Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan Horse Patched_c.LXT


  • This topic is locked This topic is locked
19 replies to this topic

#1 slick1190

slick1190

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 07:28 PM

About 12 hours ago AVG started popping up a message box saying:
"Threat Detected!"
File Name: c:\Windows\System32\services.exe
Threat Name: Trojan Horse Patched_c.LXT
Detected on Open

Process Name: C:\Windows\System32\svchost.exe

Another AVG message has popped up saying:
Multiple threat detection
c:\Windows\System32\services.exe Object is white-listed(critical/system file that should not be removed)
c:\Windows\System32\services.exe Object is white-listed(critical/system file that should not be removed)
All items were resolved

A similar message popped up saying there was a threat with the task manager process.

All this has been happening since I have been searching for possible causes and solutions, without taking action, for I have very little knowledge about viruses.

AVG offers no option to remove/delete the trojan.
I also noticed when browsing online (even this site) links would routinely get redirect to random pages.

Also, on another note: I have talked to a few friends and downloaded Microsoft Security Essentials, and have temporarily disabled AVG
due to this action. I have ran a quick scan and quarantined 15 Trojans all starting as followed:
Trojan:Win64/Sirefef, Trojan:Win64/Sirefef.AA, Trojan Win64/Sirefef.W, Trojan:Win64/Sirefef.AN

I am unsure if this was a good choice.

-Thanks in advance for the assistance

Here is my DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Sean P at 20:13:28 on 2012-07-24
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2788 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\taskeng.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\vVX3000.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Sean P\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\SearchFilterHost.exe
C:\Users\Sean P\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUCR56W5\Defogger.exe
C:\windows\system32\conhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page =
uStart Page = https://search.blekko.com/ws/?source=38c2f9fe&toolbarid=searchcom_002&u=2012042955C14172AB5B5F2E379D8A65&tbp=homepage
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mSearchAssistant =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {0931BD3F-547E-45C1-B133-D0E995645DBA} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No File
BHO: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - No File
BHO: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO: {D3359117-2C75-4100-866A-E59D86B5D3D3} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll
BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - No File
TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
uRun: [Google Update] "C:\Users\Sean P\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GameXN GO] "C:\ProgramData\GameXN\GameXNGO.exe" /startup
uRun: [Spotify Web Helper] "C:\Users\Sean P\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRunOnce: [Application Restart #2] C:\Users\Sean P\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe --user-data-dir="C:\Users\Sean P\AppData\Local\MapleStudio\ChromePlus\User Data" --start-maximized --flag-switches-begin --prerender-from-omnibox=enabled --enable-print-preview --flag-switches-end --restore-last-session
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uPolicies-explorer: AddSearchInternetLinkInStartMenu = 1 (0x1)
uPolicies-explorer: AlwaysShowClassicMenu = 1 (0x1)
uPolicies-explorer: MaxRecentDocs = 30 (0x1e)
uPolicies-explorer: NoTrayItemsDisplay = 00
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: SoftwareSASGeneration = 3 (0x3)
IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_exclude
IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_report
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Sean P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll
LSP: mswsock.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25} : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E6564713233343 : NameServer = 74.79.109.170,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E6564713233343 : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E656471323337657563747 : NameServer = 74.79.109.170,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E656471323337657563747 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2F3FE3FD-75A0-46E2-93EB-2989F5177C8F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7EB3C394-C1F0-4902-9F6B-31D363201EE7} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7F6790C4-8C36-4B4D-928B-A2DA4814627B} : DhcpNameServer = 192.168.0.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {01250B8F-D947-4F8A-9408-FE8E3EE2EC92} - C:\Program Files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe /SETUP
BHO-X64: {0931BD3F-547E-45C1-B133-D0E995645DBA} - No File
BHO-X64: BHO_PROJECT - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - No File
BHO-X64: Wajam IE BHO - No File
BHO-X64: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - No File
BHO-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
BHO-X64: {D3359117-2C75-4100-866A-E59D86B5D3D3} - No File
BHO-X64: Smart Address Bar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
TB-X64: {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - No File
TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Sean P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
R0 SmartDefragDriver;SmartDefragDriver;C:\windows\system32\Drivers\SmartDefragDriver.sys --> C:\windows\system32\Drivers\SmartDefragDriver.sys [?]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
R1 PMCF;PMCF;\??\C:\windows\system32\drivers\PMCF.sys --> C:\windows\system32\drivers\PMCF.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-2-6 913792]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-24 655944]
R2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys --> C:\windows\system32\DRIVERS\rimspe64.sys [?]
R2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys --> C:\windows\system32\DRIVERS\risdpe64.sys [?]
R2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys --> C:\windows\system32\DRIVERS\rixdpe64.sys [?]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
S2 WajamUpdater;WajamUpdater;"C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" --> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [?]
S3 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\windows\system32\drivers\BVRPMPR5a64.SYS --> C:\windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 fssfltr;fssfltr;C:\windows\system32\DRIVERS\fssfltr.sys --> C:\windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 PSI;PSI;C:\windows\system32\DRIVERS\psi_mf.sys --> C:\windows\system32\DRIVERS\psi_mf.sys [?]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\windows\system32\DRIVERS\RTL8192su.sys --> C:\windows\system32\DRIVERS\RTL8192su.sys [?]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-14 994360]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-1-31 51512]
S3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-8-27 251760]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-9-17 137560]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2009-8-4 826224]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-5-24 14544]
S4 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-8-10 248688]
S4 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-7-14 42368]
S4 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-28 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-28 136176]
S4 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-24 23:19:14 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE4FC847-B881-43EE-9288-A40336C7AEF5}\offreg.dll
2012-07-24 23:14:47 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BBA737E2-4B30-482B-959F-94D5E653DD19}\gapaengine.dll
2012-07-24 23:13:36 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CE4FC847-B881-43EE-9288-A40336C7AEF5}\mpengine.dll
2012-07-24 23:13:23 279656 ------w- C:\windows\System32\MpSigStub.exe
2012-07-24 23:11:10 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 23:06:43 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-07-24 23:06:06 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-07-24 09:53:26 -------- d-----w- C:\Users\Sean P\AppData\Roaming\Malwarebytes
2012-07-24 09:53:15 24904 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-07-24 09:53:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-24 09:53:15 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-23 23:36:09 -------- d-----w- C:\ProgramData\Windows Codecs
2012-07-22 22:25:50 -------- d-----w- C:\Program Files (x86)\OApps
2012-07-22 22:25:18 -------- d-----w- C:\Program Files (x86)\smartdl
2012-07-22 21:20:16 -------- d-----w- C:\ProgramData\Premium
2012-07-22 21:20:04 -------- d-----w- C:\ProgramData\InstallMate
2012-07-22 01:29:46 -------- d-----w- C:\Users\Sean P\AppData\Local\WiredRed
2012-07-20 08:14:55 -------- d-----w- C:\Users\Sean P\AppData\Roaming\UltraVNC
2012-07-20 07:36:47 -------- d-----w- C:\Users\Sean P\AppData\Local\CrossLoop
2012-07-16 01:03:42 184891 ----a-w- C:\torrent.exe
2012-07-11 15:34:30 3148800 ----a-w- C:\windows\System32\win32k.sys
2012-07-11 13:17:51 2004480 ----a-w- C:\windows\System32\msxml6.dll
.
==================== Find3M ====================
.
2012-07-24 23:31:12 328704 ----a-w- C:\windows\System32\services.exe
2012-07-16 16:55:44 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 16:55:44 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-19 19:43:27 772592 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2012-06-19 19:43:27 687600 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2012-05-24 14:47:56 24448 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe
2012-05-08 22:34:58 32600 ----a-w- C:\windows\System32\SmartDefragBootTime.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
2012-05-04 11:00:43 366592 ----a-w- C:\windows\System32\qdvd.dll
2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59:54 514560 ----a-w- C:\windows\SysWow64\qdvd.dll
2012-05-01 05:40:20 209920 ----a-w- C:\windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe
.
============= FINISH: 20:15:41.36 ===============

