10 21:49 . 2013-07-10 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-07-10 21:49 . 2013-07-10 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-07-10 21:49 . 2013-07-10 21:49 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-07-10 21:49 . 2013-07-10 21:49 216064 ----a-w- c:\windows\system32\msls31.dll 2013-07-10 21:49 . 2013-07-10 21:49 197120 ----a-w- c:\windows\system32\msrating.dll 2013-07-10 21:49 . 2013-07-10 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-07-10 21:49 . 2013-07-10 21:49 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-07-10 21:49 . 2013-07-10 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-07-10 21:49 . 2013-07-10 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-07-10 21:49 . 2013-07-10 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-07-10 21:49 . 2013-07-10 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-07-10 21:49 . 2013-07-10 21:49 144896 ----a-w- c:\windows\system32\wextract.exe 2013-07-10 21:49 . 2013-07-10 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-07-10 21:49 . 2013-07-10 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat 2013-07-10 21:49 . 2013-07-10 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-07-10 21:49 . 2013-07-10 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-07-10 21:49 . 2013-07-10 21:49 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-07-10 21:49 . 2013-07-10 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-07-10 21:49 . 2013-07-10 21:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-07-10 21:49 . 2013-07-10 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-07-10 21:49 . 2013-07-10 21:49 102912 ----a-w- c:\windows\system32\inseng.dll 2013-07-10 21:49 . 2013-07-10 21:49 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-07-10 21:49 . 2013-07-10 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-07-10 21:49 . 2013-07-10 21:49 855552 ----a-w- c:\windows\system32\jscript.dll 2013-07-10 21:49 . 2013-07-10 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-07-10 21:49 . 2013-07-10 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-07-10 21:49 . 2013-07-10 21:49 526336 ----a-w- c:\windows\system32\ieui.dll 2013-07-10 21:49 . 2013-07-10 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-07-10 21:49 . 2013-07-10 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-07-10 21:49 . 2013-07-10 21:49 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-07-10 21:49 . 2013-07-10 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-07-10 21:49 . 2013-07-10 21:49 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-07-10 21:49 . 2013-07-10 21:49 149504 ----a-w- c:\windows\system32\occache.dll 2013-07-10 21:49 . 2013-07-10 21:49 13824 ----a-w- c:\windows\system32\mshta.exe 2013-07-10 21:49 . 2013-07-10 21:49 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-07-10 21:49 . 2013-07-10 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-07-10 21:49 . 2013-07-10 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 648192 ----a-w- c:\windows\system32\d3d10level9.dll 2013-07-10 21:46 . 2013-07-10 21:46 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2013-07-10 21:46 . 2013-07-10 21:46 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2013-07-10 21:46 . 2013-07-10 21:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-07-10 21:46 . 2013-07-10 21:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-07-10 21:46 . 2013-07-10 21:46 3928064 ----a-w- c:\windows\system32\d2d1.dll 2013-07-10 21:46 . 2013-07-10 21:46 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2013-07-10 21:46 . 2013-07-10 21:46 363008 ----a-w- c:\windows\system32\dxgi.dll 2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-07-10 21:46 . 2013-07-10 21:46 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll 2013-07-10 21:46 . 2013-07-10 21:46 333312 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-07-10 21:46 . 2013-07-10 21:46 296960 ----a-w- c:\windows\system32\d3d10core.dll 2013-07-10 21:46 . 2013-07-10 21:46 293376 ----a-w- c:\windows\SysWow64\dxgi.dll 2013-07-10 21:46 . 2013-07-10 21:46 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{002d1ba6-4766-4d7d-82b8-f49439c66f97}] 2012-09-18 01:40 62864 ----a-w- c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f653d037-97fa-4755-98c1-7f382eeb59a7}] 2012-09-18 01:40 699536 ----a-w- c:\progra~2\BRINGM~2\bar\1.bin\1cbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [2012-09-18 699536] . [HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408] "HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584] "Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-07-23 2908536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384] "ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816] "ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960] "NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864] "BringMeSports Search Scope Monitor"="c:\progra~2\BRINGM~2\bar\1.bin\1csrchmn.exe" [2012-09-18 42536] "BringMeSports_1c Browser Plugin Loader"="c:\progra~2\BRINGM~2\bar\1.bin\1cbrmon.exe" [2012-09-18 30096] . c:\users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Monitor Ink Alerts - HP Officejet 6600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2612G1RS05RN;CONNECTION=NW;MONITOR=1; [2009-7-13 45568] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x] R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x] R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x] S2 BringMeSports_1cService;BringMeSportsService;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [x] S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x] S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x] S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-07 22:20 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-08-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 22:15] . 2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09] . 2013-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU] "HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU] "TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU] "TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560] "TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU] "TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376] "TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU] "TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr] "ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-08-23 09:25:39 - machine was rebooted ComboFix-quarantined-files.txt 2013-08-23 14:25 ComboFix2.txt 2013-08-21 21:38 . Pre-Run: 427,107,164,160 bytes free Post-Run: 426,401,202,176 bytes free . - - End Of File - - 0F6F8938807CF05F747857D142D3CD91 5B5E648D12FCADC244C1EC30318E1EB9
- August 23, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

