Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected by some sort of rootkit


  • This topic is locked This topic is locked
41 replies to this topic

#1 shyguy7829

shyguy7829

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 22 July 2012 - 01:58 PM

My computer has been running slow and is plagued by blue screens about a few minutes after startup. After monitoring task manager for a bit, I discovered conhost.exe and csc.exe popping momentarily before disappearing. Finally, MSE refuses to boot and I can no longer access any services in the Control Panel (i.e. screen resolution and Windows Firewall). I'm at a loss at what to do. Please help. No GMER log because I use a 64-bit OS.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by scout pilgrim at 11:36:50 on 2012-07-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4020.3242 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
-netsvcs
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://maplestory.nexon.net/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\scout pilgrim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [eSnips_Downloader] "C:\Program Files (x86)\Logia\eSnipsDownloader\eSnips_Downloader.exe" -startup
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download All By FlashGet3 - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: ed.gov\fafsa
Trusted Zone: freerealms.com
Trusted Zone: kuaiche.com\software
Trusted Zone: sannybuilder.com\alexander
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\26C61636B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\34271636B62616C6C6B225 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\5325447524 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\84F6D656D2845716E676 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\E424759553 : DhcpNameServer = 192.168.1.1 68.238.64.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: eSnipsBHO Class: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll
BHO-X64: eSnipBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [eSnips_Downloader] "C:\Program Files (x86)\Logia\eSnipsDownloader\eSnips_Downloader.exe" -startup
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\scout pilgrim\AppData\Roaming\Mozilla\Firefox\Profiles\29oi5irn.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\scout pilgrim\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\scout pilgrim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
S0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
S1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
S1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
S1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-30 8704]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-4 13336]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 652360]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-7-21 934496]
S3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-1-11 131912]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\windows\system32\DRIVERS\tap0901t.sys --> C:\windows\system32\DRIVERS\tap0901t.sys [?]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-4 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-9-7 736104]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-22 18:13:53 20480 ----a-w- C:\windows\svchost.exe
2012-07-22 05:13:20 -------- d-----w- C:\Users\scout pilgrim\AppData\Roaming\AVG2012
2012-07-22 05:12:35 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-22 05:12:29 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-22 05:12:27 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-22 05:11:04 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-07-22 05:10:09 -------- d-----w- C:\windows\System32\drivers\AVG
2012-07-22 05:08:22 -------- d-----w- C:\windows\System32\MpEngineStore
2012-07-22 02:27:18 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{486D30E2-257D-4D3D-A76E-0455775A8266}\mpengine.dll
2012-07-18 05:35:59 -------- d-----w- C:\packages
2012-07-18 05:35:26 -------- d-----w- C:\Hailan_Data
2012-07-17 05:50:40 -------- d-----w- C:\Program Files (x86)\Project Zomboid
2012-07-14 21:48:40 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 07:13:07 -------- d-----w- C:\Program Files (x86)\FDRLab
2012-07-06 01:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-04 14:52:32 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AF17EA3-A607-4968-AF36-1CC1C40EF391}\gapaengine.dll
2012-07-03 21:00:31 3130440 ----a-w- C:\windows\SysWow64\pbsvc_blr.exe
2012-07-03 21:00:27 -------- d-----w- C:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-06-29 18:12:58 -------- d-----w- C:\Users\scout pilgrim\AppData\Roaming\NeopleLauncherDFO
2012-06-25 01:44:29 -------- d-----w- C:\Program Files (x86)\CapsuleGames
2012-06-25 01:32:55 -------- d-----w- C:\Users\scout pilgrim\AppData\Local\Green Man Gaming
2012-06-25 01:32:15 -------- d-----w- C:\Program Files (x86)\Capsule
.
==================== Find3M ====================
.
2012-07-16 19:18:41 283304 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2012-07-16 19:18:41 283304 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2012-07-12 19:32:09 283304 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2012-07-03 21:11:23 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2012-06-14 14:48:32 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 14:48:32 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-05 07:23:11 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2006-05-03 19:06:54 163328 --sh--r- C:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47:16 31232 --sh--r- C:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30:52 216064 --sh--r- C:\windows\SysWOW64\nbDX.dll
.
============= FINISH: 11:40:51.25 ===============

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:31 AM

Posted 27 July 2012 - 02:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/461923 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 shyguy7829

shyguy7829
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 27 July 2012 - 02:56 PM

Nothing has changed since my last post. Control Panel is still down.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.0
Run by scout pilgrim at 12:49:17 on 2012-07-27
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4020.2041 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\windows\system32\DRIVERS\o2flash.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\SearchIndexer.exe
-netsvcs
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\SpeedFan\speedfan.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://maplestory.nexon.net/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
uURLSearchHooks: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "C:\Users\scout pilgrim\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [eSnips_Downloader] "C:\Program Files (x86)\Logia\eSnipsDownloader\eSnips_Downloader.exe" -startup
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download All By FlashGet3 - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://C:\Program Files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: ed.gov\fafsa
Trusted Zone: freerealms.com
Trusted Zone: kuaiche.com\software
Trusted Zone: sannybuilder.com\alexander
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxp://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.127.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} - hxxps://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\26C61636B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\34271636B62616C6C6B225 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\46C696E6B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\5325447524 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\84F6D656D2845716E676 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{3AE9FB29-05C2-4D7D-BEC2-A6EDC08E5D69}\E424759553 : DhcpNameServer = 192.168.1.1 68.238.64.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO-X64: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\scout pilgrim\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
BHO-X64: FlashGetBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: eSnipsBHO Class: {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll
BHO-X64: eSnipBHO - No File
BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO-X64: Google Dictionary Compression sdch - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [eSnips_Downloader] "C:\Program Files (x86)\Logia\eSnipsDownloader\eSnips_Downloader.exe" -startup
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\scout pilgrim\AppData\Roaming\Mozilla\Firefox\Profiles\29oi5irn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\scout pilgrim\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\scout pilgrim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
P2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-4-30 8704]
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\windows\system32\DRIVERS\avgfwd6a.sys --> C:\windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\system32\DRIVERS\dtsoftbus01.sys --> C:\windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-27 252784]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-8-15 2329480]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-4 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 652360]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-9-28 251760]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-7-21 934496]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 O2MDGRDR;O2MDGRDR;C:\windows\system32\DRIVERS\o2mdgx64.sys --> C:\windows\system32\DRIVERS\o2mdgx64.sys [?]
R3 O2SDGRDR;O2SDGRDR;C:\windows\system32\DRIVERS\o2sdgx64.sys --> C:\windows\system32\DRIVERS\o2sdgx64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);C:\windows\system32\DRIVERS\tap0901t.sys --> C:\windows\system32\DRIVERS\tap0901t.sys [?]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-6-4 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\windows\system32\DRIVERS\BrSerIb.sys --> C:\windows\system32\DRIVERS\BrSerIb.sys [?]
S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\windows\system32\DRIVERS\BrUsbSIb.sys --> C:\windows\system32\DRIVERS\BrUsbSIb.sys [?]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-1-11 131912]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-27 129976]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TunngleService;TunngleService;C:\Program Files (x86)\Tunngle\TnglCtrl.exe [2011-9-7 736104]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-27 14:43:26 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-07-27 14:43:02 97208 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-27 14:43:02 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-07-27 14:43:02 19384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2012-07-27 14:43:01 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-07-27 14:43:01 125880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2012-07-27 14:43:00 924600 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2012-07-27 14:43:00 588728 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-27 14:43:00 269240 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2012-07-27 14:42:59 449464 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2012-07-27 14:42:59 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-27 14:42:59 101304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2012-07-27 14:42:52 43960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-07-27 14:42:52 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-24 15:10:53 626688 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr80.dll
2012-07-24 15:10:53 548864 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp80.dll
2012-07-24 15:10:53 479232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcm80.dll
2012-07-22 18:13:53 20480 ----a-w- C:\windows\svchost.exe
2012-07-22 05:13:20 -------- d-----w- C:\Users\scout pilgrim\AppData\Roaming\AVG2012
2012-07-22 05:12:35 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-07-22 05:12:29 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-07-22 05:12:27 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-07-22 05:11:04 -------- d-----w- C:\windows\SysWow64\drivers\AVG
2012-07-22 05:10:09 -------- d-----w- C:\windows\System32\drivers\AVG
2012-07-22 05:08:22 -------- d-----w- C:\windows\System32\MpEngineStore
2012-07-22 02:27:18 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{486D30E2-257D-4D3D-A76E-0455775A8266}\mpengine.dll
2012-07-18 05:35:59 -------- d-----w- C:\packages
2012-07-18 05:35:26 -------- d-----w- C:\Hailan_Data
2012-07-17 05:50:40 -------- d-----w- C:\Program Files (x86)\Project Zomboid
2012-07-14 21:48:40 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 07:13:07 -------- d-----w- C:\Program Files (x86)\FDRLab
2012-07-06 01:45:34 5030088 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-04 14:52:32 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AF17EA3-A607-4968-AF36-1CC1C40EF391}\gapaengine.dll
2012-07-03 21:00:31 3130440 ----a-w- C:\windows\SysWow64\pbsvc_blr.exe
2012-07-03 21:00:27 -------- d-----w- C:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-06-29 18:12:58 -------- d-----w- C:\Users\scout pilgrim\AppData\Roaming\NeopleLauncherDFO
.
==================== Find3M ====================
.
2012-07-26 22:01:56 281288 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2012-07-26 22:01:56 281288 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2012-07-26 21:59:59 283416 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2012-07-26 20:01:44 76888 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2012-06-14 14:48:32 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 14:48:32 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-05-18 02:06:48 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\windows\System32\win32k.sys
2012-05-05 07:23:11 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2006-05-03 19:06:54 163328 --sh--r- C:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47:16 31232 --sh--r- C:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30:52 216064 --sh--r- C:\windows\SysWOW64\nbDX.dll
.
============= FINISH: 12:54:11.70 ===============

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:31 AM

Posted 29 July 2012 - 10:13 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Nothing suspicious was found on your DDS log.

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • List last 10 Event Viewer log
  • List Installed Programs
Click Go and copy/paste the log (Result.txt) into your next post.

#5 shyguy7829

shyguy7829
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 29 July 2012 - 01:19 PM

MiniToolBox by Farbar Version: 23-07-2012
Ran by scout pilgrim (administrator) on 29-07-2012 at 11:17:32
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/28/2012 07:35:30 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/27/2012 11:24:35 PM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80040154

Error: (07/27/2012 11:24:14 PM) (Source: SignInAssistant) (User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(24:09:04), Done:(24:14:07)

Error: (07/27/2012 00:54:15 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040154, Class not registered
.


Operation:
Initialize For Backup

Error: (07/27/2012 00:54:15 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: A critical component required by the Volume Shadow Copy service is not registered.
This might happened if an error occurred during Windows setup or during installation of a Shadow Copy provider.
The error returned from CoCreateInstance on class with CLSID {f5078f32-c551-11d3-89b9-0000f81fe221} and Name MSXML30 is [0x80040154, Class not registered
].


