Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects, GAC_32\Desktop.ini and GAC_64\Desktop.ini


  • This topic is locked This topic is locked
18 replies to this topic

#1 sharpie22

sharpie22

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 14 July 2012 - 09:21 PM

Please help me with this issue, google is constantly redirecting to spam sites and AVG is posting up issues every 30 seconds on my laptop. Also, whenever I go to websites that are secured where I have to enter a password, google chrome tells me that "The site's security certificate is signed using a weak signature algorithm". I have Windows 7, 64 bit.

In AVG, I am seeing threats in c:\Windows\assembly\GAC_32\Desktop.ini and GAC_64\Desktop.ini, the infection name is Trojan Horse Backdoor.Generic15.AXLA

Also, I am seeing Trojan Horse Patched_c.LXT in C:\Windows\System32\services.exe

Here is my DDS Log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by snowbordtildeath at 21:07:27 on 2012-07-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2367 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxeecoms.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\ico.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\PROGRA~2\AD-AWA~1\AdAware.exe
C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\explorer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\explorer.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
uStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
mStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 198.18.1.1:80
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: PodcastBHO Class: {65134fdf-f8a5-4b3d-91d9-cdf273cfd578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Funmoods Helper Object: {75ebb0aa-4214-4cb4-90ec-e3e07ecd04f7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: Funmoods Toolbar: {a4c272ec-ed9e-4ace-a6f2-9558c7f29ef3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Google Update] "C:\Users\snowbordtildeath\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [JumiController]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [Lexmark Pro700 Series] "C:\Program Files (x86)\Lexmark Pro700 Series\fm3032.exe" /s
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\2656C6B696E6534376 : DhcpNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\34F65727479716274602745756374727F6F6D677962756C6563737 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\94E6469616E6160244164716023456E6475627 : DhcpNameServer = 69.1.148.1
TCP: Interfaces\{78BDB85A-779B-4502-8761-6D53EBA4BA48}\C637F68613D27657563747 : DhcpNameServer = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: HelperObject Class: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: PodcastBHO Class: {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
BHO-X64: dTPodcastBHO - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll
BHO-X64: Funmoods Helper Object - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: SnagIt: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun-x64: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun-x64: [Lexmark Pro700 Series] "C:\Program Files (x86)\Lexmark Pro700 Series\fm3032.exe" /s
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [Ad-Aware Antivirus] "C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\snowbordtildeath\AppData\Roaming\Mozilla\Firefox\Profiles\0knq8ve4.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - prefs.js: browser.search.selectedEngine - Search
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Skyhook Wireless\Loki Browser Plugin\versions\3.1.0.05\nploki.dll
FF - plugin: C:\Users\snowbordtildeath\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\snowbordtildeath\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\snowbordtildeath\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607&q=
FF - user.js: extensions.funmoods.id - 00FFB02BBD0692E1
FF - user.js: extensions.funmoods.instlDay - 15535
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.229:10:38
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - aln
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - aln
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 iPodDrv;iPodDrv;\??\C:\Windows\system32\drivers\iPodDrv.sys --> C:\Windows\system32\drivers\iPodDrv.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 FwLnk;FwLnk Driver;C:\Windows\system32\DRIVERS\FwLnk.sys --> C:\Windows\system32\DRIVERS\FwLnk.sys [?]
R3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\C:\Windows\system32\B9CC.tmp --> C:\Windows\system32\B9CC.tmp [?]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-10-15 24176]
.
=============== Created Last 30 ================
.
2012-07-15 04:11:06 -------- d-----w- C:\FRST
2012-07-14 14:18:24 -------- d-----w- C:\Users\snowbordtildeath\AppData\Roaming\AVG2012
2012-07-14 14:17:28 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-07-14 14:16:01 -------- d--h--w- C:\$AVG
2012-07-14 14:15:59 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-07-14 14:15:59 -------- d-----w- C:\ProgramData\AVG2012
2012-07-14 14:14:39 -------- d-----w- C:\Program Files (x86)\AVG
2012-07-14 14:10:47 -------- d--h--w- C:\ProgramData\Common Files
2012-07-14 14:10:47 -------- d-----w- C:\ProgramData\MFAData
2012-07-14 14:10:40 -------- d-----w- C:\Program Files (x86)\Funmoods
2012-07-12 00:17:40 -------- d-----w- C:\Users\snowbordtildeath\AppData\Local\adaware
2012-07-12 00:17:19 60536 ----a-w- C:\Windows\System32\drivers\sbhips.sys
2012-07-12 00:17:03 256632 ----a-w- C:\Windows\System32\drivers\SbFw.sys
2012-07-12 00:17:03 119416 ----a-w- C:\Windows\System32\drivers\SbFwIm.sys
2012-07-12 00:17:02 57976 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2012-07-12 00:17:02 45936 ----a-w- C:\Windows\System32\sbbd.exe
2012-07-12 00:16:59 -------- d-----w- C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-12 00:16:18 -------- d-----w- C:\Users\snowbordtildeath\AppData\Local\adawarebp
2012-07-12 00:16:17 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-07-12 00:16:12 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-07-12 00:16:09 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-07-12 00:15:06 -------- d-----w- C:\Users\snowbordtildeath\AppData\Roaming\Ad-Aware Antivirus
2012-07-11 08:47:22 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-11 06:34:08 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 02:07:20 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 02:05:22 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-11 02:05:21 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-07-11 02:05:21 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2012-07-11 02:05:21 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2012-07-11 02:05:21 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 02:05:20 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2012-07-11 02:05:20 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2012-07-11 02:05:20 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 02:05:19 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 02:05:19 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 02:05:19 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 02:05:19 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 02:05:18 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-11 01:50:22 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CD56324D-515A-4D72-8F82-5A0D1ACCABC1}\mpengine.dll
2012-07-07 21:55:28 -------- d-----w- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
2012-07-07 21:55:14 4200024 ----a-w- C:\Windows\SysWow64\cdintf400.dll
2012-07-07 21:53:00 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2012-07-07 21:52:25 -------- d-----w- C:\Users\snowbordtildeath\AppData\Roaming\Intuit
2012-07-07 21:52:25 -------- d-----w- C:\Program Files (x86)\Quicken
2012-07-07 21:51:42 -------- d-----w- C:\ProgramData\Intuit
2012-06-27 22:29:13 -------- d-----w- C:\Users\snowbordtildeath\AppData\Local\Macromedia
2012-06-22 20:57:37 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 20:56:54 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 20:56:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 20:56:27 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 20:48:24 -------- d-----w- C:\Users\snowbordtildeath\AppData\Roaming\Macrovision
.
==================== Find3M ====================
.
2012-07-12 07:20:31 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 07:20:31 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 00:51:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-19 09:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
.
============= FINISH: 21:10:16.26 ===============

Attached Files


Edited by sharpie22, 14 July 2012 - 11:26 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 14 July 2012 - 11:53 PM

Greetings and Welcome to The Forums!!


My name is Gringo and I'll be glad to help you with your computer problems.

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

<insert av's>

Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 15 July 2012 - 09:08 AM

Seems to be working much better now after running combofix!

Here are the logs, I also got rid of mcaffee and the other antiviruses and only kept avg.

Logs:

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Sophos Anti-Rootkit 1.5.4
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Companion 1.9.0
CCleaner
Java™ 6 Update 31
Java version out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````




ComboFix 12-07-14.01 - snowbordtildeath 07/15/2012 8:37.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2552 [GMT -5:00]
Running from: E:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\snowbordtildeath\Documents\~WRL0001.tmp
c:\users\snowbordtildeath\Documents\~WRL0002.tmp
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\@
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\L\00000004.@
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\L\1afb2d56
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\L\201d3dde
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\U\00000004.@
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\U\00000008.@
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\U\000000cb.@
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\U\80000000.@
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\U\80000032.@
c:\windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 12:59 . 2010-05-26 16:39 6144 ------w- c:\windows\system32\67.tmp
2012-07-15 12:57 . 2012-07-15 12:57 -------- d-----w- c:\programdata\GFI Software
2012-07-15 04:11 . 2012-07-15 04:11 -------- d-----w- C:\FRST
2012-07-15 03:56 . 2012-07-15 13:13 -------- d-----w- c:\program files\HitmanPro
2012-07-15 03:55 . 2012-07-15 04:11 -------- d-----w- c:\programdata\HitmanPro
2012-07-15 03:45 . 2012-07-15 03:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-14 14:18 . 2012-07-14 14:18 -------- d-----w- c:\users\snowbordtildeath\AppData\Roaming\AVG2012
2012-07-14 14:17 . 2012-07-14 14:17 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-14 14:16 . 2012-07-14 14:16 -------- d-----w- C:\$AVG
2012-07-14 14:15 . 2012-07-15 13:09 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-14 14:15 . 2012-07-15 13:05 -------- d-----w- c:\programdata\AVG2012
2012-07-14 14:14 . 2012-07-14 14:14 -------- d-----w- c:\program files (x86)\AVG
2012-07-14 14:10 . 2012-07-15 13:09 -------- d-----w- c:\programdata\MFAData
2012-07-14 14:10 . 2012-07-14 14:10 -------- d--h--w- c:\programdata\Common Files
2012-07-14 14:10 . 2012-07-14 14:10 -------- d-----w- c:\program files (x86)\Funmoods
2012-07-12 00:16 . 2012-07-15 12:57 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-12 00:16 . 2012-07-12 00:16 -------- d-----w- c:\users\snowbordtildeath\AppData\Local\adawarebp
2012-07-11 08:47 . 2012-07-11 08:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 06:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:07 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 02:07 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 02:07 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-11 02:07 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-11 02:07 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-11 02:07 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-11 02:07 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-11 02:07 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 02:07 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-11 02:07 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-11 02:07 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-11 02:07 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-07 21:55 . 2012-07-07 21:55 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2012-07-07 21:55 . 2011-09-17 00:51 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-07-07 21:53 . 2012-07-07 21:53 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-07-07 21:52 . 2012-07-07 22:16 -------- d-----w- c:\program files (x86)\Quicken
2012-07-07 21:52 . 2012-07-07 21:52 -------- d-----w- c:\users\snowbordtildeath\AppData\Roaming\Intuit
2012-07-07 21:51 . 2012-07-07 21:51 -------- d-----w- c:\programdata\Intuit
2012-06-27 22:29 . 2012-06-27 22:29 -------- d-----w- c:\users\snowbordtildeath\AppData\Local\Macromedia
2012-06-22 20:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 20:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 20:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 20:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 20:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 20:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 20:56 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 20:56 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 20:48 . 2012-06-22 20:48 -------- d-----w- c:\users\snowbordtildeath\AppData\Roaming\Macrovision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 13:39 . 2012-07-15 13:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD56324D-515A-4D72-8F82-5A0D1ACCABC1}\offreg.dll
2012-07-12 07:20 . 2012-03-30 23:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 07:20 . 2011-06-22 11:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2010-08-19 14:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 08:25 . 2012-07-11 04:00 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 04:40 . 2012-07-11 02:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 02:07 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:34 . 2012-07-11 02:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 04:04 . 2012-07-11 01:50 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD56324D-515A-4D72-8F82-5A0D1ACCABC1}\mpengine.dll
2012-05-30 22:56 . 2012-05-30 22:56 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-14 01:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:06 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 00:51 . 2012-05-02 00:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-01 05:40 . 2012-06-14 01:06 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 01:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 01:07 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 01:07 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 01:07 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 01:06 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 01:06 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 01:06 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:06 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:06 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 01:06 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Lexmark Pro700 Series"="c:\program files (x86)\Lexmark Pro700 Series\fm3032.exe" [2010-05-17 316072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-01-13 36328]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [x]
R3 clr_optimization_v4.0.21006_64;Microsoft .NET Framework NGEN v4.0.21006_X64;c:\windows\Microsoft.NET\Framework64\v4.0.21006\mscorsvw.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-19 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\67.tmp [2010-05-26 6144]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-13 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-13 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-13 145384]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 14952]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-08-16 198000]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]
S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-10 803696]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-03-23 14472]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 8704]
S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 15160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-03-16 82816]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 32832]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeapfk
*Deregistered* - mfeavfk
*Deregistered* - mfehidk
*Deregistered* - mferkdet
*Deregistered* - sptd
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:20]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 07:22]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 07:22]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-142294798-57640970-462181985-1000Core.job
- c:\users\snowbordtildeath\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 07:22]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-142294798-57640970-462181985-1000UA.job
- c:\users\snowbordtildeath\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 07:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1713448]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-29 90624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"lxeemon.exe"="c:\program files (x86)\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro700 Series\ezprint.exe" [2010-05-17 148280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
mStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\snowbordtildeath\AppData\Roaming\Mozilla\Firefox\Profiles\0knq8ve4.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607&q=
FF - user.js: extensions.funmoods.id - 00FFB02BBD0692E1
FF - user.js: extensions.funmoods.instlDay - 15535
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.229:10
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - aln
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - aln
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-JumiController - (no file)
SafeBoot-58503018.sys
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosSENotify - c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
HKLM-Run-TPCHWMsg - c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\67.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}*]
"XOGCPEUPGZA3BTOUPKIJ6FJXTE1"=hex:01,00,01,00,00,00,00,00,9a,27,1e,8a,da,80,81,
12,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-07-15 09:03:24 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 14:03
.
Pre-Run: 26,679,910,400 bytes free
Post-Run: 27,046,629,376 bytes free
.
- - End Of File - - FFA7F29A623C83F5C04CB4B1E8516DFC