I had to use more than one post due to getting an error - "Post too Long" MBAR - SystemLog ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16635 Java version: 1.6.0_25 File system is: NTFSDisk drives: C:\ DRIVE_FIXEDCPU speed: 1.397000 GHzMemory total: 3735154688, free: 2630160384 Initializing...------------ Kernel report ------------ 08/21/2013 14:48:59------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_AuthenticAMD.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\drivers\compbatt.sys\SystemRoot\system32\drivers\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\system32\DRIVERS\pciide.sys\SystemRoot\system32\DRIVERS\PCIIDEX.SYS\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\DRIVERS\msahci.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\system32\DRIVERS\TVALZ_O.SYS\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\atikmpag.sys\SystemRoot\system32\DRIVERS\atikmdag.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\tdcmdpst.sys\SystemRoot\system32\DRIVERS\usbohci.sys\SystemRoot\system32\DRIVERS\USBPORT.SYS\SystemRoot\system32\DRIVERS\usbehci.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\SynTP.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\rtl8192Ce.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\amdppm.sys\SystemRoot\system32\DRIVERS\wmiacpi.sys\SystemRoot\system32\DRIVERS\TVALZFL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\serscan.sys\SystemRoot\system32\DRIVERS\pgeffect.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\AtihdW76.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_dumpata.sys\SystemRoot\System32\Drivers\dump_msahci.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\udfs.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\shell32.dll\Windows\System32\setupapi.dll\Windows\System32\urlmon.dll\Windows\System32\msctf.dll\Windows\System32\lpk.dll\Windows\System32\rpcrt4.dll\Windows\System32\imm32.dll\Windows\System32\kernel32.dll\Windows\System32\oleaut32.dll\Windows\System32\difxapi.dll\Windows\System32\ws2_32.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\comdlg32.dll\Windows\System32\clbcatq.dll\Windows\System32\gdi32.dll\Windows\System32\iertutil.dll\Windows\System32\user32.dll\Windows\System32\ole32.dll\Windows\System32\imagehlp.dll\Windows\System32\shlwapi.dll\Windows\System32\psapi.dll\Windows\System32\msvcrt.dll\Windows\System32\usp10.dll\Windows\System32\wininet.dll\Windows\System32\sechost.dll\Windows\System32\Wldap32.dll\Windows\System32\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8004d4d060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-4\Lower Device Object: 0xfffffa8004ae9680Lower Device Driver Name: \Driver\atapi\<<<2>>>Device number: 0, partition: 2Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8004d4d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8004be79d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8004d4d060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8004ae9680, DeviceName: \Device\Ide\IdeDeviceP2T0L0-4\, DriverName: \Driver\atapi\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\windows\system32\drivers...<<<2>>>Device number: 0, partition: 2<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 81AC88D8 Partition information: Partition 0 type is Other (0x27) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 3072000 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 3074048 Numsec = 944070656 Partition 2 type is HIDDEN (0x17) Partition is NOT ACTIVE. Partition starts at LBA: 947144704 Numsec = 29628416 Partition is not bootableHidden partition VBR is not infected. Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_2_947144704_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished ComboFixComboFix 13-08-21.01 - Fire Training 08/21/2013 16:06:07.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3562.2377 [GMT -5:00]Running from: c:\users\Fire Training\Desktop\ComboFix.exeSP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{03BCFB14-E4A4-47F6-84E7-AF8E5ECBC547}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0690173C-968D-497C-9456-D3496DC2C5A9}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{417C629E-CB85-46F5-9E93-6B797658AB9A}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{83E88CB7-6D79-4E57-9257-B85A46F19744}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A68AF8EE-1CC1-46FA-948C-3FC455523DF0}.xpsc:\users\Fire Training\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BD0388F7-7CD2-4949-83D5-47918C30A7D8}.xpsc:\users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnkc:\users\Fire Training\g2mdlhlpx.exe..((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 )))))))))))))))))))))))))))))))..2013-08-21 21:18 . 2013-08-21 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp2013-08-21 21:15 . 2013-08-21 21:15 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8AE10A-874F-4A9D-B5D8-A4CFCD70BCE2}\offreg.dll2013-08-21 19:48 . 2013-08-21 20:58 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-08-21 19:48 . 2013-08-21 19:48 -------- d-----w- c:\programdata\Malwarebytes2013-08-18 17:13 . 2013-08-18 17:13 -------- d-----w- C:\FRST2013-08-14 20:37 . 2013-08-14 20:37 -------- d-----w- c:\programdata\HitmanPro2013-08-09 16:44 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C8AE10A-874F-4A9D-B5D8-A4CFCD70BCE2}\mpengine.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-07-26 01:02 . 2012-09-18 10:40 78185248 ----a-w- c:\windows\system32\MRT.exe2013-07-10 21:49 . 2013-07-10 21:49 97280 ----a-w- c:\windows\system32\mshtmled.dll2013-07-10 21:49 . 2013-07-10 21:49 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-07-10 21:49 . 2013-07-10 21:49 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-07-10 21:49 . 2013-07-10 21:49 81408 ----a-w- c:\windows\system32\icardie.dll2013-07-10 21:49 . 2013-07-10 21:49 762368 ----a-w- c:\windows\system32\ieapfltr.dll2013-07-10 21:49 . 2013-07-10 21:49 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-07-10 21:49 . 2013-07-10 21:49 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-07-10 21:49 . 2013-07-10 21:49 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-07-10 21:49 . 2013-07-10 21:49 67072 ----a-w- c:\windows\system32\iesetup.dll2013-07-10 21:49 . 2013-07-10 21:49 61952 ----a-w- c:\windows\SysWow64\tdc.ocx2013-07-10 21:49 . 2013-07-10 21:49 61440 ----a-w- c:\windows\SysWow64\iesetup.dll2013-07-10 21:49 . 2013-07-10 21:49 603136 ----a-w- c:\windows\system32\msfeeds.dll2013-07-10 21:49 . 2013-07-10 21:49 599552 ----a-w- c:\windows\system32\vbscript.dll2013-07-10 21:49 . 2013-07-10 21:49 53248 ----a-w- c:\windows\system32\jsproxy.dll2013-07-10 21:49 . 2013-07-10 21:49 523264 ----a-w- c:\windows\SysWow64\vbscript.dll2013-07-10 21:49 . 2013-07-10 21:49 51712 ----a-w- c:\windows\system32\ie4uinit.exe2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-07-10 21:49 . 2013-07-10 21:49 452096 ----a-w- c:\windows\system32\dxtmsft.dll2013-07-10 21:49 . 2013-07-10 21:49 441856 ----a-w- c:\windows\system32\html.iec2013-07-10 21:49 . 2013-07-10 21:49 39936 ----a-w- c:\windows\system32\iernonce.dll2013-07-10 21:49 . 2013-07-10 21:49 38400 ----a-w- c:\windows\SysWow64\imgutil.dll2013-07-10 21:49 . 2013-07-10 21:49 361984 ----a-w- c:\windows\SysWow64\html.iec2013-07-10 21:49 . 2013-07-10 21:49 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll2013-07-10 21:49 . 2013-07-10 21:49 281600 ----a-w- c:\windows\system32\dxtrans.dll2013-07-10 21:49 . 2013-07-10 21:49 27648 ----a-w- c:\windows\system32\licmgr10.dll2013-07-10 21:49 . 2013-07-10 21:49 270848 ----a-w- c:\windows\system32\iedkcs32.dll2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-07-10 21:49 . 2013-07-10 21:49 2648576 ----a-w- c:\windows\system32\iertutil.dll2013-07-10 21:49 . 2013-07-10 21:49 247296 ----a-w- c:\windows\system32\webcheck.dll2013-07-10 21:49 . 2013-07-10 21:49 235008 ----a-w- c:\windows\system32\url.dll2013-07-10 21:49 . 2013-07-10 21:49 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-07-10 21:49 . 2013-07-10 21:49 226304 ----a-w- c:\windows\system32\elshyph.dll2013-07-10 21:49 . 2013-07-10 21:49 2241024 ----a-w- c:\windows\system32\wininet.dll2013-07-10 21:49 . 2013-07-10 21:49 216064 ----a-w- c:\windows\system32\msls31.dll2013-07-10 21:49 . 2013-07-10 21:49 197120 ----a-w- c:\windows\system32\msrating.dll2013-07-10 21:49 . 2013-07-10 21:49 185344 ----a-w- c:\windows\SysWow64\elshyph.dll2013-07-10 21:49 . 2013-07-10 21:49 1767936 ----a-w- c:\windows\SysWow64\wininet.dll2013-07-10 21:49 . 2013-07-10 21:49 167424 ----a-w- c:\windows\system32\iexpress.exe2013-07-10 21:49 . 2013-07-10 21:49 158720 ----a-w- c:\windows\SysWow64\msls31.dll2013-07-10 21:49 . 2013-07-10 21:49 1509376 ----a-w- c:\windows\system32\inetcpl.cpl2013-07-10 21:49 . 2013-07-10 21:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe2013-07-10 21:49 . 2013-07-10 21:49 144896 ----a-w- c:\windows\system32\wextract.exe2013-07-10 21:49 . 2013-07-10 21:49 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-07-10 21:49 . 2013-07-10 21:49 1400416 ----a-w- c:\windows\system32\ieapfltr.dat2013-07-10 21:49 . 2013-07-10 21:49 138752 ----a-w- c:\windows\SysWow64\wextract.exe2013-07-10 21:49 . 2013-07-10 21:49 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-07-10 21:49 . 2013-07-10 21:49 1365504 ----a-w- c:\windows\system32\urlmon.dll2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\SysWow64\mshta.exe2013-07-10 21:49 . 2013-07-10 21:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-07-10 21:49 . 2013-07-10 21:49 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-07-10 21:49 . 2013-07-10 21:49 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-07-10 21:49 . 2013-07-10 21:49 102912 ----a-w- c:\windows\system32\inseng.dll2013-07-10 21:49 . 2013-07-10 21:49 19238912 ----a-w- c:\windows\system32\mshtml.dll2013-07-10 21:49 . 2013-07-10 21:49 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-07-10 21:49 . 2013-07-10 21:49 855552 ----a-w- c:\windows\system32\jscript.dll2013-07-10 21:49 . 2013-07-10 21:49 77312 ----a-w- c:\windows\system32\tdc.ocx2013-07-10 21:49 . 2013-07-10 21:49 62976 ----a-w- c:\windows\system32\pngfilt.dll2013-07-10 21:49 . 2013-07-10 21:49 526336 ----a-w- c:\windows\system32\ieui.dll2013-07-10 21:49 . 2013-07-10 21:49 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-07-10 21:49 . 2013-07-10 21:49 51200 ----a-w- c:\windows\system32\imgutil.dll2013-07-10 21:49 . 2013-07-10 21:49 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-07-10 21:49 . 2013-07-10 21:49 3958784 ----a-w- c:\windows\system32\jscript9.dll2013-07-10 21:49 . 2013-07-10 21:49 2706432 ----a-w- c:\windows\system32\mshtml.tlb2013-07-10 21:49 . 2013-07-10 21:49 173568 ----a-w- c:\windows\system32\ieUnatt.exe2013-07-10 21:49 . 2013-07-10 21:49 15404032 ----a-w- c:\windows\system32\ieframe.dll2013-07-10 21:49 . 2013-07-10 21:49 149504 ----a-w- c:\windows\system32\occache.dll2013-07-10 21:49 . 2013-07-10 21:49 13824 ----a-w- c:\windows\system32\mshta.exe2013-07-10 21:49 . 2013-07-10 21:49 136704 ----a-w- c:\windows\system32\iesysprep.dll2013-07-10 21:49 . 2013-07-10 21:49 136192 ----a-w- c:\windows\system32\iepeers.dll2013-07-10 21:49 . 2013-07-10 21:49 135680 ----a-w- c:\windows\system32\IEAdvpack.dll2013-07-10 21:49 . 2013-07-10 21:49 12800 ----a-w- c:\windows\system32\msfeedssync.exe2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 648192 ----a-w- c:\windows\system32\d3d10level9.dll2013-07-10 21:46 . 2013-07-10 21:46 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll2013-07-10 21:46 . 2013-07-10 21:46 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll2013-07-10 21:46 . 2013-07-10 21:46 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-07-10 21:46 . 2013-07-10 21:46 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-07-10 21:46 . 2013-07-10 21:46 3928064 ----a-w- c:\windows\system32\d2d1.dll2013-07-10 21:46 . 2013-07-10 21:46 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll2013-07-10 21:46 . 2013-07-10 21:46 363008 ----a-w- c:\windows\system32\dxgi.dll2013-07-10 21:46 . 2013-07-10 21:46 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll2013-07-10 21:46 . 2013-07-10 21:46 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll2013-07-10 21:46 . 2013-07-10 21:46 333312 ----a-w- c:\windows\system32\d3d10_1core.dll2013-07-10 21:46 . 2013-07-10 21:46 296960 ----a-w- c:\windows\system32\d3d10core.dll2013-07-10 21:46 . 2013-07-10 21:46 293376 ----a-w- c:\windows\SysWow64\dxgi.dll2013-07-10 21:46 . 2013-07-10 21:46 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{002d1ba6-4766-4d7d-82b8-f49439c66f97}]2012-09-18 01:40 62864 ----a-w- c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cSrcAs.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{f653d037-97fa-4755-98c1-7f382eeb59a7}]2012-09-18 01:40 699536 ----a-w- c:\progra~2\BRINGM~2\bar\1.bin\1cbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{cc53bd19-7b23-43b0-ab7c-0e06c708cced}"= "c:\program files (x86)\BringMeSports_1c\bar\1.bin\1cbar.dll" [2012-09-18 699536].[HKEY_CLASSES_ROOT\clsid\{cc53bd19-7b23-43b0-ab7c-0e06c708cced}].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-09-12 39408]"HP Officejet 6600 (NET)"="c:\program files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]"Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-07-23 2908536].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-20 336384]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]"BringMeSports Search Scope Monitor"="c:\progra~2\BRINGM~2\bar\1.bin\1csrchmn.exe" [2012-09-18 42536]"BringMeSports_1c Browser Plugin Loader"="c:\progra~2\BRINGM~2\bar\1.bin\1cbrmon.exe" [2012-09-18 30096].c:\users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Officejet 6600\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN2612G1RS05RN;CONNECTION=NW;MONITOR=1; [2009-7-13 45568]OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]R2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 TDEIO;TDEIO;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys;c:\windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 BringMeSports_1cService;BringMeSportsService;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe;c:\progra~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [x]S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 05934246*Deregistered* - 05934246.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-08-07 22:20 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-11 22:15].2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09].2013-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-12 14:09]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exeHKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exeHKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exeHKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-08-21 16:37:41ComboFix-quarantined-files.txt 2013-08-21 21:37.Pre-Run: 426,104,008,704 bytes freePost-Run: 427,036,131,328 bytes free.- - End Of File - - 711D8E21418AC2BB7F7BCEE650524BD25B5E648D12FCADC244C1EC30318E1EB9 Security Check Checkup Log Results of screen317's Security Check version 0.99.72 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Java 6 Update 25 Java version out of Date! Adobe Flash Player 11.7.700.224 Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 4% ````````````````````End of Log``````````````````````
- August 22, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