Operation:
Initialize For Backup

Error: (07/27/2012 00:52:33 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/27/2012 11:09:04 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80004005

Error: (07/27/2012 07:41:47 AM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80048883

Error: (07/26/2012 08:50:17 PM) (Source: SignInAssistant) (User: )
Description: InitializeSvcAPI failed with hr = 0x80040154

Error: (07/26/2012 08:49:55 PM) (Source: SignInAssistant) (User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(49:50:884), Done:(49:55:886)


System errors:
=============
Error: (07/29/2012 09:35:34 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (07/29/2012 07:50:36 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/29/2012 07:50:36 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/29/2012 07:50:36 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/29/2012 07:50:36 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/29/2012 07:50:14 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY59

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/28/2012 07:49:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/28/2012 07:49:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/28/2012 07:49:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (07/28/2012 07:49:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.129.1728.0

Update Source: %NT AUTHORITY51

Update Stage: 4.0.1526.00

Source Path: 4.0.1526.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\NETWORK SERVICE

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (07/28/2012 07:35:30 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/27/2012 11:24:35 PM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80040154

Error: (07/27/2012 11:24:14 PM) (Source: SignInAssistant)(User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(24:09:04), Done:(24:14:07)

Error: (07/27/2012 00:54:15 PM) (Source: VSS)(User: )
Description: CoCreateInstance0x80040154, Class not registered


Operation:
Initialize For Backup

Error: (07/27/2012 00:54:15 PM) (Source: VSS)(User: )
Description: {f5078f32-c551-11d3-89b9-0000f81fe221}MSXML300x80040154, Class not registered


Operation:
Initialize For Backup

Error: (07/27/2012 00:52:33 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/27/2012 11:09:04 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80004005

Error: (07/27/2012 07:41:47 AM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80048883

Error: (07/26/2012 08:50:17 PM) (Source: SignInAssistant)(User: )
Description: InitializeSvcAPI failed with hr = 0x80040154

Error: (07/26/2012 08:49:55 PM) (Source: SignInAssistant)(User: )
Description: EnsureServiceStarted failed with hr = 0x800706ba. Started:(49:50:884), Done:(49:55:886)


=========================== Installed Programs ============================

7-Zip 9.20
Adobe AIR (Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.257)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.235)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Allods Online 2.0.06.65.1 (Version: 2.0.06.65.1)
ARMA 2 Operation Arrowhead Uninstall
ArmA 2 Uninstall
ArmA II Launcher (Version: 1.4.1.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.17)
Audiosurf Demo
AVG 2012 (Version: 12.0.2197)
AVG 2012 (Version: 12.0.2437)
AVG 2012 (Version: 2012.0.2197)
AviSynth 2.5
Bandisoft MPEG-1 Decoder
BatteryBar (remove only)
Battlefield 3™ (Version: 1.0.0.0)
Battlelog Web Plugins (Version: 1.122.0)
BattlEye for OA Uninstall
BattlEye Uninstall
Bing Bar (Version: 7.0.609.0)
Bing Rewards Client Installer (Version: 16.0.345.0)
BioShock 2 (Version: 1.0.0003.131)
Bluetooth Stack for Windows by Toshiba (Version: v7.10.01(T))
BOSS (Version: 2.0.0)
Bulk Image Downloader v4.41.0.0
Capsule (Version: 1.0.000)
Comical 0.8
COMODO GeekBuddy (Version: 3.3.217083.59)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Creation Kit
D3DX10 (Version: 15.4.2368.0902)
DAEMON Tools Pro (Version: 4.41.0315.0262)
Dead Rising 2 (Version: 1.0.0002.130)
Dead Rising 2: Off The Record (Version: 1.0.0001.131)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Desura (Version: 100.53)
DFOLauncher
DivX Setup (Version: 2.6.1.8)
Dolby Axon - 1.4.0.1 (Version: 1.4.0.1)
Dolby Control Center (Version: 2.2.1)
Download Manager 2.3.10 (Version: 2.3.10)
Dual-Core Optimizer (Version: 1.1.4.0169)
Duke Nukem 3D
Dungeons & Dragons Online ®: Eberron Unlimited ™ v01.17.01.801 (Version: 01.17.01.8018)
EA Installer (Version: 2.2.0.62)
EA Shared Game Component: Activation (Version: 2.2.0)
EA Shared Game Component: Activation (Version: 2.2.0.62)
Easy CD-DA Extractor 16 (Version: 16.0.2)
Eraser 6.0.9.2343 (Version: 6.0.2343)
ESET Online Scanner v3
ESN Sonar (Version: 0.70.0)
ESN Sonar (Version: 0.70.4)
eSnips Downloader
Fallout
Fallout Mod Manager 0.13.21
Fallout: New Vegas
ffdshow [rev 3154] [2009-12-09] (Version: 1.0)
FlashGet 3.3 (Version: 3.3.0.1092)
GameRanger
GamersFirst LIVE!
Google Chrome (Version: 20.0.1132.57)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Haali Media Splitter
Half-Life
Handy Recovery 4.0
Handy Recovery 5.5 (Version: 5.5)
HDMI Control Manager (Version: 2.0)
Hero Fighter
Hi-Rez Studios Authenticate and Update Service (Version: 3.0.0.0)
HiJackThis (Version: 1.0.0)
HunterBlade 0.050413 (Version: 0.050413)
ImgBurn (Version: 2.5.5.0)
Installer (Version: 1.0.0)
Intel® Control Center (Version: 1.2.0.1006)
Intel® Rapid Storage Technology (Version: 9.5.0.1037)
Intel® Turbo Boost Technology Driver (Version: 01.00.01.1002)
IZArc 4.1.2 (Version: 4.1.2)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 25 (Version: 6.0.250)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 7 Update 3 (Version: 7.0.30)
JDownloader
Junk Mail filter update (Version: 15.4.3502.0922)
K-Lite Codec Pack 6.3.0 (Basic) (Version: 6.3.0)
Kingdoms of Amalur Reckoning (Version: Kingdoms of Amalur Reckoning)
Kubik (Version: 1.7.3)
Little Fighter 2 version 2.0a
LogMeIn Hamachi (Version: 2.1.0.124)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
Mass Effect™ 3 (Version: 1.03.0.0)
Media Player Classic - Home Cinema v1.5.0.2827 x64 (Version: 1.5.0.2827)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0)
Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Multiple Image Resizer .NET 4 (Version: 4.0.0.0)
Natural Selection 2
Neverwinter Nights Diamond Edition
Nexon Game Manager
Nexus Mod Manager (Version: 0.18.7)
Notepad++ (Version: 6.1.2)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA 3D Vision Controller Driver 295.73 (Version: 295.73)
NVIDIA Control Panel 295.73 (Version: 295.73)
NVIDIA Graphics Driver 295.73 (Version: 295.73)
NVIDIA HD Audio Driver 1.3.12.0 (Version: 1.3.12.0)
NVIDIA Install Application (Version: 2.1002.62.312)
NVIDIA PhysX (Version: 9.12.0209)
NVIDIA PhysX System Software 9.12.0209 (Version: 9.12.0209)
O2Micro Flash Memory Card Windows Driver (Version: 2.0.24.D)
OpenAL
Opera 12.00 (Version: 12.00.1467)
Origin (Version: 8.6.0.357)
Pando (Version: 2.5.1.11)
Pando Media Booster (Version: 2.6.0.1)
Path of Exile (Version: 0.9.9.16794)
Perfect Uninstaller v6.3.3.8
Planetside
PlayReady PC Runtime amd64 (Version: 1.3.0)
Project Zomboid (remove only)
PunkBuster Services (Version: 0.993)
Raptr
REACTOR (Version: 1.00.0000)
Realm of the Mad God
Realtek WLAN Driver (Version: 2.00.0006)
Revo Uninstaller Pro 2.5.3 (Version: 2.5.3)
Rhythm Zone
Roxio Burn (Version: 1.2)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Roxio Burn (Version: 1.0.0)
Roxio Update Manager (Version: 6.0.0)
S.W.A.T. 4
save2pc 5.15
SCHTHACK PSOBB Compatibility Database
Six Updater (Version: 2.09.6014)
Skype Click to Call (Version: 6.1.10441)
Skype™ 5.8 (Version: 5.8.158)
SpeedFan (remove only)
Star Wars®: Knights of the Old Republic ™
Steam (Version: 1.0.0.0)
StepMania (remove only)
Street Fighter X Tekken (Version: 1.0.0.0)
Super Monday Night Combat
Super Street Fighter IV: Arcade Edition
SWAT 4 - The Stetchkov Syndicate (Version: 1.0.0)
Synaptics Pointing Device Driver (Version: 13.2.7.3)
Synergy
System Requirements Lab
System Requirements Lab CYRI (Version: 4.5.1.0)
Team Fortress 2
The Elder Scrolls V: Skyrim
The Lord of the Rings Online™ v03.04.04.8012 (Version: 03.04.04.8012)
The Polynomial
TOSHIBA Application Installer (Version: 9.0.1.0)
TOSHIBA Assist (Version: 3.00.10)
TOSHIBA Bulletin Board (Version: 1.5.05.64)
TOSHIBA ConfigFree (Version: 8.0.25)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (Version: 3.01.1.07-A)
TOSHIBA eco Utility (Version: 1.1.12.64)
TOSHIBA Extended Tiles for Windows Mobility Center (Version: )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Hardware Setup (Version: 4.02.01.00)
TOSHIBA HDD Protection (Version: 2.2.0.3)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.4)
TOSHIBA Media Controller (Version: 1.0.65)
TOSHIBA PC Health Monitor (Version: 1.5.1.64)
TOSHIBA Quality Application (Version: 1.0.1)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.5.07.64)
TOSHIBA Service Station (Version: 2.1.40)
TOSHIBA Speech System Applications (Version: 1.00.2518)
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password (Version: 4.02.01.00)
TOSHIBA USB Sleep and Charge Utility (Version: 1.3.2.0)
TOSHIBA Value Added Package (Version: 1.2.34.64)
TOSHIBA Web Camera Application (Version: 1.1.1.10)
ToshibaRegistration (Version: 1.0.3)
Total Video Converter 3.71 100812
Tribes Ascend (Version: 1.0.942.1)
Tunngle beta
TWIN PS TO PC CONVERTER (Version: 2007.07.3)
Unity Web Player (Version: )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
v2010.build.42 (Version: v2010.build.42)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vindictus
Visual C++ 8.0 Runtime Setup Package (x64) (Version: 9.0.0.623)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 1.1.4 (Version: 1.1.4)
Vuze (Version: 4.5)
Wanderlust: Rebirth
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Movie Maker 2.6 (Version: 2.6.4037.0)
Winkawaks 1.61
Wrye Bash (Version: 2.9.5.5)
xHamster Video Downloader 3.26
Xiph.Org Open Codecs 0.85.17777 (Version: 0.85.17777)
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar

**** End of log ****

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:31 AM

Posted 01 August 2012 - 07:10 AM

Sorry for this long delay.
I had some techincal difficulties. I'm back.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#7 shyguy7829

shyguy7829
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 02 August 2012 - 09:08 AM