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 15 July 2012 - 11:05 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 15 July 2012 - 11:14 AM

Nothing found in TDSSKiller, here is the log:


11:11:28.0925 7344 TDSS rootkit removing tool 2.7.45.0 Jul 9 2012 12:46:35
11:11:29.0229 7344 ============================================================
11:11:29.0229 7344 Current date / time: 2012/07/15 11:11:29.0229
11:11:29.0230 7344 SystemInfo:
11:11:29.0230 7344
11:11:29.0230 7344 OS Version: 6.1.7601 ServicePack: 1.0
11:11:29.0230 7344 Product type: Workstation
11:11:29.0230 7344 ComputerName: SNOWBORDTILD-PC
11:11:29.0230 7344 UserName: snowbordtildeath
11:11:29.0230 7344 Windows directory: C:\Windows
11:11:29.0230 7344 System windows directory: C:\Windows
11:11:29.0230 7344 Running under WOW64
11:11:29.0230 7344 Processor architecture: Intel x64
11:11:29.0230 7344 Number of processors: 2
11:11:29.0230 7344 Page size: 0x1000
11:11:29.0230 7344 Boot type: Normal boot
11:11:29.0230 7344 ============================================================
11:11:29.0822 7344 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:11:29.0838 7344 ============================================================
11:11:29.0838 7344 \Device\Harddisk0\DR0:
11:11:29.0838 7344 MBR partitions:
11:11:29.0838 7344 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23D28000
11:11:29.0838 7344 ============================================================
11:11:29.0873 7344 C: <-> \Device\Harddisk0\DR0\Partition0
11:11:29.0874 7344 ============================================================
11:11:29.0874 7344 Initialize success
11:11:29.0874 7344 ============================================================
11:11:31.0508 5952 ============================================================
11:11:31.0508 5952 Scan started
11:11:31.0508 5952 Mode: Manual;
11:11:31.0508 5952 ============================================================
11:11:32.0312 5952 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:11:32.0335 5952 1394ohci - ok
11:11:32.0440 5952 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:11:32.0444 5952 ACPI - ok
11:11:32.0510 5952 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:11:32.0513 5952 AcpiPmi - ok
11:11:32.0676 5952 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
11:11:32.0678 5952 Adobe LM Service - ok
11:11:32.0831 5952 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:11:32.0833 5952 AdobeARMservice - ok
11:11:33.0069 5952 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:11:33.0073 5952 AdobeFlashPlayerUpdateSvc - ok
11:11:33.0213 5952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:11:33.0289 5952 adp94xx - ok
11:11:33.0362 5952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:11:33.0383 5952 adpahci - ok
11:11:33.0436 5952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:11:33.0457 5952 adpu320 - ok
11:11:33.0534 5952 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:11:33.0536 5952 AeLookupSvc - ok
11:11:33.0647 5952 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:11:33.0656 5952 AFD - ok
11:11:33.0751 5952 AgereModemAudio (b65f8dba54f251906bbe8611b5a0e7ab) C:\Program Files\LSI SoftModem\agr64svc.exe
11:11:33.0752 5952 AgereModemAudio - ok
11:11:33.0886 5952 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
11:11:33.0924 5952 AgereSoftModem - ok
11:11:33.0997 5952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:11:34.0000 5952 agp440 - ok
11:11:34.0080 5952 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:11:34.0082 5952 ALG - ok
11:11:34.0111 5952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:11:34.0113 5952 aliide - ok
11:11:34.0128 5952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:11:34.0130 5952 amdide - ok
11:11:34.0197 5952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:11:34.0200 5952 AmdK8 - ok
11:11:34.0237 5952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:11:34.0240 5952 AmdPPM - ok
11:11:34.0316 5952 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:11:34.0331 5952 amdsata - ok
11:11:34.0378 5952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:11:34.0385 5952 amdsbs - ok
11:11:34.0406 5952 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:11:34.0406 5952 amdxata - ok
11:11:34.0466 5952 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
11:11:34.0469 5952 androidusb - ok
11:11:34.0545 5952 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:11:34.0548 5952 AppID - ok
11:11:34.0605 5952 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:11:34.0607 5952 AppIDSvc - ok
11:11:34.0672 5952 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:11:34.0674 5952 Appinfo - ok
11:11:34.0867 5952 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:11:34.0869 5952 Apple Mobile Device - ok
11:11:34.0965 5952 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:11:34.0971 5952 arc - ok
11:11:35.0001 5952 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:11:35.0018 5952 arcsas - ok
11:11:35.0079 5952 ASPI - ok
11:11:35.0238 5952 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:11:35.0241 5952 aspnet_state - ok
11:11:35.0266 5952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:11:35.0269 5952 AsyncMac - ok
11:11:35.0344 5952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:11:35.0346 5952 atapi - ok
11:11:35.0395 5952 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
11:11:35.0426 5952 atksgt - ok
11:11:35.0540 5952 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:11:35.0555 5952 AudioEndpointBuilder - ok
11:11:35.0563 5952 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:11:35.0568 5952 AudioSrv - ok
11:11:35.0713 5952 Autodesk Licensing Service (ea2d28bbe98256654397cd1f6eaebdd8) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
11:11:35.0716 5952 Autodesk Licensing Service - ok
11:11:36.0408 5952 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
11:11:36.0440 5952 AVGIDSAgent - ok
11:11:36.0692 5952 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
11:11:36.0706 5952 AVGIDSDriver - ok
11:11:36.0759 5952 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
11:11:36.0761 5952 AVGIDSFilter - ok
11:11:36.0810 5952 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
11:11:36.0813 5952 AVGIDSHA - ok
11:11:36.0906 5952 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
11:11:36.0919 5952 Avgldx64 - ok
11:11:36.0985 5952 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
11:11:36.0988 5952 Avgmfx64 - ok
11:11:37.0037 5952 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
11:11:37.0039 5952 Avgrkx64 - ok
11:11:37.0111 5952 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
11:11:37.0150 5952 Avgtdia - ok
11:11:37.0429 5952 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
11:11:37.0431 5952 avgwd - ok
11:11:37.0520 5952 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:11:37.0536 5952 AxInstSV - ok
11:11:37.0640 5952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:11:37.0661 5952 b06bdrv - ok
11:11:37.0769 5952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:11:37.0785 5952 b57nd60a - ok
11:11:37.0861 5952 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:11:37.0877 5952 BDESVC - ok
11:11:37.0908 5952 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:11:37.0910 5952 Beep - ok
11:11:38.0046 5952 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:11:38.0069 5952 BFE - ok
11:11:38.0231 5952 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:11:38.0241 5952 BITS - ok
11:11:38.0338 5952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:11:38.0341 5952 blbdrive - ok
11:11:38.0512 5952 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:11:38.0516 5952 Bonjour Service - ok
11:11:38.0588 5952 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:11:38.0591 5952 bowser - ok
11:11:38.0647 5952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:11:38.0649 5952 BrFiltLo - ok
11:11:38.0659 5952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:11:38.0661 5952 BrFiltUp - ok
11:11:38.0696 5952 Bridge (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:11:38.0699 5952 Bridge - ok
11:11:38.0708 5952 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:11:38.0709 5952 BridgeMP - ok
11:11:38.0773 5952 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:11:38.0776 5952 Browser - ok
11:11:38.0818 5952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:11:38.0844 5952 Brserid - ok
11:11:38.0876 5952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:11:38.0879 5952 BrSerWdm - ok
11:11:38.0906 5952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:11:38.0908 5952 BrUsbMdm - ok
11:11:38.0926 5952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:11:38.0928 5952 BrUsbSer - ok
11:11:38.0964 5952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:11:38.0970 5952 BTHMODEM - ok
11:11:39.0051 5952 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:11:39.0067 5952 bthserv - ok
11:11:39.0282 5952 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
11:11:39.0283 5952 camsvc - ok
11:11:39.0306 5952 catchme - ok
11:11:39.0389 5952 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:11:39.0392 5952 cdfs - ok
11:11:39.0486 5952 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:11:39.0498 5952 cdrom - ok
11:11:39.0569 5952 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:11:39.0575 5952 CertPropSvc - ok
11:11:39.0681 5952 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
11:11:39.0686 5952 cfWiMAXService - ok
11:11:39.0767 5952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:11:39.0770 5952 circlass - ok
11:11:39.0861 5952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:11:39.0868 5952 CLFS - ok
11:11:40.0009 5952 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:11:40.0025 5952 clr_optimization_v2.0.50727_32 - ok
11:11:40.0142 5952 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:11:40.0148 5952 clr_optimization_v2.0.50727_64 - ok
11:11:40.0161 5952 clr_optimization_v4.0.21006_32 - ok
11:11:40.0178 5952 clr_optimization_v4.0.21006_64 - ok
11:11:40.0274 5952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:11:40.0277 5952 clr_optimization_v4.0.30319_32 - ok
11:11:40.0399 5952 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:11:40.0401 5952 clr_optimization_v4.0.30319_64 - ok
11:11:40.0472 5952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:11:40.0474 5952 CmBatt - ok
11:11:40.0535 5952 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:11:40.0537 5952 cmdide - ok
11:11:40.0622 5952 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:11:40.0646 5952 CNG - ok
11:11:40.0689 5952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:11:40.0691 5952 Compbatt - ok
11:11:40.0765 5952 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:11:40.0768 5952 CompositeBus - ok
11:11:40.0788 5952 COMSysApp - ok
11:11:40.0940 5952 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
11:11:40.0941 5952 ConfigFree Gadget Service - ok
11:11:40.0971 5952 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
11:11:40.0973 5952 ConfigFree Service - ok
11:11:41.0038 5952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:11:41.0040 5952 crcdisk - ok
11:11:41.0121 5952 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:11:41.0125 5952 CryptSvc - ok
11:11:41.0240 5952 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
11:11:41.0243 5952 dc3d - ok
11:11:41.0346 5952 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:11:41.0354 5952 DcomLaunch - ok
11:11:41.0475 5952 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:11:41.0487 5952 defragsvc - ok
11:11:41.0563 5952 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:11:41.0579 5952 DfsC - ok
11:11:41.0613 5952 DhaHelper - ok
11:11:41.0697 5952 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:11:41.0703 5952 Dhcp - ok
11:11:41.0766 5952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:11:41.0771 5952 discache - ok
11:11:41.0815 5952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:11:41.0822 5952 Disk - ok
11:11:41.0909 5952 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:11:41.0912 5952 Dnscache - ok
11:11:42.0034 5952 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:11:42.0051 5952 dot3svc - ok
11:11:42.0092 5952 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:11:42.0105 5952 Dot4 - ok
11:11:42.0174 5952 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
11:11:42.0177 5952 Dot4Print - ok
11:11:42.0193 5952 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:11:42.0196 5952 dot4usb - ok
11:11:42.0262 5952 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:11:42.0265 5952 DPS - ok
11:11:42.0359 5952 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:11:42.0361 5952 drmkaud - ok
11:11:42.0430 5952 dsNcAdpt (3eef0b3489edbf725564e17c77cabafd) C:\Windows\system32\DRIVERS\dsNcAdpt.sys
11:11:42.0432 5952 dsNcAdpt - ok