TDDSSKiller - No Threats Detected 14:44:58.0474 0x16d0 TDSS rootkit removing tool 2.9.2.0 Aug 15 2013 16:44:2914:44:58.0520 0x16d0 ============================================================14:44:58.0520 0x16d0 Current date / time: 2013/08/21 14:44:58.052014:44:58.0520 0x16d0 SystemInfo:14:44:58.0520 0x16d0 14:44:58.0520 0x16d0 OS Version: 6.1.7601 ServicePack: 1.014:44:58.0520 0x16d0 Product type: Workstation14:44:58.0520 0x16d0 ComputerName: FIRETRAINING-PC14:44:58.0520 0x16d0 UserName: Fire Training14:44:58.0520 0x16d0 Windows directory: C:\windows14:44:58.0520 0x16d0 System windows directory: C:\windows14:44:58.0520 0x16d0 Running under WOW6414:44:58.0520 0x16d0 Processor architecture: Intel x6414:44:58.0520 0x16d0 Number of processors: 414:44:58.0520 0x16d0 Page size: 0x100014:44:58.0520 0x16d0 Boot type: Normal boot14:44:58.0520 0x16d0 ============================================================14:44:59.0706 0x16d0 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004014:44:59.0722 0x16d0 ============================================================14:44:59.0722 0x16d0 \Device\Harddisk0\DR0:14:44:59.0722 0x16d0 MBR partitions:14:44:59.0722 0x16d0 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x3845600014:44:59.0722 0x16d0 ============================================================14:44:59.0753 0x16d0 C: <-> \Device\Harddisk0\DR0\Partition114:44:59.0753 0x16d0 ============================================================14:44:59.0753 0x16d0 Initialize success14:44:59.0753 0x16d0 ============================================================14:45:19.0783 0x15b8 ============================================================14:45:19.0783 0x15b8 Scan started14:45:19.0783 0x15b8 Mode: Manual; 14:45:19.0783 0x15b8 ============================================================14:45:20.0610 0x15b8 ================ Scan system memory ========================14:45:20.0610 0x15b8 System memory - ok14:45:20.0610 0x15b8 ================ Scan services =============================14:45:20.0782 0x15b8 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys14:45:20.0797 0x15b8 1394ohci - ok14:45:20.0828 0x15b8 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys14:45:20.0828 0x15b8 ACPI - ok14:45:20.0875 0x15b8 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys14:45:20.0875 0x15b8 AcpiPmi - ok14:45:21.0016 0x15b8 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe14:45:21.0016 0x15b8 AdobeFlashPlayerUpdateSvc - ok14:45:21.0078 0x15b8 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\drivers\adp94xx.sys14:45:21.0078 0x15b8 adp94xx - ok14:45:21.0140 0x15b8 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\drivers\adpahci.sys14:45:21.0140 0x15b8 adpahci - ok14:45:21.0187 0x15b8 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\drivers\adpu320.sys14:45:21.0203 0x15b8 adpu320 - ok14:45:21.0234 0x15b8 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll14:45:21.0234 0x15b8 AeLookupSvc - ok14:45:21.0281 0x15b8 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys14:45:21.0281 0x15b8 AFD - ok14:45:21.0328 0x15b8 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys14:45:21.0343 0x15b8 agp440 - ok14:45:21.0374 0x15b8 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe14:45:21.0374 0x15b8 ALG - ok14:45:21.0406 0x15b8 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys14:45:21.0406 0x15b8 aliide - ok14:45:21.0452 0x15b8 [ E9F172F8067830AB6418FCF13B7C82F1 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe14:45:21.0452 0x15b8 AMD External Events Utility - ok14:45:21.0484 0x15b8 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys14:45:21.0484 0x15b8 amdide - ok14:45:21.0515 0x15b8 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\drivers\amdk8.sys14:45:21.0515 0x15b8 AmdK8 - ok14:45:21.0733 0x15b8 [ 3EA481540BF571CE2AC422249C4E18A9 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys14:45:21.0952 0x15b8 amdkmdag - ok14:45:21.0998 0x15b8 [ C5228C5FD5CA78002255089C4E74DC0E ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys14:45:21.0998 0x15b8 amdkmdap - ok14:45:22.0030 0x15b8 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys14:45:22.0030 0x15b8 AmdPPM - ok14:45:22.0061 0x15b8 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys14:45:22.0061 0x15b8 amdsata - ok14:45:22.0076 0x15b8 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\drivers\amdsbs.sys14:45:22.0076 0x15b8 amdsbs - ok14:45:22.0076 0x15b8 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys14:45:22.0092 0x15b8 amdxata - ok14:45:22.0123 0x15b8 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys14:45:22.0123 0x15b8 AppID - ok14:45:22.0170 0x15b8 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll14:45:22.0170 0x15b8 AppIDSvc - ok14:45:22.0217 0x15b8 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\windows\System32\appinfo.dll14:45:22.0217 0x15b8 Appinfo - ok14:45:22.0232 0x15b8 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\drivers\arc.sys14:45:22.0232 0x15b8 arc - ok14:45:22.0264 0x15b8 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\drivers\arcsas.sys14:45:22.0264 0x15b8 arcsas - ok14:45:22.0435 0x15b8 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe14:45:22.0435 0x15b8 aspnet_state - ok14:45:22.0466 0x15b8 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys14:45:22.0466 0x15b8 AsyncMac - ok14:45:22.0482 0x15b8 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys14:45:22.0482 0x15b8 atapi - ok14:45:22.0544 0x15b8 [ 4BF5BCA6E2608CD8A00BC4A6673A9F47 ] AtiHDAudioService C:\windows\system32\drivers\AtihdW76.sys14:45:22.0544 0x15b8 AtiHDAudioService - ok14:45:22.0576 0x15b8 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll14:45:22.0591 0x15b8 AudioEndpointBuilder - ok14:45:22.0622 0x15b8 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll14:45:22.0622 0x15b8 AudioSrv - ok14:45:22.0638 0x15b8 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll14:45:22.0638 0x15b8 AxInstSV - ok14:45:22.0685 0x15b8 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\drivers\bxvbda.sys14:45:22.0685 0x15b8 b06bdrv - ok14:45:22.0732 0x15b8 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys14:45:22.0732 0x15b8 b57nd60a - ok14:45:22.0825 0x15b8 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe14:45:22.0825 0x15b8 BBSvc - ok14:45:22.0856 0x15b8 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe14:45:22.0856 0x15b8 BBUpdate - ok14:45:22.0888 0x15b8 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll14:45:22.0888 0x15b8 BDESVC - ok14:45:22.0903 0x15b8 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys14:45:22.0903 0x15b8 Beep - ok14:45:22.0934 0x15b8 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll14:45:22.0950 0x15b8 BFE - ok14:45:22.0981 0x15b8 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll14:45:22.0997 0x15b8 BITS - ok14:45:23.0028 0x15b8 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys14:45:23.0028 0x15b8 blbdrive - ok14:45:23.0059 0x15b8 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys14:45:23.0075 0x15b8 bowser - ok14:45:23.0106 0x15b8 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\drivers\BrFiltLo.sys14:45:23.0106 0x15b8 BrFiltLo - ok14:45:23.0122 0x15b8 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\drivers\BrFiltUp.sys14:45:23.0122 0x15b8 BrFiltUp - ok14:45:23.0184 0x15b8 [ 622FCF264119F7DF127BE353F796B319 ] BringMeSports_1cService C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe14:45:23.0184 0x15b8 BringMeSports_1cService - ok14:45:23.0231 0x15b8 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll14:45:23.0246 0x15b8 Browser - ok14:45:23.0278 0x15b8 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys14:45:23.0293 0x15b8 Brserid - ok14:45:23.0324 0x15b8 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys14:45:23.0324 0x15b8 BrSerWdm - ok14:45:23.0340 0x15b8 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys14:45:23.0340 0x15b8 BrUsbMdm - ok14:45:23.0356 0x15b8 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys14:45:23.0356 0x15b8 BrUsbSer - ok14:45:23.0418 0x15b8 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\DRIVERS\BthEnum.sys14:45:23.0418 0x15b8 BthEnum - ok14:45:23.0449 0x15b8 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\drivers\bthmodem.sys14:45:23.0449 0x15b8 BTHMODEM - ok14:45:23.0496 0x15b8 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys14:45:23.0496 0x15b8 BthPan - ok14:45:23.0558 0x15b8 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\system32\Drivers\BTHport.sys14:45:23.0574 0x15b8 BTHPORT - ok14:45:23.0605 0x15b8 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll14:45:23.0605 0x15b8 bthserv - ok14:45:23.0636 0x15b8 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\system32\Drivers\BTHUSB.sys14:45:23.0636 0x15b8 BTHUSB - ok14:45:23.0668 0x15b8 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys14:45:23.0668 0x15b8 cdfs - ok14:45:23.0714 0x15b8 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys14:45:23.0730 0x15b8 cdrom - ok14:45:23.0761 0x15b8 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll14:45:23.0761 0x15b8 CertPropSvc - ok14:45:23.0792 0x15b8 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\drivers\circlass.sys14:45:23.0792 0x15b8 circlass - ok14:45:23.0855 0x15b8 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys14:45:23.0855 0x15b8 CLFS - ok14:45:23.0902 0x15b8 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe14:45:23.0902 0x15b8 clr_optimization_v2.0.50727_32 - ok14:45:23.0948 0x15b8 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe14:45:23.0948 0x15b8 clr_optimization_v2.0.50727_64 - ok14:45:24.0011 0x15b8 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe14:45:24.0011 0x15b8 clr_optimization_v4.0.30319_32 - ok14:45:24.0042 0x15b8 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe14:45:24.0042 0x15b8 clr_optimization_v4.0.30319_64 - ok14:45:24.0073 0x15b8 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys14:45:24.0073 0x15b8 CmBatt - ok14:45:24.0089 0x15b8 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys14:45:24.0104 0x15b8 cmdide - ok14:45:24.0151 0x15b8 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys14:45:24.0151 0x15b8 CNG - ok14:45:24.0182 0x15b8 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\drivers\compbatt.sys14:45:24.0182 