07:17:36.0858 3604 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
07:17:38.0861 3604 ============================================================
07:17:38.0861 3604 Current date / time: 2012/08/01 07:17:38.0861
07:17:38.0861 3604 SystemInfo:
07:17:38.0861 3604
07:17:38.0861 3604 OS Version: 6.1.7601 ServicePack: 1.0
07:17:38.0861 3604 Product type: Workstation
07:17:38.0861 3604 ComputerName: SCOUTPILGRIM-PC
07:17:38.0861 3604 UserName: scout pilgrim
07:17:38.0861 3604 Windows directory: C:\windows
07:17:38.0861 3604 System windows directory: C:\windows
07:17:38.0861 3604 Running under WOW64
07:17:38.0862 3604 Processor architecture: Intel x64
07:17:38.0862 3604 Number of processors: 4
07:17:38.0862 3604 Page size: 0x1000
07:17:38.0862 3604 Boot type: Normal boot
07:17:38.0862 3604 ============================================================
07:17:51.0056 3604 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:17:51.0110 3604 Drive \Device\Harddisk1\DR1 - Size: 0x15D50D00000 (1397.26 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
07:17:51.0115 3604 ============================================================
07:17:51.0115 3604 \Device\Harddisk0\DR0:
07:17:51.0146 3604 MBR partitions:
07:17:51.0146 3604 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x376B8000
07:17:51.0146 3604 \Device\Harddisk1\DR1:
07:17:51.0147 3604 MBR partitions:
07:17:51.0147 3604 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86000
07:17:51.0147 3604 ============================================================
07:17:51.0317 3604 C: <-> \Device\Harddisk0\DR0\Partition0
07:17:51.0788 3604 G: <-> \Device\Harddisk1\DR1\Partition0
07:17:51.0788 3604 ============================================================
07:17:51.0788 3604 Initialize success
07:17:51.0788 3604 ============================================================
07:18:04.0120 4624 ============================================================
07:18:04.0120 4624 Scan started
07:18:04.0120 4624 Mode: Manual;
07:18:04.0120 4624 ============================================================
07:18:05.0019 4624 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
07:18:05.0024 4624 1394ohci - ok
07:18:05.0096 4624 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
07:18:05.0100 4624 ACPI - ok
07:18:05.0108 4624 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
07:18:05.0110 4624 AcpiPmi - ok
07:18:05.0265 4624 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:18:05.0267 4624 AdobeARMservice - ok
07:18:05.0351 4624 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
07:18:05.0374 4624 adp94xx - ok
07:18:05.0433 4624 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
07:18:05.0438 4624 adpahci - ok
07:18:05.0459 4624 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
07:18:05.0462 4624 adpu320 - ok
07:18:05.0489 4624 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
07:18:05.0491 4624 AeLookupSvc - ok
07:18:05.0573 4624 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
07:18:05.0581 4624 AFD - ok
07:18:05.0651 4624 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
07:18:05.0653 4624 agp440 - ok
07:18:05.0672 4624 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
07:18:05.0675 4624 ALG - ok
07:18:05.0715 4624 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
07:18:05.0717 4624 aliide - ok
07:18:05.0725 4624 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
07:18:05.0727 4624 amdide - ok
07:18:05.0791 4624 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
07:18:05.0793 4624 AmdK8 - ok
07:18:05.0807 4624 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
07:18:05.0809 4624 AmdPPM - ok
07:18:05.0860 4624 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
07:18:05.0862 4624 amdsata - ok
07:18:05.0885 4624 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
07:18:05.0889 4624 amdsbs - ok
07:18:05.0903 4624 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
07:18:05.0904 4624 amdxata - ok
07:18:05.0970 4624 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
07:18:05.0972 4624 AppID - ok
07:18:05.0989 4624 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
07:18:05.0991 4624 AppIDSvc - ok
07:18:06.0057 4624 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
07:18:06.0059 4624 Appinfo - ok
07:18:06.0107 4624 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
07:18:06.0109 4624 arc - ok
07:18:06.0118 4624 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
07:18:06.0120 4624 arcsas - ok
07:18:06.0308 4624 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:18:06.0331 4624 aspnet_state - ok
07:18:06.0354 4624 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
07:18:06.0355 4624 AsyncMac - ok
07:18:06.0397 4624 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
07:18:06.0397 4624 atapi - ok
07:18:06.0484 4624 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
07:18:06.0492 4624 AudioEndpointBuilder - ok
07:18:06.0499 4624 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
07:18:06.0503 4624 AudioSrv - ok
07:18:06.0570 4624 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\windows\system32\DRIVERS\avgfwd6a.sys
07:18:06.0571 4624 Avgfwfd - ok
07:18:06.0950 4624 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
07:18:06.0973 4624 avgfws - ok
07:18:07.0561 4624 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
07:18:07.0616 4624 AVGIDSAgent - ok
07:18:07.0787 4624 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
07:18:07.0789 4624 AVGIDSDriver - ok
07:18:07.0837 4624 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
07:18:07.0838 4624 AVGIDSFilter - ok
07:18:07.0878 4624 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
07:18:07.0900 4624 AVGIDSHA - ok
07:18:07.0970 4624 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
07:18:07.0975 4624 Avgldx64 - ok
07:18:07.0998 4624 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
07:18:08.0000 4624 Avgmfx64 - ok
07:18:08.0081 4624 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
07:18:08.0083 4624 Avgrkx64 - ok
07:18:08.0143 4624 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
07:18:08.0149 4624 Avgtdia - ok
07:18:08.0358 4624 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
07:18:08.0361 4624 avgwd - ok
07:18:08.0412 4624 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
07:18:08.0415 4624 AxInstSV - ok
07:18:08.0494 4624 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
07:18:08.0500 4624 b06bdrv - ok
07:18:08.0573 4624 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
07:18:08.0577 4624 b57nd60a - ok
07:18:08.0671 4624 BBSvc (825f81a6f7dd073509db101f0ba6dc59) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
07:18:08.0675 4624 BBSvc - ok
07:18:08.0787 4624 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
07:18:08.0790 4624 BDESVC - ok
07:18:08.0799 4624 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
07:18:08.0801 4624 Beep - ok
07:18:08.0894 4624 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
07:18:08.0903 4624 BFE - ok
07:18:08.0993 4624 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\system32\qmgr.dll
07:18:09.0005 4624 BITS - ok
07:18:09.0082 4624 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
07:18:09.0084 4624 blbdrive - ok
07:18:09.0140 4624 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
07:18:09.0166 4624 bowser - ok
07:18:09.0214 4624 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
07:18:09.0215 4624 BrFiltLo - ok
07:18:09.0226 4624 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
07:18:09.0228 4624 BrFiltUp - ok
07:18:09.0283 4624 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
07:18:09.0285 4624 Browser - ok
07:18:09.0355 4624 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\windows\system32\DRIVERS\BrSerIb.sys
07:18:09.0378 4624 BrSerIb - ok
07:18:09.0417 4624 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
07:18:09.0422 4624 Brserid - ok
07:18:09.0433 4624 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
07:18:09.0435 4624 BrSerWdm - ok
07:18:09.0443 4624 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
07:18:09.0445 4624 BrUsbMdm - ok
07:18:09.0452 4624 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
07:18:09.0454 4624 BrUsbSer - ok
07:18:09.0493 4624 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\windows\system32\DRIVERS\BrUsbSIb.sys
07:18:09.0495 4624 BrUsbSIb - ok
07:18:09.0540 4624 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
07:18:09.0542 4624 BTHMODEM - ok
07:18:09.0609 4624 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
07:18:09.0611 4624 bthserv - ok
07:18:09.0654 4624 catchme - ok
07:18:09.0694 4624 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
07:18:09.0696 4624 cdfs - ok
07:18:09.0801 4624 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
07:18:09.0804 4624 cdrom - ok
07:18:09.0863 4624 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
07:18:09.0865 4624 CertPropSvc - ok
07:18:09.0948 4624 cfWiMAXService (adbdc69a0c25361870a1ac009d29f960) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
07:18:09.0952 4624 cfWiMAXService - ok
07:18:09.0995 4624 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
07:18:09.0997 4624 circlass - ok
07:18:10.0041 4624 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
07:18:10.0046 4624 CLFS - ok
07:18:10.0264 4624 CLPSLS (882e3973505c441ce000133c821d0edd) C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
07:18:10.0283 4624 CLPSLS - ok
07:18:10.0374 4624 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:18:10.0378 4624 clr_optimization_v2.0.50727_32 - ok
07:18:10.0406 4624 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:18:10.0409 4624 clr_optimization_v2.0.50727_64 - ok
07:18:10.0511 4624 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:18:10.0514 4624 clr_optimization_v4.0.30319_32 - ok
07:18:10.0547 4624 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:18:10.0550 4624 clr_optimization_v4.0.30319_64 - ok
07:18:10.0656 4624 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
07:18:10.0659 4624 CmBatt - ok
07:18:10.0703 4624 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
07:18:10.0705 4624 cmdide - ok
07:18:10.0805 4624 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
07:18:10.0812 4624 CNG - ok
07:18:10.0865 4624 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
07:18:10.0867 4624 Compbatt - ok
07:18:10.0883 4624 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
07:18:10.0885 4624 CompositeBus - ok
07:18:10.0891 4624 COMSysApp - ok
07:18:10.0988 4624 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
07:18:10.0989 4624 ConfigFree Service - ok
07:18:10.0999 4624 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
07:18:11.0001 4624 crcdisk - ok
07:18:11.0071 4624 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
07:18:11.0074 4624 CryptSvc - ok
07:18:11.0156 4624 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
07:18:11.0166 4624 DcomLaunch - ok
07:18:11.0200 4624 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
07:18:11.0203 4624 defragsvc - ok
07:18:11.0280 4624 Desura Install Service (2b9a817dc1bdad9ce5495099b6a7136a) C:\Program Files (x86)\Common Files\Desura\desura_service.exe
07:18:11.0647 4624 Desura Install Service - ok
07:18:11.0709 4624 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
07:18:11.0712 4624 DfsC - ok
07:18:11.0806 4624 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
07:18:11.0811 4624 Dhcp - ok
07:18:11.0868 4624 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
07:18:11.0870 4624 discache - ok
07:18:11.0938 4624 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
07:18:11.0940 4624 Disk - ok
07:18:11.0991 4624 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
07:18:11.0994 4624 Dnscache - ok
07:18:12.0053 4624 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
07:18:12.0057 4624 dot3svc - ok
07:18:12.0106 4624 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
07:18:12.0109 4624 DPS - ok
07:18:12.0162 4624 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
07:18:12.0163 4624 drmkaud - ok
07:18:12.0238 4624 dtsoftbus01 (821bf177a24172f5f0ee9b322f58516c) C:\windows\system32\DRIVERS\dtsoftbus01.sys
07:18:12.0243 4624 dtsoftbus01 - ok
07:18:12.0285 4624 dump_wmimmc - ok
07:18:12.0546 4624 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
07:18:12.0561 4624 DXGKrnl - ok
07:18:12.0590 4624 EagleX64 - ok
07:18:12.0625 4624 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
07:18:12.0627 4624 EapHost - ok
07:18:12.0854 4624 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
07:18:12.0890 4624 ebdrv - ok
07:18:13.0016 4624 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
07:18:13.0019 4624 EFS - ok
07:18:13.0158 4624 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
07:18:13.0167 4624 ehRecvr - ok
07:18:13.0199 4624 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
07:18:13.0235 4624 ehSched - ok
07:18:13.0324 4624 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
07:18:13.0332 4624 elxstor - ok
07:18:13.0381 4624 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
07:18:13.0382 4624 ErrDev - ok
07:18:13.0438 4624 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
07:18:13.0443 4624 EventSystem - ok
07:18:13.0468 4624 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
07:18:13.0471 4624 exfat - ok
07:18:13.0498 4624 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
07:18:13.0502 4624 fastfat - ok
07:18:13.0612 4624 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
07:18:13.0623 4624 Fax - ok
07:18:13.0634 4624 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
07:18:13.0636 4624 fdc - ok
07:18:13.0687 4624 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
07:18:13.0689 4624 fdPHost - ok
07:18:13.0698 4624 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
07:18:13.0700 4624 FDResPub - ok
07:18:13.0715 4624 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
07:18:13.0717 4624 FileInfo - ok
07:18:13.0738 4624 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
07:18:13.0740 4624 Filetrace - ok
07:18:13.0754 4624 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
07:18:13.0756 4624 flpydisk - ok
07:18:13.0778 4624 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
07:18:13.0782 4624 FltMgr - ok
07:18:13.0893 4624 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
07:18:13.0909 4624 FontCache - ok
07:18:13.0985 4624 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:18:13.0987 4624 FontCache3.0.0.0 - ok
07:18:14.0014 4624 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