11:11:42.0649 5952 dsNcService (2aa446f9786e5cd57fbc469e9000d159) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
11:11:42.0656 5952 dsNcService - ok
11:11:42.0873 5952 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:11:42.0940 5952 DXGKrnl - ok
11:11:43.0053 5952 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:11:43.0068 5952 EapHost - ok
11:11:43.0464 5952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:11:43.0541 5952 ebdrv - ok
11:11:43.0729 5952 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:11:43.0731 5952 EFS - ok
11:11:43.0911 5952 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:11:43.0926 5952 ehRecvr - ok
11:11:43.0991 5952 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:11:44.0006 5952 ehSched - ok
11:11:44.0188 5952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:11:44.0224 5952 elxstor - ok
11:11:44.0308 5952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:11:44.0310 5952 ErrDev - ok
11:11:44.0420 5952 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:11:44.0425 5952 EventSystem - ok
11:11:44.0494 5952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:11:44.0534 5952 exfat - ok
11:11:44.0605 5952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:11:44.0613 5952 fastfat - ok
11:11:44.0733 5952 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:11:44.0757 5952 Fax - ok
11:11:44.0785 5952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:11:44.0787 5952 fdc - ok
11:11:44.0802 5952 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:11:44.0804 5952 fdPHost - ok
11:11:44.0813 5952 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:11:44.0815 5952 FDResPub - ok
11:11:44.0836 5952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:11:44.0838 5952 FileInfo - ok
11:11:44.0855 5952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:11:44.0857 5952 Filetrace - ok
11:11:45.0057 5952 FLEXnet Licensing Service 64 (259dc094e2d3f08654c8fb73d8ecc0f5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
11:11:45.0119 5952 FLEXnet Licensing Service 64 - ok
11:11:45.0195 5952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:11:45.0198 5952 flpydisk - ok
11:11:45.0281 5952 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:11:45.0293 5952 FltMgr - ok
11:11:45.0453 5952 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:11:45.0484 5952 FontCache - ok
11:11:45.0688 5952 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:11:45.0691 5952 FontCache3.0.0.0 - ok
11:11:45.0779 5952 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:11:45.0782 5952 FsDepends - ok
11:11:45.0843 5952 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:11:45.0845 5952 Fs_Rec - ok
11:11:45.0935 5952 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:11:45.0940 5952 fvevol - ok
11:11:46.0008 5952 FwLnk (6d06b5eebba23c16789efc820ee1f253) C:\Windows\system32\DRIVERS\FwLnk.sys
11:11:46.0010 5952 FwLnk - ok
11:11:46.0045 5952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:11:46.0048 5952 gagp30kx - ok
11:11:46.0263 5952 GameConsoleService (58f9ee8357271a5529cccbd35a80e599) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
11:11:46.0280 5952 GameConsoleService - ok
11:11:46.0399 5952 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:11:46.0415 5952 gpsvc - ok
11:11:46.0614 5952 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:11:46.0617 5952 gupdate - ok
11:11:46.0665 5952 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:11:46.0667 5952 gupdatem - ok
11:11:46.0728 5952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:11:46.0730 5952 hcw85cir - ok
11:11:46.0807 5952 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:11:46.0827 5952 HdAudAddService - ok
11:11:46.0869 5952 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:11:46.0872 5952 HDAudBus - ok
11:11:46.0943 5952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:11:46.0946 5952 HidBatt - ok
11:11:46.0966 5952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:11:46.0981 5952 HidBth - ok
11:11:47.0039 5952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:11:47.0042 5952 HidIr - ok
11:11:47.0093 5952 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:11:47.0096 5952 hidserv - ok
11:11:47.0186 5952 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
11:11:47.0189 5952 HidUsb - ok
11:11:47.0257 5952 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:11:47.0275 5952 hkmsvc - ok
11:11:47.0359 5952 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:11:47.0421 5952 HomeGroupListener - ok
11:11:47.0516 5952 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:11:47.0581 5952 HomeGroupProvider - ok
11:11:47.0654 5952 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:11:47.0657 5952 HpSAMD - ok
11:11:47.0781 5952 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:11:47.0793 5952 HTTP - ok
11:11:47.0812 5952 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:11:47.0813 5952 hwpolicy - ok
11:11:47.0904 5952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:11:47.0920 5952 i8042prt - ok
11:11:47.0986 5952 iaStor (bbb3b6df1abb0fe35802ede85cc1c011) C:\Windows\system32\DRIVERS\iaStor.sys
11:11:47.0991 5952 iaStor - ok
11:11:48.0087 5952 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:11:48.0108 5952 iaStorV - ok
11:11:48.0253 5952 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
11:11:48.0276 5952 IDriverT - ok
11:11:48.0582 5952 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:11:48.0605 5952 idsvc - ok
11:11:49.0492 5952 igfx (3c3f27002abc69c5afe29cbe6cf7addf) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:11:49.0625 5952 igfx - ok
11:11:49.0915 5952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:11:49.0918 5952 iirsp - ok
11:11:50.0066 5952 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:11:50.0098 5952 IKEEXT - ok
11:11:50.0285 5952 IntcAzAudAddService (0c3cf4b3bae28e121a1689e3538f8712) C:\Windows\system32\drivers\RTKVHD64.sys
11:11:50.0318 5952 IntcAzAudAddService - ok
11:11:50.0598 5952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:11:50.0600 5952 intelide - ok
11:11:50.0671 5952 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:11:50.0673 5952 intelppm - ok
11:11:50.0753 5952 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:11:50.0769 5952 IPBusEnum - ok
11:11:50.0826 5952 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:11:50.0829 5952 IpFilterDriver - ok
11:11:50.0983 5952 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:11:50.0993 5952 iphlpsvc - ok
11:11:51.0049 5952 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:11:51.0052 5952 IPMIDRV - ok
11:11:51.0147 5952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:11:51.0162 5952 IPNAT - ok
11:11:51.0323 5952 iPod Service (a9e53e1a9c4274eebc00d36ae5ed40de) C:\Program Files\iPod\bin\iPodService.exe
11:11:51.0332 5952 iPod Service - ok
11:11:51.0422 5952 iPodDrv (02def37ab75e0032c50724646f708de8) C:\Windows\system32\drivers\iPodDrv.sys
11:11:51.0424 5952 iPodDrv - ok
11:11:51.0449 5952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:11:51.0452 5952 IRENUM - ok
11:11:51.0508 5952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:11:51.0510 5952 isapnp - ok
11:11:51.0588 5952 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:11:51.0602 5952 iScsiPrt - ok
11:11:51.0634 5952 jumi (ccb39c7006d436d238ac75d2abfde1fe) C:\Windows\system32\DRIVERS\jumi.sys
11:11:51.0654 5952 jumi - ok
11:11:51.0813 5952 JuniperAccessService (c5318614d33fe697e8ade7c030ca6f6f) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
11:11:51.0816 5952 JuniperAccessService - ok
11:11:51.0860 5952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:11:51.0863 5952 kbdclass - ok
11:11:51.0937 5952 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:11:51.0940 5952 kbdhid - ok
11:11:52.0001 5952 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:11:52.0003 5952 KeyIso - ok
11:11:52.0017 5952 KMService - ok
11:11:52.0084 5952 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:11:52.0099 5952 KSecDD - ok
11:11:52.0170 5952 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:11:52.0182 5952 KSecPkg - ok
11:11:52.0234 5952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:11:52.0236 5952 ksthunk - ok
11:11:52.0326 5952 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:11:52.0339 5952 KtmRm - ok
11:11:52.0416 5952 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:11:52.0447 5952 LanmanServer - ok
11:11:52.0515 5952 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:11:52.0530 5952 LanmanWorkstation - ok
11:11:52.0572 5952 libusb0 (020dfdb1927c996c990e70ed86cfdb06) C:\Windows\system32\DRIVERS\libusb0.sys
11:11:52.0574 5952 libusb0 - ok
11:11:52.0725 5952 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:11:52.0727 5952 LightScribeService - ok
11:11:52.0762 5952 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
11:11:52.0765 5952 lirsgt - ok
11:11:52.0805 5952 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:11:52.0808 5952 lltdio - ok
11:11:52.0914 5952 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:11:52.0926 5952 lltdsvc - ok
11:11:52.0947 5952 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:11:52.0950 5952 lmhosts - ok
11:11:53.0033 5952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:11:53.0048 5952 LSI_FC - ok
11:11:53.0069 5952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:11:53.0085 5952 LSI_SAS - ok
11:11:53.0106 5952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:11:53.0109 5952 LSI_SAS2 - ok
11:11:53.0125 5952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:11:53.0129 5952 LSI_SCSI - ok
11:11:53.0163 5952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:11:53.0169 5952 luafv - ok
11:11:53.0186 5952 lxee_device - ok
11:11:53.0248 5952 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
11:11:53.0253 5952 MBAMProtector - ok
11:11:53.0365 5952 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:11:53.0372 5952 MBAMService - ok
11:11:53.0427 5952 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:11:53.0444 5952 Mcx2Svc - ok
11:11:53.0469 5952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:11:53.0472 5952 megasas - ok
11:11:53.0513 5952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:11:53.0527 5952 MegaSR - ok
11:11:53.0597 5952 MEMSWEEP2 (d70476ad02d6fd75282b196d3b58831d) C:\Windows\system32\67.tmp
11:11:53.0598 5952 MEMSWEEP2 - ok
11:11:53.0728 5952 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
11:11:53.0731 5952 Microsoft Office Groove Audit Service - ok
11:11:53.0791 5952 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:11:53.0794 5952 MMCSS - ok
11:11:53.0807 5952 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:11:53.0808 5952 Modem - ok
11:11:53.0839 5952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:11:53.0841 5952 monitor - ok
11:11:53.0899 5952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:11:53.0902 5952 mouclass - ok
11:11:53.0943 5952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:11:53.0945 5952 mouhid - ok
11:11:54.0002 5952 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:11:54.0004 5952 mountmgr - ok
11:11:54.0068 5952 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:11:54.0082 5952 MozillaMaintenance - ok
11:11:54.0149 5952 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:11:54.0162 5952 mpio - ok
11:11:54.0181 5952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:11:54.0184 5952 mpsdrv - ok
11:11:54.0365 5952 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:11:54.0374 5952 MpsSvc - ok
11:11:54.0438 5952 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:11:54.0452 5952 MRxDAV - ok
11:11:54.0532 5952 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:11:54.0566 5952 mrxsmb - ok
11:11:54.0641 5952 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:11:54.0653 5952 mrxsmb10 - ok
11:11:54.0716 5952 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:11:54.0729 5952 mrxsmb20 - ok
11:11:54.0792 5952 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:11:54.0794 5952 msahci - ok
11:11:54.0861 5952 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:11:54.0875 5952 msdsm - ok
11:11:54.0939 5952 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:11:54.0954 5952 MSDTC - ok
11:11:55.0030 5952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:11:55.0032 5952 Msfs - ok
11:11:55.0040 5952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:11:55.0042 5952 mshidkmdf - ok
11:11:55.0061 5952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:11:55.0063 5952 msisadrv - ok
11:11:55.0144 5952 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:11:55.0157 5952 MSiSCSI - ok
11:11:55.0163 5952 msiserver - ok
11:11:55.0192 5952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:11:55.0194 5952 MSKSSRV - ok
11:11:55.0228 5952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:11:55.0229 5952 MSPCLOCK - ok
11:11:55.0248 5952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:11:55.0249 5952 MSPQM - ok