0x15b8 Compbatt - ok14:45:24.0214 0x15b8 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys14:45:24.0214 0x15b8 CompositeBus - ok14:45:24.0229 0x15b8 COMSysApp - ok14:45:24.0260 0x15b8 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\drivers\crcdisk.sys14:45:24.0260 0x15b8 crcdisk - ok14:45:24.0307 0x15b8 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\windows\system32\cryptsvc.dll14:45:24.0307 0x15b8 CryptSvc - ok14:45:24.0370 0x15b8 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll14:45:24.0385 0x15b8 DcomLaunch - ok14:45:24.0416 0x15b8 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll14:45:24.0432 0x15b8 defragsvc - ok14:45:24.0448 0x15b8 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys14:45:24.0448 0x15b8 DfsC - ok14:45:24.0494 0x15b8 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll14:45:24.0510 0x15b8 Dhcp - ok14:45:24.0541 0x15b8 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys14:45:24.0541 0x15b8 discache - ok14:45:24.0557 0x15b8 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\drivers\disk.sys14:45:24.0557 0x15b8 Disk - ok14:45:24.0588 0x15b8 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll14:45:24.0588 0x15b8 Dnscache - ok14:45:24.0604 0x15b8 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll14:45:24.0604 0x15b8 dot3svc - ok14:45:24.0604 0x15b8 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll14:45:24.0604 0x15b8 DPS - ok14:45:24.0650 0x15b8 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys14:45:24.0650 0x15b8 drmkaud - ok14:45:24.0697 0x15b8 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys14:45:24.0728 0x15b8 DXGKrnl - ok14:45:24.0760 0x15b8 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll14:45:24.0760 0x15b8 EapHost - ok14:45:24.0869 0x15b8 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\drivers\evbda.sys14:45:24.0931 0x15b8 ebdrv - ok14:45:24.0962 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe14:45:24.0962 0x15b8 EFS - ok14:45:25.0056 0x15b8 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe14:45:25.0072 0x15b8 ehRecvr - ok14:45:25.0103 0x15b8 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe14:45:25.0103 0x15b8 ehSched - ok14:45:25.0150 0x15b8 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\drivers\elxstor.sys14:45:25.0165 0x15b8 elxstor - ok14:45:25.0181 0x15b8 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys14:45:25.0181 0x15b8 ErrDev - ok14:45:25.0243 0x15b8 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll14:45:25.0243 0x15b8 EventSystem - ok14:45:25.0290 0x15b8 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys14:45:25.0306 0x15b8 exfat - ok14:45:25.0337 0x15b8 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys14:45:25.0337 0x15b8 fastfat - ok14:45:25.0384 0x15b8 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe14:45:25.0399 0x15b8 Fax - ok14:45:25.0430 0x15b8 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\drivers\fdc.sys14:45:25.0430 0x15b8 fdc - ok14:45:25.0477 0x15b8 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll14:45:25.0477 0x15b8 fdPHost - ok14:45:25.0477 0x15b8 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll14:45:25.0493 0x15b8 FDResPub - ok14:45:25.0508 0x15b8 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys14:45:25.0508 0x15b8 FileInfo - ok14:45:25.0524 0x15b8 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys14:45:25.0524 0x15b8 Filetrace - ok14:45:25.0555 0x15b8 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\drivers\flpydisk.sys14:45:25.0555 0x15b8 flpydisk - ok14:45:25.0618 0x15b8 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys14:45:25.0633 0x15b8 FltMgr - ok14:45:25.0696 0x15b8 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\windows\system32\FntCache.dll14:45:25.0727 0x15b8 FontCache - ok14:45:25.0789 0x15b8 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe14:45:25.0789 0x15b8 FontCache3.0.0.0 - ok14:45:25.0820 0x15b8 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys14:45:25.0820 0x15b8 FsDepends - ok14:45:25.0867 0x15b8 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys14:45:25.0867 0x15b8 Fs_Rec - ok14:45:25.0914 0x15b8 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\windows\system32\DRIVERS\fvevol.sys14:45:25.0914 0x15b8 fvevol - ok14:45:25.0945 0x15b8 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\drivers\gagp30kx.sys14:45:25.0945 0x15b8 gagp30kx - ok14:45:26.0008 0x15b8 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe14:45:26.0008 0x15b8 GamesAppService - ok14:45:26.0070 0x15b8 [ FA07EC01952729DDDDC5BF4BAE06B09E ] GFNEXSrv C:\Windows\System32\GFNEXSrv.exe14:45:26.0070 0x15b8 GFNEXSrv - ok14:45:26.0132 0x15b8 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll14:45:26.0148 0x15b8 gpsvc - ok14:45:26.0195 0x15b8 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe14:45:26.0195 0x15b8 gupdate - ok14:45:26.0210 0x15b8 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe14:45:26.0226 0x15b8 gupdatem - ok14:45:26.0257 0x15b8 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe14:45:26.0257 0x15b8 gusvc - ok14:45:26.0288 0x15b8 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys14:45:26.0288 0x15b8 hcw85cir - ok14:45:26.0320 0x15b8 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys14:45:26.0335 0x15b8 HdAudAddService - ok14:45:26.0366 0x15b8 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys14:45:26.0382 0x15b8 HDAudBus - ok14:45:26.0413 0x15b8 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\drivers\HidBatt.sys14:45:26.0413 0x15b8 HidBatt - ok14:45:26.0429 0x15b8 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\drivers\hidbth.sys14:45:26.0429 0x15b8 HidBth - ok14:45:26.0460 0x15b8 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\drivers\hidir.sys14:45:26.0476 0x15b8 HidIr - ok14:45:26.0507 0x15b8 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll14:45:26.0507 0x15b8 hidserv - ok14:45:26.0538 0x15b8 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys14:45:26.0538 0x15b8 HidUsb - ok14:45:26.0569 0x15b8 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll14:45:26.0569 0x15b8 hkmsvc - ok14:45:26.0585 0x15b8 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll14:45:26.0600 0x15b8 HomeGroupListener - ok14:45:26.0616 0x15b8 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll14:45:26.0616 0x15b8 HomeGroupProvider - ok14:45:26.0647 0x15b8 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys14:45:26.0663 0x15b8 HpSAMD - ok14:45:26.0694 0x15b8 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys14:45:26.0710 0x15b8 HTTP - ok14:45:26.0741 0x15b8 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys14:45:26.0741 0x15b8 hwpolicy - ok14:45:26.0788 0x15b8 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys14:45:26.0788 0x15b8 i8042prt - ok14:45:26.0834 0x15b8 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys14:45:26.0834 0x15b8 iaStorV - ok14:45:26.0897 0x15b8 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe14:45:26.0912 0x15b8 idsvc - ok14:45:26.0944 0x15b8 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\drivers\iirsp.sys14:45:26.0944 0x15b8 iirsp - ok14:45:26.0990 0x15b8 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll14:45:27.0022 0x15b8 IKEEXT - ok14:45:27.0115 0x15b8 [ 028E40182A6F0374978C755F85B9F07C ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys14:45:27.0146 0x15b8 IntcAzAudAddService - ok14:45:27.0162 0x15b8 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys14:45:27.0162 0x15b8 intelide - ok14:45:27.0209 0x15b8 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\drivers\intelppm.sys14:45:27.0209 0x15b8 intelppm - ok14:45:27.0271 0x15b8 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll14:45:27.0271 0x15b8 IPBusEnum - ok14:45:27.0287 0x15b8 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys14:45:27.0302 0x15b8 IpFilterDriver - ok14:45:27.0349 0x15b8 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll14:45:27.0365 0x15b8 iphlpsvc - ok14:45:27.0396 0x15b8 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys14:45:27.0396 0x15b8 IPMIDRV - ok14:45:27.0396 0x15b8 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys14:45:27.0396 0x15b8 IPNAT - ok14:45:27.0427 0x15b8 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys14:45:27.0427 0x15b8 IRENUM - ok14:45:27.0458 0x15b8 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys14:45:27.0458 0x15b8 isapnp - ok14:45:27.0490 0x15b8 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys14:45:27.0505 0x15b8 iScsiPrt - ok14:45:27.0521 0x15b8 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys14:45:27.0521 0x15b8 kbdclass - ok14:45:27.0552 0x15b8 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys14:45:27.0552 0x15b8 kbdhid - ok14:45:27.0599 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe14:45:27.0599 0x15b8 KeyIso - ok14:45:27.0646 0x15b8 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys14:45:27.0646 0x15b8 KSecDD - ok14:45:27.0677 0x15b8 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys14:45:27.0677 0x15b8 KSecPkg - ok14:45:27.0708 0x15b8 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys14:45:27.0708 0x15b8 ksthunk - ok14:45:27.0755 0x15b8 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll14:45:27.0755 0x15b8 KtmRm - ok14:45:27.0817 0x15b8 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll14:45:27.0817 0x15b8 LanmanServer - ok14:45:27.0848 0x15b8 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll14:45:27.0864 0x15b8 LanmanWorkstation - ok14:45:27.0895 0x15b8 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys14:45:27.0895 0x15b8 lltdio - ok14:45:27.0926 0x15b8 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll14:45:27.0942 0x15b8 lltdsvc - ok14:45:27.0973 0x15b8 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll14:45:27.0973 0x15b8 lmhosts - ok14:45:28.0020 0x15b8 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\drivers\lsi_fc.sys14:45:28.0036 0x15b8 LSI_FC - ok14:45:28.0036 0x15b8 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\drivers\lsi_sas.sys14:45:28.0036 0x15b8 LSI_SAS - ok14:45:28.0051 0x15b8 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\drivers\lsi_sas2.sys14:45:28.0051 0x15b8 LSI_SAS2 - ok14:45:28.0067 0x15b8 