Edited by slick1190, 24 July 2012 - 07:59 PM.


BC AdBot (Login to Remove)

 


#2 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 24 July 2012 - 08:58 PM

Although I am not recieving anymore threats, I still think the virus is on my computer.

I have tried to follow instructions on preparing for this post, but I had a problem with my Windows Firewall.

I typed Windows Firewall into the start menu search in Windows 7, and the only option it gives me when I open it is to use reccommended settings,
upon clicking that I recieve an error message: Windows Firewall can't change some of your settings. Error code: 0x80070424

I also did the same search, and tried to open Windows Firewall with Advanced Security, and I recieve this message:

There was an error opening the Windows Firewall with Advanced Security snap-in

The Windows Firewall with Advanced Security snap-in failed to load. Restart the Windows Firewall service on the computer that you are managing. Error code: 0x6D9.

Upon trying to fix that manually, I am not able to locate my windows firewall in services.exe

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 26 July 2012 - 02:55 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 26 July 2012 - 07:08 PM

I have had no problems with either Security Check or Combo fix, both were run on the same date, without any additional restarts. The Computer has not given me any threats or errors besides that my System Restore is not working (system restore error 0x80042308). The System Restore problem has been here before this virus came about. Here are the reports for both scans.

Security Check Log:

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Secunia PSI (2.0.0.4003)
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 6 Update 22
Java™ 6 Update 31
Java™ 7 Update 5
Adobe Flash Player 11.1.102.55 Flash Player out of Date!
Adobe Reader X (10.1.3)
Mozilla Firefox (3.6.6) Firefox out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````

Combo Fix Log:

ComboFix 12-07-27.02 - Sean P 07/26/2012 19:23:39.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2903 [GMT -4:00]
Running from: c:\users\Sean P\Documents\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BarQuery
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\SysWow64\Dump
c:\windows\SysWow64\Dump\MiniDump.dmp
c:\windows\SysWow64\system
.
.
((((((((((((((((((((((((( Files Created from 2012-06-26 to 2012-07-26 )))))))))))))))))))))))))))))))
.
.
2012-07-26 23:35 . 2012-07-26 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 23:35 . 2012-07-26 23:35 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-26 21:30 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A569287F-8063-47F3-AE69-A2ECE5539888}\mpengine.dll
2012-07-24 23:14 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA737E2-4B30-482B-959F-94D5E653DD19}\gapaengine.dll
2012-07-24 23:13 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-24 23:11 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 23:06 . 2012-07-24 23:06 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-24 23:06 . 2012-07-24 23:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\users\Sean P\AppData\Roaming\Malwarebytes
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 09:53 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 23:36 . 2012-07-24 03:49 -------- d-----w- c:\programdata\Windows Codecs
2012-07-22 22:25 . 2012-07-22 22:28 -------- d-----w- c:\program files (x86)\OApps
2012-07-22 22:25 . 2012-07-22 22:26 -------- d-----w- c:\program files (x86)\smartdl
2012-07-22 21:20 . 2012-07-22 21:20 -------- d-----w- c:\programdata\Premium
2012-07-22 21:20 . 2012-07-22 21:20 -------- d-----w- c:\programdata\InstallMate
2012-07-22 01:29 . 2012-07-22 02:57 -------- d-----w- c:\users\Sean P\AppData\Local\WiredRed
2012-07-20 08:14 . 2012-07-20 08:14 -------- d-----w- c:\users\Sean P\AppData\Roaming\UltraVNC
2012-07-20 07:36 . 2012-07-20 08:24 -------- d-----w- c:\users\Sean P\AppData\Local\CrossLoop
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2012-07-11 15:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:17 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 23:31 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-16 16:55 . 2012-05-24 09:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 16:55 . 2011-10-29 03:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:29 . 2010-02-27 11:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 19:43 . 2012-05-28 02:03 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-19 19:43 . 2011-06-02 03:14 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 00:50 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:50 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:50 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 00:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 00:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 14:47 . 2012-01-11 07:48 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-08 22:34 . 2012-05-24 02:28 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-05-04 11:06 . 2012-06-19 01:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-19 02:45 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-19 01:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-19 01:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-19 02:45 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-19 02:44 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-19 01:01 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AddSearchInternetLinkInStartMenu"= 1 (0x1)
"AlwaysShowClassicMenu"= 1 (0x1)
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [x]
R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R3 AVFSFilter;AVFSFilter; [x]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-06-11 35840]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 X6va001;X6va001;c:\users\SEANP~1\AppData\Local\Temp\0013DCF.tmp [x]
R3 X6va003;X6va003;c:\users\SEANP~1\AppData\Local\Temp\003C4BB.tmp [x]
R3 X6va005;X6va005;c:\users\SEANP~1\AppData\Local\Temp\0054AF9.tmp [x]
R3 X6va006;X6va006;c:\users\SEANP~1\AppData\Local\Temp\0065C26.tmp [x]
R3 X6va008;X6va008;c:\users\SEANP~1\AppData\Local\Temp\0084A29.tmp [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-07-04 5160568]
R4 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R4 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 sptd;sptd; [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-07-28 16448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 04:51]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 04:51]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-111063060-1555190575-2033751331-1003Core.job
- c:\users\Sean P\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 03:31]
.
2012-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-111063060-1555190575-2033751331-1003UA.job
- c:\users\Sean P\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 03:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = https://search.blekko.com/ws/?source=38c2f9fe&toolbarid=searchcom_002&u=2012042955C14172AB5B5F2E379D8A65&tbp=homepage
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_exclude
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_report
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Sean P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E6564713233343: NameServer = 74.79.109.170,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E656471323337657563747: NameServer = 74.79.109.170,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{0931BD3F-547E-45C1-B133-D0E995645DBA} - (no file)
BHO-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{D3359117-2C75-4100-866A-E59D86B5D3D3} - (no file)
Toolbar-Locked - (no file)
Toolbar-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - c:\programdata\Windows Codecs\MediaShellOverlays.dll
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Hexen2DemoUninstallKey - c:\hexen ii demo\Uninst.isu
AddRemove-UnityWebPlayer - c:\users\Sean P\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0013DCF.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\003C4BB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0054AF9.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0065C26.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0084A29.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\02\12\13!\1du"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
.
**************************************************************************
.
Completion time: 2012-07-26 19:50:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-26 23:50
.
Pre-Run: 313,842,905,088 bytes free
Post-Run: 320,091,484,160 bytes free
.
- - End Of File - - 9747EA842D7FD42EC104A43D09B5050C

#5 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 26 July 2012 - 07:24 PM

I notice that the Combo Fix log states that it created a new restore point, as it was doing the combo fix scan i read that it was attempting to create one with System Restore.

It told me that it had failed while the scan was in progress, and I do not see a System Restore Point in my System Restore.

I have read just about everything in preparation to your malware help, and it stated not to post more then 1 problem to 1 post.

So here is my additional problem: my System Restore has not been working for a very long time, yet I haven't had the need to use it until now.

I receive this error every time i try to create one:

[System Protection

The restore point could not be created for the following reason:

The specified object was not found. (0x80042308)

Please try again.]

If there is someone in your team that can assist with getting my System Restore back up and running I would greatly appreciate the help.

Edited by slick1190, 26 July 2012 - 07:25 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 26 July 2012 - 08:39 PM

Greetings


Lets see if by the time you and I are finished if system restore starts working


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AVG Anti-Virus Free Edition 2012
Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove all but one of them.



I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 July 2012 - 01:39 AM

I have removed AVG Free edition and my Microsoft Security Essentials Protection is off for the time being.

No infections or suspicious files found with Kaspersky TDSS anti-rootkit tool.

My firewall is now working, thank you graciously for that.

