Solved May have WIn64/sirefef.B--redirect problems, etc

[trb456]

Hope you guys can help, looks like you can. Yesterday, Win Defender detected Win64/sirefef.B, said it removed, Also ran MS Safety Scan, it claimed removal but wanted reboot. Like many others, reboot did not work, Win 7 would not start, had to use Win Recovery, which of course resulted in reinfection, as I now know. Symptoms are PING.exe *32 running, Google redirect, etc. I'm usually really careful, so I don't know what I did. I run Win Defender but not a regular virus scan, though I have hardware firewall in my router. Hope you can possibly figure out HOW I got infected along with the cleaning.

I've done your 6-step, will post logs in next post.

 

[Bobbye]

Welcome to TechSpot! Ill review the logs when you get the up.

My Guidelines: please read and follow:

• Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
• Read my instructions carefully. If you don't understand or have a problem, ask me.
• If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
• Follow the order of the tasks I give you. Order is crucial in cleaning process.
• File sharing programs should be uninstalled or disabled during the cleaning process..
• Observe these:
  [o] Don't use any other cleaning programs or scans while I'm helping you.
  [o] Don't use a Registry cleaner or make any changes in the Registry.
  [o] Don't download and install new programs- except those I give you.
• Please let me know if there is any change in the system.

If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================

 

[trb456]

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7882

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

10/5/2011 11:22:38 PM
mbam-log-2011-10-05 (23-22-38).txt

Scan type: Quick scan
Objects scanned: 181822
Time elapsed: 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

======

gmer.log is empty, even though the program appeared to run. Let me know if this sounds wrong.

=========

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 8/24/2011 2:48:28 PM
System Uptime: 10/5/2011 7:45:40 PM (4 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz | N/A | 2701/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 459 GiB total, 265.406 GiB free.
T: is NetworkDisk (NTFS) - 1946 GiB total, 715.726 GiB free.
W: is NetworkDisk (NTFS) - 5539 GiB total, 1490.13 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Windows Firewall Authorization Driver
Device ID: ROOT\LEGACY_MPSDRV\0000
Manufacturer:
Name: Windows Firewall Authorization Driver
PNP Device ID: ROOT\LEGACY_MPSDRV\0000
Service: mpsdrv
.
==== System Restore Points ===================
.
RP62: 10/1/2011 6:27:58 AM - Installed Remote Keyboard with PlayStation 3
RP63: 10/1/2011 6:28:30 AM - Removed Remote Keyboard with PlayStation 3
RP64: 10/1/2011 6:28:52 AM - Installed Remote Keyboard with PlayStation 3
RP65: 10/1/2011 3:03:22 PM - VAIO Care Automatic Restore Point
RP66: 10/1/2011 3:08:28 PM - Installed Handbook of Chemistry & Physics
RP67: 10/1/2011 3:15:48 PM - Windows Update
RP68: 10/3/2011 4:12:57 PM - Removed VIP Access.
RP70: 10/5/2011 3:32:45 PM - Windows Defender Checkpoint
RP71: 10/5/2011 7:21:05 PM - Installed F-PROT Antivirus for Windows x64
.
==== Installed Programs ======================
.
.
ACID Music Studio 8.0
Adobe Acrobat 9 Standard
Adobe Acrobat 9.4.5 - CPSID_83708
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0) MUI
Amazon Kindle
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
AT&T Communication Manager
Authorizer 1.0.5
Bing Bar
Boxee
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ChemDoodle
Cisco Network Magic
CyberLink PowerDVD
D3DX10
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Architect Studio 5.0
DVD Profiler Version 3.7.2
Eye-Fi Center
Eye-Fi Helper 3.3
GNU Emacs 23.3-modified-3
Go++ Version 7.0 Deluxe
Gobi_Firmware
Google Calendar Sync
Google Earth
Google Update Helper
Handbook of Chemistry & Physics
HP FWUpdateEDO3
HP LaserJet Professional CM1410 Series
HP LaserJet Professional CP1520 Series
HP LJ CM1410 MFP Series HP Scan
HP Update
Hulu Desktop
HW Gobi 3000 Driver 1.07.00.00
Intel PROSet Wireless
Intel(R) Display Audio Driver
Intel(R) Identity Protection Technology 1.1.2.0
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Wireless Display
Internet TV for Windows Media Center
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Line 6 Uninstaller
LoopBe30 - Internal MIDI Ports
Malwarebytes' Anti-Malware version 1.51.2.1300
Many Faces of Go 12
Many Faces of Go data
MathType 6
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Sounds
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
MIDI-OX
Mozilla Firefox 7.0.1 (x86 en-US)
Mp3tag v2.49
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MSXML 4.0
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Native Instruments Kontakt 5
Native Instruments Kontakt Factory Library
Native Instruments Service Center
Netflix in Windows Media Center
Network Magic
Oasis2Service 1.0
OOBE
Pandora
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
PocketCloud Windows Companion
ProntoEdit Professional 2
ProntoProEdit NG
ProntoProEdit NG Setup Support
Pure Networks Platform
PX Profile Update
Quick Web Access
Quicken 2010
QuickTime
RAIDar 4.3.2
ReadyNAS Remote
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek Ethernet Controller Driver
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
RealUpgrade 1.1
Remote Keyboard
Remote Play with PlayStation 3
Renesas Electronics USB 3.0 Host Controller Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
rtpMIDI
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Skype™ 5.1
SlingPlayer
SNLxl
Software Update Wizard (Redistributable) 4.5
Sonos Desktop Controller
Sony Noise Reduction Plug-In 2.0h
Sony Photo Go 1.0b
Sound Forge Audio Studio 10.0
Speed Meter Pro
SplashID Safe 6.0.4
SSLx86
TweetDeck
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Outlook Social Connector (KB2583935)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO CPU Fan Diagnostic
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Mobile Broadband Setup
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VC User CRT71 RTL X86 ---
VC User MFC71 RTL X86 ---
VC User STL71 RTL X86 ---
VCCx86
Vegas Movie Studio HD Platinum 10.0
VESx86
VIx86
VSNx86
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xilisoft Video Converter Ultimate
.
==== Event Viewer Messages From Past Week ========
.
9/30/2011 7:49:25 AM, Error: Service Control Manager [7030] - The VAIO Content Folder Watcher service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/5/2011 7:47:57 PM, Error: Service Control Manager [7009] - A timeout was reached (60000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
10/5/2011 7:46:04 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
10/5/2011 7:45:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
10/5/2011 7:45:47 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error: Cannot create a file when that file already exists.
10/5/2011 7:45:47 PM, Error: Service Control Manager [7000] - The Windows Firewall Authorization Driver service failed to start due to the following error: Cannot create a file when that file already exists.
10/5/2011 11:17:28 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/3/2011 3:52:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000019 (0x0000000000000020, 0xfffffa800b4a63c0, 0xfffffa800b4a63c0, 0x0000000004000001). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 100311-8205-01.
10/1/2011 3:06:30 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom mv61xx
10/1/2011 2:59:51 PM, Error: mv61xx [4] - Driver detected an internal error in its data structures for \Device\Scsi\mv61xx1.
.
==== End Of File ===========================

 