07:18:14.0017 4624 FsDepends - ok
07:18:14.0069 4624 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
07:18:14.0071 4624 Fs_Rec - ok
07:18:14.0143 4624 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
07:18:14.0147 4624 fvevol - ok
07:18:14.0206 4624 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
07:18:14.0208 4624 gagp30kx - ok
07:18:14.0290 4624 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
07:18:14.0301 4624 gpsvc - ok
07:18:14.0392 4624 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:18:14.0396 4624 gusvc - ok
07:18:14.0445 4624 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\windows\system32\DRIVERS\hamachi.sys
07:18:14.0447 4624 hamachi - ok
07:18:14.0657 4624 Hamachi2Svc (ce77bc37bdd36c9dc50c3591ebac3fa3) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
07:18:14.0683 4624 Hamachi2Svc - ok
07:18:14.0782 4624 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
07:18:14.0784 4624 hcw85cir - ok
07:18:14.0897 4624 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
07:18:14.0919 4624 HdAudAddService - ok
07:18:14.0968 4624 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
07:18:14.0971 4624 HDAudBus - ok
07:18:14.0994 4624 hid8101 - ok
07:18:15.0024 4624 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
07:18:15.0025 4624 HidBatt - ok
07:18:15.0038 4624 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
07:18:15.0041 4624 HidBth - ok
07:18:15.0056 4624 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
07:18:15.0058 4624 HidIr - ok
07:18:15.0080 4624 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
07:18:15.0082 4624 hidserv - ok
07:18:15.0122 4624 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
07:18:15.0124 4624 HidUsb - ok
07:18:15.0238 4624 HiPatchService (5a457c3d00c1c701230a12aa1580114d) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
07:18:15.0239 4624 HiPatchService - ok
07:18:15.0300 4624 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
07:18:15.0303 4624 hkmsvc - ok
07:18:15.0366 4624 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
07:18:15.0370 4624 HomeGroupListener - ok
07:18:15.0427 4624 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
07:18:15.0430 4624 HomeGroupProvider - ok
07:18:15.0491 4624 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
07:18:15.0493 4624 HpSAMD - ok
07:18:15.0613 4624 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
07:18:15.0624 4624 HTTP - ok
07:18:15.0677 4624 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
07:18:15.0678 4624 hwpolicy - ok
07:18:15.0735 4624 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
07:18:15.0738 4624 i8042prt - ok
07:18:15.0821 4624 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\windows\system32\DRIVERS\iaStor.sys
07:18:15.0830 4624 iaStor - ok
07:18:15.0937 4624 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
07:18:15.0940 4624 IAStorDataMgrSvc - ok
07:18:16.0023 4624 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
07:18:16.0030 4624 iaStorV - ok
07:18:16.0185 4624 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
07:18:16.0189 4624 IDriverT - ok
07:18:16.0325 4624 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:18:16.0340 4624 idsvc - ok
07:18:16.0454 4624 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
07:18:16.0456 4624 iirsp - ok
07:18:16.0566 4624 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
07:18:16.0580 4624 IKEEXT - ok
07:18:16.0661 4624 Impcd (36fdf367a1dabff903e2214023d71368) C:\windows\system32\DRIVERS\Impcd.sys
07:18:16.0664 4624 Impcd - ok
07:18:16.0712 4624 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
07:18:16.0713 4624 intelide - ok
07:18:16.0762 4624 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
07:18:16.0764 4624 intelppm - ok
07:18:16.0822 4624 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
07:18:16.0826 4624 IPBusEnum - ok
07:18:16.0875 4624 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
07:18:16.0878 4624 IpFilterDriver - ok
07:18:16.0902 4624 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
07:18:16.0905 4624 IPMIDRV - ok
07:18:16.0975 4624 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
07:18:16.0978 4624 IPNAT - ok
07:18:17.0026 4624 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
07:18:17.0028 4624 IRENUM - ok
07:18:17.0039 4624 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
07:18:17.0041 4624 isapnp - ok
07:18:17.0097 4624 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
07:18:17.0101 4624 iScsiPrt - ok
07:18:17.0113 4624 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
07:18:17.0114 4624 kbdclass - ok
07:18:17.0161 4624 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
07:18:17.0163 4624 kbdhid - ok
07:18:17.0208 4624 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:18:17.0210 4624 KeyIso - ok
07:18:17.0261 4624 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
07:18:17.0264 4624 KSecDD - ok
07:18:17.0285 4624 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
07:18:17.0287 4624 KSecPkg - ok
07:18:17.0332 4624 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
07:18:17.0334 4624 ksthunk - ok
07:18:17.0376 4624 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
07:18:17.0383 4624 KtmRm - ok
07:18:17.0405 4624 L1C (9c46a5421de9d116c47155317cabb522) C:\windows\system32\DRIVERS\L1C62x64.sys
07:18:17.0407 4624 L1C - ok
07:18:17.0480 4624 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
07:18:17.0484 4624 LanmanServer - ok
07:18:17.0557 4624 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
07:18:17.0561 4624 LanmanWorkstation - ok
07:18:17.0619 4624 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
07:18:17.0622 4624 lltdio - ok
07:18:17.0691 4624 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
07:18:17.0697 4624 lltdsvc - ok
07:18:17.0708 4624 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
07:18:17.0710 4624 lmhosts - ok
07:18:17.0761 4624 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
07:18:17.0763 4624 LSI_FC - ok
07:18:17.0773 4624 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
07:18:17.0776 4624 LSI_SAS - ok
07:18:17.0792 4624 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
07:18:17.0794 4624 LSI_SAS2 - ok
07:18:17.0844 4624 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
07:18:17.0847 4624 LSI_SCSI - ok
07:18:17.0893 4624 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
07:18:17.0895 4624 luafv - ok
07:18:18.0004 4624 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
07:18:18.0006 4624 MBAMProtector - ok
07:18:18.0177 4624 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:18:18.0187 4624 MBAMService - ok
07:18:18.0215 4624 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
07:18:18.0218 4624 Mcx2Svc - ok
07:18:18.0256 4624 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
07:18:18.0257 4624 megasas - ok
07:18:18.0285 4624 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
07:18:18.0290 4624 MegaSR - ok
07:18:18.0318 4624 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
07:18:18.0321 4624 MMCSS - ok
07:18:18.0333 4624 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
07:18:18.0335 4624 Modem - ok
07:18:18.0381 4624 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
07:18:18.0383 4624 monitor - ok
07:18:18.0446 4624 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys
07:18:18.0448 4624 mouclass - ok
07:18:18.0499 4624 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
07:18:18.0501 4624 mouhid - ok
07:18:18.0551 4624 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
07:18:18.0553 4624 mountmgr - ok
07:18:18.0673 4624 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:18:18.0688 4624 MozillaMaintenance - ok
07:18:18.0778 4624 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
07:18:18.0781 4624 MpFilter - ok
07:18:18.0820 4624 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
07:18:18.0824 4624 mpio - ok
07:18:18.0848 4624 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
07:18:18.0851 4624 mpsdrv - ok
07:18:18.0967 4624 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
07:18:18.0979 4624 MpsSvc - ok
07:18:19.0029 4624 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
07:18:19.0031 4624 MRxDAV - ok
07:18:19.0086 4624 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
07:18:19.0089 4624 mrxsmb - ok
07:18:19.0150 4624 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
07:18:19.0168 4624 mrxsmb10 - ok
07:18:19.0192 4624 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
07:18:19.0195 4624 mrxsmb20 - ok
07:18:19.0243 4624 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
07:18:19.0245 4624 msahci - ok
07:18:19.0259 4624 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
07:18:19.0262 4624 msdsm - ok
07:18:19.0299 4624 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
07:18:19.0303 4624 MSDTC - ok
07:18:19.0359 4624 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
07:18:19.0361 4624 Msfs - ok
07:18:19.0372 4624 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
07:18:19.0374 4624 mshidkmdf - ok
07:18:19.0385 4624 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
07:18:19.0387 4624 msisadrv - ok
07:18:19.0414 4624 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
07:18:19.0417 4624 MSiSCSI - ok
07:18:19.0420 4624 msiserver - ok
07:18:19.0469 4624 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
07:18:19.0470 4624 MSKSSRV - ok
07:18:19.0580 4624 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:18:19.0590 4624 MsMpSvc - ok
07:18:19.0602 4624 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
07:18:19.0603 4624 MSPCLOCK - ok
07:18:19.0619 4624 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
07:18:19.0622 4624 MSPQM - ok
07:18:19.0695 4624 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
07:18:19.0702 4624 MsRPC - ok
07:18:19.0744 4624 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
07:18:19.0746 4624 mssmbios - ok
07:18:19.0760 4624 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
07:18:19.0762 4624 MSTEE - ok
07:18:19.0773 4624 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
07:18:19.0775 4624 MTConfig - ok
07:18:19.0793 4624 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
07:18:19.0795 4624 Mup - ok
07:18:19.0865 4624 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
07:18:19.0874 4624 napagent - ok
07:18:19.0961 4624 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
07:18:19.0966 4624 NativeWifiP - ok
07:18:20.0065 4624 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
07:18:20.0078 4624 NDIS - ok
07:18:20.0102 4624 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
07:18:20.0105 4624 NdisCap - ok
07:18:20.0155 4624 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
07:18:20.0157 4624 NdisTapi - ok
07:18:20.0213 4624 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
07:18:20.0215 4624 Ndisuio - ok
07:18:20.0268 4624 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
07:18:20.0271 4624 NdisWan - ok
07:18:20.0333 4624 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
07:18:20.0336 4624 NDProxy - ok
07:18:20.0380 4624 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
07:18:20.0382 4624 NetBIOS - ok
07:18:20.0433 4624 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
07:18:20.0437 4624 NetBT - ok
07:18:20.0483 4624 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:18:20.0485 4624 Netlogon - ok
07:18:20.0527 4624 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
07:18:20.0532 4624 Netman - ok
07:18:20.0674 4624 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:18:20.0678 4624 NetMsmqActivator - ok
07:18:20.0683 4624 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:18:20.0685 4624 NetPipeActivator - ok
07:18:20.0713 4624 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
07:18:20.0719 4624 netprofm - ok
07:18:20.0759 4624 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:18:20.0760 4624 NetTcpActivator - ok
07:18:20.0764 4624 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:18:20.0766 4624 NetTcpPortSharing - ok
07:18:20.0825 4624 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
07:18:20.0828 4624 nfrd960 - ok
07:18:20.0897 4624 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
07:18:20.0899 4624 NisDrv - ok
07:18:21.0034 4624 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
07:18:21.0039 4624 NisSrv - ok
07:18:21.0116 4624 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
07:18:21.0122 4624 NlaSvc - ok
07:18:21.0133 4624 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
07:18:21.0135 4624 Npfs - ok
07:18:21.0171 4624 npggsvc - ok
07:18:21.0176 4624 NPPTNT2 - ok
07:18:21.0219 4624 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
07:18:21.0221 4624 nsi - ok
07:18:21.0239 4624 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
07:18:21.0240 4624 nsiproxy - ok
07:18:21.0390 4624 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
07:18:21.0414 4624 Ntfs - ok
07:18:21.0541 4624 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
07:18:21.0543 4624 Null - ok
07:18:21.0613 4624 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\windows\system32\drivers\nvhda64v.sys
07:18:21.0628 4624 NVHDA - ok
07:18:22.0526 4624 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\windows\system32\DRIVERS\nvlddmkm.sys
07:18:22.0737 4624 nvlddmkm - ok
07:18:22.0902 4624 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
07:18:22.0905 4624 nvraid - ok
07:18:22.0965 4624 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
07:18:22.0968 4624 nvstor - ok
07:18:23.0093 4624 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\windows\system32\nvvsvc.exe
07:18:23.0106 4624 nvsvc - ok
07:18:23.0128 4624 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
07:18:23.0131 4624 nv_agp - ok
07:18:23.0191 4624 O2FLASH (d955d5de998db2476bf0892be3a96c26) C:\windows\system32\DRIVERS\o2flash.exe
07:18:23.0193 4624 O2FLASH - ok
07:18:23.0210 4624 O2MDGRDR (a3c51527dfd788880c2ece6e9fb68355) C:\windows\system32\DRIVERS\o2mdgx64.sys
07:18:23.0213 4624 O2MDGRDR - ok
07:18:23.0266 4624 O2SDGRDR (fa1eed3a10992eba9a39172b50346434) C:\windows\system32\DRIVERS\o2sdgx64.sys
07:18:23.0268 4624 O2SDGRDR - ok
07:18:23.0315 4624 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
07:18:23.0317 4624 ohci1394 - ok
07:18:23.0427 4624 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:18:23.0431 4624 ose - ok
07:18:23.0848 4624 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:18:23.0901 4624 osppsvc - ok
07:18:24.0031 4624 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
07:18:24.0037 4624 p2pimsvc - ok