11:11:55.0338 5952 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:11:55.0348 5952 MsRPC - ok
11:11:55.0408 5952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:11:55.0409 5952 mssmbios - ok
11:11:55.0421 5952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:11:55.0423 5952 MSTEE - ok
11:11:55.0436 5952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:11:55.0438 5952 MTConfig - ok
11:11:55.0455 5952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:11:55.0457 5952 Mup - ok
11:11:55.0560 5952 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:11:55.0574 5952 napagent - ok
11:11:55.0621 5952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:11:55.0637 5952 NativeWifiP - ok
11:11:55.0747 5952 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:11:55.0757 5952 NDIS - ok
11:11:55.0789 5952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:11:55.0790 5952 NdisCap - ok
11:11:55.0829 5952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:11:55.0832 5952 NdisTapi - ok
11:11:55.0904 5952 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:11:55.0907 5952 Ndisuio - ok
11:11:55.0968 5952 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:11:55.0980 5952 NdisWan - ok
11:11:56.0037 5952 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:11:56.0040 5952 NDProxy - ok
11:11:56.0088 5952 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
11:11:56.0091 5952 Net Driver HPZ12 - ok
11:11:56.0113 5952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:11:56.0115 5952 NetBIOS - ok
11:11:56.0189 5952 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:11:56.0194 5952 NetBT - ok
11:11:56.0259 5952 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:11:56.0262 5952 Netlogon - ok
11:11:56.0357 5952 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:11:56.0363 5952 Netman - ok
11:11:56.0561 5952 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:56.0575 5952 NetMsmqActivator - ok
11:11:56.0582 5952 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:56.0584 5952 NetPipeActivator - ok
11:11:56.0669 5952 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:11:56.0675 5952 netprofm - ok
11:11:56.0681 5952 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:56.0684 5952 NetTcpActivator - ok
11:11:56.0691 5952 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:11:56.0694 5952 NetTcpPortSharing - ok
11:11:57.0437 5952 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
11:11:57.0575 5952 NETw5s64 - ok
11:11:58.0409 5952 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:11:58.0517 5952 netw5v64 - ok
11:11:58.0821 5952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:11:58.0824 5952 nfrd960 - ok
11:11:58.0923 5952 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:11:58.0930 5952 NlaSvc - ok
11:11:58.0947 5952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:11:58.0950 5952 Npfs - ok
11:11:59.0015 5952 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:11:59.0019 5952 nsi - ok
11:11:59.0031 5952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:11:59.0032 5952 nsiproxy - ok
11:11:59.0245 5952 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:11:59.0282 5952 Ntfs - ok
11:11:59.0529 5952 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:11:59.0532 5952 Null - ok
11:11:59.0597 5952 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:11:59.0612 5952 nvraid - ok
11:11:59.0644 5952 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:11:59.0656 5952 nvstor - ok
11:11:59.0681 5952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:11:59.0694 5952 nv_agp - ok
11:11:59.0895 5952 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:11:59.0910 5952 odserv - ok
11:11:59.0966 5952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:11:59.0970 5952 ohci1394 - ok
11:12:00.0006 5952 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:12:00.0019 5952 ose - ok
11:12:00.0109 5952 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:12:00.0117 5952 p2pimsvc - ok
11:12:00.0224 5952 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:12:00.0236 5952 p2psvc - ok
11:12:00.0293 5952 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:12:00.0308 5952 Parport - ok
11:12:00.0359 5952 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:12:00.0362 5952 partmgr - ok
11:12:00.0392 5952 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:12:00.0429 5952 PcaSvc - ok
11:12:00.0504 5952 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:12:00.0514 5952 pci - ok
11:12:00.0566 5952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:12:00.0569 5952 pciide - ok
11:12:00.0603 5952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:12:00.0622 5952 pcmcia - ok
11:12:00.0671 5952 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
11:12:00.0687 5952 pcouffin - ok
11:12:00.0702 5952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:12:00.0704 5952 pcw - ok
11:12:00.0774 5952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:12:00.0793 5952 PEAUTH - ok
11:12:00.0860 5952 pelmouse (140bdb734029c3618dce87ed97fd89be) C:\Windows\system32\DRIVERS\pelmouse.sys
11:12:00.0862 5952 pelmouse - ok
11:12:00.0905 5952 pelusblf (15a94c837b25ae93afd6a2c7484d510f) C:\Windows\system32\DRIVERS\pelusblf.sys
11:12:00.0907 5952 pelusblf - ok
11:12:01.0076 5952 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:12:01.0079 5952 PerfHost - ok
11:12:01.0158 5952 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
11:12:01.0161 5952 PGEffect - ok
11:12:01.0336 5952 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:12:01.0372 5952 pla - ok
11:12:01.0486 5952 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:12:01.0502 5952 PlugPlay - ok
11:12:01.0562 5952 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
11:12:01.0578 5952 Pml Driver HPZ12 - ok
11:12:01.0643 5952 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:12:01.0646 5952 PNRPAutoReg - ok
11:12:01.0688 5952 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:12:01.0693 5952 PNRPsvc - ok
11:12:01.0844 5952 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
11:12:01.0847 5952 Point64 - ok
11:12:01.0948 5952 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:12:01.0968 5952 PolicyAgent - ok
11:12:02.0034 5952 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:12:02.0038 5952 Power - ok
11:12:02.0118 5952 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:12:02.0134 5952 PptpMiniport - ok
11:12:02.0199 5952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:12:02.0202 5952 Processor - ok
11:12:02.0277 5952 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:12:02.0295 5952 ProfSvc - ok
11:12:02.0351 5952 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:02.0353 5952 ProtectedStorage - ok
11:12:02.0437 5952 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:12:02.0440 5952 Psched - ok
11:12:02.0604 5952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:12:02.0641 5952 ql2300 - ok
11:12:02.0897 5952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:12:02.0912 5952 ql40xx - ok
11:12:02.0995 5952 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:12:03.0011 5952 QWAVE - ok
11:12:03.0031 5952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:12:03.0033 5952 QWAVEdrv - ok
11:12:03.0057 5952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:12:03.0059 5952 RasAcd - ok
11:12:03.0133 5952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:12:03.0136 5952 RasAgileVpn - ok
11:12:03.0163 5952 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:12:03.0169 5952 RasAuto - ok
11:12:03.0235 5952 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:12:03.0248 5952 Rasl2tp - ok
11:12:03.0338 5952 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:12:03.0358 5952 RasMan - ok
11:12:03.0379 5952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:12:03.0397 5952 RasPppoe - ok
11:12:03.0420 5952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:12:03.0423 5952 RasSstp - ok
11:12:03.0490 5952 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:12:03.0499 5952 rdbss - ok
11:12:03.0518 5952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:12:03.0519 5952 rdpbus - ok
11:12:03.0542 5952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:12:03.0544 5952 RDPCDD - ok
11:12:03.0576 5952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:12:03.0577 5952 RDPENCDD - ok
11:12:03.0588 5952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:12:03.0589 5952 RDPREFMP - ok
11:12:03.0663 5952 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:12:03.0672 5952 RDPWD - ok
11:12:03.0761 5952 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:12:03.0771 5952 rdyboost - ok
11:12:03.0850 5952 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:12:03.0867 5952 RemoteAccess - ok
11:12:03.0934 5952 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:12:03.0946 5952 RemoteRegistry - ok
11:12:03.0962 5952 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:12:03.0966 5952 RpcEptMapper - ok
11:12:04.0026 5952 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:12:04.0030 5952 RpcLocator - ok
11:12:04.0121 5952 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:12:04.0129 5952 RpcSs - ok
11:12:04.0287 5952 RSELSVC - ok
11:12:04.0368 5952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:12:04.0371 5952 rspndr - ok
11:12:04.0455 5952 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
11:12:04.0476 5952 RTL8169 - ok
11:12:04.0552 5952 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:04.0555 5952 SamSs - ok
11:12:04.0622 5952 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:12:04.0638 5952 sbp2port - ok
11:12:04.0655 5952 SBRE - ok
11:12:04.0751 5952 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:12:04.0794 5952 SCardSvr - ok
11:12:04.0869 5952 SCDEmu (07237c66e05da6778e9f3cb67fa00736) C:\Windows\system32\drivers\SCDEmu.sys
11:12:04.0885 5952 SCDEmu - ok
11:12:04.0954 5952 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:12:04.0956 5952 scfilter - ok
11:12:05.0140 5952 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:12:05.0154 5952 Schedule - ok
11:12:05.0220 5952 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:12:05.0221 5952 SCPolicySvc - ok
11:12:05.0290 5952 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:12:05.0302 5952 SDRSVC - ok
11:12:05.0453 5952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:12:05.0455 5952 secdrv - ok
11:12:05.0511 5952 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:12:05.0516 5952 seclogon - ok
11:12:05.0551 5952 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:12:05.0555 5952 SENS - ok
11:12:05.0588 5952 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:12:05.0592 5952 SensrSvc - ok
11:12:05.0628 5952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:12:05.0630 5952 Serenum - ok
11:12:05.0653 5952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:12:05.0655 5952 Serial - ok
11:12:05.0713 5952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:12:05.0715 5952 sermouse - ok
11:12:05.0796 5952 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:12:05.0810 5952 SessionEnv - ok
11:12:05.0866 5952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:12:05.0868 5952 sffdisk - ok
11:12:05.0887 5952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:12:05.0889 5952 sffp_mmc - ok
11:12:05.0908 5952 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:12:05.0911 5952 sffp_sd - ok
11:12:05.0928 5952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:12:05.0929 5952 sfloppy - ok
11:12:06.0055 5952 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:12:06.0074 5952 SharedAccess - ok
11:12:06.0168 5952 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:12:06.0175 5952 ShellHWDetection - ok
11:12:06.0202 5952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:12:06.0204 5952 SiSRaid2 - ok
11:12:06.0223 5952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:12:06.0226 5952 SiSRaid4 - ok
11:12:06.0253 5952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:12:06.0256 5952 Smb - ok
11:12:06.0328 5952 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:12:06.0331 5952 SNMPTRAP - ok
11:12:06.0348 5952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:12:06.0351 5952 spldr - ok
11:12:06.0431 5952 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:12:06.0439 5952 Spooler - ok
11:12:06.0783 5952 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:12:06.0807 5952 sppsvc - ok
11:12:07.0008 5952 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:12:07.0028 5952 sppuinotify - ok
11:12:07.0201 5952 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:12:07.0211 5952 srv - ok
11:12:07.0305 5952 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:12:07.0319 5952 srv2 - ok
11:12:07.0349 5952 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:12:07.0359 5952 srvnet - ok