[trb456]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Todd Bault at 23:30:41 on 2011-10-05
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8108.4801 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\TrueSuite\TrueSuite.Service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Windows Home Server\esClient.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Qualcomm\Gobi\GobiQDLService\GobiQDLService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\ProgramData\Philips\Common Database\ProntoDataService.exe
C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\WebUpdateSvc4.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\vncutil64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe
C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
C:\Program Files\MusicLab\MolCp III\monitor.exe
C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe
C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe
C:\Program Files (x86)\nerds.de\LoopBe30\loough.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Pure Networks\Speed Meter Pro\smp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Home Server\ClientInfo.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://sony.msn.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll
BHO: TrueSuite Website Log On: {8590886e-ec8c-43c1-a32c-e4c2b0b6395b} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Eye-Fi] "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [attcm_AppStart.exe] "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [smp.exe] "C:\Program Files (x86)\Pure Networks\Speed Meter Pro\smp.exe" -autorun -nosplash
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CODEME~1.LNK - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOOPBE~1.LNK - C:\Program Files (x86)\nerds.de\LoopBe30\loough.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{69D77511-82C4-402E-893A-429DDA6645AA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E30B089A-61D8-44B9-8434-0989899408D1}\F4C6966756E45647 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - C:\Windows\System32\mscoree.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
mASetup: {256D58B7-0AA7-48AB-9A38-F818B284C20C} - rundll32.exe "C:\Program Files (x86)\SNL Financial\SNLxl\InstallXLAddinRegKey.dll",DllInstallXLAddinRegKeys /i
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} - mscoree.dll
BHO-X64: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll
BHO-X64: TSBHO Class - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [attcm_AppStart.exe] "C:\Program Files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun-x64: [Sprint SmartView] "C:\Program Files (x86)\Sprint\Sprint SmartView\SprintSV.exe" -a
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [VAIO Boot Manager] "C:\Program Files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [smp.exe] "C:\Program Files (x86)\Pure Networks\Speed Meter Pro\smp.exe" -autorun -nosplash
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Todd Bault\AppData\Roaming\Mozilla\Firefox\Profiles\k8gqaac4.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Todd Bault\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 46888025;46888025;C:\Windows\system32\DRIVERS\46888025.sys --> C:\Windows\system32\DRIVERS\46888025.sys [?]
R0 mv61xx;mv61xx;C:\Windows\system32\drivers\mv61xx.sys --> C:\Windows\system32\drivers\mv61xx.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ActiveDelayDeviceService;ActiveDelayDeviceService;C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2011-8-2 75912]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912]
R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]
R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2011-4-26 294216]
R2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;C:\Program Files (x86)\Qualcomm\Gobi\GobiQDLService\GobiQDLService.exe [2011-8-2 318976]
R2 HPMSSConnectorSvc;HPMSSConnectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-5 20992]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-20 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-8-2 2375168]
R2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 MediaCollectorService;MediaCollectorService;C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-5 81920]
R2 molcpeth;MusicLab NDIS MolCpEth Protocol;C:\Windows\system32\DRIVERS\molcpeth.sys --> C:\Windows\system32\DRIVERS\molcpeth.sys [?]
R2 NvtlService;NovaCore SDK Service;C:\Program Files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2011-6-22 91984]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-2-15 47104]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 pnpcap;Pure Networks Packet Capture Driver;C:\Windows\system32\DRIVERS\pnpcap.sys --> C:\Windows\system32\DRIVERS\pnpcap.sys [?]
R2 ProntoDataService;Pronto Data Server;C:\ProgramData\Philips\Common Database\ProntoDataService.exe [2010-6-17 20480]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-8-2 199272]
R2 rtpMIDIService;rtpMIDIService;C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2010-11-27 1126400]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-8-2 259192]
R2 SlingAgentService;SlingAgentService;C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-3 94024]
R2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-9-13 308592]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-8-2 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-2 2656280]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-8-2 552584]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-8-24 965256]
R2 WebUpdate4;Web Update Wizard Service V4;C:\Windows\SysWOW64\WebUpdateSvc4.exe [2008-9-15 262360]
R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-8-18 103424]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\system32\DRIVERS\ATSwpWDF.sys --> C:\Windows\system32\DRIVERS\ATSwpWDF.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 Fwleaf;NETGEAR Firewall Driver;C:\Windows\system32\DRIVERS\fwleaf.sys --> C:\Windows\system32\DRIVERS\fwleaf.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 leafnets;Leaf Networks Adapter;C:\Windows\system32\DRIVERS\leafnets.sys --> C:\Windows\system32\DRIVERS\leafnets.sys [?]
R3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);C:\Windows\system32\drivers\loopbe30.sys --> C:\Windows\system32\drivers\loopbe30.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 mlmolcp3;MolCp3 Miniport MIDI WDM Driver;C:\Windows\system32\DRIVERS\mlmolcp3.sys --> C:\Windows\system32\DRIVERS\mlmolcp3.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys --> C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys [?]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2011-8-2 44736]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
RUnknown 3668211drv;3668211drv; [x]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/02 02:48:29;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-3-2 240112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-2-24 362992]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe [2011-8-25 68096]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
S3 CASprint;Sprint Con App Svc;C:\Program Files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2011-6-22 124224]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;C:\Windows\system32\DRIVERS\gobi3kfilter.sys --> C:\Windows\system32\DRIVERS\gobi3kfilter.sys [?]
S3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;C:\Windows\system32\DRIVERS\gobi3kmbb.sys --> C:\Windows\system32\DRIVERS\gobi3kmbb.sys [?]
S3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;C:\Windows\system32\DRIVERS\gobi3kserial.sys --> C:\Windows\system32\DRIVERS\gobi3kserial.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-24 136176]
S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;C:\Windows\system32\DRIVERS\MAudioFastTrack.sys --> C:\Windows\system32\DRIVERS\MAudioFastTrack.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;\??\C:\Windows\system32\PCTINDIS5X64.SYS --> C:\Windows\system32\PCTINDIS5X64.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-2-24 313840]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys --> C:\Windows\system32\drivers\synth3dvsc.sys [?]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys --> C:\Windows\system32\drivers\terminpt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys --> C:\Windows\system32\drivers\tsusbhub.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-8-2 1021840]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S4 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S4 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-5-19 549616]
S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-10-06 03:21:20 -------- d-----w- C:\Users\Todd Bault\AppData\Roaming\Malwarebytes
2011-10-06 03:21:15 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-06 03:21:13 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-06 03:21:13 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-06 01:11:44 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-10-06 01:11:37 460888 ----a-w- C:\Windows\System32\drivers\46888025.sys
2011-10-05 23:50:39 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0589B112-0F90-434A-9454-B6191B92F630}\mpengine.dll
2011-10-05 23:50:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0589B112-0F90-434A-9454-B6191B92F630}\offreg.dll
2011-10-05 23:45:51 125440 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com\components\TrueSuite.WLOXPCOM.dll
2011-10-05 23:21:11 -------- d-----w- C:\ProgramData\FRISK Software
2011-10-05 23:21:11 -------- d-----w- C:\Program Files (x86)\FRISK Software
2011-10-05 20:00:31 -------- d-----w- C:\Windows\System32\MpEngineStore
2011-10-05 19:30:03 -------- d-----we C:\Windows\system64
2011-10-05 19:09:55 -------- d-----w- C:\Users\Todd Bault\AppData\Roaming\Line 6
2011-10-05 19:09:55 -------- d-----w- C:\ProgramData\Line 6
2011-10-05 19:09:54 -------- d-----w- C:\ProgramData\Propellerhead Software
2011-10-05 19:09:54 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2011-10-05 19:09:49 -------- d-----w- C:\Users\Todd Bault\AppData\Roaming\Propellerhead Software
2011-10-05 19:09:44 -------- d-----w- C:\Program Files\CodeMeter
2011-10-05 19:09:43 -------- d-----w- C:\Program Files (x86)\CodeMeter
2011-10-05 19:09:41 -------- d-----w- C:\Program Files (x86)\Propellerhead
2011-10-05 19:09:23 -------- d-----w- C:\Program Files\Propellerhead
2011-10-01 19:15:53 9216 ----a-w- C:\Windows\SysWow64\ftlx0411.dll
2011-10-01 19:15:53 9216 ----a-w- C:\Windows\System32\ftlx0411.dll
2011-10-01 19:15:53 296960 ----a-w- C:\Windows\winhlp32.exe
2011-10-01 19:15:53 195072 ----a-w- C:\Windows\SysWow64\ftsrch.dll
2011-10-01 19:15:53 195072 ----a-w- C:\Windows\System32\ftsrch.dll
2011-10-01 19:15:53 10240 ----a-w- C:\Windows\SysWow64\ftlx041e.dll
2011-10-01 19:15:53 10240 ----a-w- C:\Windows\System32\ftlx041e.dll
2011-10-01 19:08:33 -------- d-----w- C:\Program Files (x86)\CRC Press
2011-09-30 18:32:56 -------- d-----w- C:\Users\Todd Bault\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-09-30 18:32:54 -------- d-----w- C:\Program Files (x86)\TweetDeck
2011-09-30 16:38:17 -------- d-----w- C:\Users\Todd Bault\AppData\Roaming\SNL Financial
2011-09-30 16:37:08 -------- d-----w- C:\Users\Todd Bault\AppData\Local\IsolatedStorage
2011-09-30 16:36:42 -------- d-----w- C:\Program Files (x86)\SNL Financial
2011-09-30 16:35:56 -------- d-----w- C:\Program Files (x86)\Microsoft WSE
2011-09-27 13:48:29 -------- d-----w- C:\Program Files\Vstplugins
2011-09-26 19:21:31 -------- d-----w- C:\Users\Todd Bault\AppData\Local\Native Instruments
2011-09-26 19:18:17 -------- dc----w- C:\ProgramData\{B4D507D7-68F5-4F3B-BCAD-6916321201B4}
2011-09-26 19:17:55 -------- dc-h--w- C:\ProgramData\{5C4E0CFB-E109-416E-B66B-470382013E3B}
2011-09-26 18:03:34 -------- dc-h--w- C:\ProgramData\{34B6291D-C0D7-4BAF-B634-1D130C96F9F9}
2011-09-26 18:03:18 -------- d-----w- C:\Program Files\Common Files\Native Instruments
2011-09-26 18:03:18 -------- d-----w- C:\Program Files (x86)\Vstplugins
2011-09-26 18:01:39 -------- dc-h--w- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-09-26 18:01:38 -------- d-----w- C:\ProgramData\Native Instruments
2011-09-26 18:01:38 -------- d-----w- C:\Program Files\Native Instruments
2011-09-23 17:27:47 -------- d-----w- C:\Users\Todd Bault\AppData\Roaming\fi.eye.center.E430518E652B889A80EC0E8A6E532C09FF36DF62.1
2011-09-23 17:27:30 -------- d-----w- C:\Users\Todd Bault\AppData\Local\Eye-Fi
2011-09-23 17:26:56 -------- d-----w- C:\Users\Todd Bault\AppData\Roaming\Eye-Fi
2011-09-23 17:26:41 -------- d-----w- C:\Program Files (x86)\Eye-Fi
2011-09-07 22:49:14 -------- d--h--w- C:\Users\Todd Bault\.cduf
2011-09-07 22:48:39 -------- d-----w- C:\Program Files (x86)\ChemDoodle
.
==================== Find3M ====================
.
2011-09-26 15:40:27 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-24 00:46:23 1003 ----a-w- C:\miscsync.bat
2011-09-24 00:44:14 149 ----a-w- C:\toddback.bat
2011-09-23 18:17:53 1048 ----a-w- C:\picssync.bat
2011-09-01 21:55:35 1361 ----a-w- C:\studiosync.bat
2011-09-01 21:54:19 564 ----a-w- C:\olivesync.bat
2011-09-01 21:53:50 1435 ----a-w- C:\offsite.bat
2011-09-01 21:53:15 1333 ----a-w- C:\officesync.bat
2011-09-01 21:51:55 974 ----a-w- C:\mp3sync.bat
2011-09-01 21:50:07 160 ----a-w- C:\chemsync.bat
2011-08-25 16:56:48 47633 ----a-w- C:\Windows\SysWow64\wuwuninst.exe
2011-08-24 23:29:09 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-08-02 09:48:07 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2011-08-02 09:48:06 353576 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-08-02 09:47:08 951680 ----a-w- C:\Windows\System32\drivers\ndis.sys
2011-08-02 09:45:07 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-08-02 09:45:05 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-08-02 09:45:05 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-08-02 09:45:03 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-08-02 09:45:02 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-08-02 09:45:01 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-08-02 09:04:52 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-02 09:04:27 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-07-12 15:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-07-12 15:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-07-12 15:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll
2011-07-12 15:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-07-12 15:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-07-12 15:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-07-12 15:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
.
============= FINISH: 23:30:59.35 ===============

 

[trb456]

One more comment: system seems to be getting more unstable. Still runs, but now when I pull up Windows Explorer, the file tree does not populate at the left although I can still type paths in the address bar and get to them. Jeez.

 

[Bobbye]

Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

• Double click combofix.exe & follow the prompts.
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Once installed, you should see a blue screen prompt that says:
  The Recovery Console was successfully installed.
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
===================================

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESETOnlineScan
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  [o] Double click on the
  
  on your desktop.
• Check 'Yes I accept terms of use.'
• Click Start button
• Accept any security warnings from your browser.
  
  
• Uncheck 'Remove found threats'
• Check 'Scan archives/
• Leave remaining settings as is.
• Press the Start button.
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
• When the scan completes, press List of found threats
• Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
• Push the Back button
• Push Finish

Please post the entire log with heading resembling this:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=1

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
============================
Please don't PM me and ask for my schedule. This thread is only 1 day old. You have an enormous number of processes running and it's going to take a while to get through the logs. There are also quite a= few entries that I don't recognize.

 

[trb456]

Combofix reboot but now black screen--hard reboot?

Combofix said it would reboot and to allow, but now am at black screen (like a hanging reboot). Should I do a hard reboot with the power switch?

trb456

 

[trb456]

Forget it--reboot worked

Ignore last post, reboot worked, running ESet now, will post logs when done.

Very good sign: PING no longer running! Realize still much to do, but nice to see.

Sorry about PM, will not happen again. Appreciate the help.

 

[trb456]

New logs--Combofix and ESet

Fingered crossed, but hopeful Combofix caught everything. System no longer running funny. ESet caught one Combofix quarantine, and one instance that I think is a legitimate use of a Thermida wrapper (the target file is legitimate and commercial). Realize we still have cleanup to do, but I'm very encouraged--thanks!

Combofix:

ComboFix 11-10-07.04 - Todd Bault 10/07/2011 17:20:37.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8108.4713 [GMT -4:00]
Running from: c:\users\Todd Bault\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\00000002.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\80000032.@
c:\windows\assembly\tmp\U\80000064.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\system32\consrv.dll
c:\windows\System64
c:\windows\SysWow64\comct332.ocx
.
.
((((((((((((((((((((((((( Files Created from 2011-09-07 to 2011-10-07 )))))))))))))))))))))))))))))))
.
.
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Malwarebytes
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\programdata\Malwarebytes
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-06 03:21 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 01:11 . 2011-10-06 01:11 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-05 23:50 . 2011-10-06 03:37 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0589B112-0F90-434A-9454-B6191B92F630}\offreg.dll
2011-10-05 23:50 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0589B112-0F90-434A-9454-B6191B92F630}\mpengine.dll
2011-10-05 23:21 . 2011-10-05 23:21 -------- d-----w- c:\programdata\FRISK Software
2011-10-05 23:21 . 2011-10-05 23:21 -------- d-----w- c:\program files (x86)\FRISK Software
2011-10-05 20:00 . 2011-10-06 03:44 -------- d-----w- c:\windows\system32\MpEngineStore
2011-10-05 19:09 . 2011-10-05 19:13 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Line 6
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\programdata\Line 6
2011-10-05 19:09 . 2011-10-05 19:13 -------- d-----w- c:\programdata\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\CodeMeter
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files (x86)\CodeMeter
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files (x86)\Propellerhead
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\Propellerhead
2011-10-02 17:31 . 2011-10-02 17:33 -------- d---a-w- c:\users\Public\Bault
2011-10-02 17:30 . 2011-10-02 17:30 -------- d---a-w- c:\users\Public\Insurance
2011-10-01 19:15 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2011-10-01 19:15 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll
2011-10-01 19:15 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2011-10-01 19:15 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
2011-10-01 19:15 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2011-10-01 19:15 . 2009-08-04 17:55 10240 ----a-w- c:\windows\SysWow64\ftlx041e.dll
2011-10-01 19:15 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2011-10-01 19:08 . 2011-10-01 19:08 -------- d-----w- c:\program files (x86)\CRC Press
2011-09-30 18:32 . 2011-09-30 18:32 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-09-30 18:32 . 2011-09-30 18:32 -------- d-----w- c:\program files (x86)\TweetDeck
2011-09-30 16:38 . 2011-09-30 16:38 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\SNL Financial
2011-09-30 16:37 . 2011-09-30 16:37 -------- d-----w- c:\users\Todd Bault\AppData\Local\IsolatedStorage
2011-09-30 16:36 . 2011-09-30 16:36 -------- d-----w- c:\program files (x86)\SNL Financial
2011-09-30 16:35 . 2011-09-30 16:35 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-09-30 11:51 . 2011-09-30 11:51 -------- d-----w- c:\users\Default\AppData\Local\Sony Corporation
2011-09-27 13:48 . 2011-09-27 13:48 -------- d-----w- c:\program files\Vstplugins
2011-09-26 19:21 . 2011-09-26 19:21 -------- d-----w- c:\users\Todd Bault\AppData\Local\Native Instruments
2011-09-26 19:18 . 2011-09-26 19:18 -------- dc----w- c:\programdata\{B4D507D7-68F5-4F3B-BCAD-6916321201B4}
2011-09-26 19:17 . 2011-09-26 19:17 -------- dc-h--w- c:\programdata\{5C4E0CFB-E109-416E-B66B-470382013E3B}
2011-09-26 18:03 . 2011-09-26 18:03 -------- dc-h--w- c:\programdata\{34B6291D-C0D7-4BAF-B634-1D130C96F9F9}
2011-09-26 18:03 . 2011-09-27 13:46 -------- d-----w- c:\program files (x86)\Vstplugins
2011-09-26 18:03 . 2011-09-26 18:03 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-09-26 18:01 . 2011-09-26 18:01 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-09-26 18:01 . 2011-09-26 18:03 -------- d-----w- c:\program files\Native Instruments
2011-09-26 18:01 . 2011-09-26 18:01 -------- d-----w- c:\programdata\Native Instruments
2011-09-23 17:27 . 2011-09-23 17:27 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\fi.eye.center.E430518E652B889A80EC0E8A6E532C09FF36DF62.1
2011-09-23 17:27 . 2011-10-07 21:34 -------- d-----w- c:\users\Todd Bault\AppData\Local\Eye-Fi
2011-09-23 17:26 . 2011-09-23 17:43 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Eye-Fi
2011-09-23 17:26 . 2011-09-23 17:27 -------- d-----w- c:\program files (x86)\Eye-Fi
2011-09-08 18:38 . 2011-09-08 18:38 -------- d-----w- c:\windows\Sun
2011-09-07 22:49 . 2011-09-07 23:39 -------- d--h--w- c:\users\Todd Bault\.cduf
2011-09-07 22:48 . 2011-09-07 22:48 -------- d-----w- c:\program files (x86)\ChemDoodle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 15:40 . 2011-09-01 22:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-24 00:46 . 2011-08-29 13:30 1003 ----a-w- C:\miscsync.bat
2011-09-24 00:44 . 2011-08-29 13:30 149 ----a-w- C:\toddback.bat
2011-09-23 18:17 . 2011-08-29 13:30 1048 ----a-w- C:\picssync.bat
2011-09-01 21:55 . 2011-08-29 13:30 1361 ----a-w- C:\studiosync.bat
2011-09-01 21:54 . 2011-08-29 13:30 564 ----a-w- C:\olivesync.bat
2011-09-01 21:53 . 2011-08-29 13:30 1435 ----a-w- C:\offsite.bat
2011-09-01 21:53 . 2011-08-29 13:30 1333 ----a-w- C:\officesync.bat
2011-09-01 21:51 . 2011-08-29 13:30 974 ----a-w- C:\mp3sync.bat
2011-09-01 21:50 . 2011-08-29 13:30 160 ----a-w- C:\chemsync.bat
2011-08-25 16:56 . 2011-08-25 16:56 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe
2011-08-25 09:58 . 2011-08-25 09:58 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-25 01:39 . 2011-08-25 01:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-08-25 01:38 . 2011-08-25 01:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-08-25 01:38 . 2011-08-25 01:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-08-25 01:38 . 2011-08-25 01:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-24 23:29 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-08-24 18:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-02 09:48 . 2011-08-02 09:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-02 09:48 . 2003-02-21 11:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-02 09:47 . 2011-08-02 09:47 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-08-02 09:46 . 2011-08-02 09:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-02 09:46 . 2011-08-02 09:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-02 09:46 . 2011-08-02 09:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-02 09:46 . 2011-08-02 09:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-02 09:46 . 2011-08-02 09:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-02 09:46 . 2011-08-02 09:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-02 09:46 . 2011-08-02 09:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-02 09:46 . 2011-08-02 09:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-02 09:46 . 2011-08-02 09:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-02 09:46 . 2011-08-02 09:46 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-02 09:46 . 2011-08-02 09:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-02 09:46 . 2011-08-02 09:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-02 09:46 . 2011-08-02 09:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-02 09:46 . 2011-08-02 09:46 448512 ----a-w- c:\windows\system32\html.iec
2011-08-02 09:46 . 2011-08-02 09:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-02 09:46 . 2011-08-02 09:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-02 09:46 . 2011-08-02 09:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-02 09:46 . 2011-08-02 09:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-02 09:46 . 2011-08-02 09:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-02 09:46 . 2011-08-02 09:46 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-02 09:46 . 2011-08-02 09:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-02 09:46 . 2011-08-02 09:46 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-02 09:46 . 2011-08-02 09:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-02 09:46 . 2011-08-02 09:46 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-02 09:46 . 2011-08-02 09:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-02 09:46 . 2011-08-02 09:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-02 09:46 . 2011-08-02 09:46 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-02 09:46 . 2011-08-02 09:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-02 09:46 . 2011-08-02 09:46 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-02 09:46 . 2011-08-02 09:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-02 09:46 . 2011-08-02 09:46 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-02 09:46 . 2011-08-02 09:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-02 09:46 . 2011-08-02 09:46 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-02 09:46 . 2011-08-02 09:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-02 09:46 . 2011-08-02 09:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-02 09:46 . 2011-08-02 09:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-02 09:45 . 2011-08-02 09:45 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-08-02 09:45 . 2011-08-02 09:45 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-08-02 09:04 . 2011-08-02 09:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-02 09:04 . 2011-08-02 09:04 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-22 05:42 . 2011-08-24 19:44 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-24 19:44 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-24 19:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-24 19:44 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-24 19:44 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-24 19:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-24 19:43 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-24 19:43 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-24 19:43 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-24 19:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-24 19:43 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-24 19:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eye-Fi"="c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" [2011-04-19 3820152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-20 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"attcm_AppStart.exe"="c:\program files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2011-05-10 209032]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2011-06-22 75072]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-03-10 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-19 2101896]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-08-24 273528]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"smp.exe"="c:\program files (x86)\Pure Networks\Speed Meter Pro\smp.exe" [2008-09-14 767272]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
LoopBe30 Monitor.lnk - c:\program files (x86)\nerds.de\LoopBe30\loough.exe [2008-1-21 315256]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-8-24 666992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/02 02:48;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-03-03 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-29 2656280]
R2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-04-28 552584]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2011-06-22 124224]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys [x]
R3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys [x]
R3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R4 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2011-05-19 75912]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216]
S2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;c:\program files (x86)\Qualcomm\Gobi\GobiQDLService\GobiQDLService.exe [2011-04-07 318976]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-04-25 2375168]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 molcpeth;MusicLab NDIS MolCpEth Protocol;c:\windows\system32\DRIVERS\molcpeth.sys [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2011-06-22 91984]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\DRIVERS\pnpcap.sys [x]
S2 ProntoDataService;Pronto Data Server;c:\programdata\Philips\Common Database\ProntoDataService.exe [2010-06-17 20480]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-06-10 199272]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2010-11-27 1126400]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-13 308592]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-21 965256]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-08-18 103424]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
S3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);c:\windows\system32\drivers\loopbe30.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mlmolcp3;MolCp3 Miniport MIDI WDM Driver;c:\windows\system32\DRIVERS\mlmolcp3.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{256D58B7-0AA7-48AB-9A38-F818B284C20C}]
2011-09-24 19:44 62976 ----a-w- c:\program files (x86)\SNL Financial\SNLxl\InstallXLAddinRegKey.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:49]
.
2011-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-31 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-31 418840]
"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2011-06-10 562792]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-10 11817576]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-10 2209896]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-08-18 807936]
"MolCp3Monitor"="c:\program files\MusicLab\MolCp III\monitor.exe" [2010-09-11 174592]
"combofix"="c:\combofix\CF29686.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Todd Bault\AppData\Roaming\Mozilla\Firefox\Profiles\k8gqaac4.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Software Update Wizard (Redistributable) - c:\windows\system32\wuwuninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
.
**************************************************************************
.
Completion time: 2011-10-07 17:35:49 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-07 21:35
.
Pre-Run: 287,425,871,872 bytes free
Post-Run: 287,285,485,568 bytes free
.
- - End Of File - - 1F326FC36998B8043DDB2F56BDAE0DAF

ESet:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=f95d209aaffc174daecd1c984bf7c786
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-07 11:14:18
# local_time=2011-10-07 07:14:18 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3329 16777214 0 2 0 0 0 0
# compatibility_mode=5893 16776573 100 94 0 69567106 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=682316
# found=2
# cleaned=0
# scan_time=5602
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000032.@.vir a variant of Win32/Olmarik.AVQ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Public\Software\Finale\Kontakt Player 2 Setup.exe a variant of Win32/Packed.Themida application (unable to clean) 00000000000000000000000000000000 I

 

[Bobbye]

Okay, As you may know, the Win64/sirefB malware is a part of the ZeroAccessRootkit- so now we go after that as follows:
-----------------------------

• Download the file TDSSKiller.zip and save to the desktop.
  (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
• Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
• Double click on TDSSKiller.exe. to run the scan
• When the scan is over, the utility outputs a list of detected objects with description.
  The utility automatically selects an action (Cure or Delete) for malicious objects.
  The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
• Select the action Quarantine to quarantine detected objects.
  The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
• After clicking Next, the utility applies selected actions and outputs the result.
• A reboot is required after disinfection.

Please post the log from that.
========================================
Follow with download of maxhandle.exe by noahdfear to your desktop.

• Double click maxhandle.exeand run the application
• An active internet connection is required so that maxhandle.exe may download a tool from SysInternals
• If Max++ is present the log will open automatically.
• If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
• Log is saved to c:\maxhandle.txt

=========================================
Post both of these logs and we'll go from there.
I have some script set for entries to run through Combofix, but would like to see the above logs first.

 

[trb456]

Nothing for either scan--vey good news, I hope!

Neither TDSSKiller nor maxahndle found anything! I hope that's good news. Looking over some of the other active cases on this board, perhaps I was spoofed--perhaps what I thought was a Defender warning was in fact somwthing that wanted to be clicked that THEN infected me with what Combofix quarantined. I don't really know, and looking over the logs myself, I still can't figure out what I clicked on to do this.

So anyway, no maxhandler log. I'm posting the TDSS report just in case (no log produced), though it says all clear. Computer is now very quite, no processes running that I do not recognize or that should not be running. Hope we're getting close...thanks!

EDIT: One other thing to consider as part of the cleaning. I have a fairly new USB 3.0 SSD that I do not think is infected, but we might as well rule this out. Only my (hopefully formerly) infected computer has a USB 3.0 port., though there may be some 2.0 backwards compatibility. I know you guys have a USB tool, but would you recommend cleaning the SSD on the current subject computer, or on another (assuming 2.0 compatibility)? I'll wait to get your response before acting.