07:18:24.0069 4624 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
07:18:24.0076 4624 p2psvc - ok
07:18:24.0139 4624 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
07:18:24.0142 4624 Parport - ok
07:18:24.0191 4624 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
07:18:24.0194 4624 partmgr - ok
07:18:24.0218 4624 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
07:18:24.0223 4624 PcaSvc - ok
07:18:24.0273 4624 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
07:18:24.0277 4624 pci - ok
07:18:24.0330 4624 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
07:18:24.0332 4624 pciide - ok
07:18:24.0362 4624 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
07:18:24.0365 4624 pcmcia - ok
07:18:24.0380 4624 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
07:18:24.0382 4624 pcw - ok
07:18:24.0429 4624 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
07:18:24.0440 4624 PEAUTH - ok
07:18:24.0538 4624 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
07:18:24.0543 4624 PerfHost - ok
07:18:24.0695 4624 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
07:18:24.0697 4624 PGEffect - ok
07:18:25.0008 4624 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
07:18:25.0026 4624 pla - ok
07:18:25.0102 4624 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
07:18:25.0108 4624 PlugPlay - ok
07:18:25.0112 4624 PnkBstrA - ok
07:18:25.0163 4624 PnkBstrB - ok
07:18:25.0204 4624 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
07:18:25.0207 4624 PNRPAutoReg - ok
07:18:25.0243 4624 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
07:18:25.0246 4624 PNRPsvc - ok
07:18:25.0317 4624 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
07:18:25.0325 4624 PolicyAgent - ok
07:18:25.0355 4624 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
07:18:25.0358 4624 Power - ok
07:18:25.0462 4624 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
07:18:25.0465 4624 PptpMiniport - ok
07:18:25.0499 4624 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
07:18:25.0501 4624 Processor - ok
07:18:25.0574 4624 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
07:18:25.0578 4624 ProfSvc - ok
07:18:25.0626 4624 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:18:25.0629 4624 ProtectedStorage - ok
07:18:25.0692 4624 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
07:18:25.0695 4624 Psched - ok
07:18:25.0754 4624 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
07:18:25.0756 4624 PxHlpa64 - ok
07:18:25.0778 4624 QIOMem (c8fcb4899f8b70cc34e0d9876a80963c) C:\windows\system32\DRIVERS\QIOMem.sys
07:18:25.0780 4624 QIOMem - ok
07:18:25.0884 4624 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
07:18:25.0906 4624 ql2300 - ok
07:18:26.0093 4624 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
07:18:26.0109 4624 ql40xx - ok
07:18:26.0152 4624 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
07:18:26.0158 4624 QWAVE - ok
07:18:26.0171 4624 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
07:18:26.0173 4624 QWAVEdrv - ok
07:18:26.0184 4624 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
07:18:26.0185 4624 RasAcd - ok
07:18:26.0240 4624 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
07:18:26.0241 4624 RasAgileVpn - ok
07:18:26.0257 4624 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
07:18:26.0260 4624 RasAuto - ok
07:18:26.0313 4624 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
07:18:26.0318 4624 Rasl2tp - ok
07:18:26.0362 4624 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
07:18:26.0366 4624 RasMan - ok
07:18:26.0382 4624 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
07:18:26.0384 4624 RasPppoe - ok
07:18:26.0391 4624 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
07:18:26.0393 4624 RasSstp - ok
07:18:26.0450 4624 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
07:18:26.0454 4624 rdbss - ok
07:18:26.0465 4624 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
07:18:26.0466 4624 rdpbus - ok
07:18:26.0477 4624 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
07:18:26.0478 4624 RDPCDD - ok
07:18:26.0494 4624 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
07:18:26.0495 4624 RDPENCDD - ok
07:18:26.0517 4624 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
07:18:26.0518 4624 RDPREFMP - ok
07:18:26.0565 4624 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
07:18:26.0569 4624 RDPWD - ok
07:18:26.0625 4624 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
07:18:26.0628 4624 rdyboost - ok
07:18:26.0693 4624 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
07:18:26.0696 4624 RemoteAccess - ok
07:18:26.0764 4624 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
07:18:26.0769 4624 RemoteRegistry - ok
07:18:26.0899 4624 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\windows\system32\DRIVERS\revoflt.sys
07:18:26.0968 4624 Revoflt - ok
07:18:27.0021 4624 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
07:18:27.0025 4624 RpcEptMapper - ok
07:18:27.0033 4624 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
07:18:27.0035 4624 RpcLocator - ok
07:18:27.0098 4624 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
07:18:27.0103 4624 RpcSs - ok
07:18:27.0166 4624 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
07:18:27.0168 4624 rspndr - ok
07:18:27.0247 4624 rtl8192se (a8ed9726734d403217a4861a6788b144) C:\windows\system32\DRIVERS\rtl8192se.sys
07:18:27.0261 4624 rtl8192se - ok
07:18:27.0310 4624 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:18:27.0311 4624 SamSs - ok
07:18:27.0360 4624 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
07:18:27.0362 4624 sbp2port - ok
07:18:27.0399 4624 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
07:18:27.0404 4624 SCardSvr - ok
07:18:27.0454 4624 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
07:18:27.0455 4624 scfilter - ok
07:18:27.0641 4624 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
07:18:27.0659 4624 Schedule - ok
07:18:27.0714 4624 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
07:18:27.0715 4624 SCPolicySvc - ok
07:18:27.0795 4624 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
07:18:27.0798 4624 sdbus - ok
07:18:27.0830 4624 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
07:18:27.0834 4624 SDRSVC - ok
07:18:27.0958 4624 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
07:18:27.0962 4624 SeaPort - ok
07:18:27.0978 4624 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
07:18:27.0980 4624 secdrv - ok
07:18:27.0996 4624 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
07:18:27.0998 4624 seclogon - ok
07:18:28.0028 4624 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
07:18:28.0031 4624 SENS - ok
07:18:28.0045 4624 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
07:18:28.0047 4624 SensrSvc - ok
07:18:28.0059 4624 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
07:18:28.0060 4624 Serenum - ok
07:18:28.0105 4624 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
07:18:28.0107 4624 Serial - ok
07:18:28.0158 4624 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
07:18:28.0159 4624 sermouse - ok
07:18:28.0217 4624 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
07:18:28.0220 4624 SessionEnv - ok
07:18:28.0257 4624 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
07:18:28.0259 4624 sffdisk - ok
07:18:28.0272 4624 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
07:18:28.0274 4624 sffp_mmc - ok
07:18:28.0284 4624 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
07:18:28.0286 4624 sffp_sd - ok
07:18:28.0297 4624 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
07:18:28.0299 4624 sfloppy - ok
07:18:28.0381 4624 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
07:18:28.0387 4624 SharedAccess - ok
07:18:28.0420 4624 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
07:18:28.0426 4624 ShellHWDetection - ok
07:18:28.0473 4624 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
07:18:28.0475 4624 SiSRaid2 - ok
07:18:28.0500 4624 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
07:18:28.0502 4624 SiSRaid4 - ok
07:18:28.0825 4624 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
07:18:28.0859 4624 Skype C2C Service - ok
07:18:29.0020 4624 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
07:18:29.0024 4624 SkypeUpdate - ok
07:18:29.0351 4624 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
07:18:29.0354 4624 Smb - ok
07:18:29.0381 4624 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
07:18:29.0386 4624 SNMPTRAP - ok
07:18:29.0513 4624 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\windows\syswow64\speedfan.sys
07:18:29.0538 4624 speedfan - ok
07:18:29.0553 4624 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
07:18:29.0555 4624 spldr - ok
07:18:29.0646 4624 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
07:18:29.0659 4624 Spooler - ok
07:18:29.0919 4624 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
07:18:29.0961 4624 sppsvc - ok
07:18:30.0062 4624 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
07:18:30.0066 4624 sppuinotify - ok
07:18:30.0108 4624 sptd - ok
07:18:30.0202 4624 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
07:18:30.0219 4624 srv - ok
07:18:30.0257 4624 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
07:18:30.0263 4624 srv2 - ok
07:18:30.0283 4624 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
07:18:30.0286 4624 srvnet - ok
07:18:30.0343 4624 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
07:18:30.0347 4624 SSDPSRV - ok
07:18:30.0361 4624 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
07:18:30.0364 4624 SstpSvc - ok
07:18:30.0418 4624 Steam Client Service - ok
07:18:30.0460 4624 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
07:18:30.0462 4624 stexstor - ok
07:18:30.0552 4624 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
07:18:30.0562 4624 stisvc - ok
07:18:30.0595 4624 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
07:18:30.0598 4624 stllssvr - ok
07:18:30.0637 4624 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
07:18:30.0638 4624 swenum - ok
07:18:30.0667 4624 swomggab - ok
07:18:30.0735 4624 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
07:18:30.0744 4624 swprv - ok
07:18:30.0781 4624 SynTP (12a35e44d8647985fcdb8d298a590134) C:\windows\system32\DRIVERS\SynTP.sys
07:18:30.0794 4624 SynTP - ok
07:18:30.0944 4624 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
07:18:30.0972 4624 SysMain - ok
07:18:31.0101 4624 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
07:18:31.0105 4624 TabletInputService - ok
07:18:31.0160 4624 tap0901t (b08740047145b9bce15bf75ca0f9718a) C:\windows\system32\DRIVERS\tap0901t.sys
07:18:31.0162 4624 tap0901t - ok
07:18:31.0193 4624 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
07:18:31.0199 4624 TapiSrv - ok
07:18:31.0228 4624 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
07:18:31.0231 4624 TBS - ok
07:18:31.0409 4624 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
07:18:31.0446 4624 Tcpip - ok
07:18:31.0700 4624 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
07:18:31.0712 4624 TCPIP6 - ok
07:18:31.0791 4624 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
07:18:31.0793 4624 tcpipreg - ok
07:18:31.0857 4624 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
07:18:31.0859 4624 tdcmdpst - ok
07:18:31.0882 4624 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
07:18:31.0884 4624 TDPIPE - ok
07:18:31.0934 4624 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
07:18:31.0936 4624 TDTCP - ok
07:18:31.0995 4624 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
07:18:31.0997 4624 tdx - ok
07:18:32.0047 4624 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
07:18:32.0049 4624 TermDD - ok
07:18:32.0112 4624 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
07:18:32.0124 4624 TermService - ok
07:18:32.0151 4624 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
07:18:32.0154 4624 Themes - ok
07:18:32.0215 4624 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
07:18:32.0217 4624 Thpdrv - ok
07:18:32.0228 4624 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
07:18:32.0230 4624 Thpevm - ok
07:18:32.0279 4624 Thpsrv (f6927bba3b09aff26a53a9191f7378f9) C:\windows\system32\ThpSrv.exe
07:18:32.0289 4624 Thpsrv - ok
07:18:32.0320 4624 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
07:18:32.0323 4624 THREADORDER - ok
07:18:32.0417 4624 TMachInfo (28644b0523d64eff2fc7312a2ee74b0a) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
07:18:32.0419 4624 TMachInfo - ok
07:18:32.0448 4624 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
07:18:32.0452 4624 TODDSrv - ok
07:18:32.0531 4624 TosCoSrv (98c864481d62f86ec8af65be3419a95b) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
07:18:32.0539 4624 TosCoSrv - ok
07:18:32.0636 4624 TOSHIBA Bluetooth Service (b578f7e7914e7d9eb161032a613de3bd) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
07:18:32.0639 4624 TOSHIBA Bluetooth Service - ok
07:18:32.0678 4624 TOSHIBA eco Utility Service (6938cbd31b47092b042420a5fd2e9aae) C:\Program Files\TOSHIBA\TECO\TecoService.exe
07:18:32.0682 4624 TOSHIBA eco Utility Service - ok
07:18:32.0719 4624 TOSHIBA HDD SSD Alert Service (4218356616e08518e6c2cb102ac3798a) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
07:18:32.0722 4624 TOSHIBA HDD SSD Alert Service - ok
07:18:32.0741 4624 Tosrfcom - ok
07:18:32.0759 4624 tosrfec (11699d47b3491d86249c168496d55c92) C:\windows\system32\DRIVERS\tosrfec.sys
07:18:32.0760 4624 tosrfec - ok
07:18:32.0833 4624 Tosrfusb (fc88baf46ff87d2bc80f8b0f0322d84a) C:\windows\system32\DRIVERS\tosrfusb.sys
07:18:32.0868 4624 Tosrfusb - ok
07:18:32.0942 4624 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
07:18:32.0955 4624 tos_sps64 - ok
07:18:33.0037 4624 TPCHSrv (270cebd8b5dd9f232cd50d18d19c10a0) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
07:18:33.0051 4624 TPCHSrv - ok
07:18:33.0164 4624 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
07:18:33.0168 4624 TrkWks - ok
07:18:33.0229 4624 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
07:18:33.0232 4624 TrustedInstaller - ok
07:18:33.0293 4624 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
07:18:33.0296 4624 tssecsrv - ok
07:18:33.0368 4624 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
07:18:33.0370 4624 TsUsbFlt - ok
07:18:33.0450 4624 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
07:18:33.0453 4624 tunnel - ok
07:18:33.0655 4624 TunngleService (f8302e3e534af5e3f2588a974bea80df) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