TDSS log:

00:43:02.0914 2304 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
00:43:03.0850 2304 ============================================================
00:43:03.0850 2304 Current date / time: 2012/07/27 00:43:03.0850
00:43:03.0850 2304 SystemInfo:
00:43:03.0850 2304
00:43:03.0850 2304 OS Version: 6.1.7601 ServicePack: 1.0
00:43:03.0850 2304 Product type: Workstation
00:43:03.0850 2304 ComputerName: LAPTOP1
00:43:03.0850 2304 UserName: Sean P
00:43:03.0850 2304 Windows directory: C:\windows
00:43:03.0850 2304 System windows directory: C:\windows
00:43:03.0850 2304 Running under WOW64
00:43:03.0850 2304 Processor architecture: Intel x64
00:43:03.0850 2304 Number of processors: 2
00:43:03.0850 2304 Page size: 0x1000
00:43:03.0850 2304 Boot type: Normal boot
00:43:03.0850 2304 ============================================================
00:43:07.0210 2304 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:43:07.0260 2304 ============================================================
00:43:07.0310 2304 \Device\Harddisk0\DR0:
00:43:07.0330 2304 MBR partitions:
00:43:07.0330 2304 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2D0EA800
00:43:07.0330 2304 ============================================================
00:43:07.0691 2304 C: <-> \Device\Harddisk0\DR0\Partition0
00:43:07.0691 2304 ============================================================
00:43:07.0691 2304 Initialize success
00:43:07.0691 2304 ============================================================
00:44:49.0112 1036 ============================================================
00:44:49.0112 1036 Scan started
00:44:49.0112 1036 Mode: Manual;
00:44:49.0112 1036 ============================================================
00:44:51.0358 1036 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
00:44:51.0358 1036 1394ohci - ok
00:44:51.0390 1036 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
00:44:51.0405 1036 ACPI - ok
00:44:51.0436 1036 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
00:44:51.0436 1036 AcpiPmi - ok
00:44:51.0546 1036 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:44:51.0546 1036 AdobeARMservice - ok
00:44:51.0592 1036 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
00:44:51.0592 1036 adp94xx - ok
00:44:51.0624 1036 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
00:44:51.0624 1036 adpahci - ok
00:44:51.0639 1036 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
00:44:51.0639 1036 adpu320 - ok
00:44:51.0748 1036 AdvancedSystemCareService5 (96d6cdd0b32846e8cfbe592f4f32e608) C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
00:44:51.0764 1036 AdvancedSystemCareService5 - ok
00:44:51.0795 1036 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
00:44:51.0795 1036 AeLookupSvc - ok
00:44:51.0842 1036 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
00:44:51.0858 1036 AFD - ok
00:44:51.0920 1036 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\windows\system32\DRIVERS\agrsm64.sys
00:44:51.0920 1036 AgereSoftModem - ok
00:44:51.0967 1036 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
00:44:51.0967 1036 agp440 - ok
00:44:51.0982 1036 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
00:44:51.0982 1036 ALG - ok
00:44:51.0998 1036 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
00:44:51.0998 1036 aliide - ok
00:44:52.0014 1036 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
00:44:52.0014 1036 amdide - ok
00:44:52.0045 1036 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
00:44:52.0045 1036 AmdK8 - ok
00:44:52.0060 1036 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
00:44:52.0060 1036 AmdPPM - ok
00:44:52.0107 1036 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
00:44:52.0107 1036 amdsata - ok
00:44:52.0123 1036 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
00:44:52.0123 1036 amdsbs - ok
00:44:52.0154 1036 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
00:44:52.0154 1036 amdxata - ok
00:44:52.0154 1036 ApfiltrService - ok
00:44:52.0185 1036 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
00:44:52.0185 1036 AppID - ok
00:44:52.0232 1036 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
00:44:52.0232 1036 AppIDSvc - ok
00:44:52.0263 1036 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
00:44:52.0263 1036 Appinfo - ok
00:44:52.0326 1036 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
00:44:52.0326 1036 arc - ok
00:44:52.0341 1036 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
00:44:52.0341 1036 arcsas - ok
00:44:52.0357 1036 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
00:44:52.0357 1036 AsyncMac - ok
00:44:52.0388 1036 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
00:44:52.0388 1036 atapi - ok
00:44:52.0606 1036 atikmdag (3efd964d52221360af0673cd61c2f4f5) C:\windows\system32\drivers\atikmdag.sys
00:44:52.0747 1036 atikmdag - ok
00:44:52.0934 1036 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:44:52.0934 1036 AudioEndpointBuilder - ok
00:44:52.0950 1036 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
00:44:52.0950 1036 AudioSrv - ok
00:44:52.0965 1036 AVFSFilter - ok
00:44:53.0028 1036 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
00:44:53.0028 1036 AxInstSV - ok
00:44:53.0152 1036 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
00:44:53.0152 1036 b06bdrv - ok
00:44:53.0184 1036 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
00:44:53.0199 1036 b57nd60a - ok
00:44:53.0340 1036 BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
00:44:53.0340 1036 BcmSqlStartupSvc - ok
00:44:53.0355 1036 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
00:44:53.0355 1036 BDESVC - ok
00:44:53.0371 1036 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
00:44:53.0371 1036 Beep - ok
00:44:53.0449 1036 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
00:44:53.0464 1036 BFE - ok
00:44:53.0511 1036 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
00:44:53.0511 1036 blbdrive - ok
00:44:53.0542 1036 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
00:44:53.0558 1036 bowser - ok
00:44:53.0574 1036 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
00:44:53.0574 1036 BrFiltLo - ok
00:44:53.0589 1036 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