06:26:30.0203 11528 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24
06:26:30.0431 11528 ============================================================
06:26:30.0431 11528 Current date / time: 2011/10/09 06:26:30.0431
06:26:30.0431 11528 SystemInfo:
06:26:30.0431 11528
06:26:30.0431 11528 OS Version: 6.1.7601 ServicePack: 1.0
06:26:30.0431 11528 Product type: Workstation
06:26:30.0431 11528 ComputerName: TODDLAP
06:26:30.0432 11528 UserName: Todd Bault
06:26:30.0432 11528 Windows directory: C:\Windows
06:26:30.0432 11528 System windows directory: C:\Windows
06:26:30.0432 11528 Running under WOW64
06:26:30.0432 11528 Processor architecture: Intel x64
06:26:30.0432 11528 Number of processors: 4
06:26:30.0432 11528 Page size: 0x1000
06:26:30.0432 11528 Boot type: Normal boot
06:26:30.0432 11528 ============================================================
06:26:30.0510 11528 Initialize success
06:26:32.0479 12812 ============================================================
06:26:32.0479 12812 Scan started
06:26:32.0479 12812 Mode: Manual;
06:26:32.0479 12812 ============================================================
06:26:32.0745 12812 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
06:26:32.0746 12812 1394ohci - ok
06:26:32.0755 12812 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
06:26:32.0756 12812 ACPI - ok
06:26:32.0759 12812 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
06:26:32.0759 12812 AcpiPmi - ok
06:26:32.0769 12812 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
06:26:32.0771 12812 adp94xx - ok
06:26:32.0777 12812 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
06:26:32.0779 12812 adpahci - ok
06:26:32.0782 12812 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
06:26:32.0783 12812 adpu320 - ok
06:26:32.0793 12812 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
06:26:32.0795 12812 AFD - ok
06:26:32.0797 12812 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
06:26:32.0798 12812 agp440 - ok
06:26:32.0802 12812 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
06:26:32.0802 12812 aliide - ok
06:26:32.0806 12812 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
06:26:32.0806 12812 amdide - ok
06:26:32.0811 12812 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
06:26:32.0811 12812 AmdK8 - ok
06:26:32.0872 12812 amdkmdag (8f3e65588cd16c4e26c366fda970917e) C:\Windows\system32\DRIVERS\atikmdag.sys
06:26:32.0907 12812 amdkmdag - ok
06:26:32.0917 12812 amdkmdap (1b075adfe47632458e82df3220554710) C:\Windows\system32\DRIVERS\atikmpag.sys
06:26:32.0918 12812 amdkmdap - ok
06:26:32.0920 12812 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
06:26:32.0921 12812 AmdPPM - ok
06:26:32.0924 12812 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
06:26:32.0925 12812 amdsata - ok
06:26:32.0929 12812 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
06:26:32.0929 12812 amdsbs - ok
06:26:32.0932 12812 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
06:26:32.0932 12812 amdxata - ok
06:26:32.0935 12812 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
06:26:32.0936 12812 AppID - ok
06:26:32.0944 12812 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
06:26:32.0945 12812 arc - ok
06:26:32.0948 12812 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
06:26:32.0948 12812 arcsas - ok
06:26:32.0952 12812 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
06:26:32.0953 12812 ArcSoftKsUFilter - ok
06:26:32.0961 12812 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
06:26:32.0961 12812 AsyncMac - ok
06:26:32.0964 12812 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
06:26:32.0964 12812 atapi - ok
06:26:32.0977 12812 ATSwpWDF (26970f26ebab7d5d1b795a3f9013cd80) C:\Windows\system32\DRIVERS\ATSwpWDF.sys
06:26:32.0981 12812 ATSwpWDF - ok
06:26:32.0991 12812 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
06:26:32.0993 12812 b06bdrv - ok
06:26:32.0999 12812 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
06:26:33.0000 12812 b57nd60a - ok
06:26:33.0007 12812 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
06:26:33.0008 12812 Beep - ok
06:26:33.0013 12812 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
06:26:33.0014 12812 blbdrive - ok
06:26:33.0022 12812 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
06:26:33.0023 12812 bowser - ok
06:26:33.0025 12812 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
06:26:33.0025 12812 BrFiltLo - ok
06:26:33.0028 12812 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
06:26:33.0029 12812 BrFiltUp - ok
06:26:33.0036 12812 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
06:26:33.0038 12812 Brserid - ok
06:26:33.0040 12812 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
06:26:33.0041 12812 BrSerWdm - ok
06:26:33.0043 12812 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
06:26:33.0044 12812 BrUsbMdm - ok
06:26:33.0047 12812 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
06:26:33.0047 12812 BrUsbSer - ok
06:26:33.0051 12812 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
06:26:33.0052 12812 BthEnum - ok
06:26:33.0055 12812 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
06:26:33.0056 12812 BTHMODEM - ok
06:26:33.0059 12812 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
06:26:33.0060 12812 BthPan - ok
06:26:33.0068 12812 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
06:26:33.0070 12812 BTHPORT - ok
06:26:33.0074 12812 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
06:26:33.0075 12812 BTHUSB - ok
06:26:33.0078 12812 btmaux (962bd3689e2c85f0ba97f3d7e7ba540b) C:\Windows\system32\DRIVERS\btmaux.sys
06:26:33.0078 12812 btmaux - ok
06:26:33.0083 12812 btmhsf (ec1220b647f0d995da5cad4153454779) C:\Windows\system32\DRIVERS\btmhsf.sys
06:26:33.0085 12812 btmhsf - ok
06:26:33.0087 12812 catchme - ok
06:26:33.0091 12812 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
06:26:33.0092 12812 cdfs - ok
06:26:33.0096 12812 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
06:26:33.0097 12812 cdrom - ok
06:26:33.0101 12812 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
06:26:33.0101 12812 circlass - ok
06:26:33.0107 12812 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
06:26:33.0109 12812 CLFS - ok
06:26:33.0118 12812 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
06:26:33.0118 12812 CmBatt - ok
06:26:33.0121 12812 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
06:26:33.0121 12812 cmdide - ok
06:26:33.0129 12812 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
06:26:33.0131 12812 CNG - ok
06:26:33.0134 12812 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
06:26:33.0135 12812 Compbatt - ok
06:26:33.0138 12812 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
06:26:33.0138 12812 CompositeBus - ok
06:26:33.0142 12812 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
06:26:33.0143 12812 crcdisk - ok
06:26:33.0153 12812 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
06:26:33.0155 12812 CSC - ok
06:26:33.0163 12812 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
06:26:33.0164 12812 DfsC - ok
06:26:33.0167 12812 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
06:26:33.0168 12812 discache - ok
06:26:33.0171 12812 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
06:26:33.0171 12812 Disk - ok
06:26:33.0175 12812 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
06:26:33.0175 12812 dmvsc - ok
06:26:33.0182 12812 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
06:26:33.0183 12812 drmkaud - ok
06:26:33.0194 12812 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
06:26:33.0197 12812 DXGKrnl - ok
06:26:33.0224 12812 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
06:26:33.0236 12812 ebdrv - ok
06:26:33.0247 12812 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
06:26:33.0249 12812 elxstor - ok
06:26:33.0251 12812 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
06:26:33.0251 12812 ErrDev - ok
06:26:33.0260 12812 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
06:26:33.0262 12812 exfat - ok
06:26:33.0266 12812 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
06:26:33.0267 12812 fastfat - ok
06:26:33.0269 12812 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
06:26:33.0270 12812 fdc - ok
06:26:33.0275 12812 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
06:26:33.0276 12812 FileInfo - ok
06:26:33.0278 12812 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
06:26:33.0279 12812 Filetrace - ok
06:26:33.0283 12812 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
06:26:33.0283 12812 flpydisk - ok
06:26:33.0289 12812 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
06:26:33.0290 12812 FltMgr - ok
06:26:33.0297 12812 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
06:26:33.0297 12812 FsDepends - ok
06:26:33.0299 12812 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
06:26:33.0300 12812 Fs_Rec - ok
06:26:33.0305 12812 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
06:26:33.0306 12812 fvevol - ok
06:26:33.0310 12812 Fwleaf (5462c481c8f526b63a1a6f3e26014bd5) C:\Windows\system32\DRIVERS\fwleaf.sys
06:26:33.0310 12812 Fwleaf - ok
06:26:33.0313 12812 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
06:26:33.0314 12812 gagp30kx - ok
06:26:33.0317 12812 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:26:33.0318 12812 GEARAspiWDM - ok
06:26:33.0322 12812 gobi3kfilter (9495607c14f345e9632b3e1c12cea7b0) C:\Windows\system32\DRIVERS\gobi3kfilter.sys
06:26:33.0322 12812 gobi3kfilter - ok
06:26:33.0328 12812 gobi3kmbb (4cfac59c1203a3dba7c3dcfcdd503860) C:\Windows\system32\DRIVERS\gobi3kmbb.sys
06:26:33.0330 12812 gobi3kmbb - ok
06:26:33.0335 12812 gobi3kserial (dbb405772f1c21cb7ed51593bad5880d) C:\Windows\system32\DRIVERS\gobi3kserial.sys
06:26:33.0336 12812 gobi3kserial - ok
06:26:33.0343 12812 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
06:26:33.0343 12812 hcw85cir - ok
06:26:33.0349 12812 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
06:26:33.0351 12812 HdAudAddService - ok
06:26:33.0354 12812 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
06:26:33.0355 12812 HDAudBus - ok
06:26:33.0358 12812 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
06:26:33.0358 12812 HidBatt - ok
06:26:33.0362 12812 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
06:26:33.0362 12812 HidBth - ok
06:26:33.0364 12812 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
06:26:33.0365 12812 HidIr - ok
06:26:33.0369 12812 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
06:26:33.0369 12812 HidUsb - ok
06:26:33.0376 12812 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
06:26:33.0377 12812 HpSAMD - ok
06:26:33.0385 12812 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
06:26:33.0388 12812 HTTP - ok
06:26:33.0391 12812 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
06:26:33.0391 12812 hwpolicy - ok
06:26:33.0396 12812 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
06:26:33.0397 12812 i8042prt - ok
06:26:33.0403 12812 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
06:26:33.0405 12812 iaStor - ok
06:26:33.0413 12812 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
06:26:33.0415 12812 iaStorV - ok
06:26:33.0418 12812 iBtFltCoex (e44f0b4dc753c14930b8dc48bb7a1644) C:\Windows\system32\DRIVERS\iBtFltCoex.sys
06:26:33.0418 12812 iBtFltCoex - ok
06:26:33.0422 12812 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
06:26:33.0423 12812 iirsp - ok
06:26:33.0449 12812 IntcAzAudAddService (1b491f385ee96f9d9ee4cb430c8cd29e) C:\Windows\system32\drivers\RTKVHD64.sys
06:26:33.0460 12812 IntcAzAudAddService - ok
06:26:33.0468 12812 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
06:26:33.0469 12812 IntcDAud - ok
06:26:33.0472 12812 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
06:26:33.0472 12812 intelide - ok
06:26:33.0543 12812 intelkmd (370c2a8629b30f910f740387795ddc6f) C:\Windows\system32\DRIVERS\igdpmd64.sys
06:26:33.0590 12812 intelkmd - ok
06:26:33.0595 12812 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
06:26:33.0595 12812 intelppm - ok
06:26:33.0600 12812 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:26:33.0600 12812 IpFilterDriver - ok
06:26:33.0605 12812 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
06:26:33.0605 12812 IPMIDRV - ok
06:26:33.0608 12812 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
06:26:33.0609 12812 IPNAT - ok
06:26:33.0613 12812 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
06:26:33.0613 12812 IRENUM - ok
06:26:33.0616 12812 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
06:26:33.0617 12812 isapnp - ok
06:26:33.0623 12812 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
06:26:33.0624 12812 iScsiPrt - ok
06:26:33.0629 12812 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
06:26:33.0629 12812 kbdclass - ok
06:26:33.0632 12812 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
06:26:33.0632 12812 kbdhid - ok
06:26:33.0636 12812 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
06:26:33.0637 12812 KSecDD - ok
06:26:33.0641 12812 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
06:26:33.0642 12812 KSecPkg - ok
06:26:33.0645 12812 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
06:26:33.0645 12812 ksthunk - ok
06:26:33.0653 12812 leafnets (83ec58ed3aca5028919028667babf490) C:\Windows\system32\DRIVERS\leafnets.sys
06:26:33.0653 12812 leafnets - ok
06:26:33.0657 12812 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
06:26:33.0658 12812 lltdio - ok
06:26:33.0664 12812 LoopBe30 (d25f4fb8bc046e9c8b8ec6ed2b2016d3) C:\Windows\system32\drivers\loopbe30.sys
06:26:33.0665 12812 LoopBe30 - ok
06:26:33.0669 12812 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
06:26:33.0670 12812 LSI_FC - ok
06:26:33.0673 12812 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
06:26:33.0674 12812 LSI_SAS - ok
06:26:33.0676 12812 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
06:26:33.0677 12812 LSI_SAS2 - ok
06:26:33.0680 12812 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
06:26:33.0681 12812 LSI_SCSI - ok
06:26:33.0684 12812 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
06:26:33.0685 12812 luafv - ok
06:26:33.0691 12812 MAUSBFASTTRACK (f2643036b225ba4621a965434478f35e) C:\Windows\system32\DRIVERS\MAudioFastTrack.sys
06:26:33.0692 12812 MAUSBFASTTRACK - ok
06:26:33.0698 12812 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
06:26:33.0698 12812 megasas - ok
06:26:33.0704 12812 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
06:26:33.0705 12812 MegaSR - ok
06:26:33.0708 12812 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
06:26:33.0709 12812 MEIx64 - ok
06:26:33.0714 12812 mlmolcp3 (9e98ae4bb73ea4067265963c1c47a669) C:\Windows\system32\DRIVERS\mlmolcp3.sys
06:26:33.0714 12812 mlmolcp3 - ok
06:26:33.0718 12812 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
06:26:33.0718 12812 Modem - ok
06:26:33.0724 12812 molcpeth (a838a63be13bea7868105a62ea67685c) C:\Windows\system32\DRIVERS\molcpeth.sys
06:26:33.0725 12812 molcpeth - ok
06:26:33.0728 12812 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
06:26:33.0729 12812 monitor - ok
06:26:33.0732 12812 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
06:26:33.0732 12812 mouclass - ok
06:26:33.0735 12812 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
06:26:33.0735 12812 mouhid - ok
06:26:33.0738 12812 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
06:26:33.0739 12812 mountmgr - ok
06:26:33.0743 12812 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
06:26:33.0743 12812 mpio - ok
06:26:33.0747 12812 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
06:26:33.0748 12812 mpsdrv - ok
06:26:33.0752 12812 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
06:26:33.0753 12812 MRxDAV - ok
06:26:33.0757 12812 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
06:26:33.0758 12812 mrxsmb - ok
06:26:33.0763 12812 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:26:33.0764 12812 mrxsmb10 - ok
06:26:33.0768 12812 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:26:33.0769 12812 mrxsmb20 - ok
06:26:33.0771 12812 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
06:26:33.0771 12812 msahci - ok
06:26:33.0775 12812 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
06:26:33.0775 12812 msdsm - ok
06:26:33.0781 12812 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
06:26:33.0781 12812 Msfs - ok
06:26:33.0784 12812 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
06:26:33.0784 12812 mshidkmdf - ok
06:26:33.0787 12812 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
06:26:33.0787 12812 msisadrv - ok
06:26:33.0793 12812 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
06:26:33.0793 12812 MSKSSRV - ok
06:26:33.0796 12812 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
06:26:33.0797 12812 MSPCLOCK - ok
06:26:33.0800 12812 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
06:26:33.0800 12812 MSPQM - ok
06:26:33.0807 12812 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
06:26:33.0808 12812 MsRPC - ok
06:26:33.0812 12812 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
06:26:33.0812 12812 mssmbios - ok
06:26:33.0815 12812 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
06:26:33.0815 12812 MSTEE - ok