07:18:33.0690 4624 TunngleService - ok
07:18:33.0721 4624 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
07:18:33.0723 4624 TVALZ - ok
07:18:33.0774 4624 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
07:18:33.0776 4624 TVALZFL - ok
07:18:33.0799 4624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
07:18:33.0801 4624 uagp35 - ok
07:18:33.0862 4624 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
07:18:33.0867 4624 udfs - ok
07:18:33.0889 4624 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
07:18:33.0892 4624 UI0Detect - ok
07:18:33.0942 4624 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
07:18:33.0944 4624 uliagpkx - ok
07:18:33.0989 4624 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
07:18:33.0991 4624 umbus - ok
07:18:34.0039 4624 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
07:18:34.0041 4624 UmPass - ok
07:18:34.0071 4624 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
07:18:34.0077 4624 upnphost - ok
07:18:34.0101 4624 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
07:18:34.0103 4624 usbccgp - ok
07:18:34.0122 4624 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
07:18:34.0124 4624 usbcir - ok
07:18:34.0139 4624 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
07:18:34.0141 4624 usbehci - ok
07:18:34.0210 4624 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
07:18:34.0215 4624 usbhub - ok
07:18:34.0229 4624 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
07:18:34.0232 4624 usbohci - ok
07:18:34.0286 4624 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
07:18:34.0294 4624 usbprint - ok
07:18:34.0343 4624 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys
07:18:34.0345 4624 usbscan - ok
07:18:34.0396 4624 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
07:18:34.0401 4624 USBSTOR - ok
07:18:34.0415 4624 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
07:18:34.0417 4624 usbuhci - ok
07:18:34.0484 4624 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
07:18:34.0488 4624 usbvideo - ok
07:18:34.0508 4624 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
07:18:34.0511 4624 UxSms - ok
07:18:34.0568 4624 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
07:18:34.0569 4624 VaultSvc - ok
07:18:34.0620 4624 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
07:18:34.0622 4624 vdrvroot - ok
07:18:34.0701 4624 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
07:18:34.0711 4624 vds - ok
07:18:34.0782 4624 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
07:18:34.0783 4624 vga - ok
07:18:34.0790 4624 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
07:18:34.0792 4624 VgaSave - ok
07:18:34.0841 4624 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
07:18:34.0844 4624 vhdmp - ok
07:18:34.0889 4624 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
07:18:34.0890 4624 viaide - ok
07:18:34.0906 4624 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
07:18:34.0908 4624 volmgr - ok
07:18:34.0963 4624 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
07:18:34.0968 4624 volmgrx - ok
07:18:34.0990 4624 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
07:18:34.0995 4624 volsnap - ok
07:18:35.0060 4624 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
07:18:35.0063 4624 vsmraid - ok
07:18:35.0202 4624 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
07:18:35.0220 4624 VSS - ok
07:18:35.0422 4624 vToolbarUpdater11.0.2 (3b142c409909fb05215a3dc5c8ec0eb0) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
07:18:35.0433 4624 vToolbarUpdater11.0.2 - ok
07:18:35.0583 4624 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
07:18:35.0584 4624 vwifibus - ok
07:18:35.0633 4624 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
07:18:35.0634 4624 vwififlt - ok
07:18:35.0693 4624 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
07:18:35.0696 4624 vwifimp - ok
07:18:35.0733 4624 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
07:18:35.0743 4624 W32Time - ok
07:18:35.0760 4624 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
07:18:35.0762 4624 WacomPen - ok
07:18:35.0832 4624 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
07:18:35.0834 4624 WANARP - ok
07:18:35.0838 4624 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
07:18:35.0839 4624 Wanarpv6 - ok
07:18:35.0969 4624 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
07:18:35.0982 4624 WatAdminSvc - ok
07:18:36.0127 4624 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
07:18:36.0143 4624 wbengine - ok
07:18:36.0248 4624 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
07:18:36.0252 4624 WbioSrvc - ok
07:18:36.0317 4624 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
07:18:36.0326 4624 wcncsvc - ok
07:18:36.0344 4624 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
07:18:36.0347 4624 WcsPlugInService - ok
07:18:36.0382 4624 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
07:18:36.0384 4624 Wd - ok
07:18:36.0425 4624 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
07:18:36.0434 4624 Wdf01000 - ok
07:18:36.0452 4624 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
07:18:36.0455 4624 WdiServiceHost - ok
07:18:36.0458 4624 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
07:18:36.0461 4624 WdiSystemHost - ok
07:18:36.0515 4624 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
07:18:36.0526 4624 WebClient - ok
07:18:36.0548 4624 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
07:18:36.0552 4624 Wecsvc - ok
07:18:36.0580 4624 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
07:18:36.0583 4624 wercplsupport - ok
07:18:36.0592 4624 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
07:18:36.0595 4624 WerSvc - ok
07:18:36.0646 4624 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
07:18:36.0650 4624 WfpLwf - ok
07:18:36.0685 4624 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
07:18:36.0690 4624 WIMMount - ok
07:18:36.0699 4624 WinHttpAutoProxySvc - ok
07:18:36.0761 4624 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
07:18:36.0763 4624 Winmgmt - ok
07:18:36.0922 4624 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
07:18:36.0946 4624 WinRM - ok
07:18:37.0102 4624 winusb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\drivers\WinUSB.SYS
07:18:37.0105 4624 winusb - ok
07:18:37.0186 4624 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
07:18:37.0198 4624 Wlansvc - ok
07:18:37.0497 4624 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:18:37.0528 4624 wlidsvc - ok
07:18:37.0707 4624 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
07:18:37.0709 4624 WmiAcpi - ok
07:18:37.0782 4624 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
07:18:37.0797 4624 wmiApSrv - ok
07:18:37.0875 4624 WMPNetworkSvc - ok
07:18:37.0926 4624 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
07:18:37.0929 4624 WPCSvc - ok
07:18:37.0994 4624 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
07:18:37.0998 4624 WPDBusEnum - ok
07:18:38.0035 4624 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
07:18:38.0037 4624 ws2ifsl - ok
07:18:38.0111 4624 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
07:18:38.0114 4624 wscsvc - ok
07:18:38.0118 4624 WSearch - ok
07:18:38.0394 4624 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
07:18:38.0427 4624 wuauserv - ok
07:18:38.0579 4624 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
07:18:38.0581 4624 WudfPf - ok
07:18:38.0662 4624 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
07:18:38.0665 4624 WUDFRd - ok
07:18:38.0732 4624 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
07:18:38.0736 4624 wudfsvc - ok
07:18:38.0772 4624 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
07:18:38.0777 4624 WwanSvc - ok
07:18:38.0924 4624 X6va005 - ok
07:18:39.0056 4624 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\windows\system32\DRIVERS\xusb21.sys
07:18:39.0081 4624 xusb21 - ok
07:18:39.0342 4624 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
07:18:39.0349 4624 YahooAUService - ok
07:18:39.0428 4624 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
07:18:39.0470 4624 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
07:18:39.0471 4624 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
07:18:39.0475 4624 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
07:18:39.0480 4624 \Device\Harddisk1\DR1 - ok
07:18:39.0489 4624 Boot (0x1200) (15bf885cb755cb5d9a3d5709bc807553) \Device\Harddisk0\DR0\Partition0
07:18:39.0491 4624 \Device\Harddisk0\DR0\Partition0 - ok
07:18:39.0497 4624 Boot (0x1200) (aba4abbbba63dedaf4f2a967e1d5a9b0) \Device\Harddisk1\DR1\Partition0
07:18:39.0500 4624 \Device\Harddisk1\DR1\Partition0 - ok
07:18:39.0500 4624 ============================================================
07:18:39.0500 4624 Scan finished
07:18:39.0500 4624 ============================================================
07:18:39.0533 3948 Detected object count: 1
07:18:39.0533 3948 Actual detected object count: 1
07:19:30.0284 3948 \Device\Harddisk0\DR0\# - copied to quarantine
07:19:30.0327 3948 \Device\Harddisk0\DR0 - copied to quarantine
07:19:30.0401 3948 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
07:19:30.0661 3948 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
07:19:30.0807 3948 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
07:19:30.0958 3948 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
07:19:31.0014 3948 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
07:19:32.0197 3948 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
07:19:32.0210 3948 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
07:19:32.0213 3948 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
07:19:32.0225 3948 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
07:19:32.0452 3948 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
07:19:32.0699 3948 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
07:19:32.0720 3948 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
07:19:32.0733 3948 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
07:19:32.0760 3948 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
07:19:33.0013 3948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
07:19:33.0024 3948 \Device\Harddisk0\DR0 - ok
07:19:33.0883 3948 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-01 15:19:05
-----------------------------
15:19:05.438 OS Version: Windows x64 6.1.7601 Service Pack 1
15:19:05.438 Number of processors: 4 586 0x2502
15:19:05.438 ComputerName: SCOUTPILGRIM-PC UserName: scout pilgrim
15:19:07.123 Initialize success
15:19:11.663 AVAST engine defs: 12080100
15:36:42.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:36:42.870 Disk 0 Vendor: Hitachi_HTS725050A9A360 PC4OC71E Size: 476940MB BusType: 3
15:36:42.886 Device \Driver\atapi -> MajorFunction fffffa80052fd5e8
15:36:42.948 Disk 0 MBR read successfully
15:36:42.964 Disk 0 MBR scan
15:36:42.964 Disk 0 Windows VISTA default MBR code
15:36:42.964 Disk 0 MBR hidden
15:36:43.011 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
15:36:43.058 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454000 MB offset 3074048
15:36:43.104 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 21438 MB offset 932866048
15:36:43.167 Disk 0 scanning C:\windows\system32\drivers
15:36:57.379 Service scanning
15:37:22.432 Modules scanning
15:37:22.432 Disk 0 trace - called modules:
15:37:22.432 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80052fd5e8]<<
15:37:22.432 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d0f060]
15:37:22.448 3 CLASSPNP.SYS[fffff8800178843f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004d0e060]
15:37:22.448 5 thpdrv.sys[fffff8800187f0d0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004aa2060]
15:37:22.448 \Driver\atapi[0xfffffa80052698b0] -> IRP_MJ_CREATE -> 0xfffffa80052fd5e8
15:37:23.883 AVAST engine scan C:\windows
15:37:32.962 AVAST engine scan C:\windows\system32
15:37:57.985 File: C:\windows\system32\explorer.exe **INFECTED** Win32:Bamital-AC
15:41:03.219 AVAST engine scan C:\windows\system32\drivers
15:41:15.356 AVAST engine scan C:\Users\scout pilgrim
16:08:02.814 Disk 0 MBR has been saved successfully to "C:\Users\scout pilgrim\Desktop\MBR.dat"
16:08:02.814 The log file has been saved successfully to "C:\Users\scout pilgrim\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-02 00:44:40
-----------------------------
00:44:40.022 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:40.022 Number of processors: 4 586 0x2502
00:44:40.023 ComputerName: SCOUTPILGRIM-PC UserName: scout pilgrim
00:44:41.245 Initialize success
00:44:47.710 AVAST engine defs: 12080100
00:44:48.279 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
00:44:48.282 Disk 0 Vendor: Hitachi_HTS725050A9A360 PC4OC71E Size: 476940MB BusType: 3
00:44:48.283 Device \Driver\atapi -> MajorFunction fffffa80052c75e8
00:44:48.287 Disk 0 MBR read successfully
00:44:48.290 Disk 0 MBR scan
00:44:48.296 Disk 0 Windows VISTA default MBR code
00:44:48.300 Disk 0 MBR hidden
00:44:48.320 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
00:44:48.356 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 454000 MB offset 3074048
00:44:48.410 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 21438 MB offset 932866048
00:44:48.492 Disk 0 scanning C:\windows\system32\drivers
00:45:06.712 Service scanning
00:45:46.079 Modules scanning
00:45:46.414 Disk 0 trace - called modules:
00:45:46.419 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys >>UNKNOWN [0xfffffa80052c75e8]<<
00:45:46.424 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d6e060]
00:45:46.429 3 CLASSPNP.SYS[fffff88000c0143f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa8004d6d060]
00:45:46.433 5 thpdrv.sys[fffff88001b340d0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004af0060]
00:45:46.437 \Driver\atapi[0xfffffa8004c9c9e0] -> IRP_MJ_CREATE -> 0xfffffa80052c75e8
00:45:47.673 AVAST engine scan C:\windows
00:45:50.950 AVAST engine scan C:\windows\system32
00:46:32.411 File: C:\windows\system32\explorer.exe **INFECTED** Win32:Bamital-AC
00:51:37.092 AVAST engine scan C:\windows\system32\drivers
00:52:06.843 AVAST engine scan C:\Users\scout pilgrim
02:12:26.148 AVAST engine scan C:\ProgramData
02:20:40.847 Scan finished successfully
07:03:51.891 Disk 0 MBR has been saved successfully to "C:\Users\scout pilgrim\Desktop\MBR.dat"
07:03:51.931 The log file has been saved successfully to "C:\Users\scout pilgrim\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   572bytes   0 downloads