11:12:07.0452 5952 ssadbus (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
11:12:07.0464 5952 ssadbus - ok
11:12:07.0494 5952 ssadmdfl (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
11:12:07.0497 5952 ssadmdfl - ok
11:12:07.0526 5952 ssadmdm (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
11:12:07.0536 5952 ssadmdm - ok
11:12:07.0580 5952 ssadserd (5eb7da2f72b90c8398df9d7a82e43fcb) C:\Windows\system32\DRIVERS\ssadserd.sys
11:12:07.0593 5952 ssadserd - ok
11:12:07.0670 5952 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:12:07.0689 5952 SSDPSRV - ok
11:12:07.0708 5952 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:12:07.0715 5952 SstpSvc - ok
11:12:07.0770 5952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:12:07.0772 5952 stexstor - ok
11:12:07.0886 5952 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:12:07.0902 5952 stisvc - ok
11:12:07.0966 5952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:12:07.0968 5952 swenum - ok
11:12:08.0034 5952 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:12:08.0054 5952 swprv - ok
11:12:08.0143 5952 SynTP (6de6d25cc1d1cb694a1cc3e4604db644) C:\Windows\system32\DRIVERS\SynTP.sys
11:12:08.0160 5952 SynTP - ok
11:12:08.0366 5952 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:12:08.0406 5952 SysMain - ok
11:12:08.0631 5952 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:12:08.0648 5952 TabletInputService - ok
11:12:08.0733 5952 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:12:08.0744 5952 TapiSrv - ok
11:12:08.0808 5952 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:12:08.0813 5952 TBS - ok
11:12:09.0130 5952 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:12:09.0168 5952 Tcpip - ok
11:12:09.0497 5952 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:12:09.0516 5952 TCPIP6 - ok
11:12:09.0628 5952 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:12:09.0630 5952 tcpipreg - ok
11:12:09.0672 5952 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
11:12:09.0675 5952 tdcmdpst - ok
11:12:09.0734 5952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:12:09.0736 5952 TDPIPE - ok
11:12:09.0798 5952 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:12:09.0800 5952 TDTCP - ok
11:12:09.0863 5952 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:12:09.0870 5952 tdx - ok
11:12:09.0947 5952 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:12:09.0951 5952 TermDD - ok
11:12:10.0062 5952 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:12:10.0071 5952 TermService - ok
11:12:10.0136 5952 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:12:10.0140 5952 Themes - ok
11:12:10.0203 5952 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:12:10.0206 5952 THREADORDER - ok
11:12:10.0225 5952 TICalc - ok
11:12:10.0426 5952 TMachInfo (f120967184a27e927052e8ddbb727851) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
11:12:10.0428 5952 TMachInfo - ok
11:12:10.0475 5952 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
11:12:10.0479 5952 TODDSrv - ok
11:12:10.0572 5952 TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
11:12:10.0574 5952 TomTomHOMEService - ok
11:12:10.0735 5952 TosCoSrv (06c61275adc64f1e36240a2287998a5e) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
11:12:10.0740 5952 TosCoSrv - ok
11:12:10.0876 5952 TOSHIBA eco Utility Service (947b552af9371bb52ab1e8c184d1a3d0) C:\Program Files\TOSHIBA\TECO\TecoService.exe
11:12:10.0880 5952 TOSHIBA eco Utility Service - ok
11:12:10.0929 5952 TOSHIBA HDD SSD Alert Service (eda12e9bc9a0f104c24101720eec4785) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
11:12:10.0943 5952 TOSHIBA HDD SSD Alert Service - ok
11:12:11.0012 5952 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\Windows\system32\DRIVERS\tos_sps64.sys
11:12:11.0022 5952 tos_sps64 - ok
11:12:11.0185 5952 TPCHSrv (66c4503d050dbacafc5b38fe54edd86f) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
11:12:11.0193 5952 TPCHSrv - ok
11:12:11.0409 5952 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:12:11.0424 5952 TrkWks - ok
11:12:11.0543 5952 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:12:11.0545 5952 TrustedInstaller - ok
11:12:11.0675 5952 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:12:11.0677 5952 tssecsrv - ok
11:12:11.0762 5952 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:12:11.0765 5952 TsUsbFlt - ok
11:12:11.0846 5952 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:12:11.0861 5952 tunnel - ok
11:12:11.0896 5952 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
11:12:11.0899 5952 TVALZ - ok
11:12:11.0927 5952 TVALZFL (be32a8658a0b56474ad4d0bb8afa8e55) C:\Windows\system32\DRIVERS\TVALZFL.sys
11:12:11.0969 5952 TVALZFL - ok
11:12:12.0024 5952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:12:12.0027 5952 uagp35 - ok
11:12:12.0115 5952 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:12:12.0126 5952 udfs - ok
11:12:12.0196 5952 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:12:12.0200 5952 UI0Detect - ok
11:12:12.0268 5952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:12:12.0271 5952 uliagpkx - ok
11:12:12.0358 5952 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:12:12.0362 5952 umbus - ok
11:12:12.0376 5952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:12:12.0380 5952 UmPass - ok
11:12:12.0421 5952 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:12:12.0436 5952 upnphost - ok
11:12:12.0506 5952 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
11:12:12.0509 5952 USBAAPL64 - ok
11:12:12.0548 5952 usbbus (c73cb90e6a2ff90fd02451a8dfc6af8a) C:\Windows\system32\DRIVERS\lgx64bus.sys
11:12:12.0550 5952 usbbus - ok
11:12:12.0610 5952 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:12:12.0626 5952 usbccgp - ok
11:12:12.0698 5952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:12:12.0713 5952 usbcir - ok
11:12:12.0740 5952 UsbDiag (856ce1f23785369bb5a2de0aedad0aa7) C:\Windows\system32\DRIVERS\lgx64diag.sys
11:12:12.0742 5952 UsbDiag - ok
11:12:12.0795 5952 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:12:12.0798 5952 usbehci - ok
11:12:12.0858 5952 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:12:12.0878 5952 usbhub - ok
11:12:12.0911 5952 USBModem (f81055629778d33c9317b32e4d2b58db) C:\Windows\system32\DRIVERS\lgx64modem.sys
11:12:12.0913 5952 USBModem - ok
11:12:12.0929 5952 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:12:12.0932 5952 usbohci - ok
11:12:12.0991 5952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:12:12.0993 5952 usbprint - ok
11:12:13.0043 5952 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:12:13.0045 5952 usbscan - ok
11:12:13.0072 5952 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:12:13.0088 5952 USBSTOR - ok
11:12:13.0109 5952 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:12:13.0112 5952 usbuhci - ok
11:12:13.0195 5952 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:12:13.0206 5952 usbvideo - ok
11:12:13.0262 5952 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:12:13.0266 5952 UxSms - ok
11:12:13.0326 5952 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:12:13.0328 5952 VaultSvc - ok
11:12:13.0414 5952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:12:13.0417 5952 vdrvroot - ok
11:12:13.0518 5952 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:12:13.0535 5952 vds - ok
11:12:13.0587 5952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:12:13.0589 5952 vga - ok
11:12:13.0651 5952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:12:13.0654 5952 VgaSave - ok
11:12:13.0695 5952 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:12:13.0714 5952 vhdmp - ok
11:12:13.0732 5952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:12:13.0735 5952 viaide - ok
11:12:13.0800 5952 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:12:13.0803 5952 volmgr - ok
11:12:13.0883 5952 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:12:13.0890 5952 volmgrx - ok
11:12:13.0936 5952 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:12:13.0943 5952 volsnap - ok
11:12:13.0977 5952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:12:13.0992 5952 vsmraid - ok
11:12:14.0194 5952 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:12:14.0204 5952 VSS - ok
11:12:14.0448 5952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:12:14.0450 5952 vwifibus - ok
11:12:14.0489 5952 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:12:14.0492 5952 vwififlt - ok
11:12:14.0610 5952 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:12:14.0616 5952 W32Time - ok
11:12:14.0641 5952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:12:14.0644 5952 WacomPen - ok
11:12:14.0728 5952 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:12:14.0731 5952 WANARP - ok
11:12:14.0750 5952 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:12:14.0752 5952 Wanarpv6 - ok
11:12:14.0915 5952 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:12:14.0951 5952 WatAdminSvc - ok
11:12:15.0151 5952 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:12:15.0186 5952 wbengine - ok
11:12:15.0416 5952 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:12:15.0423 5952 WbioSrvc - ok
11:12:15.0499 5952 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:12:15.0512 5952 wcncsvc - ok
11:12:15.0526 5952 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:12:15.0530 5952 WcsPlugInService - ok
11:12:15.0674 5952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:12:15.0677 5952 Wd - ok
11:12:15.0747 5952 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
11:12:15.0796 5952 WDC_SAM - ok
11:12:15.0874 5952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:12:15.0894 5952 Wdf01000 - ok
11:12:15.0923 5952 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:12:15.0940 5952 WdiServiceHost - ok
11:12:15.0945 5952 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:12:15.0950 5952 WdiSystemHost - ok
11:12:16.0033 5952 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:12:16.0048 5952 WebClient - ok
11:12:16.0088 5952 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:12:16.0106 5952 Wecsvc - ok
11:12:16.0128 5952 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:12:16.0146 5952 wercplsupport - ok
11:12:16.0179 5952 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:12:16.0198 5952 WerSvc - ok
11:12:16.0349 5952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:12:16.0351 5952 WfpLwf - ok
11:12:16.0365 5952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:12:16.0368 5952 WIMMount - ok
11:12:16.0485 5952 WinDefend - ok
11:12:16.0501 5952 WinHttpAutoProxySvc - ok
11:12:16.0635 5952 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:12:16.0651 5952 Winmgmt - ok
11:12:16.0903 5952 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:12:16.0945 5952 WinRM - ok
11:12:17.0248 5952 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
11:12:17.0251 5952 WinUSB - ok
11:12:17.0395 5952 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:12:17.0422 5952 Wlansvc - ok
11:12:17.0800 5952 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:12:17.0823 5952 wlidsvc - ok
11:12:18.0097 5952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:12:18.0100 5952 WmiAcpi - ok
11:12:18.0243 5952 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:12:18.0246 5952 wmiApSrv - ok
11:12:18.0345 5952 WMPNetworkSvc - ok
11:12:18.0406 5952 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:12:18.0411 5952 WPCSvc - ok
11:12:18.0491 5952 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:12:18.0507 5952 WPDBusEnum - ok
11:12:18.0644 5952 WPFFontCache_v0400 - ok
11:12:18.0706 5952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:12:18.0708 5952 ws2ifsl - ok
11:12:18.0757 5952 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:12:18.0773 5952 wscsvc - ok
11:12:18.0779 5952 WSearch - ok
11:12:19.0069 5952 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:12:19.0113 5952 wuauserv - ok
11:12:19.0399 5952 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:12:19.0413 5952 WudfPf - ok
11:12:19.0460 5952 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:12:19.0472 5952 WUDFRd - ok
11:12:19.0529 5952 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:12:19.0547 5952 wudfsvc - ok
11:12:19.0632 5952 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:12:19.0648 5952 WwanSvc - ok
11:12:19.0698 5952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:12:20.0050 5952 \Device\Harddisk0\DR0 - ok
11:12:20.0055 5952 Boot (0x1200) (5714b0cb020cc834e357f9274598624c) \Device\Harddisk0\DR0\Partition0
11:12:20.0057 5952 \Device\Harddisk0\DR0\Partition0 - ok
11:12:20.0059 5952 ============================================================
11:12:20.0059 5952 Scan finished
11:12:20.0059 5952 ============================================================
11:12:20.0079 7292 Detected object count: 0
11:12:20.0079 7292 Actual detected object count: 0