06:26:33.0818 12812 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
06:26:33.0818 12812 MTConfig - ok
06:26:33.0822 12812 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
06:26:33.0822 12812 Mup - ok
06:26:33.0827 12812 mv61xx (2e1bf5699d30f54bfe4ffd0efac8c93c) C:\Windows\system32\drivers\mv61xx.sys
06:26:33.0828 12812 mv61xx - ok
06:26:33.0838 12812 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
06:26:33.0839 12812 NativeWifiP - ok
06:26:33.0850 12812 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
06:26:33.0854 12812 NDIS - ok
06:26:33.0856 12812 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
06:26:33.0857 12812 NdisCap - ok
06:26:33.0859 12812 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
06:26:33.0860 12812 NdisTapi - ok
06:26:33.0863 12812 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
06:26:33.0864 12812 Ndisuio - ok
06:26:33.0867 12812 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
06:26:33.0868 12812 NdisWan - ok
06:26:33.0870 12812 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
06:26:33.0871 12812 NDProxy - ok
06:26:33.0875 12812 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
06:26:33.0876 12812 NetBIOS - ok
06:26:33.0880 12812 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
06:26:33.0881 12812 NetBT - ok
06:26:33.0944 12812 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\Windows\system32\DRIVERS\NETwNs64.sys
06:26:33.0977 12812 NETwNs64 - ok
06:26:33.0984 12812 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
06:26:33.0984 12812 nfrd960 - ok
06:26:33.0989 12812 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
06:26:33.0990 12812 Npfs - ok
06:26:33.0993 12812 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
06:26:33.0994 12812 nsiproxy - ok
06:26:34.0009 12812 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
06:26:34.0016 12812 Ntfs - ok
06:26:34.0018 12812 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
06:26:34.0018 12812 Null - ok
06:26:34.0023 12812 nusb3hub (01266516e6e88d183a2b58722eeb4443) C:\Windows\system32\DRIVERS\nusb3hub.sys
06:26:34.0023 12812 nusb3hub - ok
06:26:34.0028 12812 nusb3xhc (5ec04f55cc5f165f21752712437df638) C:\Windows\system32\DRIVERS\nusb3xhc.sys
06:26:34.0029 12812 nusb3xhc - ok
06:26:34.0034 12812 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
06:26:34.0034 12812 nvraid - ok
06:26:34.0038 12812 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
06:26:34.0039 12812 nvstor - ok
06:26:34.0043 12812 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
06:26:34.0044 12812 nv_agp - ok
06:26:34.0048 12812 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
06:26:34.0049 12812 ohci1394 - ok
06:26:34.0058 12812 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
06:26:34.0058 12812 Parport - ok
06:26:34.0061 12812 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
06:26:34.0062 12812 partmgr - ok
06:26:34.0067 12812 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
06:26:34.0068 12812 pci - ok
06:26:34.0070 12812 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
06:26:34.0070 12812 pciide - ok
06:26:34.0076 12812 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
06:26:34.0078 12812 pcmcia - ok
06:26:34.0080 12812 PCTINDIS5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\Windows\system32\PCTINDIS5X64.SYS
06:26:34.0082 12812 PCTINDIS5X64 - ok
06:26:34.0085 12812 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
06:26:34.0085 12812 pcw - ok
06:26:34.0091 12812 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
06:26:34.0094 12812 PEAUTH - ok
06:26:34.0109 12812 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\Windows\system32\DRIVERS\pnarp.sys
06:26:34.0109 12812 pnarp - ok
06:26:34.0114 12812 pnpcap (f91b04934128423a0b743367d0d08a5c) C:\Windows\system32\DRIVERS\pnpcap.sys
06:26:34.0115 12812 pnpcap - ok
06:26:34.0124 12812 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
06:26:34.0125 12812 PptpMiniport - ok
06:26:34.0128 12812 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
06:26:34.0128 12812 Processor - ok
06:26:34.0137 12812 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
06:26:34.0138 12812 Psched - ok
06:26:34.0141 12812 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\Windows\system32\DRIVERS\purendis.sys
06:26:34.0142 12812 purendis - ok
06:26:34.0146 12812 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
06:26:34.0147 12812 PxHlpa64 - ok
06:26:34.0163 12812 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
06:26:34.0169 12812 ql2300 - ok
06:26:34.0172 12812 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
06:26:34.0173 12812 ql40xx - ok
06:26:34.0176 12812 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
06:26:34.0177 12812 QWAVEdrv - ok
06:26:34.0180 12812 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
06:26:34.0180 12812 RasAcd - ok
06:26:34.0184 12812 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
06:26:34.0185 12812 RasAgileVpn - ok
06:26:34.0190 12812 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
06:26:34.0191 12812 Rasl2tp - ok
06:26:34.0196 12812 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
06:26:34.0197 12812 RasPppoe - ok
06:26:34.0200 12812 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
06:26:34.0201 12812 RasSstp - ok
06:26:34.0207 12812 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
06:26:34.0208 12812 rdbss - ok
06:26:34.0211 12812 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
06:26:34.0212 12812 rdpbus - ok
06:26:34.0215 12812 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
06:26:34.0215 12812 RDPCDD - ok
06:26:34.0222 12812 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
06:26:34.0223 12812 RDPDR - ok
06:26:34.0226 12812 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
06:26:34.0227 12812 RDPENCDD - ok
06:26:34.0233 12812 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
06:26:34.0233 12812 RDPREFMP - ok
06:26:34.0238 12812 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
06:26:34.0239 12812 RdpVideoMiniport - ok
06:26:34.0244 12812 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
06:26:34.0245 12812 RDPWD - ok
06:26:34.0249 12812 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
06:26:34.0250 12812 rdyboost - ok
06:26:34.0261 12812 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
06:26:34.0262 12812 RFCOMM - ok
06:26:34.0276 12812 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys
06:26:34.0277 12812 RSPCIESTOR - ok
06:26:34.0281 12812 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
06:26:34.0282 12812 rspndr - ok
06:26:34.0288 12812 RTHDMIAzAudService (c618475866f6a7129f64a55961c1bb8b) C:\Windows\system32\drivers\RtHDMIVX.sys
06:26:34.0290 12812 RTHDMIAzAudService - ok
06:26:34.0298 12812 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys
06:26:34.0300 12812 RTL8167 - ok
06:26:34.0305 12812 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
06:26:34.0305 12812 s3cap - ok
06:26:34.0313 12812 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
06:26:34.0314 12812 sbp2port - ok
06:26:34.0317 12812 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
06:26:34.0318 12812 scfilter - ok
06:26:34.0326 12812 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
06:26:34.0326 12812 secdrv - ok
06:26:34.0333 12812 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
06:26:34.0333 12812 Serenum - ok
06:26:34.0337 12812 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
06:26:34.0337 12812 Serial - ok
06:26:34.0339 12812 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
06:26:34.0340 12812 sermouse - ok
06:26:34.0348 12812 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
06:26:34.0348 12812 SFEP - ok
06:26:34.0351 12812 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
06:26:34.0351 12812 sffdisk - ok
06:26:34.0354 12812 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
06:26:34.0354 12812 sffp_mmc - ok
06:26:34.0357 12812 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
06:26:34.0357 12812 sffp_sd - ok
06:26:34.0361 12812 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
06:26:34.0361 12812 sfloppy - ok
06:26:34.0366 12812 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
06:26:34.0367 12812 SiSRaid2 - ok
06:26:34.0370 12812 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
06:26:34.0370 12812 SiSRaid4 - ok
06:26:34.0374 12812 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
06:26:34.0375 12812 Smb - ok
06:26:34.0385 12812 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
06:26:34.0385 12812 spldr - ok
06:26:34.0397 12812 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
06:26:34.0399 12812 srv - ok
06:26:34.0405 12812 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
06:26:34.0407 12812 srv2 - ok
06:26:34.0411 12812 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
06:26:34.0412 12812 srvnet - ok
06:26:34.0417 12812 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
06:26:34.0417 12812 stexstor - ok
06:26:34.0421 12812 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
06:26:34.0421 12812 StillCam - ok
06:26:34.0425 12812 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
06:26:34.0426 12812 storflt - ok
06:26:34.0428 12812 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
06:26:34.0429 12812 storvsc - ok
06:26:34.0433 12812 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
06:26:34.0433 12812 swenum - ok
06:26:34.0440 12812 Synth3dVsc (c3a39c4079305480972d29c44b868c78) C:\Windows\system32\drivers\synth3dvsc.sys
06:26:34.0441 12812 Synth3dVsc - ok
06:26:34.0453 12812 SynTP (563bdede4b77038a0e1cf0e86e395c5d) C:\Windows\system32\DRIVERS\SynTP.sys
06:26:34.0459 12812 SynTP - ok
06:26:34.0481 12812 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
06:26:34.0489 12812 Tcpip - ok
06:26:34.0500 12812 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
06:26:34.0507 12812 TCPIP6 - ok
06:26:34.0511 12812 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
06:26:34.0512 12812 tcpipreg - ok
06:26:34.0516 12812 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
06:26:34.0517 12812 TDPIPE - ok
06:26:34.0519 12812 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
06:26:34.0520 12812 TDTCP - ok
06:26:34.0524 12812 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
06:26:34.0525 12812 tdx - ok
06:26:34.0527 12812 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
06:26:34.0528 12812 TermDD - ok
06:26:34.0531 12812 terminpt (2b5bdff688ec9871d7ec5837833374e9) C:\Windows\system32\drivers\terminpt.sys
06:26:34.0531 12812 terminpt - ok
06:26:34.0536 12812 teVirtualMIDI64 (678bd7d7620368af1f399662e9b941b4) C:\Windows\system32\DRIVERS\teVirtualMIDI64.sys
06:26:34.0537 12812 teVirtualMIDI64 - ok
06:26:34.0544 12812 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
06:26:34.0544 12812 TPM - ok
06:26:34.0551 12812 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
06:26:34.0551 12812 tssecsrv - ok
06:26:34.0555 12812 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
06:26:34.0556 12812 TsUsbFlt - ok
06:26:34.0558 12812 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
06:26:34.0559 12812 TsUsbGD - ok
06:26:34.0563 12812 tsusbhub (e1748d04ae40118b62bc18ac86032192) C:\Windows\system32\drivers\tsusbhub.sys
06:26:34.0564 12812 tsusbhub - ok
06:26:34.0568 12812 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
06:26:34.0569 12812 tunnel - ok
06:26:34.0571 12812 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
06:26:34.0572 12812 uagp35 - ok
06:26:34.0579 12812 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
06:26:34.0580 12812 udfs - ok
06:26:34.0586 12812 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
06:26:34.0586 12812 uliagpkx - ok
06:26:34.0590 12812 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
06:26:34.0591 12812 umbus - ok
06:26:34.0593 12812 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
06:26:34.0594 12812 UmPass - ok
06:26:34.0602 12812 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
06:26:34.0602 12812 USBAAPL64 - ok
06:26:34.0607 12812 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
06:26:34.0608 12812 usbaudio - ok
06:26:34.0611 12812 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
06:26:34.0612 12812 usbccgp - ok
06:26:34.0615 12812 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
06:26:34.0616 12812 usbcir - ok
06:26:34.0619 12812 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
06:26:34.0619 12812 usbehci - ok
06:26:34.0626 12812 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
06:26:34.0627 12812 usbhub - ok
06:26:34.0630 12812 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
06:26:34.0631 12812 usbohci - ok
06:26:34.0634 12812 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
06:26:34.0634 12812 usbprint - ok
06:26:34.0638 12812 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:26:34.0638 12812 USBSTOR - ok
06:26:34.0641 12812 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
06:26:34.0642 12812 usbuhci - ok
06:26:34.0646 12812 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
06:26:34.0648 12812 usbvideo - ok
06:26:34.0661 12812 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
06:26:34.0661 12812 vdrvroot - ok
06:26:34.0666 12812 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
06:26:34.0666 12812 vga - ok
06:26:34.0669 12812 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
06:26:34.0670 12812 VgaSave - ok
06:26:34.0672 12812 VGPU - ok
06:26:34.0678 12812 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
06:26:34.0679 12812 vhdmp - ok
06:26:34.0681 12812 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
06:26:34.0682 12812 viaide - ok
06:26:34.0686 12812 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
06:26:34.0687 12812 vmbus - ok
06:26:34.0690 12812 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
06:26:34.0691 12812 VMBusHID - ok
06:26:34.0694 12812 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
06:26:34.0695 12812 volmgr - ok
06:26:34.0700 12812 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
06:26:34.0702 12812 volmgrx - ok
06:26:34.0706 12812 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
06:26:34.0708 12812 volsnap - ok
06:26:34.0712 12812 vpcbus (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
06:26:34.0713 12812 vpcbus - ok
06:26:34.0717 12812 vpcnfltr (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
06:26:34.0718 12812 vpcnfltr - ok
06:26:34.0722 12812 vpcusb (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
06:26:34.0722 12812 vpcusb - ok
06:26:34.0729 12812 vpcvmm (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
06:26:34.0731 12812 vpcvmm - ok
06:26:34.0735 12812 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
06:26:34.0736 12812 vsmraid - ok
06:26:34.0742 12812 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
06:26:34.0742 12812 vwifibus - ok
06:26:34.0746 12812 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
06:26:34.0746 12812 vwififlt - ok
06:26:34.0750 12812 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
06:26:34.0750 12812 vwifimp - ok
06:26:34.0755 12812 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
06:26:34.0756 12812 WacomPen - ok
06:26:34.0760 12812 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:26:34.0761 12812 WANARP - ok
06:26:34.0764 12812 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
06:26:34.0765 12812 Wanarpv6 - ok
06:26:34.0773 12812 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
06:26:34.0774 12812 Wd - ok
06:26:34.0781 12812 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
06:26:34.0784 12812 Wdf01000 - ok
06:26:34.0791 12812 wdkmd (5e1640435dd54d00451156ca5340b109) C:\Windows\system32\DRIVERS\WDKMD.sys
06:26:34.0791 12812 wdkmd - ok
06:26:34.0802 12812 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
06:26:34.0802 12812 WfpLwf - ok
06:26:34.0806 12812 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
06:26:34.0807 12812 WIMMount - ok
06:26:34.0824 12812 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
06:26:34.0824 12812 WmiAcpi - ok
06:26:34.0834 12812 WPRO_41_1742 - ok
06:26:34.0837 12812 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
06:26:34.0837 12812 ws2ifsl - ok
06:26:34.0843 12812 WSDPrintDevice (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
06:26:34.0843 12812 WSDPrintDevice - ok
06:26:34.0850 12812 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
06:26:34.0851 12812 WudfPf - ok
06:26:34.0855 12812 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
06:26:34.0856 12812 WUDFRd - ok
06:26:34.0874 12812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
06:26:34.0877 12812 \Device\Harddisk0\DR0 - ok
06:26:34.0879 12812 Boot (0x1200) (78f3a0511b14c1f25f820bade6059e06) \Device\Harddisk0\DR0\Partition0
06:26:34.0879 12812 \Device\Harddisk0\DR0\Partition0 - ok
06:26:34.0882 12812 Boot (0x1200) (91b8ea8486a2e205506731122780e016) \Device\Harddisk0\DR0\Partition1
06:26:34.0882 12812 \Device\Harddisk0\DR0\Partition1 - ok
06:26:34.0883 12812 ============================================================
06:26:34.0883 12812 Scan finished
06:26:34.0883 12812 ============================================================
06:26:34.0888 8320 Detected object count: 0
06:26:34.0888 8320 Actual detected object count: 0