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\drivers\lsi_scsi.sys14:45:28.0067 0x15b8 LSI_SCSI - ok14:45:28.0098 0x15b8 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys14:45:28.0098 0x15b8 luafv - ok14:45:28.0129 0x15b8 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll14:45:28.0129 0x15b8 Mcx2Svc - ok14:45:28.0129 0x15b8 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\drivers\megasas.sys14:45:28.0145 0x15b8 megasas - ok14:45:28.0176 0x15b8 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\drivers\MegaSR.sys14:45:28.0192 0x15b8 MegaSR - ok14:45:28.0207 0x15b8 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll14:45:28.0223 0x15b8 MMCSS - ok14:45:28.0223 0x15b8 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys14:45:28.0223 0x15b8 Modem - ok14:45:28.0254 0x15b8 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys14:45:28.0254 0x15b8 monitor - ok14:45:28.0285 0x15b8 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys14:45:28.0285 0x15b8 mouclass - ok14:45:28.0301 0x15b8 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys14:45:28.0301 0x15b8 mouhid - ok14:45:28.0316 0x15b8 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys14:45:28.0316 0x15b8 mountmgr - ok14:45:28.0332 0x15b8 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys14:45:28.0348 0x15b8 mpio - ok14:45:28.0363 0x15b8 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys14:45:28.0363 0x15b8 mpsdrv - ok14:45:28.0410 0x15b8 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll14:45:28.0441 0x15b8 MpsSvc - ok14:45:28.0472 0x15b8 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys14:45:28.0472 0x15b8 MRxDAV - ok14:45:28.0488 0x15b8 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys14:45:28.0488 0x15b8 mrxsmb - ok14:45:28.0519 0x15b8 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys14:45:28.0535 0x15b8 mrxsmb10 - ok14:45:28.0550 0x15b8 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys14:45:28.0550 0x15b8 mrxsmb20 - ok14:45:28.0566 0x15b8 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys14:45:28.0566 0x15b8 msahci - ok14:45:28.0582 0x15b8 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys14:45:28.0582 0x15b8 msdsm - ok14:45:28.0597 0x15b8 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe14:45:28.0597 0x15b8 MSDTC - ok14:45:28.0628 0x15b8 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys14:45:28.0628 0x15b8 Msfs - ok14:45:28.0644 0x15b8 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys14:45:28.0644 0x15b8 mshidkmdf - ok14:45:28.0660 0x15b8 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys14:45:28.0660 0x15b8 msisadrv - ok14:45:28.0691 0x15b8 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll14:45:28.0691 0x15b8 MSiSCSI - ok14:45:28.0691 0x15b8 msiserver - ok14:45:28.0722 0x15b8 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys14:45:28.0722 0x15b8 MSKSSRV - ok14:45:28.0738 0x15b8 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys14:45:28.0738 0x15b8 MSPCLOCK - ok14:45:28.0769 0x15b8 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys14:45:28.0769 0x15b8 MSPQM - ok14:45:28.0800 0x15b8 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys14:45:28.0800 0x15b8 MsRPC - ok14:45:28.0831 0x15b8 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys14:45:28.0831 0x15b8 mssmbios - ok14:45:28.0862 0x15b8 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys14:45:28.0862 0x15b8 MSTEE - ok14:45:28.0878 0x15b8 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\drivers\MTConfig.sys14:45:28.0878 0x15b8 MTConfig - ok14:45:28.0909 0x15b8 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys14:45:28.0909 0x15b8 Mup - ok14:45:28.0956 0x15b8 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll14:45:28.0956 0x15b8 napagent - ok14:45:29.0003 0x15b8 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys14:45:29.0003 0x15b8 NativeWifiP - ok14:45:29.0065 0x15b8 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys14:45:29.0081 0x15b8 NDIS - ok14:45:29.0096 0x15b8 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys14:45:29.0096 0x15b8 NdisCap - ok14:45:29.0128 0x15b8 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys14:45:29.0128 0x15b8 NdisTapi - ok14:45:29.0159 0x15b8 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys14:45:29.0159 0x15b8 Ndisuio - ok14:45:29.0190 0x15b8 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys14:45:29.0190 0x15b8 NdisWan - ok14:45:29.0190 0x15b8 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys14:45:29.0190 0x15b8 NDProxy - ok14:45:29.0252 0x15b8 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys14:45:29.0252 0x15b8 NetBIOS - ok14:45:29.0268 0x15b8 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys14:45:29.0268 0x15b8 NetBT - ok14:45:29.0299 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe14:45:29.0299 0x15b8 Netlogon - ok14:45:29.0346 0x15b8 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll14:45:29.0362 0x15b8 Netman - ok14:45:29.0393 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0393 0x15b8 NetMsmqActivator - ok14:45:29.0408 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0408 0x15b8 NetPipeActivator - ok14:45:29.0440 0x15b8 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll14:45:29.0455 0x15b8 netprofm - ok14:45:29.0471 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0471 0x15b8 NetTcpActivator - ok14:45:29.0486 0x15b8 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe14:45:29.0486 0x15b8 NetTcpPortSharing - ok14:45:29.0518 0x15b8 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\drivers\nfrd960.sys14:45:29.0518 0x15b8 nfrd960 - ok14:45:29.0611 0x15b8 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll14:45:29.0627 0x15b8 NlaSvc - ok14:45:29.0658 0x15b8 Norton PC Checkup Application Launcher - ok14:45:29.0689 0x15b8 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys14:45:29.0689 0x15b8 Npfs - ok14:45:29.0720 0x15b8 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll14:45:29.0720 0x15b8 nsi - ok14:45:29.0736 0x15b8 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys14:45:29.0736 0x15b8 nsiproxy - ok14:45:29.0814 0x15b8 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\windows\system32\drivers\Ntfs.sys14:45:29.0830 0x15b8 Ntfs - ok14:45:29.0861 0x15b8 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys14:45:29.0861 0x15b8 Null - ok14:45:29.0892 0x15b8 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys14:45:29.0892 0x15b8 nvraid - ok14:45:29.0908 0x15b8 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys14:45:29.0908 0x15b8 nvstor - ok14:45:29.0939 0x15b8 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys14:45:29.0939 0x15b8 nv_agp - ok14:45:29.0939 0x15b8 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys14:45:29.0954 0x15b8 ohci1394 - ok14:45:30.0001 0x15b8 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE14:45:30.0001 0x15b8 ose - ok14:45:30.0188 0x15b8 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE14:45:30.0313 0x15b8 osppsvc - ok14:45:30.0344 0x15b8 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll14:45:30.0344 0x15b8 p2pimsvc - ok14:45:30.0376 0x15b8 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll14:45:30.0376 0x15b8 p2psvc - ok14:45:30.0391 0x15b8 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\drivers\parport.sys14:45:30.0407 0x15b8 Parport - ok14:45:30.0422 0x15b8 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys14:45:30.0422 0x15b8 partmgr - ok14:45:30.0454 0x15b8 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll14:45:30.0454 0x15b8 PcaSvc - ok14:45:30.0454 0x15b8 PCCUJobMgr - ok14:45:30.0485 0x15b8 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys14:45:30.0485 0x15b8 pci - ok14:45:30.0500 0x15b8 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys14:45:30.0500 0x15b8 pciide - ok14:45:30.0532 0x15b8 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\drivers\pcmcia.sys14:45:30.0532 0x15b8 pcmcia - ok14:45:30.0532 0x15b8 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys14:45:30.0532 0x15b8 pcw - ok14:45:30.0578 0x15b8 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys14:45:30.0578 0x15b8 PEAUTH - ok14:45:30.0688 0x15b8 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe14:45:30.0703 0x15b8 PerfHost - ok14:45:30.0734 0x15b8 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\windows\system32\DRIVERS\pgeffect.sys14:45:30.0750 0x15b8 PGEffect - ok14:45:30.0781 0x15b8 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll14:45:30.0797 0x15b8 pla - ok14:45:30.0859 0x15b8 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll14:45:30.0875 0x15b8 PlugPlay - ok14:45:30.0906 0x15b8 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll14:45:30.0906 0x15b8 PNRPAutoReg - ok14:45:30.0922 0x15b8 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll14:45:30.0922 0x15b8 PNRPsvc - ok14:45:30.0953 0x15b8 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll14:45:30.0968 0x15b8 PolicyAgent - ok14:45:30.0984 0x15b8 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll14:45:30.0984 0x15b8 Power - ok14:45:31.0015 0x15b8 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys14:45:31.0015 0x15b8 PptpMiniport - ok14:45:31.0031 0x15b8 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\drivers\processr.sys14:45:31.0031 0x15b8 Processor - ok14:45:31.0062 0x15b8 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll14:45:31.0062 0x15b8 ProfSvc - ok14:45:31.0078 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe14:45:31.0078 0x15b8 ProtectedStorage - ok14:45:31.0109 0x15b8 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys14:45:31.0109 0x15b8 Psched - ok14:45:31.0156 0x15b8 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\drivers\ql2300.sys14:45:31.0171 0x15b8 ql2300 - ok14:45:31.0202 0x15b8 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\drivers\ql40xx.sys14:45:31.0202 0x15b8 ql40xx - ok14:45:31.0234 0x15b8 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll14:45:31.0249 0x15b8 QWAVE - ok14:45:31.0265 0x15b8 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys14:45:31.0265 0x15b8 QWAVEdrv - ok14:45:31.0280 0x15b8 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys14:45:31.0280 0x15b8 RasAcd - ok14:45:31.0312 0x15b8 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys14:45:31.0312 0x15b8 