00:44:53.0589 1036 BrFiltUp - ok
00:44:53.0636 1036 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
00:44:53.0636 1036 BridgeMP - ok
00:44:53.0667 1036 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
00:44:53.0667 1036 Browser - ok
00:44:53.0698 1036 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
00:44:53.0698 1036 Brserid - ok
00:44:53.0730 1036 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
00:44:53.0730 1036 BrSerWdm - ok
00:44:53.0761 1036 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
00:44:53.0761 1036 BrUsbMdm - ok
00:44:53.0776 1036 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
00:44:53.0776 1036 BrUsbSer - ok
00:44:53.0776 1036 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
00:44:53.0792 1036 BTHMODEM - ok
00:44:53.0839 1036 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
00:44:53.0839 1036 bthserv - ok
00:44:53.0870 1036 BVRPMPR5a64 (9887ca12f407d7fbc7f48f3678f5f0b6) C:\windows\system32\drivers\BVRPMPR5a64.SYS
00:44:53.0870 1036 BVRPMPR5a64 - ok
00:44:53.0901 1036 catchme - ok
00:44:53.0932 1036 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
00:44:53.0932 1036 cdfs - ok
00:44:53.0979 1036 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
00:44:53.0979 1036 cdrom - ok
00:44:54.0042 1036 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:44:54.0042 1036 CertPropSvc - ok
00:44:54.0135 1036 cfWiMAXService (837ff2d497880198c918e6954dbd170c) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
00:44:54.0135 1036 cfWiMAXService - ok
00:44:54.0166 1036 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
00:44:54.0166 1036 circlass - ok
00:44:54.0198 1036 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
00:44:54.0213 1036 CLFS - ok
00:44:54.0276 1036 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:44:54.0276 1036 clr_optimization_v2.0.50727_32 - ok
00:44:54.0322 1036 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:44:54.0338 1036 clr_optimization_v2.0.50727_64 - ok
00:44:54.0400 1036 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:44:54.0400 1036 clr_optimization_v4.0.30319_32 - ok
00:44:54.0432 1036 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:44:54.0432 1036 clr_optimization_v4.0.30319_64 - ok
00:44:54.0447 1036 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
00:44:54.0463 1036 CmBatt - ok
00:44:54.0494 1036 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
00:44:54.0494 1036 cmdide - ok
00:44:54.0541 1036 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
00:44:54.0556 1036 CNG - ok
00:44:54.0588 1036 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
00:44:54.0588 1036 Compbatt - ok
00:44:54.0619 1036 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
00:44:54.0619 1036 CompositeBus - ok
00:44:54.0634 1036 COMSysApp - ok
00:44:54.0712 1036 ConfigFree Gadget Service (d252c53bcdfc199bba55eeb10cdb266e) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
00:44:54.0712 1036 ConfigFree Gadget Service - ok
00:44:54.0744 1036 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
00:44:54.0744 1036 ConfigFree Service - ok
00:44:54.0775 1036 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
00:44:54.0775 1036 crcdisk - ok
00:44:54.0822 1036 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
00:44:54.0822 1036 CryptSvc - ok
00:44:54.0884 1036 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:44:54.0884 1036 DcomLaunch - ok
00:44:54.0915 1036 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
00:44:54.0915 1036 defragsvc - ok
00:44:54.0962 1036 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
00:44:54.0978 1036 DfsC - ok
00:44:55.0009 1036 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
00:44:55.0009 1036 Dhcp - ok
00:44:55.0056 1036 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
00:44:55.0056 1036 discache - ok
00:44:55.0071 1036 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
00:44:55.0071 1036 Disk - ok
00:44:55.0118 1036 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
00:44:55.0118 1036 Dnscache - ok
00:44:55.0149 1036 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
00:44:55.0165 1036 dot3svc - ok
00:44:55.0196 1036 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
00:44:55.0196 1036 DPS - ok
00:44:55.0227 1036 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
00:44:55.0227 1036 drmkaud - ok
00:44:55.0321 1036 dump_wmimmc - ok
00:44:55.0383 1036 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
00:44:55.0399 1036 DXGKrnl - ok
00:44:55.0430 1036 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
00:44:55.0430 1036 EapHost - ok
00:44:55.0586 1036 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
00:44:55.0633 1036 ebdrv - ok
00:44:55.0804 1036 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
00:44:55.0804 1036 EFS - ok
00:44:55.0898 1036 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
00:44:55.0898 1036 ehRecvr - ok
00:44:55.0929 1036 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
00:44:55.0929 1036 ehSched - ok
00:44:55.0992 1036 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
00:44:56.0007 1036 elxstor - ok
00:44:56.0038 1036 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
00:44:56.0038 1036 ErrDev - ok
00:44:56.0085 1036 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
00:44:56.0085 1036 EventSystem - ok
00:44:56.0116 1036 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
00:44:56.0116 1036 exfat - ok
00:44:56.0148 1036 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
00:44:56.0148 1036 fastfat - ok
00:44:56.0194 1036 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
00:44:56.0304 1036 Fax - ok
00:44:56.0522 1036 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
00:44:56.0538 1036 fdc - ok
00:44:56.0709 1036 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
00:44:56.0725 1036 fdPHost - ok
00:44:56.0756 1036 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
00:44:56.0756 1036 FDResPub - ok
00:44:56.0772 1036 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
00:44:56.0772 1036 FileInfo - ok
00:44:56.0787 1036 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
00:44:56.0787 1036 Filetrace - ok
00:44:56.0818 1036 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