 

[Bobbye]

Okay, go ahead and disinfect the flash drive while I go over the logs:

• Please download Panda USB Vaccine(you must provide valid e-mail and they will send you download link to this e-mail address) to your desktop.
• Install and run it.
• Plug in USB drive and click on Vaccinate USB and Vaccinate computer.

 

[trb456]

>>>Okay, go ahead and disinfect the flash drive while I go over the logs:

Done--thanks for link. No warnings occurred and vaccination seemed to work. I'm hoping we're close--thanks.

 

[Bobbye]

Question:
I found this entry loading from the registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=c:\combofix\CF29686.3XE" [2010-11-21 345088]
It appears that you installed Combofix on the system almost a year ago. I can stop this and I will have you uninstall Combofix when I'm sure the system is clean. It should not be kept on the computer or run in the background.
=====================================
A caution about this for the future: Bing Bar
I'm seeing some systems with the Bing Toolbar having Zugo- it's referred to as the Bing/Zugo toolbar. Zugo is adware and will hijack the homepage. I've seen it as a Firefox addon as well as in IE. If you downloaded it yourself and it's clean as yours seems to be, okay. But I'm thinking it's being pre-checked on other program download screens- so be aware.
================================
Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

File::
Extra::
File::
Firefox::
Firefox-: - Profile - c:\users\Todd Bault\AppData\Roaming\Mozilla\Firefox\Profiles\k8gqaac4.default\
Firefox-: prefs.js - Startup.HomepageURL 
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"=-"

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
I usually go back to the first post to determine what my next step may be. I noticed this comment:
"I run Win Defender but not a regular virus scan, though I have hardware firewall in my router."
No matter if you have a firewall- software or from a router, you always need an antivirus program. It should be updating regularly and a scan run with your regular maintenance. The actions of a firewall and an AV are different, I stopped running a third party firewall about 2 months after I got my first router, because there were no hits at all- the Windows Firewall is fine. But the AV is another layer of security, a very important one!
====================================
Please update the Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

There is usually malware in the Java cache when Java is outdated, so it needs to be cleared:

1. . Click Start > Control Panel.
2. . Double-click the Java icon
   
   in the Control Panel.
3. . Click Settings under Temporary Internet Files.
   http://www.java.com/en/img/download/5000020303.jpg[/b]
   There are three options on this window to clear the cache.(Version dependent)
   [o]. Delete Files
   [o]. View Applications
   [o]. View Applets
   [*]. Click OK on Delete Temporary Files window.
   Note: This deletes all the Downloaded Applications and Applets from the cache.
   [*]. Click OK on Temporary Files Settings window. [/list]
   ========================================
   Have we fixed all of the problems?

 

[trb456]

I think we're almost done

>>>It appears that you installed Combofix on the system almost a year ago

Not me--this computer is brand new only a couple of months ago, so I don't know what this means. Perhaps Sony uses Combofix on new units?

>>>Bing Bar

Preinstalled on the system, but I don't really use it and it can be uninstalled.

>>>No matter if you have a firewall- software or from a router, you always need an antivirus program.

Agreed! And now that I've read this site, I see that there are some good but thin clients out there, so I will install something!

I will run the Combofix script and unstall the Java updates and let you know how it goes, but I can't see any other problems. I will submit logs next. Thanks very much!

 

[trb456]

I cleared the Java cache. I don't seem to have any outdated versions of Java on my machine. Or rather, I am running version 6 update 22, and that is all I seem to have in the Programs lists (32 and 64 bit versions both, but no other updates). Am I missing something?

Combofix log follows. Looked good to me, no reboot, so I'm hoping we're close to done. I've seen there is a cleanup step yet to do, but is there anything else? I'll wait to do anything in any case. Thanks again!

ComboFix 11-10-10.04 - Todd Bault 10/10/2011 21:09:43.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8108.5698 [GMT -4:00]
Running from: c:\users\Todd Bault\Desktop\ComboFix.exe
Command switches used :: c:\users\Todd Bault\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\tmp\U
.
.
((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
.
.
2011-10-11 01:12 . 2011-10-11 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-09 16:32 . 2011-10-09 16:32 -------- d-----w- c:\programdata\Panda Security
2011-10-09 16:32 . 2011-10-09 16:32 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2011-10-09 10:43 . 2011-04-26 11:14 125440 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com\components\TrueSuite.WLOXPCOM.dll
2011-10-09 10:43 . 2011-10-09 10:43 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0589B112-0F90-434A-9454-B6191B92F630}\offreg.dll
2011-10-09 10:28 . 2011-07-07 17:28 520496 ----a-w- c:\windows\Listdlls.exe
2011-10-09 10:28 . 2011-05-17 16:48 423288 ----a-w- c:\windows\handle.exe
2011-10-07 21:41 . 2011-10-07 21:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-07 21:41 . 2011-10-07 21:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-07 21:41 . 2011-10-07 21:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-07 21:41 . 2011-10-07 21:41 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-07 21:39 . 2011-10-07 21:39 -------- d-----w- c:\program files (x86)\ESET
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Malwarebytes
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\programdata\Malwarebytes
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-06 03:21 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 01:11 . 2011-10-06 01:11 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-05 23:50 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0589B112-0F90-434A-9454-B6191B92F630}\mpengine.dll
2011-10-05 23:21 . 2011-10-05 23:21 -------- d-----w- c:\programdata\FRISK Software
2011-10-05 23:21 . 2011-10-05 23:21 -------- d-----w- c:\program files (x86)\FRISK Software
2011-10-05 20:00 . 2011-10-06 03:44 -------- d-----w- c:\windows\system32\MpEngineStore
2011-10-05 19:09 . 2011-10-05 19:13 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Line 6
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\programdata\Line 6
2011-10-05 19:09 . 2011-10-05 19:13 -------- d-----w- c:\programdata\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\CodeMeter
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files (x86)\CodeMeter
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files (x86)\Propellerhead
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\Propellerhead
2011-10-02 17:31 . 2011-10-02 17:33 -------- d---a-w- c:\users\Public\Bault
2011-10-02 17:30 . 2011-10-02 17:30 -------- d---a-w- c:\users\Public\Insurance
2011-10-01 19:15 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2011-10-01 19:15 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll
2011-10-01 19:15 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2011-10-01 19:15 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
2011-10-01 19:15 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2011-10-01 19:15 . 2009-08-04 17:55 10240 ----a-w- c:\windows\SysWow64\ftlx041e.dll
2011-10-01 19:15 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2011-10-01 19:08 . 2011-10-01 19:08 -------- d-----w- c:\program files (x86)\CRC Press
2011-09-30 18:32 . 2011-09-30 18:32 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-09-30 18:32 . 2011-09-30 18:32 -------- d-----w- c:\program files (x86)\TweetDeck
2011-09-30 16:38 . 2011-09-30 16:38 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\SNL Financial
2011-09-30 16:37 . 2011-09-30 16:37 -------- d-----w- c:\users\Todd Bault\AppData\Local\IsolatedStorage
2011-09-30 16:36 . 2011-09-30 16:36 -------- d-----w- c:\program files (x86)\SNL Financial
2011-09-30 16:35 . 2011-09-30 16:35 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-09-30 11:51 . 2011-09-30 11:51 -------- d-----w- c:\users\Default\AppData\Local\Sony Corporation
2011-09-27 13:48 . 2011-09-27 13:48 -------- d-----w- c:\program files\Vstplugins
2011-09-26 19:21 . 2011-09-26 19:21 -------- d-----w- c:\users\Todd Bault\AppData\Local\Native Instruments
2011-09-26 19:18 . 2011-09-26 19:18 -------- dc----w- c:\programdata\{B4D507D7-68F5-4F3B-BCAD-6916321201B4}
2011-09-26 19:17 . 2011-09-26 19:17 -------- dc-h--w- c:\programdata\{5C4E0CFB-E109-416E-B66B-470382013E3B}
2011-09-26 18:03 . 2011-09-26 18:03 -------- dc-h--w- c:\programdata\{34B6291D-C0D7-4BAF-B634-1D130C96F9F9}
2011-09-26 18:03 . 2011-09-27 13:46 -------- d-----w- c:\program files (x86)\Vstplugins
2011-09-26 18:03 . 2011-09-26 18:03 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-09-26 18:01 . 2011-09-26 18:01 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-09-26 18:01 . 2011-09-26 18:03 -------- d-----w- c:\program files\Native Instruments
2011-09-26 18:01 . 2011-09-26 18:01 -------- d-----w- c:\programdata\Native Instruments
2011-09-23 17:27 . 2011-09-23 17:27 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\fi.eye.center.E430518E652B889A80EC0E8A6E532C09FF36DF62.1
2011-09-23 17:27 . 2011-10-11 01:08 -------- d-----w- c:\users\Todd Bault\AppData\Local\Eye-Fi
2011-09-23 17:26 . 2011-09-23 17:43 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Eye-Fi
2011-09-23 17:26 . 2011-09-23 17:27 -------- d-----w- c:\program files (x86)\Eye-Fi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-09 10:35 . 2011-08-25 01:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-09 10:35 . 2011-08-25 01:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-09 10:35 . 2011-08-25 01:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-09 10:35 . 2011-08-25 01:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-09-26 15:40 . 2011-09-01 22:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-24 00:46 . 2011-08-29 13:30 1003 ----a-w- C:\miscsync.bat
2011-09-24 00:44 . 2011-08-29 13:30 149 ----a-w- C:\toddback.bat
2011-09-23 18:17 . 2011-08-29 13:30 1048 ----a-w- C:\picssync.bat
2011-09-01 21:55 . 2011-08-29 13:30 1361 ----a-w- C:\studiosync.bat
2011-09-01 21:54 . 2011-08-29 13:30 564 ----a-w- C:\olivesync.bat
2011-09-01 21:53 . 2011-08-29 13:30 1435 ----a-w- C:\offsite.bat
2011-09-01 21:53 . 2011-08-29 13:30 1333 ----a-w- C:\officesync.bat
2011-09-01 21:51 . 2011-08-29 13:30 974 ----a-w- C:\mp3sync.bat
2011-09-01 21:50 . 2011-08-29 13:30 160 ----a-w- C:\chemsync.bat
2011-08-25 16:56 . 2011-08-25 16:56 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe
2011-08-25 09:58 . 2011-08-25 09:58 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-24 23:29 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-08-24 18:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-02 09:48 . 2011-08-02 09:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-02 09:48 . 2003-02-21 11:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-02 09:47 . 2011-08-02 09:47 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-08-02 09:46 . 2011-08-02 09:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-02 09:46 . 2011-08-02 09:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-02 09:46 . 2011-08-02 09:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-02 09:46 . 2011-08-02 09:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-02 09:46 . 2011-08-02 09:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-02 09:46 . 2011-08-02 09:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-02 09:46 . 2011-08-02 09:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-02 09:46 . 2011-08-02 09:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-02 09:46 . 2011-08-02 09:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-02 09:46 . 2011-08-02 09:46 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-02 09:46 . 2011-08-02 09:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-02 09:46 . 2011-08-02 09:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-02 09:46 . 2011-08-02 09:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-02 09:46 . 2011-08-02 09:46 448512 ----a-w- c:\windows\system32\html.iec
2011-08-02 09:46 . 2011-08-02 09:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-02 09:46 . 2011-08-02 09:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-02 09:46 . 2011-08-02 09:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-02 09:46 . 2011-08-02 09:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-02 09:46 . 2011-08-02 09:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-02 09:46 . 2011-08-02 09:46 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-02 09:46 . 2011-08-02 09:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-02 09:46 . 2011-08-02 09:46 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-02 09:46 . 2011-08-02 09:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-02 09:46 . 2011-08-02 09:46 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-02 09:46 . 2011-08-02 09:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-02 09:46 . 2011-08-02 09:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-02 09:46 . 2011-08-02 09:46 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-02 09:46 . 2011-08-02 09:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-02 09:46 . 2011-08-02 09:46 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-02 09:46 . 2011-08-02 09:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-02 09:46 . 2011-08-02 09:46 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-02 09:46 . 2011-08-02 09:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-02 09:46 . 2011-08-02 09:46 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-02 09:46 . 2011-08-02 09:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-02 09:46 . 2011-08-02 09:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-02 09:46 . 2011-08-02 09:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-02 09:45 . 2011-08-02 09:45 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-08-02 09:45 . 2011-08-02 09:45 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-08-02 09:04 . 2011-08-02 09:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-02 09:04 . 2011-08-02 09:04 521448 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-22 05:42 . 2011-08-24 19:44 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-24 19:44 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-24 19:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-24 19:44 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-24 19:44 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-24 19:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41 . 2011-08-24 19:43 362496 ----a-w- c:\windows\system32\wow64win.dll
2011-07-16 05:41 . 2011-08-24 19:43 243200 ----a-w- c:\windows\system32\wow64.dll
2011-07-16 05:41 . 2011-08-24 19:43 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2011-07-16 05:39 . 2011-08-24 19:43 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2011-07-16 05:37 . 2011-08-24 19:43 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-07-16 05:21 . 2011-08-24 19:43 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-16 05:21 . 2011-08-24 19:43 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-07_21.34.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-10-09 10:45 64072 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-10-06 03:39 39008 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-09 10:45 39008 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-24 18:56 . 2011-10-10 04:30 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-24 18:56 . 2011-10-06 03:37 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-24 18:56 . 2011-10-06 03:37 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-08-24 18:56 . 2011-10-10 04:30 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-10 04:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-06 03:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-24 18:59 . 2011-10-09 10:45 3836 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2462782149-2452504269-3875717583-1000_UserData.bin
+ 2011-10-09 10:43 . 2011-10-09 10:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-09 10:43 . 2011-10-09 10:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-06 03:37 . 2011-10-07 21:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2011-10-09 16:36 665084 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-06 03:41 665084 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-09 16:36 122910 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-10-06 03:41 122910 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2011-10-06 03:36 463772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-09 10:43 463772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-24 19:14 . 2011-10-09 10:43 9164924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2462782149-2452504269-3875717583-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eye-Fi"="c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" [2011-04-19 3820152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-20 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"attcm_AppStart.exe"="c:\program files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2011-05-10 209032]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2011-06-22 75072]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-03-10 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-19 2101896]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-08-24 273528]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"smp.exe"="c:\program files (x86)\Pure Networks\Speed Meter Pro\smp.exe" [2008-09-14 767272]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
LoopBe30 Monitor.lnk - c:\program files (x86)\nerds.de\LoopBe30\loough.exe [2008-1-21 315256]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-8-24 666992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/02 02:48;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-03-03 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R2 ProntoDataService;Pronto Data Server;c:\programdata\Philips\Common Database\ProntoDataService.exe [2010-06-17 20480]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2011-06-22 124224]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys [x]
R3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys [x]
R3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R4 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2011-05-19 75912]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216]
S2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;c:\program files (x86)\Qualcomm\Gobi\GobiQDLService\GobiQDLService.exe [2011-04-07 318976]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-04-25 2375168]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 molcpeth;MusicLab NDIS MolCpEth Protocol;c:\windows\system32\DRIVERS\molcpeth.sys [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2011-06-22 91984]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\DRIVERS\pnpcap.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-06-10 199272]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2010-11-27 1126400]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-13 308592]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-29 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-04-28 552584]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-21 965256]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-08-18 103424]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x]
S3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
S3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);c:\windows\system32\drivers\loopbe30.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mlmolcp3;MolCp3 Miniport MIDI WDM Driver;c:\windows\system32\DRIVERS\mlmolcp3.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{256D58B7-0AA7-48AB-9A38-F818B284C20C}]
2011-09-24 19:44 62976 ----a-w- c:\program files (x86)\SNL Financial\SNLxl\InstallXLAddinRegKey.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:49]
.
2011-10-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-31 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-31 418840]
"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2011-06-10 562792]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-10 11817576]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-10 2209896]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-08-18 807936]
"MolCp3Monitor"="c:\program files\MusicLab\MolCp III\monitor.exe" [2010-09-11 174592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Todd Bault\AppData\Roaming\Mozilla\Firefox\Profiles\k8gqaac4.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-10 21:14:02
ComboFix-quarantined-files.txt 2011-10-11 01:14
.
Pre-Run: 285,360,472,064 bytes free
Post-Run: 285,319,847,936 bytes free
.
- - End Of File - - DAF97F781BC19E8256FF2A916EB41608