RasAgileVpn - ok14:45:31.0343 0x15b8 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll14:45:31.0343 0x15b8 RasAuto - ok14:45:31.0374 0x15b8 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys14:45:31.0374 0x15b8 Rasl2tp - ok14:45:31.0405 0x15b8 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll14:45:31.0421 0x15b8 RasMan - ok14:45:31.0436 0x15b8 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys14:45:31.0452 0x15b8 RasPppoe - ok14:45:31.0452 0x15b8 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys14:45:31.0452 0x15b8 RasSstp - ok14:45:31.0483 0x15b8 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys14:45:31.0499 0x15b8 rdbss - ok14:45:31.0514 0x15b8 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\drivers\rdpbus.sys14:45:31.0514 0x15b8 rdpbus - ok14:45:31.0546 0x15b8 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys14:45:31.0546 0x15b8 RDPCDD - ok14:45:31.0561 0x15b8 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys14:45:31.0561 0x15b8 RDPENCDD - ok14:45:31.0592 0x15b8 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys14:45:31.0592 0x15b8 RDPREFMP - ok14:45:31.0608 0x15b8 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys14:45:31.0624 0x15b8 RDPWD - ok14:45:31.0639 0x15b8 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys14:45:31.0655 0x15b8 rdyboost - ok14:45:31.0686 0x15b8 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll14:45:31.0686 0x15b8 RemoteAccess - ok14:45:31.0717 0x15b8 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll14:45:31.0717 0x15b8 RemoteRegistry - ok14:45:31.0764 0x15b8 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys14:45:31.0764 0x15b8 RFCOMM - ok14:45:31.0795 0x15b8 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll14:45:31.0811 0x15b8 RpcEptMapper - ok14:45:31.0826 0x15b8 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe14:45:31.0826 0x15b8 RpcLocator - ok14:45:31.0920 0x15b8 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll14:45:31.0936 0x15b8 RpcSs - ok14:45:31.0967 0x15b8 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys14:45:31.0967 0x15b8 rspndr - ok14:45:32.0014 0x15b8 [ BE29B0A3AC1E8BD02FFAB8CEE86BADFA ] RSUSBSTOR C:\windows\system32\Drivers\RtsUStor.sys14:45:32.0014 0x15b8 RSUSBSTOR - ok14:45:32.0029 0x15b8 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys14:45:32.0045 0x15b8 RTL8167 - ok14:45:32.0107 0x15b8 [ FA088015155C4C6DAB5D1D9E68EB9D6B ] RTL8192Ce C:\windows\system32\DRIVERS\rtl8192Ce.sys14:45:32.0138 0x15b8 RTL8192Ce - ok14:45:32.0154 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe14:45:32.0154 0x15b8 SamSs - ok14:45:32.0170 0x15b8 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys14:45:32.0170 0x15b8 sbp2port - ok14:45:32.0201 0x15b8 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll14:45:32.0201 0x15b8 SCardSvr - ok14:45:32.0232 0x15b8 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys14:45:32.0232 0x15b8 scfilter - ok14:45:32.0263 0x15b8 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll14:45:32.0294 0x15b8 Schedule - ok14:45:32.0310 0x15b8 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll14:45:32.0326 0x15b8 SCPolicySvc - ok14:45:32.0341 0x15b8 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll14:45:32.0341 0x15b8 SDRSVC - ok14:45:32.0372 0x15b8 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys14:45:32.0388 0x15b8 secdrv - ok14:45:32.0388 0x15b8 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll14:45:32.0388 0x15b8 seclogon - ok14:45:32.0419 0x15b8 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll14:45:32.0419 0x15b8 SENS - ok14:45:32.0435 0x15b8 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll14:45:32.0435 0x15b8 SensrSvc - ok14:45:32.0450 0x15b8 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\drivers\serenum.sys14:45:32.0450 0x15b8 Serenum - ok14:45:32.0482 0x15b8 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\drivers\serial.sys14:45:32.0482 0x15b8 Serial - ok14:45:32.0497 0x15b8 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\drivers\sermouse.sys14:45:32.0497 0x15b8 sermouse - ok14:45:32.0528 0x15b8 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll14:45:32.0544 0x15b8 SessionEnv - ok14:45:32.0560 0x15b8 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys14:45:32.0560 0x15b8 sffdisk - ok14:45:32.0560 0x15b8 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys14:45:32.0560 0x15b8 sffp_mmc - ok14:45:32.0575 0x15b8 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys14:45:32.0575 0x15b8 sffp_sd - ok14:45:32.0575 0x15b8 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\drivers\sfloppy.sys14:45:32.0591 0x15b8 sfloppy - ok14:45:32.0622 0x15b8 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll14:45:32.0622 0x15b8 SharedAccess - ok14:45:32.0653 0x15b8 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll14:45:32.0653 0x15b8 ShellHWDetection - ok14:45:32.0700 0x15b8 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\drivers\SiSRaid2.sys14:45:32.0700 0x15b8 SiSRaid2 - ok14:45:32.0716 0x15b8 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\drivers\sisraid4.sys14:45:32.0716 0x15b8 SiSRaid4 - ok14:45:32.0747 0x15b8 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe14:45:32.0747 0x15b8 SkypeUpdate - ok14:45:32.0809 0x15b8 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys14:45:32.0809 0x15b8 Smb - ok14:45:32.0856 0x15b8 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe14:45:32.0856 0x15b8 SNMPTRAP - ok14:45:32.0887 0x15b8 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys14:45:32.0887 0x15b8 spldr - ok14:45:32.0918 0x15b8 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe14:45:32.0934 0x15b8 Spooler - ok14:45:33.0043 0x15b8 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe14:45:33.0137 0x15b8 sppsvc - ok14:45:33.0152 0x15b8 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll14:45:33.0168 0x15b8 sppuinotify - ok14:45:33.0184 0x15b8 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys14:45:33.0184 0x15b8 srv - ok14:45:33.0199 0x15b8 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys14:45:33.0215 0x15b8 srv2 - ok14:45:33.0230 0x15b8 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys14:45:33.0230 0x15b8 srvnet - ok14:45:33.0262 0x15b8 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll14:45:33.0277 0x15b8 SSDPSRV - ok14:45:33.0277 0x15b8 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll14:45:33.0277 0x15b8 SstpSvc - ok14:45:33.0293 0x15b8 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\drivers\stexstor.sys14:45:33.0308 0x15b8 stexstor - ok14:45:33.0324 0x15b8 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\windows\system32\DRIVERS\serscan.sys14:45:33.0324 0x15b8 StillCam - ok14:45:33.0355 0x15b8 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll14:45:33.0371 0x15b8 stisvc - ok14:45:33.0402 0x15b8 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys14:45:33.0402 0x15b8 swenum - ok14:45:33.0433 0x15b8 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll14:45:33.0449 0x15b8 swprv - ok14:45:33.0527 0x15b8 [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys14:45:33.0542 0x15b8 SynTP - ok14:45:33.0620 0x15b8 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll14:45:33.0636 0x15b8 SysMain - ok14:45:33.0652 0x15b8 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll14:45:33.0652 0x15b8 TabletInputService - ok14:45:33.0652 0x15b8 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll14:45:33.0667 0x15b8 TapiSrv - ok14:45:33.0667 0x15b8 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll14:45:33.0683 0x15b8 TBS - ok14:45:33.0761 0x15b8 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\windows\system32\drivers\tcpip.sys14:45:33.0792 0x15b8 Tcpip - ok14:45:33.0886 0x15b8 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys14:45:33.0901 0x15b8 TCPIP6 - ok14:45:33.0948 0x15b8 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys14:45:33.0948 0x15b8 tcpipreg - ok14:45:33.0979 0x15b8 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\windows\system32\DRIVERS\tdcmdpst.sys14:45:33.0979 0x15b8 tdcmdpst - ok14:45:34.0010 0x15b8 TDEIO - ok14:45:34.0042 0x15b8 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys14:45:34.0042 0x15b8 TDPIPE - ok14:45:34.0088 0x15b8 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys14:45:34.0088 0x15b8 TDTCP - ok14:45:34.0104 0x15b8 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys14:45:34.0120 0x15b8 tdx - ok14:45:34.0120 0x15b8 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys14:45:34.0135 0x15b8 TermDD - ok14:45:34.0182 0x15b8 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll14:45:34.0198 0x15b8 TermService - ok14:45:34.0213 0x15b8 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll14:45:34.0213 0x15b8 Themes - ok14:45:34.0244 0x15b8 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll14:45:34.0244 0x15b8 THREADORDER - ok14:45:34.0291 0x15b8 [ 71C321649B28638EE80A2EEB164C1DC8 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe14:45:34.0291 0x15b8 TMachInfo - ok14:45:34.0322 0x15b8 [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv C:\windows\system32\TODDSrv.exe14:45:34.0322 0x15b8 TODDSrv - ok14:45:34.0400 0x15b8 [ 1C73689B900428C7D054A41C4687F55C ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe14:45:34.0416 0x15b8 TosCoSrv - ok14:45:34.0463 0x15b8 [ 63AAFCF3EA5DBB17123E0BAE9AFE4D58 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe14:45:34.0478 0x15b8 TOSHIBA eco Utility Service - ok14:45:34.0510 0x15b8 [ 29D0886CF250FCEF1BF9E65AB8D2C0C8 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe14:45:34.0510 0x15b8 TOSHIBA HDD SSD Alert Service - ok14:45:34.0572 0x15b8 [ 098B8A408C17E125A3D9A8E1166780C8 ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe14:45:34.0588 0x15b8 TPCHSrv - ok14:45:34.0619 0x15b8 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll14:45:34.0634 0x15b8 TrkWks - ok14:45:34.0681 0x15b8 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe14:45:34.0697 0x15b8 TrustedInstaller - ok14:45:34.0712 0x15b8 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys14:45:34.0712 0x15b8 tssecsrv - ok14:45:34.0744 0x15b8 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys14:45:34.0744 0x15b8 TsUsbFlt - ok14:45:34.0759 0x15b8 