#6 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 15 July 2012 - 11:29 AM

aswMBR managed to find the infection again (Sirefef), and now it is back full force. Google is redirecting me again, as well as AVG giving me warning messages about the trojan.

Here is the aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-15 11:15:17
-----------------------------
11:15:17.335 OS Version: Windows x64 6.1.7601 Service Pack 1
11:15:17.336 Number of processors: 2 586 0x170A
11:15:17.336 ComputerName: SNOWBORDTILD-PC UserName:
11:15:19.291 Initialize success
11:16:56.260 AVAST engine defs: 12071500
11:17:03.381 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:17:03.384 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 3
11:17:03.396 Disk 0 MBR read successfully
11:17:03.401 Disk 0 MBR scan
11:17:03.408 Disk 0 Windows 7 default MBR code
11:17:03.421 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
11:17:03.445 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 293456 MB offset 3074048
11:17:03.484 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10288 MB offset 604071936
11:17:03.526 Disk 0 scanning C:\Windows\system32\drivers
11:17:19.866 Service scanning
11:17:57.182 Modules scanning
11:17:57.196 Disk 0 trace - called modules:
11:17:57.250 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
11:17:57.261 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d34790]
11:17:57.269 3 CLASSPNP.SYS[fffff8800168b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80046fd050]
11:17:59.412 AVAST engine scan C:\Windows
11:18:05.937 AVAST engine scan C:\Windows\system32
11:20:46.780 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:20:50.758 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
11:22:55.434 AVAST engine scan C:\Windows\system32\drivers
11:23:20.926 AVAST engine scan C:\Users\snowbordtildeath
11:26:44.871 Disk 0 MBR has been saved successfully to "C:\Users\snowbordtildeath\Desktop\MBR.dat"
11:26:44.887 The log file has been saved successfully to "C:\Users\snowbordtildeath\Desktop\aswMBR.txt"

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 15 July 2012 - 11:32 AM

Hello

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 15 July 2012 - 11:46 AM

Here is the FRST Log:

Scan result of Farbar Recovery Scan Tool Version: 14-07-2012 01
Ran by SYSTEM at 15-07-2012 11:40:01
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1713448 2009-03-18] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] %ProgramFiles%\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [236544 2009-03-24] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1451520 2009-04-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [x]
HKLM\...\Run: [TPCHWMsg] %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe [613232 2009-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7982112 2009-07-28] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2009-09-02] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2009-09-02] (Intel Corporation)
HKLM\...\Run: [Mouse Suite 98 Daemon] ICO.EXE [x]
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [lxeemon.exe] "C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe" [770728 2010-05-17] ()
HKLM\...\Run: [EzPrint] "C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe" [148280 2010-05-17] ()
HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun [x]
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [Lexmark Pro700 Series] "C:\Program Files (x86)\Lexmark Pro700 Series\fm3032.exe" /s [316072 2010-05-17] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKU\Mcx1-SNOWBORDTILD-PC\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\snowbordtildeath\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)
HKU\snowbordtildeath\...\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [222128 2007-03-29] (Macrovision Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [68096 2009-11-17] ()
3 Autodesk Licensing Service; "C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe" [85096 2010-03-05] (Autodesk)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 camsvc; C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [20544 2009-04-16] (TOSHIBA)
2 KMService; C:\Windows\SysWow64\srvany.exe [8192 2011-02-27] ()
2 lxee_device; C:\Windows\system32\lxeecoms.exe -service [1052328 2010-04-14] ( )
2 lxee_device; C:\Windows\SysWow64\lxeecoms.exe -service [598696 2010-04-14] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 clr_optimization_v4.0.21006_32; C:\Windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [x]
3 clr_optimization_v4.0.21006_64; C:\Windows\Microsoft.NET\Framework64\v4.0.21006\mscorsvw.exe [x]
3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe [x]

========================== Drivers (Whitelisted) =============

2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2009-12-19] ()
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 DhaHelper; C:\Windows\SysWow64\Drivers\DhaHelper.sys [7168 2009-05-08] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>)
3 jumi; C:\Windows\System32\Drivers\jumi.sys [15160 2010-06-03] (Windows ® Codename Longhorn DDK provider)
3 libusb0; C:\Windows\System32\Drivers\libusb0.sys [16896 2007-03-20] (http://libusb-win32.sourceforge.net)
2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2009-12-19] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MEMSWEEP2; \??\C:\Windows\system32\67.tmp [6144 2010-05-26] (Sophos Plc)
3 pelmouse; C:\Windows\System32\Drivers\pelmouse.sys [26112 2006-11-09] (Primax Electronics Ltd.)
3 pelusblf; C:\Windows\System32\Drivers\pelusblf.sys [22528 2007-02-27] (Primax Electronics Ltd.)
2 TICalc; C:\Windows\SysWow64\Drivers\TICalc.sys [9152 1999-08-30] ()
3 ASPI; \??\C:\Windows\System32\DRIVERS\ASPI32.sys [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
1 SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-15 08:34 - 2012-07-15 08:34 - 00276824 ____A C:\Windows\Minidump\071512-49311-01.dmp
2012-07-15 08:33 - 2012-07-15 08:33 - 667523720 ____A C:\Windows\MEMORY.DMP
2012-07-15 08:26 - 2012-07-15 08:26 - 00002050 ____A C:\Users\snowbordtildeath\Desktop\aswMBR.txt
2012-07-15 08:26 - 2012-07-15 08:26 - 00000512 ____A C:\Users\snowbordtildeath\Desktop\MBR.dat
2012-07-15 08:14 - 2012-07-15 08:15 - 04731392 ____A (AVAST Software) C:\Users\snowbordtildeath\Downloads\aswMBR.exe
2012-07-15 08:11 - 2012-07-15 08:11 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\snowbordtildeath\Downloads\tdsskiller.exe
2012-07-15 06:03 - 2012-07-15 06:03 - 00029050 ____A C:\ComboFix.txt
2012-07-15 05:32 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-07-15 05:32 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-07-15 05:32 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-07-15 05:32 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-07-15 05:32 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-07-15 05:32 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-07-15 05:32 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-07-15 05:32 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-07-15 05:23 - 2012-07-15 06:03 - 00000000 ____D C:\Qoobox
2012-07-15 05:23 - 2012-07-15 06:00 - 00000000 ____D C:\Windows\erdnt
2012-07-15 04:59 - 2010-05-26 08:39 - 00006144 ____N (Sophos Plc) C:\Windows\System32\67.tmp
2012-07-15 04:57 - 2012-07-15 04:57 - 00000000 ____D C:\Users\All Users\GFI Software
2012-07-14 20:11 - 2012-07-14 20:11 - 00000000 ____D C:\FRST
2012-07-14 19:56 - 2012-07-15 05:13 - 00000000 ____D C:\Program Files\HitmanPro
2012-07-14 19:55 - 2012-07-14 20:11 - 00000000 ____D C:\Users\All Users\HitmanPro
2012-07-14 19:55 - 2012-07-14 19:55 - 08834304 ____A (SurfRight B.V.) C:\Users\snowbordtildeath\Downloads\HitmanPro36_x64.exe
2012-07-14 19:45 - 2012-07-14 19:45 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-14 17:08 - 2012-07-14 17:08 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-14 06:18 - 2012-07-14 06:18 - 00000000 ____D C:\Users\snowbordtildeath\AppData\Roaming\AVG2012
2012-07-14 06:17 - 2012-07-14 06:17 - 00000936 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-14 06:17 - 2012-07-14 06:17 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-07-14 06:16 - 2012-07-14 06:16 - 00000000 ____D C:\$AVG
2012-07-14 06:15 - 2012-07-15 05:09 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-07-14 06:15 - 2012-07-15 05:05 - 00000000 ____D C:\Users\All Users\AVG2012
2012-07-14 06:14 - 2012-07-14 06:14 - 00000000 ____D C:\Program Files (x86)\AVG
2012-07-14 06:10 - 2012-07-15 05:09 - 00000000 ____D C:\Users\All Users\MFAData
2012-07-14 06:10 - 2012-07-14 06:10 - 00384844 ____A C:\Users\snowbordtildeath\AppData\Local\funmoods-speeddial.crx
2012-07-14 06:10 - 2012-07-14 06:10 - 00031465 ____A C:\Users\snowbordtildeath\AppData\Local\funmoods.crx
2012-07-14 06:10 - 2012-07-14 06:10 - 00000000 ____D C:\Program Files (x86)\Funmoods
2012-07-14 06:09 - 2012-07-14 06:09 - 00370048 ____A C:\Users\snowbordtildeath\Downloads\AVG-Anti-Virus-Free-Edition-2012Setup.exe
2012-07-11 16:17 - 2012-07-11 16:17 - 00000012 ____A C:\Users\snowbordtildeath\Downloads\FSSC.dat
2012-07-11 16:16 - 2012-07-15 04:57 - 00000000 ____D C:\Program Files (x86)\Ad-Aware Antivirus
2012-07-11 16:16 - 2012-07-11 16:16 - 00000000 ____D C:\Users\snowbordtildeath\AppData\Local\adawarebp
2012-07-11 16:15 - 2012-07-11 16:15 - 00525344 ____A () C:\Users\snowbordtildeath\Downloads\setup (1).exe
2012-07-11 16:14 - 2012-07-11 16:15 - 06236280 ____A (Lavasoft Limited) C:\Users\snowbordtildeath\Downloads\Adaware_Installer.exe
2012-07-11 15:31 - 2012-07-11 15:31 - 00525344 ____A () C:\Users\snowbordtildeath\Downloads\setup.exe
2012-07-11 15:31 - 2012-07-11 15:31 - 00000000 ____D C:\Users\snowbordtildeath\Documents\SsiAuthenticate
2012-07-11 15:27 - 2012-07-11 15:27 - 00348345 ____A C:\Users\snowbordtildeath\Downloads\Sharp_William_Learning Module 5a - Chapter 8-MU.xlsx
2012-07-11 15:27 - 2012-07-11 15:27 - 00195255 ____A C:\Users\snowbordtildeath\Downloads\Sharp_William_Mark up Module 4 - Chapter 7.xlsx
2012-07-11 15:26 - 2012-07-11 15:26 - 00497015 ____A C:\Users\snowbordtildeath\Downloads\Sharp_William_Learning Module 2b - Chapter 4-MU.xlsx
2012-07-11 15:26 - 2012-07-11 15:26 - 00196313 ____A C:\Users\snowbordtildeath\Downloads\Learning Module 2a - Chapter 3-SHARP-MU.xlsx
2012-07-11 15:26 - 2012-07-11 15:26 - 00172523 ____A C:\Users\snowbordtildeath\Downloads\Module 3 Sharp_William- Chapter 6-MU.xlsx
2012-07-11 15:25 - 2012-07-11 15:25 - 00149760 ____A C:\Users\snowbordtildeath\Downloads\Sharp Learning Module 1-MU.xlsx
2012-07-11 00:47 - 2012-07-11 00:47 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-11 00:25 - 2012-07-11 00:25 - 00008212 ____A C:\Windows\mfebcdata
2012-07-10 22:34 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 20:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 20:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 20:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 20:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 20:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 20:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 20:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 20:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 20:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 20:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 20:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 20:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 20:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 20:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 20:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 20:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 20:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 20:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 20:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 20:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 20:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 20:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 20:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 20:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 20:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 20:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 20:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 20:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 19:56 - 2012-07-14 06:09 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-10 19:47 - 2012-07-10 19:47 - 00207541 ____A C:\Users\snowbordtildeath\Downloads\keygen.zip
2012-07-10 18:07 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 18:07 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 18:07 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 18:07 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 18:07 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 18:07 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 18:07 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 18:07 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 18:07 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 18:07 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 18:07 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 18:07 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 18:07 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 18:07 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 18:07 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 18:07 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 18:07 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 18:05 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 18:05 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-08 15:20 - 2012-07-12 02:55 - 00017770 ____A C:\Users\Public\Documents\Bills 7_8_2012.xlsx
2012-07-08 15:20 - 2012-07-08 15:20 - 00000165 ___AH C:\Users\Public\Documents\~$Bills 7_8_2012.xlsx
2012-07-07 14:30 - 2012-07-08 13:54 - 00000000 ____D C:\Users\snowbordtildeath\Documents\Quicken
2012-07-07 13:55 - 2011-09-16 16:51 - 04200024 ____A (Amyuni Technologies
2012-07-07 13:54 - 2012-07-07 13:54 - 00001761 ____A C:\Users\Public\Desktop\Quicken Home & Business 2012.lnk
2012-07-07 13:52 - 2012-07-07 14:16 - 00000000 ____D C:\Program Files (x86)\Quicken
2012-07-07 13:52 - 2012-07-07 13:54 - 00000126 ____A C:\Windows\QUICKEN.INI
2012-07-07 13:52 - 2012-07-07 13:52 - 00000000 ____D C:\Users\snowbordtildeath\AppData\Roaming\Intuit
2012-07-07 13:51 - 2012-07-07 13:51 - 00000000 ____D C:\Users\All Users\Intuit
2012-07-01 10:35 - 2012-07-01 10:35 - 00739840 ____A (Google Inc.) C:\Users\snowbordtildeath\Downloads\ChromeSetup.exe
2012-06-30 17:57 - 2012-06-30 17:58 - 00000000 ____D C:\Users\snowbordtildeath\Desktop\New folder
2012-06-27 15:49 - 2012-06-27 15:49 - 00823576 ____A (Bandoo Media Inc) C:\Users\snowbordtildeath\Downloads\iLividSetupV1.exe
2012-06-27 14:29 - 2012-06-27 14:29 - 00000000 ____D C:\Users\snowbordtildeath\AppData\Local\Macromedia
2012-06-23 10:17 - 2012-06-23 10:18 - 00061196 ____A C:\Users\snowbordtildeath\Desktop\Student ID.jpeg
2012-06-23 09:49 - 2012-07-02 16:47 - 00025438 ____A C:\Users\Public\Documents\Bills_6_22_12.xlsx
2012-06-22 12:57 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-22 12:57 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-22 12:57 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-22 12:57 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-22 12:56 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-22 12:56 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-22 12:56 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-22 12:56 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-22 12:56 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-22 12:48 - 2012-06-22 12:48 - 00000000 ____D C:\Users\snowbordtildeath\AppData\Roaming\Macrovision