 

[Bobbye]

version 6 update 22

This is outdated: the current version of Java is v6u27. Please click on the blue Java Update ilink in my post above and get the update. If you have the auto-update running, it's not working.

 

[trb456]

Java is now updated, both 32 and 64-bit, and the update seems to have removed the old versions at the same time.

Please let me know what's next--anxious to finish up, given that everything looks pretty good!

 

[Bobbye]

About time the Jaa updates started overwriting the old version!

Logs look good. I need to check one entry:

Please run this Custom CFScript:

• 
  [1]. Close any open browsers.
  [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:

File::
c:\programdata\Kaspersky Lab
FileLook::
c:\windows\handle.exe
Folder::

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
What do you have from Kaspersky? I put the entry i the script but if you have a program or app, you should remove it. This would usually be their database and it has date of 10/6/2011

 

[trb456]

I downloaded Kaspersky as a first attempt to solve the problem. Happy to uninstall.

I'm currently on a business trip but will be back Friday morning. I'll run this script first thing. Assuming it works, could you provide me with follow up work now to do for Friday as well? I'm guessing we're nearly done, so I'd like to keep moving as fast as we can, as long as you agree. Thanks again for all of your help!

 

[Bobbye]

When I see the file info, I'll be able to finish you up. You're almost done.
======================================
To help with Kaspersky uninstall:
Download the archive kavremover.zip.

• Unpack the archive (for example, using WinZip)
• Double click on kavremover.exe
• Enter the code from the picture. If you cannot read the code from the picture, click on the button next to the picture to generate a new code
  [o] The screen will display the products detected.
  [o] You can also select Remove all known products.
• Click on the button Remove
  
  
• Wait until a dialog window appears to inform you that the product was successfully removed
  
  
• Click OK

Images courtesy Kaspersky

Reboot the computer.

 

[trb456]

Which do I do first? Remove Kaspersky, then run Combofix? Or just the former?

 

[Bobbye]

Remove Kaspersky. I have also included the one appdata entry I saw in the script for Combofixl.

 

[trb456]

Sorry, one more clarification. If I remove Kaspersky first, does the Combofix script need changing?

 

[trb456]

OK, Kaspersky Removal did not work. Program hung. The log does seem to have details on this.

In any case, Combofix did NOT remove the Kaspersky folder in c:\programdata. Like I said before, I downloaded the Kaspersky "emergency" program as a first attempt to get rid of this thing.

Here's the Combofix log first, then the Kaspersky log in a second post.

Rats. Was hoping to get this solved soon.