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\windows\system32\drivers\TsUsbGD.sys14:45:34.0775 0x15b8 TsUsbGD - ok14:45:34.0806 0x15b8 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys14:45:34.0822 0x15b8 tunnel - ok14:45:34.0853 0x15b8 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\windows\system32\DRIVERS\TVALZ_O.SYS14:45:34.0853 0x15b8 TVALZ - ok14:45:34.0868 0x15b8 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\windows\system32\DRIVERS\TVALZFL.sys14:45:34.0868 0x15b8 TVALZFL - ok14:45:34.0900 0x15b8 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\drivers\uagp35.sys14:45:34.0900 0x15b8 uagp35 - ok14:45:34.0931 0x15b8 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys14:45:34.0931 0x15b8 udfs - ok14:45:34.0962 0x15b8 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe14:45:34.0962 0x15b8 UI0Detect - ok14:45:34.0993 0x15b8 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys14:45:35.0009 0x15b8 uliagpkx - ok14:45:35.0040 0x15b8 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys14:45:35.0040 0x15b8 umbus - ok14:45:35.0087 0x15b8 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\drivers\umpass.sys14:45:35.0087 0x15b8 UmPass - ok14:45:35.0118 0x15b8 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll14:45:35.0134 0x15b8 upnphost - ok14:45:35.0165 0x15b8 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys14:45:35.0180 0x15b8 usbccgp - ok14:45:35.0212 0x15b8 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys14:45:35.0212 0x15b8 usbcir - ok14:45:35.0243 0x15b8 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys14:45:35.0258 0x15b8 usbehci - ok14:45:35.0274 0x15b8 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys14:45:35.0290 0x15b8 usbhub - ok14:45:35.0290 0x15b8 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys14:45:35.0305 0x15b8 usbohci - ok14:45:35.0336 0x15b8 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys14:45:35.0336 0x15b8 usbprint - ok14:45:35.0368 0x15b8 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys14:45:35.0368 0x15b8 usbscan - ok14:45:35.0399 0x15b8 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS14:45:35.0399 0x15b8 USBSTOR - ok14:45:35.0414 0x15b8 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys14:45:35.0430 0x15b8 usbuhci - ok14:45:35.0461 0x15b8 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\system32\Drivers\usbvideo.sys14:45:35.0461 0x15b8 usbvideo - ok14:45:35.0492 0x15b8 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll14:45:35.0508 0x15b8 UxSms - ok14:45:35.0524 0x15b8 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe14:45:35.0524 0x15b8 VaultSvc - ok14:45:35.0586 0x15b8 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys14:45:35.0586 0x15b8 vdrvroot - ok14:45:35.0633 0x15b8 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe14:45:35.0648 0x15b8 vds - ok14:45:35.0680 0x15b8 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys14:45:35.0680 0x15b8 vga - ok14:45:35.0695 0x15b8 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys14:45:35.0695 0x15b8 VgaSave - ok14:45:35.0711 0x15b8 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys14:45:35.0711 0x15b8 vhdmp - ok14:45:35.0726 0x15b8 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys14:45:35.0726 0x15b8 viaide - ok14:45:35.0758 0x15b8 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys14:45:35.0758 0x15b8 volmgr - ok14:45:35.0758 0x15b8 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys14:45:35.0773 0x15b8 volmgrx - ok14:45:35.0773 0x15b8 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys14:45:35.0773 0x15b8 volsnap - ok14:45:35.0789 0x15b8 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\drivers\vsmraid.sys14:45:35.0789 0x15b8 vsmraid - ok14:45:35.0867 0x15b8 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe14:45:35.0898 0x15b8 VSS - ok14:45:35.0914 0x15b8 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys14:45:35.0914 0x15b8 vwifibus - ok14:45:35.0929 0x15b8 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys14:45:35.0929 0x15b8 vwififlt - ok14:45:35.0945 0x15b8 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys14:45:35.0945 0x15b8 vwifimp - ok14:45:35.0992 0x15b8 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll14:45:35.0992 0x15b8 W32Time - ok14:45:36.0023 0x15b8 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\drivers\wacompen.sys14:45:36.0023 0x15b8 WacomPen - ok14:45:36.0054 0x15b8 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys14:45:36.0054 0x15b8 WANARP - ok14:45:36.0054 0x15b8 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys14:45:36.0054 0x15b8 Wanarpv6 - ok14:45:36.0132 0x15b8 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe14:45:36.0148 0x15b8 WatAdminSvc - ok14:45:36.0194 0x15b8 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe14:45:36.0210 0x15b8 wbengine - ok14:45:36.0226 0x15b8 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll14:45:36.0226 0x15b8 WbioSrvc - ok14:45:36.0241 0x15b8 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll14:45:36.0241 0x15b8 wcncsvc - ok14:45:36.0241 0x15b8 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll14:45:36.0257 0x15b8 WcsPlugInService - ok14:45:36.0272 0x15b8 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\drivers\wd.sys14:45:36.0272 0x15b8 Wd - ok14:45:36.0335 0x15b8 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys14:45:36.0350 0x15b8 Wdf01000 - ok14:45:36.0366 0x15b8 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll14:45:36.0366 0x15b8 WdiServiceHost - ok14:45:36.0382 0x15b8 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll14:45:36.0382 0x15b8 WdiSystemHost - ok14:45:36.0382 0x15b8 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll14:45:36.0397 0x15b8 WebClient - ok14:45:36.0397 0x15b8 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll14:45:36.0397 0x15b8 Wecsvc - ok14:45:36.0413 0x15b8 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll14:45:36.0428 0x15b8 wercplsupport - ok14:45:36.0428 0x15b8 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll14:45:36.0444 0x15b8 WerSvc - ok14:45:36.0460 0x15b8 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys14:45:36.0460 0x15b8 WfpLwf - ok14:45:36.0491 0x15b8 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys14:45:36.0491 0x15b8 WIMMount - ok14:45:36.0506 0x15b8 WinDefend - ok14:45:36.0522 0x15b8 WinHttpAutoProxySvc - ok14:45:36.0569 0x15b8 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll14:45:36.0584 0x15b8 Winmgmt - ok14:45:36.0662 0x15b8 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll14:45:36.0678 0x15b8 WinRM - ok14:45:36.0725 0x15b8 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\windows\system32\DRIVERS\WinUsb.sys14:45:36.0725 0x15b8 WinUsb - ok14:45:36.0772 0x15b8 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll14:45:36.0803 0x15b8 Wlansvc - ok14:45:36.0850 0x15b8 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe14:45:36.0865 0x15b8 wlcrasvc - ok14:45:36.0990 0x15b8 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE14:45:37.0006 0x15b8 wlidsvc - ok14:45:37.0021 0x15b8 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys14:45:37.0037 0x15b8 WmiAcpi - ok14:45:37.0068 0x15b8 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe14:45:37.0084 0x15b8 wmiApSrv - ok14:45:37.0115 0x15b8 WMPNetworkSvc - ok14:45:37.0146 0x15b8 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll14:45:37.0162 0x15b8 WPCSvc - ok14:45:37.0162 0x15b8 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll14:45:37.0177 0x15b8 WPDBusEnum - ok14:45:37.0208 0x15b8 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys14:45:37.0224 0x15b8 ws2ifsl - ok14:45:37.0255 0x15b8 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll14:45:37.0255 0x15b8 wscsvc - ok14:45:37.0286 0x15b8 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\windows\system32\DRIVERS\WSDPrint.sys14:45:37.0286 0x15b8 WSDPrintDevice - ok14:45:37.0302 0x15b8 WSearch - ok14:45:37.0380 0x15b8 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll14:45:37.0411 0x15b8 wuauserv - ok14:45:37.0442 0x15b8 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys14:45:37.0442 0x15b8 WudfPf - ok14:45:37.0474 0x15b8 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys14:45:37.0474 0x15b8 WUDFRd - ok14:45:37.0505 0x15b8 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll14:45:37.0505 0x15b8 wudfsvc - ok14:45:37.0536 0x15b8 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\windows\System32\wwansvc.dll14:45:37.0552 0x15b8 WwanSvc - ok14:45:37.0567 0x15b8 ================ Scan global ===============================14:45:37.0598 0x15b8 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll14:45:37.0630 0x15b8 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll14:45:37.0645 0x15b8 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\windows\system32\winsrv.dll14:45:37.0676 0x15b8 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll14:45:37.0692 0x15b8 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe14:45:37.0692 0x15b8 [Global] - ok14:45:37.0692 0x15b8 ================ Scan MBR ==================================14:45:37.0708 0x15b8 [ 5B5E648D12FCADC244C1EC30318E1EB9 ] \Device\Harddisk0\DR014:45:37.0988 0x15b8 \Device\Harddisk0\DR0 - ok14:45:37.0988 0x15b8 ================ Scan VBR ==================================14:45:38.0004 0x15b8 [ 71D4D40D816F81FAD678902778C9907F ] \Device\Harddisk0\DR0\Partition114:45:38.0004 0x15b8 \Device\Harddisk0\DR0\Partition1 - ok14:45:38.0004 0x15b8 ============================================================14:45:38.0004 0x15b8 Scan finished14:45:38.0004 0x15b8 ============================================================14:45:38.0035 0x1440 Detected object count: 014:45:38.0035 0x1440 Actual detected object count: 0 Malwarebytes Anti-Rootkit - No Threats Found MBAR-LogMalwarebytes Anti-Rootkit BETA 1.06.1.1005www.malwarebytes.org Database version: v2013.08.07.08 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Fire Training :: FIRETRAINING-PC [administrator] 8/21/2013 2:49:05 PMmbar-log-2013-08-21 (14-49-05).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 234058Time elapsed: 31 minute(s), 38 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end)
- August 22, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