00:44:56.0818 1036 flpydisk - ok
00:44:56.0865 1036 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
00:44:56.0865 1036 FltMgr - ok
00:44:56.0943 1036 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
00:44:56.0959 1036 FontCache - ok
00:44:57.0037 1036 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:44:57.0037 1036 FontCache3.0.0.0 - ok
00:44:57.0084 1036 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
00:44:57.0084 1036 FsDepends - ok
00:44:57.0115 1036 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
00:44:57.0115 1036 fssfltr - ok
00:44:57.0255 1036 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:44:57.0271 1036 fsssvc - ok
00:44:57.0708 1036 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
00:44:57.0708 1036 Fs_Rec - ok
00:44:57.0754 1036 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
00:44:57.0754 1036 fvevol - ok
00:44:57.0786 1036 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
00:44:57.0786 1036 gagp30kx - ok
00:44:57.0848 1036 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
00:44:57.0864 1036 gpsvc - ok
00:44:57.0957 1036 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:44:57.0957 1036 gupdate - ok
00:44:57.0957 1036 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:44:57.0957 1036 gupdatem - ok
00:44:58.0004 1036 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
00:44:58.0004 1036 hcw85cir - ok
00:44:58.0051 1036 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
00:44:58.0051 1036 HdAudAddService - ok
00:44:58.0082 1036 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
00:44:58.0082 1036 HDAudBus - ok
00:44:58.0113 1036 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
00:44:58.0113 1036 HidBatt - ok
00:44:58.0129 1036 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
00:44:58.0129 1036 HidBth - ok
00:44:58.0144 1036 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
00:44:58.0160 1036 HidIr - ok
00:44:58.0191 1036 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
00:44:58.0191 1036 hidserv - ok
00:44:58.0222 1036 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
00:44:58.0222 1036 HidUsb - ok
00:44:58.0316 1036 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
00:44:58.0316 1036 hkmsvc - ok
00:44:58.0363 1036 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
00:44:58.0363 1036 HomeGroupListener - ok
00:44:58.0394 1036 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
00:44:58.0394 1036 HomeGroupProvider - ok
00:44:58.0441 1036 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
00:44:58.0441 1036 HpSAMD - ok
00:44:58.0503 1036 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
00:44:58.0519 1036 HTTP - ok
00:44:58.0566 1036 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
00:44:58.0566 1036 hwpolicy - ok
00:44:58.0597 1036 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
00:44:58.0597 1036 i8042prt - ok
00:44:58.0644 1036 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys
00:44:58.0644 1036 iaStor - ok
00:44:58.0675 1036 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
00:44:58.0690 1036 iaStorV - ok
00:44:58.0815 1036 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:44:58.0815 1036 idsvc - ok
00:44:58.0862 1036 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
00:44:58.0862 1036 iirsp - ok
00:44:58.0909 1036 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
00:44:58.0924 1036 IKEEXT - ok
00:44:59.0034 1036 IntcAzAudAddService (b6e61b181884527cc5b68c2d79504b43) C:\windows\system32\drivers\RTKVHD64.sys
00:44:59.0034 1036 IntcAzAudAddService - ok
00:44:59.0221 1036 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
00:44:59.0221 1036 intelide - ok
00:44:59.0361 1036 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
00:44:59.0361 1036 intelppm - ok
00:44:59.0392 1036 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
00:44:59.0392 1036 IPBusEnum - ok
00:44:59.0439 1036 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
00:44:59.0439 1036 IpFilterDriver - ok
00:44:59.0533 1036 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
00:44:59.0533 1036 iphlpsvc - ok
00:44:59.0564 1036 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
00:44:59.0564 1036 IPMIDRV - ok
00:44:59.0611 1036 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
00:44:59.0611 1036 IPNAT - ok
00:44:59.0626 1036 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
00:44:59.0642 1036 IRENUM - ok
00:44:59.0673 1036 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
00:44:59.0673 1036 isapnp - ok
00:44:59.0704 1036 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
00:44:59.0704 1036 iScsiPrt - ok
00:44:59.0720 1036 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys
00:44:59.0720 1036 kbdclass - ok
00:44:59.0767 1036 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
00:44:59.0767 1036 kbdhid - ok
00:44:59.0798 1036 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:44:59.0798 1036 KeyIso - ok
00:44:59.0845 1036 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
00:44:59.0845 1036 KSecDD - ok
00:44:59.0876 1036 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
00:44:59.0876 1036 KSecPkg - ok
00:44:59.0907 1036 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
00:44:59.0907 1036 ksthunk - ok
00:44:59.0938 1036 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
00:44:59.0938 1036 KtmRm - ok
00:44:59.0985 1036 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
00:44:59.0985 1036 LanmanServer - ok
00:45:00.0016 1036 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
00:45:00.0016 1036 LanmanWorkstation - ok
00:45:00.0048 1036 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
00:45:00.0048 1036 lltdio - ok
00:45:00.0094 1036 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
00:45:00.0094 1036 lltdsvc - ok
00:45:00.0110 1036 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
00:45:00.0110 1036 lmhosts - ok
00:45:00.0141 1036 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
00:45:00.0141 1036 LSI_FC - ok
00:45:00.0172 1036 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
00:45:00.0172 1036 LSI_SAS - ok
00:45:00.0188 1036 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
00:45:00.0188 1036 LSI_SAS2 - ok