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:31 AM

Posted 02 August 2012 - 01:10 PM

Lets continue.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.

Please post the logs for my review.

#9 shyguy7829

shyguy7829
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 02 August 2012 - 08:26 PM

ComboFix 12-07-31.03 - scout pilgrim 08/02/2012 17:44:30.3.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4020.2615 [GMT -7:00]
Running from: c:\users\scout pilgrim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\scout pilgrim\Documents\~WRL0003.tmp
c:\users\scout pilgrim\Documents\~WRL0017.tmp
c:\users\scout pilgrim\Documents\~WRL0987.tmp
c:\users\scout pilgrim\Documents\~WRL1451.tmp
c:\users\scout pilgrim\Documents\~WRL2392.tmp
c:\users\scout pilgrim\Documents\~WRL2636.tmp
c:\windows\svchost.exe
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-03 to 2012-08-03 )))))))))))))))))))))))))))))))
.
.
2012-08-03 01:00 . 2012-08-03 01:00 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-03 01:00 . 2012-08-03 01:00 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-08-03 01:00 . 2012-08-03 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-03 01:00 . 2012-08-03 01:00 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-02 15:09 . 2012-08-02 15:09 -------- d-----w- c:\users\scout pilgrim\AppData\Roaming\RenPy
2012-08-01 05:53 . 2012-08-01 05:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-07-22 05:13 . 2012-07-22 05:13 -------- d-----w- c:\users\scout pilgrim\AppData\Roaming\AVG2012
2012-07-22 05:12 . 2012-07-22 05:12 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-22 05:12 . 2012-07-22 05:12 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-22 05:12 . 2012-07-22 05:12 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-22 05:11 . 2012-07-22 05:11 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-22 05:10 . 2012-08-02 23:57 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-22 05:08 . 2012-07-22 14:48 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-22 02:27 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{486D30E2-257D-4D3D-A76E-0455775A8266}\mpengine.dll
2012-07-18 05:35 . 2012-07-18 06:28 -------- d-----w- C:\packages
2012-07-18 05:35 . 2012-07-18 05:35 -------- d-----w- C:\Hailan_Data
2012-07-17 05:50 . 2012-07-17 05:51 -------- d-----w- c:\program files (x86)\Project Zomboid
2012-07-14 21:48 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 07:13 . 2012-07-12 07:13 -------- d-----w- c:\program files (x86)\FDRLab
2012-07-06 01:45 . 2012-07-06 01:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-07-04 14:52 . 2012-02-11 11:25 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7AF17EA3-A607-4968-AF36-1CC1C40EF391}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 06:04 . 2010-09-10 17:24 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-02 06:04 . 2010-09-09 08:10 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-01 06:27 . 2010-09-09 08:10 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-01 06:20 . 2010-09-09 08:10 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-08-01 04:11 . 2010-06-24 19:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-07-03 20:49 . 2012-07-03 21:00 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-06-14 15:03 . 2010-09-25 05:03 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-14 14:48 . 2012-04-12 03:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 14:48 . 2011-06-07 18:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 15:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 15:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 15:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-18 23:19 . 2012-05-18 23:19 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-18 02:47 . 2012-06-14 14:53 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-14 14:53 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-14 14:53 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-14 14:53 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-14 14:53 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-14 14:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-14 14:53 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-14 14:53 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-14 14:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-14 14:53 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-14 14:53 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-14 14:53 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-14 14:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-14 14:53 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-14 14:53 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-14 14:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-14 14:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 14:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 14:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-13 15:01 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-05-05 07:23 . 2012-04-27 23:23 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2006-05-03 19:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-22 05:12 2069088 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll" [2012-07-22 2069088]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-05-14 1242448]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"eSnips_Downloader"="c:\program files (x86)\Logia\eSnipsDownloader\eSnips_Downloader.exe" [2011-11-15 1373184]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-22 1118304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
R1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
R1 swomggab;swomggab;c:\windows\system32\drivers\swomggab.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
R2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-04-05 8704]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-07-22 934496]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-01-12 131912]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\English\GenesisAD\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [x]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-14 67072]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 23152]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-10 1255736]
R3 X6va005;X6va005;c:\users\SCOUTP~1\AppData\Local\Temp\005F117.tmp [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-06 271424]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-03 74016]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-08-19 49568]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812949562-2609074762-681842296-1001Core.job
- c:\users\scout pilgrim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 03:19]
.
2012-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812949562-2609074762-681842296-1001UA.job
- c:\users\scout pilgrim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 03:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://maplestory.nexon.net/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download All By FlashGet3 - c:\users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: ed.gov\fafsa
Trusted Zone: freerealms.com
Trusted Zone: kuaiche.com\software
Trusted Zone: sannybuilder.com\alexander
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\scout pilgrim\AppData\Roaming\Mozilla\Firefox\Profiles\29oi5irn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-BattlEye for A2 - c:\program files\Bohemia Interactive\ArmA 2BattlEye\UnInstallBE.exe
AddRemove-BattlEye for OA - c:\program files\Bohemia Interactive\ArmA 2Expansion\BattlEye\UnInstallBE.exe
AddRemove-bc8a6440-918f-11dd-ad8b-0800200c9a66_is1 - c:\program files (x86)\Turbine\DDO Unlimited\unins000.exe
AddRemove-DFO - c:\program files (x86)\Steam\steamapps\common\DFO\dfolauncher.exe
AddRemove-Winkawaks 1.61 - c:\progra~2\WINKAW~1\UNWISE.EXE
AddRemove-xHamster Video Downloader_is1 - g:\_gdapp-214-1\xHamster Video Downloader\unins000.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC} - c:\program files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{5D8BE403-3090-4297-B98F-65CBBE9DBF71}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SCOUTP~1\AppData\Local\Temp\005F117.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,ac,3d,d9,f1,56,62,cc,55,6a,b9,d4,c8,41,a0,c0,5b,3c,c2,6c,d6,87,7c,
22,b2,77,ed,e8,a2,62,90,c7,b5,ee,fa,e8,6b,20,d4,05,b4,67,ef,2c,d7,f4,61,36,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\SecuROM\License information*]
"datasecu"=hex:33,28,62,83,b7,9f,a6,7a,00,14,96,6f,ac,1b,b9,cd,e1,48,79,d2,a9,
9f,84,6f,d6,e1,cb,14,e6,a5,67,0f,57,85,e6,6c,fa,a6,28,ff,b7,f0,4a,6f,39,94,\
"rkeysecu"=hex:96,86,dd,94,a9,6b,15,71,c2,52,0a,d5,0e,46,eb,42
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-02 18:07:06
ComboFix-quarantined-files.txt 2012-08-03 01:07
ComboFix2.txt 2011-12-08 00:21
.
Pre-Run: 78,830,424,064 bytes free
Post-Run: 88,287,014,912 bytes free
.
- - End Of File - - 57ED01395A328C78BCB6799A2DFFEB3C



Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.60.1.1000
Java™ 6 Update 30
Java™ 6 Update 25
Java™ 7 Update 3
Java version out of Date!
Adobe Flash Player 11.2.202.235 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:31 AM

Posted 03 August 2012 - 07:45 AM

Open notepad and copy/paste the text in the quote box below into it:

Driver::
swomggab
dump_wmimmc
npggsvc
X6va005


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 30
Java™ 6 Update 25
Java™ 7 Update 3


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Please post the ComboFix log and let me know what problem persists.