============ 3 Months Modified Files ========================

2012-07-15 08:38 - 2011-05-16 16:48 - 00310082 ____A C:\Users\All Users\lxeescan.log
2012-07-15 08:34 - 2012-07-15 08:34 - 00276824 ____A C:\Windows\Minidump\071512-49311-01.dmp
2012-07-15 08:34 - 2011-03-14 21:17 - 00017214 ____A C:\Windows\setupact.log
2012-07-15 08:34 - 2011-02-14 10:22 - 00000914 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-15 08:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-15 08:33 - 2012-07-15 08:33 - 667523720 ____A C:\Windows\MEMORY.DMP
2012-07-15 08:33 - 2011-03-14 21:17 - 00044652 ____A C:\Windows\PFRO.log
2012-07-15 08:26 - 2012-07-15 08:26 - 00002050 ____A C:\Users\snowbordtildeath\Desktop\aswMBR.txt
2012-07-15 08:26 - 2012-07-15 08:26 - 00000512 ____A C:\Users\snowbordtildeath\Desktop\MBR.dat
2012-07-15 08:20 - 2012-03-30 15:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-15 08:15 - 2012-07-15 08:14 - 04731392 ____A (AVAST Software) C:\Users\snowbordtildeath\Downloads\aswMBR.exe
2012-07-15 08:11 - 2012-07-15 08:11 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\snowbordtildeath\Downloads\tdsskiller.exe
2012-07-15 07:57 - 2011-02-14 10:22 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-15 07:46 - 2010-11-09 23:22 - 00000952 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-142294798-57640970-462181985-1000UA.job
2012-07-15 06:03 - 2012-07-15 06:03 - 00029050 ____A C:\ComboFix.txt
2012-07-15 06:00 - 2009-12-12 16:02 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-15 06:00 - 2009-12-12 16:02 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-15 05:57 - 2011-03-11 08:32 - 01999145 ____A C:\Windows\WindowsUpdate.log
2012-07-15 05:52 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-15 05:51 - 2010-04-26 07:36 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-14 19:55 - 2012-07-14 19:55 - 08834304 ____A (SurfRight B.V.) C:\Users\snowbordtildeath\Downloads\HitmanPro36_x64.exe
2012-07-14 18:02 - 2009-07-13 21:13 - 00797418 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-14 17:08 - 2012-07-14 17:08 - 00001188 ____A C:\Windows\SysWOW64\ServiceConfig.xml
2012-07-14 15:46 - 2010-11-09 23:22 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-142294798-57640970-462181985-1000Core.job
2012-07-14 06:17 - 2012-07-14 06:17 - 00000936 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-07-14 06:10 - 2012-07-14 06:10 - 00384844 ____A C:\Users\snowbordtildeath\AppData\Local\funmoods-speeddial.crx
2012-07-14 06:10 - 2012-07-14 06:10 - 00031465 ____A C:\Users\snowbordtildeath\AppData\Local\funmoods.crx
2012-07-14 06:09 - 2012-07-14 06:09 - 00370048 ____A C:\Users\snowbordtildeath\Downloads\AVG-Anti-Virus-Free-Edition-2012Setup.exe
2012-07-14 06:09 - 2012-07-10 19:56 - 00001076 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-12 02:55 - 2012-07-08 15:20 - 00017770 ____A C:\Users\Public\Documents\Bills 7_8_2012.xlsx
2012-07-12 00:02 - 2006-11-02 04:34 - 00000254 ____A C:\Windows\win.ini
2012-07-11 23:20 - 2012-03-30 15:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 23:20 - 2011-06-22 03:51 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 16:17 - 2012-07-11 16:17 - 00000012 ____A C:\Users\snowbordtildeath\Downloads\FSSC.dat
2012-07-11 16:15 - 2012-07-11 16:15 - 00525344 ____A () C:\Users\snowbordtildeath\Downloads\setup (1).exe
2012-07-11 16:15 - 2012-07-11 16:14 - 06236280 ____A (Lavasoft Limited) C:\Users\snowbordtildeath\Downloads\Adaware_Installer.exe
2012-07-11 15:31 - 2012-07-11 15:31 - 00525344 ____A () C:\Users\snowbordtildeath\Downloads\setup.exe
2012-07-11 15:27 - 2012-07-11 15:27 - 00348345 ____A C:\Users\snowbordtildeath\Downloads\Sharp_William_Learning Module 5a - Chapter 8-MU.xlsx
2012-07-11 15:27 - 2012-07-11 15:27 - 00195255 ____A C:\Users\snowbordtildeath\Downloads\Sharp_William_Mark up Module 4 - Chapter 7.xlsx
2012-07-11 15:26 - 2012-07-11 15:26 - 00497015 ____A C:\Users\snowbordtildeath\Downloads\Sharp_William_Learning Module 2b - Chapter 4-MU.xlsx
2012-07-11 15:26 - 2012-07-11 15:26 - 00196313 ____A C:\Users\snowbordtildeath\Downloads\Learning Module 2a - Chapter 3-SHARP-MU.xlsx
2012-07-11 15:26 - 2012-07-11 15:26 - 00172523 ____A C:\Users\snowbordtildeath\Downloads\Module 3 Sharp_William- Chapter 6-MU.xlsx
2012-07-11 15:25 - 2012-07-11 15:25 - 00149760 ____A C:\Users\snowbordtildeath\Downloads\Sharp Learning Module 1-MU.xlsx
2012-07-11 00:29 - 2009-07-13 20:45 - 00487840 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:25 - 2012-07-11 00:25 - 00008212 ____A C:\Windows\mfebcdata
2012-07-10 20:40 - 2010-01-18 18:14 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 19:47 - 2012-07-10 19:47 - 00207541 ____A C:\Users\snowbordtildeath\Downloads\keygen.zip
2012-07-08 15:20 - 2012-07-08 15:20 - 00000165 ___AH C:\Users\Public\Documents\~$Bills 7_8_2012.xlsx
2012-07-07 13:54 - 2012-07-07 13:54 - 00001761 ____A C:\Users\Public\Desktop\Quicken Home & Business 2012.lnk
2012-07-07 13:54 - 2012-07-07 13:52 - 00000126 ____A C:\Windows\QUICKEN.INI
2012-07-03 10:46 - 2010-08-19 06:02 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 16:47 - 2012-06-23 09:49 - 00025438 ____A C:\Users\Public\Documents\Bills_6_22_12.xlsx
2012-07-01 10:35 - 2012-07-01 10:35 - 00739840 ____A (Google Inc.) C:\Users\snowbordtildeath\Downloads\ChromeSetup.exe
2012-06-27 15:49 - 2012-06-27 15:49 - 00823576 ____A (Bandoo Media Inc) C:\Users\snowbordtildeath\Downloads\iLividSetupV1.exe
2012-06-23 10:18 - 2012-06-23 10:17 - 00061196 ____A C:\Users\snowbordtildeath\Desktop\Student ID.jpeg
2012-06-13 18:25 - 2012-06-13 18:25 - 00002667 ____A C:\Users\Public\Desktop\Minitab 15 English.lnk
2012-06-13 18:25 - 2012-06-13 18:25 - 00000065 ____A C:\Windows\minitab.ini
2012-06-13 18:19 - 2012-06-13 18:14 - 140491872 ____A (Minitab, Inc ) C:\Users\snowbordtildeath\Downloads\Minitab1513_English_30Day.exe
2012-06-11 19:08 - 2012-07-10 22:34 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 18:34 - 2012-06-04 19:33 - 00022665 ____A C:\Users\snowbordtildeath\Documents\Bills_6_4_12.xlsx
2012-06-08 21:43 - 2012-07-10 18:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 18:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 18:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 18:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 18:05 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 18:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 18:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 18:05 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-22 12:57 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 12:57 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 12:57 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 12:56 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 12:56 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 12:57 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 12:56 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-22 12:56 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-22 12:56 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 20:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 20:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 20:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 20:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 20:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 20:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 20:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 20:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 20:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 20:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 20:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 20:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 20:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 20:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 20:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 20:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 20:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 20:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 20:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 20:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 20:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 20:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 20:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 20:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 20:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 20:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 20:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 18:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 18:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 18:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 18:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 18:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 18:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 18:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 18:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 18:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-19 18:06 - 2012-05-19 18:06 - 00784784 ____A (Solid State Networks) C:\Users\snowbordtildeath\Downloads\install_reader10_en_aih(1).exe
2012-05-16 19:14 - 2010-11-18 07:17 - 00074010 ____A C:\Windows\System32\peerblock.dmp
2012-05-12 07:57 - 2012-05-12 07:57 - 00018583 ____A C:\Users\snowbordtildeath\Documents\Bills_5_11_12.xlsx
2012-05-12 07:27 - 2011-10-09 14:15 - 00007606 ____A C:\Users\snowbordtildeath\AppData\Local\Resmon.ResmonCfg
2012-05-04 03:06 - 2012-06-13 17:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 17:06 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 17:06 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 18:21 - 2012-05-02 18:21 - 00017536 ____A C:\Users\snowbordtildeath\Documents\Bills_5_2_12.xlsx
2012-05-01 16:51 - 2012-05-01 16:51 - 00472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-01 16:51 - 2012-05-01 16:51 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-01 16:51 - 2012-05-01 16:51 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-01 16:51 - 2012-05-01 16:51 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-01 16:49 - 2012-05-01 16:47 - 39401336 ____A (Apple Inc.) C:\Users\snowbordtildeath\Downloads\QuickTimeInstaller.exe
2012-05-01 16:47 - 2012-05-01 16:47 - 00908576 ____A (Sun Microsystems, Inc.) C:\Users\snowbordtildeath\Downloads\jxpiinstall.exe
2012-04-30 21:40 - 2012-06-13 17:06 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 17:06 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 17:07 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 17:07 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 17:07 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 17:06 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 17:06 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 17:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 17:06 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 17:06 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 17:06 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 01:50 - 2012-04-19 01:50 - 00028480 ____A (AVG Technologies CZ, s.r.o. ) C:\Windows\System32\Drivers\avgidsha.sys


ZeroAccess:
C:\Windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}
C:\Windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\L
C:\Windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}\U

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3963.99 MB
Available physical RAM: 3345.07 MB
Total Pagefile: 3962.14 MB
Available Pagefile: 3337.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (TI100680V0E) (Fixed) (Total:286.58 GB) (Free:24.83 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (TOSHIBA SYSTEM VOLUME) (Fixed) (Total:1.46 GB) (Free:1.3 GB) NTFS
4 Drive f: () (Removable) (Total:1.87 GB) (Free:0.79 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 1920 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 1500 MB 1024 KB
Partition 2 Primary 286 GB 1501 MB
Partition 3 Primary 10 GB 288 GB

==================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D TOSHIBA SYS NTFS Partition 1500 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C TI100680V0E NTFS Partition 286 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1919 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 1919 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 21:27

======================= End Of Log ==========================

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 15 July 2012 - 12:17 PM

Hello

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

C:\Windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Gringo[/b]
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 15 July 2012 - 01:10 PM

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 14-07-2012 01
Ran by SYSTEM at 2012-07-15 13:04:29 Run:2
Running from F:\

==============================================

C:\Windows\Installer\{20d4a7f4-92fc-78f5-ea44-1fc18ca4d600} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

==== End of Fixlog ====

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 15 July 2012 - 02:33 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\Funmoods

DDS::
uStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
mStart Page = hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607

Firefox::
FF - ProfilePath - c:\users\snowbordtildeath\AppData\Roaming\Mozilla\Firefox\Profiles\0knq8ve4.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=aln&chnl=aln&cd=2XzuyEtN2Y1L1QzutDtD0F0F0BtDtB0B0B0DtDyCzytB0EtCtN0D0Tzu0CtCzyyDtN1L2XzutBtFtCtFtDtFtAtDtC&cr=112997607&q=
FF - user.js: extensions.funmoods.id - 00FFB02BBD0692E1
FF - user.js: extensions.funmoods.instlDay - 15535
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.229:10
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - aln
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - aln
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{66D2B6B0-0AC3-1D5E-AFE4FCFC2DBC1E0D}\{D0054572-6CDD-7E67-D144F5B82EF8A509}\{800AEEDD-FDE9-D9F6-54124DEBF6D799D2}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 15 July 2012 - 04:27 PM

No problems running combofix with the script. Computer seems to be acting normal now, no problems that i can detect.