00:45:00.0204 1036 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
00:45:00.0204 1036 LSI_SCSI - ok
00:45:00.0235 1036 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
00:45:00.0250 1036 luafv - ok
00:45:00.0282 1036 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\windows\system32\drivers\mbam.sys
00:45:00.0282 1036 MBAMProtector - ok
00:45:00.0375 1036 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:45:00.0375 1036 MBAMService - ok
00:45:00.0422 1036 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
00:45:00.0422 1036 Mcx2Svc - ok
00:45:00.0438 1036 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
00:45:00.0438 1036 megasas - ok
00:45:00.0484 1036 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
00:45:00.0500 1036 MegaSR - ok
00:45:00.0531 1036 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:45:00.0531 1036 MMCSS - ok
00:45:00.0547 1036 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
00:45:00.0547 1036 Modem - ok
00:45:00.0578 1036 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
00:45:00.0578 1036 monitor - ok
00:45:00.0625 1036 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
00:45:00.0625 1036 mouclass - ok
00:45:00.0640 1036 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
00:45:00.0640 1036 mouhid - ok
00:45:00.0672 1036 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
00:45:00.0672 1036 mountmgr - ok
00:45:00.0718 1036 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
00:45:00.0718 1036 MpFilter - ok
00:45:00.0765 1036 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
00:45:00.0765 1036 mpio - ok
00:45:00.0796 1036 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
00:45:00.0796 1036 mpsdrv - ok
00:45:00.0890 1036 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
00:45:00.0890 1036 MpsSvc - ok
00:45:00.0937 1036 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
00:45:00.0952 1036 MRxDAV - ok
00:45:00.0984 1036 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
00:45:00.0984 1036 mrxsmb - ok
00:45:01.0030 1036 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
00:45:01.0046 1036 mrxsmb10 - ok
00:45:01.0062 1036 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
00:45:01.0062 1036 mrxsmb20 - ok
00:45:01.0093 1036 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
00:45:01.0093 1036 msahci - ok
00:45:01.0124 1036 MSCamSvc - ok
00:45:01.0171 1036 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
00:45:01.0171 1036 msdsm - ok
00:45:01.0202 1036 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
00:45:01.0218 1036 MSDTC - ok
00:45:01.0249 1036 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
00:45:01.0249 1036 Msfs - ok
00:45:01.0374 1036 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
00:45:01.0374 1036 mshidkmdf - ok
00:45:01.0420 1036 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
00:45:01.0420 1036 msisadrv - ok
00:45:01.0452 1036 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
00:45:01.0467 1036 MSiSCSI - ok
00:45:01.0467 1036 msiserver - ok
00:45:01.0498 1036 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
00:45:01.0498 1036 MSKSSRV - ok
00:45:01.0592 1036 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:45:01.0592 1036 MsMpSvc - ok
00:45:01.0623 1036 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
00:45:01.0623 1036 MSPCLOCK - ok
00:45:01.0623 1036 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
00:45:01.0639 1036 MSPQM - ok
00:45:01.0670 1036 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
00:45:01.0686 1036 MsRPC - ok
00:45:01.0717 1036 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
00:45:01.0717 1036 mssmbios - ok
00:45:02.0013 1036 MSSQL$MSSMLBIZ - ok
00:45:02.0107 1036 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
00:45:02.0107 1036 MSSQLServerADHelper - ok
00:45:02.0138 1036 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
00:45:02.0138 1036 MSTEE - ok
00:45:02.0154 1036 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
00:45:02.0154 1036 MTConfig - ok
00:45:02.0185 1036 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
00:45:02.0185 1036 Mup - ok
00:45:02.0247 1036 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
00:45:02.0247 1036 napagent - ok
00:45:02.0294 1036 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
00:45:02.0294 1036 NativeWifiP - ok
00:45:02.0372 1036 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
00:45:02.0372 1036 NDIS - ok
00:45:02.0403 1036 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
00:45:02.0419 1036 NdisCap - ok
00:45:02.0434 1036 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
00:45:02.0434 1036 NdisTapi - ok
00:45:02.0466 1036 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
00:45:02.0481 1036 Ndisuio - ok
00:45:02.0512 1036 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
00:45:02.0512 1036 NdisWan - ok
00:45:02.0544 1036 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
00:45:02.0544 1036 NDProxy - ok
00:45:02.0575 1036 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
00:45:02.0575 1036 NetBIOS - ok
00:45:02.0622 1036 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
00:45:02.0622 1036 NetBT - ok
00:45:02.0668 1036 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:45:02.0668 1036 Netlogon - ok
00:45:02.0715 1036 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
00:45:02.0715 1036 Netman - ok
00:45:02.0746 1036 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
00:45:02.0762 1036 netprofm - ok
00:45:02.0856 1036 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:45:02.0856 1036 NetTcpPortSharing - ok
00:45:02.0887 1036 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
00:45:02.0887 1036 nfrd960 - ok
00:45:02.0934 1036 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
00:45:02.0934 1036 NisDrv - ok
00:45:03.0043 1036 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
00:45:03.0058 1036 NisSrv - ok
00:45:03.0105 1036 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
00:45:03.0105 1036 NlaSvc - ok
00:45:03.0136 1036 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
00:45:03.0136 1036 Npfs - ok
00:45:03.0136 1036 npggsvc - ok
00:45:03.0136 1036 NPPTNT2 - ok