#11 shyguy7829

shyguy7829
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 04 August 2012 - 12:12 PM

Nothing has really changed. I get a blue screen if I try launching Google Chrome and I still cannot access my control panel.

ComboFix 12-08-04.02 - scout pilgrim 08/04/2012 9:06.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4020.2447 [GMT -7:00]
Running from: c:\users\scout pilgrim\Desktop\ComboFix.exe
Command switches used :: c:\users\scout pilgrim\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\svchost.exe
.
---- Previous Run -------
.
c:\users\scout pilgrim\AppData\Local\{81F1720B-D022-42A7-8C34-FA43D554DBA8}
c:\users\scout pilgrim\AppData\Local\{81F1720B-D022-42A7-8C34-FA43D554DBA8}\chrome.manifest
c:\users\scout pilgrim\AppData\Local\{81F1720B-D022-42A7-8C34-FA43D554DBA8}\chrome\content\overlay.xul
c:\users\scout pilgrim\AppData\Local\{81F1720B-D022-42A7-8C34-FA43D554DBA8}\install.rdf
c:\users\scout pilgrim\AppData\Local\Temp\sfamcc00001.dll
c:\users\scout pilgrim\AppData\Local\Temp\sfareca00001.dll
c:\users\SCOUTP~1\AppData\Local\Temp\sfamcc00001.dll
c:\users\SCOUTP~1\AppData\Local\Temp\sfareca00001.dll
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Service_dump_wmimmc
-------\Service_npggsvc
-------\Service_swomggab
-------\Service_X6va005
.
.
((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))
.
.
2012-08-04 16:21 . 2012-08-04 16:21 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-04 16:21 . 2012-08-04 16:21 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-08-04 16:21 . 2012-08-04 16:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-04 16:21 . 2012-08-04 16:21 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-04 16:03 . 2012-08-04 16:03 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{486D30E2-257D-4D3D-A76E-0455775A8266}\offreg.dll
2012-08-02 15:09 . 2012-08-02 15:09 -------- d-----w- c:\users\scout pilgrim\AppData\Roaming\RenPy
2012-08-01 05:53 . 2012-08-01 05:53 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-07-22 05:13 . 2012-07-22 05:13 -------- d-----w- c:\users\scout pilgrim\AppData\Roaming\AVG2012
2012-07-22 05:12 . 2012-07-22 05:12 -------- d-----w- c:\programdata\AVG Secure Search
2012-07-22 05:12 . 2012-07-22 05:12 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-07-22 05:12 . 2012-07-22 05:12 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-07-22 05:11 . 2012-07-22 05:11 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-07-22 05:10 . 2012-08-04 11:58 -------- d-----w- c:\windows\system32\drivers\AVG
2012-07-22 05:08 . 2012-07-22 14:48 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-22 02:27 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{486D30E2-257D-4D3D-A76E-0455775A8266}\mpengine.dll
2012-07-18 05:35 . 2012-07-18 06:28 -------- d-----w- C:\packages
2012-07-18 05:35 . 2012-07-18 05:35 -------- d-----w- C:\Hailan_Data
2012-07-17 05:50 . 2012-07-17 05:51 -------- d-----w- c:\program files (x86)\Project Zomboid
2012-07-14 21:48 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-12 07:13 . 2012-07-12 07:13 -------- d-----w- c:\program files (x86)\FDRLab
2012-07-06 01:45 . 2012-07-06 01:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-04 08:17 . 2010-06-24 19:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-08-02 06:04 . 2010-09-10 17:24 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-08-02 06:04 . 2010-09-09 08:10 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-08-01 06:27 . 2010-09-09 08:10 283312 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-08-01 06:20 . 2010-09-09 08:10 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-07-03 20:49 . 2012-07-03 21:00 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe
2012-06-14 15:03 . 2010-09-25 05:03 58957832 ----a-w- c:\windows\system32\MRT.exe
2012-06-14 14:48 . 2012-04-12 03:46 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-14 14:48 . 2011-06-07 18:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-02 22:19 . 2012-06-21 15:10 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 15:11 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 15:11 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 15:11 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 15:09 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-21 15:10 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 15:11 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 15:09 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-21 15:10 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-05-18 23:19 . 2012-05-18 23:19 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-18 02:47 . 2012-06-14 14:53 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-05-18 02:16 . 2012-06-14 14:53 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-05-18 02:06 . 2012-06-14 14:53 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-05-18 01:59 . 2012-06-14 14:53 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-05-18 01:59 . 2012-06-14 14:53 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-05-18 01:58 . 2012-06-14 14:53 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-18 01:58 . 2012-06-14 14:53 237056 ----a-w- c:\windows\system32\url.dll
2012-05-18 01:56 . 2012-06-14 14:53 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-18 01:55 . 2012-06-14 14:53 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-18 01:55 . 2012-06-14 14:53 818688 ----a-w- c:\windows\system32\jscript.dll
2012-05-18 01:54 . 2012-06-14 14:53 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-05-18 01:51 . 2012-06-14 14:53 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-05-18 01:51 . 2012-06-14 14:53 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-18 01:47 . 2012-06-14 14:53 248320 ----a-w- c:\windows\system32\ieui.dll
2012-05-17 22:45 . 2012-06-14 14:53 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-05-17 22:35 . 2012-06-14 14:53 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-05-17 22:35 . 2012-06-14 14:53 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 14:53 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 14:53 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-05-15 01:32 . 2012-06-13 15:01 3146752 ----a-w- c:\windows\system32\win32k.sys
2006-05-03 19:06 163328 --sh--r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 20:47 31232 --sh--r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 22:30 216064 --sh--r- c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-03_01.02.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-15 04:09 . 2012-08-03 01:22 64626 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-03 01:22 51196 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2010-09-09 01:37 . 2012-08-02 15:52 21474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2812949562-2609074762-681842296-1001_UserData.bin
+ 2010-09-09 01:37 . 2012-08-03 01:22 21474 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2812949562-2609074762-681842296-1001_UserData.bin
- 2010-06-07 20:12 . 2012-08-01 08:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-07 20:12 . 2012-08-04 08:20 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-06-07 20:12 . 2012-08-01 08:56 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-07 20:12 . 2012-08-04 08:20 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-04 08:20 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-01 08:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-08-04 08:16 . 2012-08-04 08:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-02 15:49 . 2012-08-03 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 08:16 . 2012-08-04 08:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-02 15:49 . 2012-08-03 00:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-03 00:41 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-04 16:05 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 05:01 . 2012-08-04 08:14 396432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-02 15:48 396432 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 04:54 . 2012-08-04 16:05 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-03 00:41 4112384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-04 22:04 . 2012-08-04 08:15 6775664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2011-12-04 22:04 . 2012-08-02 15:48 6775664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
- 2009-07-14 04:54 . 2012-08-03 00:41 10108928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-04 16:05 10108928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-30 05:17 . 2012-08-04 08:15 36504436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2812949562-2609074762-681842296-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-22 05:12 2069088 ----a-w- c:\program files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.0.0.10\AVG Secure Search_toolbar.dll" [2012-07-22 2069088]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-05-14 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-24 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-08-15 1955208]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-22 1118304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-06 3048136]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]
R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe [2012-01-12 131912]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 hid8101;hid8101;c:\windows\system32\drivers\hid8101.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-14 67072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-11-10 824688]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-06-01 736104]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-10 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-06 271424]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-10-28 252784]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1267000]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-28 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [2012-07-22 934496]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 23152]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-11-03 74016]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdgx64.sys [2009-08-19 49568]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2009-06-15 12800]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2009-10-02 946688]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-11-05 137560]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812949562-2609074762-681842296-1001Core.job
- c:\users\scout pilgrim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 03:19]
.
2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812949562-2609074762-681842296-1001UA.job
- c:\users\scout pilgrim\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-30 03:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-11-05 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"HDMICtrlMan"="c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://maplestory.nexon.net/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download All By FlashGet3 - c:\users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download By FlashGet3 - c:\users\scout pilgrim\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: En&queue current page with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidqueue.htm
IE: Enqueue link tar&get with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkqueue.htm
IE: Open &link target with BID - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlink.htm
IE: Open current page with BI&D - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebid.htm
IE: Open current page with BID Link Explorer - file://c:\program files (x86)\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
Trusted Zone: clonewarsadventures.com
Trusted Zone: ed.gov\fafsa
Trusted Zone: freerealms.com
Trusted Zone: kuaiche.com\software
Trusted Zone: sannybuilder.com\alexander
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\users\scout pilgrim\AppData\Roaming\Mozilla\Firefox\Profiles\29oi5irn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-combofix - c:\combofix\CF14927.3XE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:84,ac,3d,d9,f1,56,62,cc,55,6a,b9,d4,c8,41,a0,c0,5b,3c,c2,6c,d6,87,7c,
22,b2,77,ed,e8,a2,62,90,c7,b5,ee,fa,e8,6b,20,d4,05,b4,67,ef,2c,d7,f4,61,36,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
.
[HKEY_USERS\S-1-5-21-2812949562-2609074762-681842296-1001\Software\SecuROM\License information*]
"datasecu"=hex:33,28,62,83,b7,9f,a6,7a,00,14,96,6f,ac,1b,b9,cd,e1,48,79,d2,a9,
9f,84,6f,d6,e1,cb,14,e6,a5,67,0f,57,85,e6,6c,fa,a6,28,ff,b7,f0,4a,6f,39,94,\
"rkeysecu"=hex:96,86,dd,94,a9,6b,15,71,c2,52,0a,d5,0e,46,eb,42
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-04 09:25:29
ComboFix-quarantined-files.txt 2012-08-04 16:25
ComboFix2.txt 2012-08-03 01:07
ComboFix3.txt 2011-12-08 00:21
.
Pre-Run: 101,435,662,336 bytes free
Post-Run: 101,373,718,528 bytes free
.
- - End Of File - - AAAD809D9A9D999E0255CA365CAB3FBC

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:31 AM

Posted 05 August 2012 - 06:35 AM

Looking good. Any remaining issues?

#13 shyguy7829

shyguy7829
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 05 August 2012 - 10:32 AM

Yes. I get a blue screen when I open Google Chrome and I cannot access my Control Panel. Is there some way I can fix this?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,512 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:31 AM

Posted 05 August 2012 - 12:17 PM

This infection may still be around.
Lets check further.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#15 shyguy7829

shyguy7829
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:09:31 PM

Posted 06 August 2012 - 11:04 AM

I get an error when I attempt to boot into Repair Your Computer and I'm forced to shut down.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users