Just checking to see if you got my Private Message - Yes I do have authorization - the details are in the private message.
- August 21, 2013
- 22 replies
MBAR success story

th3fall3n777 replied to Woomera's topic in Malwarebytes Anti-Rootkit BETA Support

I have to post a success story as well - I was working on a machine infected with the Win32/Spy.Zbot infection which Trend Micro had failed to stop. Unfortunately I'm not at work so I don't have the variant letters, but one of my level I support guys had been wrestling with it for a few hours and escalated the ticket to me - the first thing I did was transferred MBAR which picked up a slew of different things, and successfully cleaned them. Followed it up with a Malwarebytes scan, and some additional diagnostics with DDS for removing some additional PUA's, and a temp file cleaner, the user had their machine back and was one happy camper. For a Beta product, Malwarebytes Anti-Rootkit surpasses several other free and paid for antivirus, anti-rootkit, and anti-malware products. I actually have screenshots of the logs - when I get to work tomorrow I'll see if I can post them.
- August 21, 2013
- 4 replies
Malwarebytes - RealTime Heuristics?

th3fall3n777 replied to th3fall3n777's topic in Malwarebytes for Windows Support Forum

Is there anyone that I could contact during business hours to discuss this in further details? I've drafted my initial proposal encouraging my company to buy into a business license of Malwarebyte's Pro version, but they've thrown additional questions at me - I can fire them off in this forum though too, I just thought I would ask!
- August 21, 2013
- 13 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

Just out of curiosity - well that and the department's Compliance admin is asking me - is there any identification for what this infection is? Is there a resource I can use to point her to for what it is capable of? They're concerned that confidential data on this laptop may have been compromised.... any resource you could point me too would be appreciated. I'm also at the desktop and ready for the next instructions.
- August 20, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

You sir are a genius - I was able to log this user back in. I told them I still need the laptop for another day or so though. Here is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-08-2013Ran by SYSTEM at 2013-08-19 20:51:48 Run:1Running from E:\Boot Mode: Recovery============================================== Content of fixlist:*****************HKU\Fire Training\...\Winlogon: [shell] explorer.exe,C:\Users\Fire Training\AppData\Roaming\skype.dat [155648 2011-11-16] (SmartTech Software Group) <==== ATTENTIONC:\Users\Fire Training\AppData\Roaming\skype.datC:\Users\Fire Training\AppData\Roaming\skype.ini***************** HKU\Fire Training\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.C:\Users\Fire Training\AppData\Roaming\skype.dat => Moved successfully.C:\Users\Fire Training\AppData\Roaming\skype.ini => Moved successfully. ==== End of Fixlog ====
- August 20, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013 Ran by SYSTEM on 18-08-2013 09:14:17 Running from E:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [] - [x] HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation) HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-06-03] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated) HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation) HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA) HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba) HKLM-x32\...\Run: [bringMeSports Search Scope Monitor] - C:\PROGRA~2\BRINGM~2\bar\1.bin\1csrchmn.exe [42536 2012-09-17] (MindSpark) HKLM-x32\...\Run: [bringMeSports_1c Browser Plugin Loader] - C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbrmon.exe [30096 2012-09-17] (VER_COMPANY_NAME) HKU\Fire Training\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-12] (Google Inc.) HKU\Fire Training\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.) HKU\Fire Training\...\Run: [Jing] - C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2908536 2012-07-23] (TechSmith Corporation) HKU\Fire Training\...\Winlogon: [shell] explorer.exe,C:\Users\Fire Training\AppData\Roaming\skype.dat [155648 2011-11-16] (SmartTech Software Group) <==== ATTENTION Startup: C:\Users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 6600 (Network).lnk ShortcutTarget: Monitor Ink Alerts - HP Officejet 6600 (Network).lnk -> C:\Program Files\HP\HP Officejet 6600\bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Fire Training\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) ================= S2 BringMeSports_1cService; C:\PROGRA~2\BRINGM~2\bar\1.bin\1cbarsvc.exe [42504 2012-09-17] (COMPANYVERS_NAME) S2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] () S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe /s [x] S2 PCCUJobMgr; "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1 [x] ==================== Drivers (Whitelisted) ==================== S3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-14 12:37 - 2013-08-14 12:37 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-13 14:38 - 2013-08-16 20:05 - 00000004 _____ C:\Users\Fire Training\AppData\Roaming\skype.ini ==================== One Month Modified Files and Folders ======= 2013-08-18 09:13 - 2013-08-18 09:13 - 00000000 ____D C:\FRST 2013-08-18 05:31 - 2011-09-12 05:34 - 01408112 _____ C:\Windows\WindowsUpdate.log 2013-08-18 05:31 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-08-18 05:31 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-08-18 05:29 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-08-18 05:29 - 2009-07-13 20:51 - 00043252 _____ C:\Windows\setupact.log 2013-08-16 20:05 - 2013-08-13 14:38 - 00000004 _____ C:\Users\Fire Training\AppData\Roaming\skype.ini 2013-08-16 20:05 - 2012-08-11 05:46 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-08-16 20:05 - 2011-09-12 06:09 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-16 13:52 - 2009-07-13 21:13 - 00006222 _____ C:\Windows\System32\PerfStringBackup.INI 2013-08-16 13:48 - 2011-09-12 06:09 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-14 12:43 - 2011-12-27 04:43 - 00000000 ____D C:\Users\Fire Training\AppData\Local\CrashDumps 2013-08-14 12:37 - 2013-08-14 12:37 - 00000000 ____D C:\ProgramData\HitmanPro 2013-08-13 14:06 - 2009-04-05 13:35 - 00000000 ____D C:\Users\Fire Training\Desktop\Fire Dept 2013-08-07 15:15 - 2009-07-13 20:45 - 00418144 _____ C:\Windows\System32\FNTCACHE.DAT 2013-08-07 15:14 - 2013-03-14 13:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-08-07 15:14 - 2013-03-14 13:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-08-07 15:13 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal 2013-08-07 15:13 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-07 15:13 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-07-30 13:53 - 2013-03-20 13:25 - 00000000 ____D C:\Users\Fire Training\Desktop\2013 Training Tracker 2013-07-25 17:09 - 2011-10-30 11:05 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-07-25 17:02 - 2012-09-18 02:40 - 78185248 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe Files to move or delete: ==================== C:\Users\Fire Training\AppData\Roaming\skype.dat C:\Users\Fire Training\AppData\Roaming\skype.ini ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-04-04 12:59:01 Restore point made on: 2013-04-13 09:48:15 Restore point made on: 2013-04-15 16:01:02 Restore point made on: 2013-04-24 16:17:46 Restore point made on: 2013-04-29 13:34:10 Restore point made on: 2013-05-02 14:17:21 Restore point made on: 2013-05-10 09:11:26 Restore point made on: 2013-05-17 08:13:00 Restore point made on: 2013-05-29 13:58:56 Restore point made on: 2013-06-05 13:28:32 Restore point made on: 2013-06-17 13:46:50 Restore point made on: 2013-06-19 14:14:28 Restore point made on: 2013-06-22 15:33:31 Restore point made on: 2013-06-25 16:32:45 Restore point made on: 2013-06-29 09:58:02 Restore point made on: 2013-07-08 16:17:14 Restore point made on: 2013-07-09 00:19:27 Restore point made on: 2013-07-10 13:43:59 Restore point made on: 2013-07-16 12:56:13 Restore point made on: 2013-07-25 16:52:23 Restore point made on: 2013-07-30 13:45:02 Restore point made on: 2013-08-07 14:31:50 ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 3562.12 MB Available physical RAM: 2847.76 MB Total Pagefile: 3560.32 MB Available Pagefile: 2870.38 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (TI106231W0C) (Fixed) (Total:450.17 GB) (Free:396.36 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (Aug 18 2013) (CDROM) (Total:0.69 GB) (Free:0.64 GB) UDF Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 81AC88D8) Partition 1: (Active) - (Size=1 GB) - (Type=27) Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=14 GB) - (Type=17) LastRegBack: 2013-03-06 14:53 ==================== End Of Log ============================
- August 18, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

Nevermind, I got it - I had to improperly shut down the system - I was then presented with the option for Repair - proceeding with directions now.
- August 18, 2013
- 22 replies
FBI Infection

th3fall3n777 replied to th3fall3n777's topic in Resolved Malware Removal Logs

Ran into a roadbump - when I hit F8, nothing happened, but I saw your instructions indicated I was looking for the Boot Menu. This model had an indicator saying push F12 for the Boot Menu, so I did that, but there is not Repair option available, I have Boot from HDD, Boot from USB, Boot from CDRW, or System Recovery. I tried selecting system recovery, but then stopped because I got a message asking if I was sure I wanted to continue with system recovery. That made me a little nervous as I don't want to accidentally wipe out the hard drive or anything! Any ideas?
- August 18, 2013
- 22 replies

Sign In

th3fall3n777

Posts

Joined

Last visited

Reputation

About th3fall3n777

Profile Information

Is MBAM Enterprise Multi-Tenant?

FBI Infection

MBAR ChangeLog?

FBI Infection

FBI Infection

FBI Infection

FBI Infection

FBI Infection

MBAR success story

Malwarebytes - RealTime Heuristics?

FBI Infection

FBI Infection

FBI Infection

FBI Infection

FBI Infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information