==========================================

ComboFix 11-10-14.02 - Todd Bault 10/14/2011 9:25.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8108.5559 [GMT -4:00]
Running from: c:\users\Todd Bault\Desktop\ComboFix.exe
Command switches used :: c:\users\Todd Bault\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Kaspersky Lab"
.
.
((((((((((((((((((((((((( Files Created from 2011-09-14 to 2011-10-14 )))))))))))))))))))))))))))))))
.
.
2011-10-14 13:28 . 2011-10-14 13:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-14 13:22 . 2011-10-14 13:22 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EE65841-4BF3-4032-9DD0-2AB80EB59E1C}\offreg.dll
2011-10-14 13:22 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4EE65841-4BF3-4032-9DD0-2AB80EB59E1C}\mpengine.dll
2011-10-14 13:16 . 2011-04-26 11:14 125440 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\websitelogon_toolbar@truesuite.com\components\TrueSuite.WLOXPCOM.dll
2011-10-11 22:32 . 2011-10-11 22:32 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-10-09 16:32 . 2011-10-09 16:32 -------- d-----w- c:\programdata\Panda Security
2011-10-09 16:32 . 2011-10-09 16:32 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
2011-10-09 10:28 . 2011-07-07 17:28 520496 ----a-w- c:\windows\Listdlls.exe
2011-10-09 10:28 . 2011-05-17 16:48 423288 ----a-w- c:\windows\handle.exe
2011-10-07 21:41 . 2011-10-07 21:41 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-10-07 21:41 . 2011-10-07 21:41 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-10-07 21:41 . 2011-10-07 21:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-10-07 21:41 . 2011-10-07 21:41 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-07 21:39 . 2011-10-07 21:39 -------- d-----w- c:\program files (x86)\ESET
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Malwarebytes
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\programdata\Malwarebytes
2011-10-06 03:21 . 2011-10-06 03:21 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-06 03:21 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-06 01:11 . 2011-10-06 01:11 -------- d-----w- c:\programdata\Kaspersky Lab
2011-10-05 23:21 . 2011-10-05 23:21 -------- d-----w- c:\programdata\FRISK Software
2011-10-05 23:21 . 2011-10-05 23:21 -------- d-----w- c:\program files (x86)\FRISK Software
2011-10-05 20:00 . 2011-10-06 03:44 -------- d-----w- c:\windows\system32\MpEngineStore
2011-10-05 19:09 . 2011-10-05 19:13 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Line 6
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\programdata\Line 6
2011-10-05 19:09 . 2011-10-05 19:13 -------- d-----w- c:\programdata\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Propellerhead Software
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\CodeMeter
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files (x86)\CodeMeter
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files (x86)\Propellerhead
2011-10-05 19:09 . 2011-10-05 19:09 -------- d-----w- c:\program files\Propellerhead
2011-10-02 17:31 . 2011-10-02 17:33 -------- d---a-w- c:\users\Public\Bault
2011-10-02 17:30 . 2011-10-02 17:30 -------- d---a-w- c:\users\Public\Insurance
2011-10-01 19:15 . 2009-08-04 17:56 296960 ----a-w- c:\windows\winhlp32.exe
2011-10-01 19:15 . 2009-08-04 17:55 195072 ----a-w- c:\windows\SysWow64\ftsrch.dll
2011-10-01 19:15 . 2009-08-04 17:55 195072 ----a-w- c:\windows\system32\ftsrch.dll
2011-10-01 19:15 . 2009-08-04 17:55 9216 ----a-w- c:\windows\SysWow64\ftlx0411.dll
2011-10-01 19:15 . 2009-08-04 17:55 9216 ----a-w- c:\windows\system32\ftlx0411.dll
2011-10-01 19:15 . 2009-08-04 17:55 10240 ----a-w- c:\windows\SysWow64\ftlx041e.dll
2011-10-01 19:15 . 2009-08-04 17:55 10240 ----a-w- c:\windows\system32\ftlx041e.dll
2011-10-01 19:08 . 2011-10-01 19:08 -------- d-----w- c:\program files (x86)\CRC Press
2011-09-30 18:32 . 2011-09-30 18:32 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2011-09-30 18:32 . 2011-09-30 18:32 -------- d-----w- c:\program files (x86)\TweetDeck
2011-09-30 16:38 . 2011-09-30 16:38 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\SNL Financial
2011-09-30 16:37 . 2011-09-30 16:37 -------- d-----w- c:\users\Todd Bault\AppData\Local\IsolatedStorage
2011-09-30 16:36 . 2011-09-30 16:36 -------- d-----w- c:\program files (x86)\SNL Financial
2011-09-30 16:35 . 2011-09-30 16:35 -------- d-----w- c:\program files (x86)\Microsoft WSE
2011-09-30 11:51 . 2011-09-30 11:51 -------- d-----w- c:\users\Default\AppData\Local\Sony Corporation
2011-09-27 13:48 . 2011-09-27 13:48 -------- d-----w- c:\program files\Vstplugins
2011-09-26 19:21 . 2011-09-26 19:21 -------- d-----w- c:\users\Todd Bault\AppData\Local\Native Instruments
2011-09-26 19:18 . 2011-09-26 19:18 -------- dc----w- c:\programdata\{B4D507D7-68F5-4F3B-BCAD-6916321201B4}
2011-09-26 19:17 . 2011-09-26 19:17 -------- dc-h--w- c:\programdata\{5C4E0CFB-E109-416E-B66B-470382013E3B}
2011-09-26 18:03 . 2011-09-26 18:03 -------- dc-h--w- c:\programdata\{34B6291D-C0D7-4BAF-B634-1D130C96F9F9}
2011-09-26 18:03 . 2011-09-27 13:46 -------- d-----w- c:\program files (x86)\Vstplugins
2011-09-26 18:03 . 2011-09-26 18:03 -------- d-----w- c:\program files\Common Files\Native Instruments
2011-09-26 18:01 . 2011-09-26 18:01 -------- dc-h--w- c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}
2011-09-26 18:01 . 2011-09-26 18:03 -------- d-----w- c:\program files\Native Instruments
2011-09-26 18:01 . 2011-09-26 18:01 -------- d-----w- c:\programdata\Native Instruments
2011-09-23 17:27 . 2011-09-23 17:27 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\fi.eye.center.E430518E652B889A80EC0E8A6E532C09FF36DF62.1
2011-09-23 17:27 . 2011-10-14 13:24 -------- d-----w- c:\users\Todd Bault\AppData\Local\Eye-Fi
2011-09-23 17:26 . 2011-09-23 17:43 -------- d-----w- c:\users\Todd Bault\AppData\Roaming\Eye-Fi
2011-09-23 17:26 . 2011-09-23 17:27 -------- d-----w- c:\program files (x86)\Eye-Fi
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 22:32 . 2011-08-02 09:04 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-10-11 22:31 . 2011-08-02 09:04 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-09 10:35 . 2011-08-25 01:39 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-10-09 10:35 . 2011-08-25 01:38 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-10-09 10:35 . 2011-08-25 01:38 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-10-09 10:35 . 2011-08-25 01:38 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-09-26 15:40 . 2011-09-01 22:05 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-24 00:46 . 2011-08-29 13:30 1003 ----a-w- C:\miscsync.bat
2011-09-24 00:44 . 2011-08-29 13:30 149 ----a-w- C:\toddback.bat
2011-09-23 18:17 . 2011-08-29 13:30 1048 ----a-w- C:\picssync.bat
2011-09-01 21:55 . 2011-08-29 13:30 1361 ----a-w- C:\studiosync.bat
2011-09-01 21:54 . 2011-08-29 13:30 564 ----a-w- C:\olivesync.bat
2011-09-01 21:53 . 2011-08-29 13:30 1435 ----a-w- C:\offsite.bat
2011-09-01 21:53 . 2011-08-29 13:30 1333 ----a-w- C:\officesync.bat
2011-09-01 21:51 . 2011-08-29 13:30 974 ----a-w- C:\mp3sync.bat
2011-09-01 21:50 . 2011-08-29 13:30 160 ----a-w- C:\chemsync.bat
2011-08-25 16:56 . 2011-08-25 16:56 47633 ----a-w- c:\windows\SysWow64\wuwuninst.exe
2011-08-25 09:58 . 2011-08-25 09:58 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-24 23:29 . 2003-03-19 03:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-08-24 18:49 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-02 09:48 . 2011-08-02 09:48 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2011-08-02 09:48 . 2003-02-21 11:42 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-02 09:47 . 2011-08-02 09:47 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
2011-08-02 09:46 . 2011-08-02 09:46 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-08-02 09:46 . 2011-08-02 09:46 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-08-02 09:46 . 2011-08-02 09:46 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-08-02 09:46 . 2011-08-02 09:46 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-08-02 09:46 . 2011-08-02 09:46 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-08-02 09:46 . 2011-08-02 09:46 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-08-02 09:46 . 2011-08-02 09:46 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-08-02 09:46 . 2011-08-02 09:46 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-08-02 09:46 . 2011-08-02 09:46 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-08-02 09:46 . 2011-08-02 09:46 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-08-02 09:46 . 2011-08-02 09:46 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-08-02 09:46 . 2011-08-02 09:46 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-08-02 09:46 . 2011-08-02 09:46 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-08-02 09:46 . 2011-08-02 09:46 448512 ----a-w- c:\windows\system32\html.iec
2011-08-02 09:46 . 2011-08-02 09:46 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-08-02 09:46 . 2011-08-02 09:46 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-08-02 09:46 . 2011-08-02 09:46 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-08-02 09:46 . 2011-08-02 09:46 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-02 09:46 . 2011-08-02 09:46 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-08-02 09:46 . 2011-08-02 09:46 222208 ----a-w- c:\windows\system32\msls31.dll
2011-08-02 09:46 . 2011-08-02 09:46 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-08-02 09:46 . 2011-08-02 09:46 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-08-02 09:46 . 2011-08-02 09:46 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-08-02 09:46 . 2011-08-02 09:46 160256 ----a-w- c:\windows\system32\wextract.exe
2011-08-02 09:46 . 2011-08-02 09:46 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-08-02 09:46 . 2011-08-02 09:46 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-08-02 09:46 . 2011-08-02 09:46 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-08-02 09:46 . 2011-08-02 09:46 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-08-02 09:46 . 2011-08-02 09:46 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-08-02 09:46 . 2011-08-02 09:46 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-08-02 09:46 . 2011-08-02 09:46 12288 ----a-w- c:\windows\system32\mshta.exe
2011-08-02 09:46 . 2011-08-02 09:46 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-08-02 09:46 . 2011-08-02 09:46 114176 ----a-w- c:\windows\system32\admparse.dll
2011-08-02 09:46 . 2011-08-02 09:46 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-08-02 09:46 . 2011-08-02 09:46 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-08-02 09:46 . 2011-08-02 09:46 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-08-02 09:45 . 2011-08-02 09:45 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-08-02 09:45 . 2011-08-02 09:45 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-08-02 09:45 . 2011-08-02 09:45 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-07-22 05:42 . 2011-08-24 19:44 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 05:36 . 2011-08-24 19:44 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 05:32 . 2011-08-24 19:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-22 02:54 . 2011-08-24 19:44 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-07-22 02:48 . 2011-08-24 19:44 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-07-22 02:44 . 2011-08-24 19:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\handle.exe ---
Company: Sysinternals
File Description: Handle viewer
File Version: 3.46
Product Name: Sysinternals Handle
Copyright: Copyright © 1997-2011 Mark Russinovich
Original Filename: Nthandle.exe
File size: 423288
Created time: 2011-10-09 10:28
Modified time: 2011-05-17 16:48
MD5: 50C128C5B28237B3A01AFBDF0E546245
SHA1: 7DFFDFDE2856D2DBD21F54AF16EDD9CC3447CB6F
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-07_21.34.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2011-10-09 10:45 64072 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-14 13:18 39024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-24 18:56 . 2011-10-10 04:30 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-24 18:56 . 2011-10-06 03:37 49152 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-24 18:56 . 2011-10-10 04:30 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-24 18:56 . 2011-10-06 03:37 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-06 03:37 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-10 04:30 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-24 18:59 . 2011-10-14 13:18 3852 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2462782149-2452504269-3875717583-1000_UserData.bin
+ 2011-10-09 10:43 . 2011-10-14 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-06 03:37 . 2011-10-07 21:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-09 10:43 . 2011-10-14 13:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-11 22:32 . 2011-10-11 22:32 157472 c:\windows\SysWOW64\javaws.exe
+ 2011-10-11 22:32 . 2011-10-11 22:32 145184 c:\windows\SysWOW64\javaw.exe
- 2011-08-02 09:04 . 2011-08-02 09:04 145184 c:\windows\SysWOW64\javaw.exe
+ 2011-10-11 22:32 . 2011-10-11 22:32 145184 c:\windows\SysWOW64\java.exe
- 2011-08-02 09:04 . 2011-08-02 09:04 145184 c:\windows\SysWOW64\java.exe
+ 2009-07-14 02:36 . 2011-10-14 13:23 665084 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-06 03:41 665084 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-06 03:41 122910 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-14 13:23 122910 c:\windows\system32\perfc009.dat
+ 2011-10-11 22:31 . 2011-10-11 22:31 190752 c:\windows\system32\javaws.exe
- 2011-08-02 09:04 . 2011-08-02 09:04 171808 c:\windows\system32\javaw.exe
+ 2011-10-11 22:31 . 2011-10-11 22:31 171808 c:\windows\system32\javaw.exe
+ 2011-10-11 22:31 . 2011-10-11 22:31 171808 c:\windows\system32\java.exe
- 2011-08-02 09:04 . 2011-08-02 09:04 171808 c:\windows\system32\java.exe
- 2009-07-14 05:01 . 2011-10-06 03:36 463772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-10-09 10:43 463772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-10-11 22:32 . 2011-10-11 22:32 207360 c:\windows\Installer\cd529e7.msi
+ 2011-10-11 22:31 . 2011-10-11 22:31 907264 c:\windows\Installer\cd529d9.msi
+ 2011-10-11 22:31 . 2011-10-11 22:31 908800 c:\windows\Installer\cd5275f.msi
+ 2009-07-14 02:34 . 2011-10-14 13:22 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2011-09-13 22:19 9961472 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2011-08-24 19:14 . 2011-10-09 10:43 9164924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2462782149-2452504269-3875717583-1000-12288.dat
+ 2011-10-14 13:24 . 2011-10-14 13:24 9904128 c:\windows\ERDNT\Hiv-backup\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eye-Fi"="c:\program files (x86)\Eye-Fi\Helper\EyeFiHelper.exe" [2011-04-19 3820152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-20 336384]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"attcm_AppStart.exe"="c:\program files (x86)\AT&T\AT&T Communication Manager\attcm_AppStart.exe" [2011-05-10 209032]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-06-08 40376]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-23 640440]
"Sprint SmartView"="c:\program files (x86)\Sprint\Sprint SmartView\SprintSV.exe" [2011-06-22 75072]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-03-10 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"VAIO Boot Manager"="c:\program files (x86)\Sony\VAIO Boot Manager\StartUpProcessDelayTool.exe" [2011-05-19 2101896]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-08-24 273528]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"smp.exe"="c:\program files (x86)\Pure Networks\Speed Meter Pro\smp.exe" [2008-09-14 767272]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
Google Calendar Sync.lnk - c:\program files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
LoopBe30 Monitor.lnk - c:\program files (x86)\nerds.de\LoopBe30\loough.exe [2008-1-21 315256]
Windows Home Server.lnk - c:\windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe [2011-8-24 666992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2011/08/02 02:48;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-03-03 240112]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R2 ProntoDataService;Pronto Data Server;c:\programdata\Philips\Common Database\ProntoDataService.exe [2010-06-17 20480]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2008-03-18 68096]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
R3 CASprint;Sprint Con App Svc;c:\program files (x86)\Sprint\Sprint SmartView\ConAppsSvc.exe [2011-06-22 124224]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gobi3kfilter;Qualcomm Gobi 3000 USB Composite Device Filter Driver;c:\windows\system32\DRIVERS\gobi3kfilter.sys [x]
R3 gobi3kmbb;Qualcomm Gobi 3000 USB-NDIS 6.20 miniport;c:\windows\system32\DRIVERS\gobi3kmbb.sys [x]
R3 gobi3kserial;Qualcomm Gobi 3000 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gobi3kserial.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;c:\windows\system32\PCTINDIS5X64.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_1742;WinPcap Packet Driver (WPRO_41_1742);c:\windows\system32\drivers\WPRO_41_1742.sys [x]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R4 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
R4 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
R4 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
R4 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
R4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-20 549616]
R4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
R4 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ActiveDelayDeviceService;ActiveDelayDeviceService;c:\program files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2011-05-19 75912]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-01-10 231280]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 esClient;Windows Media Center Client Service;c:\program files\Windows Home Server\esClient.exe [2011-01-10 109936]
S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2011-04-26 294216]
S2 GobiQDLService;Qualcomm Gobi Anywhere Download Service;c:\program files (x86)\Qualcomm\Gobi\GobiQDLService\GobiQDLService.exe [2011-04-07 318976]
S2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe [2009-10-05 20992]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-04-25 2375168]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 MediaCollectorService;MediaCollectorService;c:\program files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe [2009-10-05 81920]
S2 molcpeth;MusicLab NDIS MolCpEth Protocol;c:\windows\system32\DRIVERS\molcpeth.sys [x]
S2 NvtlService;NovaCore SDK Service;c:\program files (x86)\Novatel Wireless\Novacore\Server\NvtlSrvr.exe [2011-06-22 91984]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-02-15 47104]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 pnpcap;Pure Networks Packet Capture Driver;c:\windows\system32\DRIVERS\pnpcap.sys [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-06-10 199272]
S2 rtpMIDIService;rtpMIDIService;c:\program files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [2010-11-27 1126400]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
S2 SlingAgentService;SlingAgentService;c:\program files (x86)\Sling Media\SlingAgent\SlingAgentService.exe [2010-11-03 94024]
S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [2010-09-13 308592]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-29 2656280]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-04-28 552584]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-21 965256]
S2 WebUpdate4;Web Update Wizard Service V4;c:\windows\SysWOW64\WebUpdateSvc4.exe [2008-09-15 262360]
S2 WHSConnector;Windows Home Server Connector Service;c:\program files\Windows Home Server\WHSConnector.exe [2011-01-10 489840]
S2 WysePocketCloud;Wyse PocketCloud;c:\program files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2011-08-18 103424]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [x]
S3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
S3 Fwleaf;NETGEAR Firewall Driver;c:\windows\system32\DRIVERS\fwleaf.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [x]
S3 LoopBe30;nerds.de LoopBe30 - Internal Midi Port SvcDesc(WDM);c:\windows\system32\drivers\loopbe30.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 mlmolcp3;MolCp3 Miniport MIDI WDM Driver;c:\windows\system32\DRIVERS\mlmolcp3.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 teVirtualMIDI64;teVirtualMIDI - Virtual MIDI Driver x64;c:\windows\system32\DRIVERS\teVirtualMIDI64.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{256D58B7-0AA7-48AB-9A38-F818B284C20C}]
2011-09-24 19:44 62976 ----a-w- c:\program files (x86)\SNL Financial\SNLxl\InstallXLAddinRegKey.dll
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:49]
.
2011-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:49]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-31 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-31 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-31 418840]
"vncutil"="c:\program files\Realtek\Audio\HDA\vncutil64.exe" [2011-06-10 562792]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-10 11817576]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-10 2209896]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-12-14 10222080]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 421192]
"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2011-04-26 308040]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"PocketCloud Location"="c:\program files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe" [2011-08-18 807936]
"MolCp3Monitor"="c:\program files\MusicLab\MolCp III\monitor.exe" [2010-09-11 174592]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
Handler: leaf - {3c4a8a13-029e-430d-b8c1-46e834d20b31} - c:\windows\System32\mscoree.dll
FF - ProfilePath - c:\users\Todd Bault\AppData\Roaming\Mozilla\Firefox\Profiles\k8gqaac4.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-10-14 09:30:09
ComboFix-quarantined-files.txt 2011-10-14 13:30
ComboFix2.txt 2011-10-11 01:14
.
Pre-Run: 286,485,528,576 bytes free
Post-Run: 286,342,414,336 bytes free
.
- - End Of File - - EEB116CD0DAF62021864D38DCD5056AE