Here is the log:


ComboFix 12-07-14.01 - snowbordtildeath 07/15/2012 16:04:06.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3964.2536 [GMT -5:00]
Running from: c:\users\snowbordtildeath\Desktop\ComboFix.exe
Command switches used :: c:\users\snowbordtildeath\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\snowbordtildeath\AppData\Roaming\inst.exe
c:\users\snowbordtildeath\Favorites\Free Mobile Ringtones.url
c:\users\snowbordtildeath\Favorites\Free VIDEO iPod!.url
c:\users\snowbordtildeath\Favorites\Get 100000 Free Smileys!.url
c:\users\snowbordtildeath\Favorites\Weather Toolbar and Smileys!.url
c:\windows\NCLAUNCH.EXe
c:\windows\system32\AutoRun.inf
c:\windows\system32\Thumbs.db
.
---- Previous Run -------
.
c:\program files (x86)\Funmoods\1.5.23.22\bh\escort.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortApp.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortEng.dll
c:\program files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
c:\program files (x86)\Funmoods\1.5.23.22\escortShld.dll
c:\program files (x86)\Funmoods\1.5.23.22\FavIcon.ico
c:\program files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe
c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-15 to 2012-07-15 )))))))))))))))))))))))))))))))
.
.
2012-07-15 21:13 . 2012-07-15 21:13 -------- d-----w- c:\users\Mcx1-SNOWBORDTILD-PC\AppData\Local\temp
2012-07-15 21:13 . 2012-07-15 21:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-15 12:59 . 2010-05-26 16:39 6144 ------w- c:\windows\system32\67.tmp
2012-07-15 12:57 . 2012-07-15 12:57 -------- d-----w- c:\programdata\GFI Software
2012-07-15 04:11 . 2012-07-15 04:11 -------- d-----w- C:\FRST
2012-07-15 03:56 . 2012-07-15 13:13 -------- d-----w- c:\program files\HitmanPro
2012-07-15 03:55 . 2012-07-15 04:11 -------- d-----w- c:\programdata\HitmanPro
2012-07-15 03:45 . 2012-07-15 03:45 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-14 14:18 . 2012-07-14 14:18 -------- d-----w- c:\users\snowbordtildeath\AppData\Roaming\AVG2012
2012-07-14 14:17 . 2012-07-14 14:17 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-14 14:16 . 2012-07-14 14:16 -------- d-----w- C:\$AVG
2012-07-14 14:15 . 2012-07-15 13:09 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-14 14:15 . 2012-07-15 13:05 -------- d-----w- c:\programdata\AVG2012
2012-07-14 14:14 . 2012-07-14 14:14 -------- d-----w- c:\program files (x86)\AVG
2012-07-14 14:10 . 2012-07-15 13:09 -------- d-----w- c:\programdata\MFAData
2012-07-14 14:10 . 2012-07-14 14:10 -------- d--h--w- c:\programdata\Common Files
2012-07-12 00:16 . 2012-07-15 12:57 -------- d-----w- c:\program files (x86)\Ad-Aware Antivirus
2012-07-12 00:16 . 2012-07-12 00:16 -------- d-----w- c:\users\snowbordtildeath\AppData\Local\adawarebp
2012-07-11 08:47 . 2012-07-11 08:47 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-11 06:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:07 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 02:05 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 02:05 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2012-07-11 02:05 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2012-07-11 02:05 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-11 02:05 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-07-11 02:05 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2012-07-11 02:05 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll
2012-07-11 02:05 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 02:05 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 02:05 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 02:05 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-11 02:05 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-11 02:05 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-07-07 21:55 . 2012-07-07 21:55 -------- d-----w- c:\program files (x86)\Common Files\AnswerWorks 5.0
2012-07-07 21:55 . 2011-09-17 00:51 4200024 ----a-w- c:\windows\SysWow64\cdintf400.dll
2012-07-07 21:53 . 2012-07-07 21:53 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-07-07 21:52 . 2012-07-07 22:16 -------- d-----w- c:\program files (x86)\Quicken
2012-07-07 21:52 . 2012-07-07 21:52 -------- d-----w- c:\users\snowbordtildeath\AppData\Roaming\Intuit
2012-07-07 21:51 . 2012-07-07 21:51 -------- d-----w- c:\programdata\Intuit
2012-06-27 22:29 . 2012-06-27 22:29 -------- d-----w- c:\users\snowbordtildeath\AppData\Local\Macromedia
2012-06-22 20:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 20:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 20:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 20:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 20:56 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 20:56 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 20:56 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 20:56 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 20:56 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 20:48 . 2012-06-22 20:48 -------- d-----w- c:\users\snowbordtildeath\AppData\Roaming\Macrovision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 13:39 . 2012-07-15 13:39 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD56324D-515A-4D72-8F82-5A0D1ACCABC1}\offreg.dll
2012-07-12 07:20 . 2012-03-30 23:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 07:20 . 2011-06-22 11:51 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 18:46 . 2010-08-19 14:02 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-31 04:04 . 2012-07-11 01:50 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CD56324D-515A-4D72-8F82-5A0D1ACCABC1}\mpengine.dll
2012-05-30 22:56 . 2012-05-30 22:56 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-04 11:06 . 2012-06-14 01:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-14 01:06 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-14 01:06 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 00:51 . 2012-05-02 00:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-05-01 05:40 . 2012-06-14 01:06 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-14 01:06 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-14 01:07 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-14 01:07 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-14 01:07 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-14 01:06 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-14 01:06 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-14 01:06 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:06 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-14 01:06 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-14 01:06 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-15_13.52.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-13 01:16 . 2012-07-15 21:16 54066 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-15 21:16 49790 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-13 01:01 . 2012-07-15 21:16 18846 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-142294798-57640970-462181985-1000_UserData.bin
- 2009-07-14 05:30 . 2012-07-15 13:33 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-07-15 20:58 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-12-13 00:03 . 2012-07-15 21:12 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-13 00:03 . 2012-07-14 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-13 00:03 . 2012-07-14 14:58 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-13 00:03 . 2012-07-15 21:12 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-14 14:58 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-15 21:12 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-15 13:51 . 2012-07-15 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 21:14 . 2012-07-15 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 21:14 . 2012-07-15 21:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-15 13:51 . 2012-07-15 13:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-14 02:18 . 2012-07-15 20:55 410320 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-07-14 05:30 . 2012-07-15 20:58 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-07-15 13:33 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-07-15 20:58 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-07-15 13:33 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 05:01 . 2012-07-15 21:13 436400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-15 13:49 436400 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-21 07:03 . 2012-07-15 21:13 5595212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-142294798-57640970-462181985-1000-12288.dat
- 2011-01-21 07:03 . 2012-07-15 13:49 5595212 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-142294798-57640970-462181985-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe autorun" [X]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Lexmark Pro700 Series"="c:\program files (x86)\Lexmark Pro700 Series\fm3032.exe" [2010-05-17 316072]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 DhaHelper;DhaHelper;c:\windows\system32\drivers\dhahelper.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-01-13 36328]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [x]
R3 clr_optimization_v4.0.21006_32;Microsoft .NET Framework NGEN v4.0.21006_X86;c:\windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe [x]
R3 clr_optimization_v4.0.21006_64;Microsoft .NET Framework NGEN v4.0.21006_X64;c:\windows\Microsoft.NET\Framework64\v4.0.21006\mscorsvw.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-19 1030600]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-10 136176]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [2007-03-20 16896]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\67.tmp [2010-05-26 6144]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-13 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-13 177128]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-01-13 145384]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-02-11 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-31 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 camsvc;TOSHIBA Web Camera Service;c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-04-17 20544]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 iPodDrv;iPodDrv;c:\windows\system32\drivers\iPodDrv.sys [2011-03-10 14952]
S2 JuniperAccessService;Juniper Unified Network Service;c:\program files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2010-08-16 198000]
S2 lxee_device;lxee_device;c:\windows\system32\lxeecoms.exe [2010-04-14 1052328]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\rselect\RSelSvc.exe [2009-02-19 55808]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 251392]
S2 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-04-10 803696]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-03-23 14472]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-04-12 52632]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 8704]
S3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [2010-06-03 15160]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-03-16 82816]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-03-18 32832]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeapfk
*Deregistered* - mfeavfk
*Deregistered* - mfehidk
*Deregistered* - mferkdet
*Deregistered* - sptd
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:20]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 07:22]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-14 07:22]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-142294798-57640970-462181985-1000Core.job
- c:\users\snowbordtildeath\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 07:22]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-142294798-57640970-462181985-1000UA.job
- c:\users\snowbordtildeath\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-10 07:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1713448]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [BU]
"TPCHWMsg"="c:\program files (x86)\TOSHIBA\TPHM\TPCHWMsg.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-29 7982112]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 365592]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-09-29 90624]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"lxeemon.exe"="c:\program files (x86)\Lexmark Pro700 Series\lxeemon.exe" [2010-05-17 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro700 Series\ezprint.exe" [2010-05-17 148280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\snowbordtildeath\AppData\Roaming\Mozilla\Firefox\Profiles\0knq8ve4.default\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-funmoods - c:\progra~2\Funmoods\1.5.23.22\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\67.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Juniper Networks\Common Files\dsNcService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-07-15 16:23:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-15 21:23
ComboFix2.txt 2012-07-15 14:03
.
Pre-Run: 26,714,243,072 bytes free
Post-Run: 26,650,599,424 bytes free
.
- - End Of File - - 9FDA8CA64985C3C328E23FD6D2C1D15A

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:17 PM

Posted 15 July 2012 - 09:06 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 31
LimeWire 5.4.6
LimeWire SpeedUp Pro
Vuze
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 16 July 2012 - 07:54 PM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.16.12

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
snowbordtildeath :: SNOWBORDTILD-PC [administrator]

Protection: Enabled

7/16/2012 7:47:54 PM
mbam-log-2012-07-16 (19-47-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238455
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 13
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\escort.escortIEPane (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\funmoodsApp.appCore (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\f (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#15 sharpie22

sharpie22
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:17 AM

Posted 16 July 2012 - 07:57 PM

Computer is still running well, I did not have any issues running any of these scans.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:55:57 PM, on 7/16/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark Pro700 Series\lxeemon.exe
C:\Program Files (x86)\Lexmark Pro700 Series\ezprint.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\snowbordtildeath\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\snowbordtildeath\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItBHO.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: dTPodcastBHO - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files (x86)\Common Files\doubleTwist\IEPodcastPlugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 7\SnagItIEAddin.dll (file missing)
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Lexmark Pro700 Series] "C:\Program Files (x86)\Lexmark Pro700 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: TOSHIBA Web Camera Service (camsvc) - TOSHIBA - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: Microsoft .NET Framework NGEN v4.0.21006_X86 (clr_optimization_v4.0.21006_32) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.21006\mscorsvw.exe (file missing)
O23 - Service: Microsoft .NET Framework NGEN v4.0.21006_X64 (clr_optimization_v4.0.21006_64) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.21006\mscorsvw.exe (file missing)
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxee_device - - C:\Windows\system32\lxeecoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: TOSHIBA Modem region select service (RSELSVC) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe,-100 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework64\v4.0.21006\WPF\WPFFontCache_v0400.exe (file missing)

--
End of file - 14104 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users