00:45:03.0168 1036 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
00:45:03.0168 1036 nsi - ok
00:45:03.0199 1036 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
00:45:03.0199 1036 nsiproxy - ok
00:45:03.0433 1036 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
00:45:03.0448 1036 Ntfs - ok
00:45:03.0620 1036 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
00:45:03.0620 1036 Null - ok
00:45:03.0651 1036 NVHDA (ad37248bd442d41c9a896e53eb8a85ee) C:\windows\system32\drivers\nvhda64v.sys
00:45:03.0651 1036 NVHDA - ok
00:45:04.0104 1036 nvlddmkm (7a0fa5fe8b2904cdf3e375f45c23a858) C:\windows\system32\DRIVERS\nvlddmkm.sys
00:45:04.0166 1036 nvlddmkm - ok
00:45:04.0338 1036 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
00:45:04.0353 1036 nvraid - ok
00:45:04.0369 1036 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
00:45:04.0369 1036 nvstor - ok
00:45:04.0416 1036 nvsvc (52b23e481f9c31bd0b431a323cf93668) C:\windows\system32\nvvsvc.exe
00:45:04.0416 1036 nvsvc - ok
00:45:04.0447 1036 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
00:45:04.0462 1036 nv_agp - ok
00:45:04.0572 1036 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:45:04.0587 1036 odserv - ok
00:45:04.0634 1036 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
00:45:04.0634 1036 ohci1394 - ok
00:45:04.0665 1036 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:45:04.0681 1036 ose - ok
00:45:04.0712 1036 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:45:04.0728 1036 p2pimsvc - ok
00:45:04.0759 1036 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
00:45:04.0759 1036 p2psvc - ok
00:45:04.0806 1036 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
00:45:04.0806 1036 Parport - ok
00:45:04.0852 1036 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
00:45:04.0852 1036 partmgr - ok
00:45:04.0884 1036 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
00:45:04.0884 1036 PcaSvc - ok
00:45:04.0930 1036 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
00:45:04.0930 1036 pci - ok
00:45:04.0946 1036 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
00:45:04.0946 1036 pciide - ok
00:45:04.0993 1036 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
00:45:04.0993 1036 pcmcia - ok
00:45:05.0024 1036 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
00:45:05.0024 1036 pcw - ok
00:45:05.0055 1036 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
00:45:05.0071 1036 PEAUTH - ok
00:45:05.0164 1036 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
00:45:05.0164 1036 PerfHost - ok
00:45:05.0445 1036 PGEffect (663962900e7fea522126ba287715bb4a) C:\windows\system32\DRIVERS\pgeffect.sys
00:45:05.0445 1036 PGEffect - ok
00:45:05.0539 1036 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
00:45:05.0554 1036 pla - ok
00:45:05.0601 1036 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
00:45:05.0601 1036 PlugPlay - ok
00:45:05.0664 1036 PMCF (60795ae1e34bcf4ff731f55a6cda9a86) C:\windows\system32\drivers\PMCF.sys
00:45:05.0664 1036 PMCF - ok
00:45:05.0679 1036 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
00:45:05.0679 1036 PNRPAutoReg - ok
00:45:05.0710 1036 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
00:45:05.0710 1036 PNRPsvc - ok
00:45:05.0757 1036 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
00:45:05.0773 1036 PolicyAgent - ok
00:45:05.0804 1036 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
00:45:05.0804 1036 Power - ok
00:45:05.0851 1036 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
00:45:05.0851 1036 PptpMiniport - ok
00:45:05.0898 1036 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
00:45:05.0898 1036 Processor - ok
00:45:05.0929 1036 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
00:45:05.0929 1036 ProfSvc - ok
00:45:05.0976 1036 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:45:05.0976 1036 ProtectedStorage - ok
00:45:06.0022 1036 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
00:45:06.0022 1036 Psched - ok
00:45:06.0069 1036 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\windows\system32\DRIVERS\psi_mf.sys
00:45:06.0069 1036 PSI - ok
00:45:06.0147 1036 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
00:45:06.0147 1036 ql2300 - ok
00:45:06.0334 1036 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
00:45:06.0334 1036 ql40xx - ok
00:45:06.0381 1036 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
00:45:06.0381 1036 QWAVE - ok
00:45:06.0397 1036 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
00:45:06.0397 1036 QWAVEdrv - ok
00:45:06.0412 1036 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
00:45:06.0412 1036 RasAcd - ok
00:45:06.0444 1036 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
00:45:06.0444 1036 RasAgileVpn - ok
00:45:06.0490 1036 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
00:45:06.0490 1036 RasAuto - ok
00:45:06.0522 1036 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
00:45:06.0522 1036 Rasl2tp - ok
00:45:06.0584 1036 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
00:45:06.0584 1036 RasMan - ok
00:45:06.0631 1036 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
00:45:06.0631 1036 RasPppoe - ok
00:45:06.0646 1036 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
00:45:06.0646 1036 RasSstp - ok
00:45:06.0693 1036 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
00:45:06.0693 1036 rdbss - ok
00:45:06.0740 1036 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
00:45:06.0740 1036 rdpbus - ok
00:45:06.0756 1036 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
00:45:06.0756 1036 RDPCDD - ok
00:45:06.0756 1036 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
00:45:06.0756 1036 RDPENCDD - ok
00:45:06.0787 1036 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
00:45:06.0787 1036 RDPREFMP - ok
00:45:06.0818 1036 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
00:45:06.0818 1036 RDPWD - ok
00:45:06.0865 1036 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
00:45:06.0880 1036 rdyboost - ok
00:45:06.0912 1036 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
00:45:06.0912 1036 RemoteAccess - ok
00:45:06.0943 1036 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
00:45:06.0943 1036 RemoteRegistry - ok
00:45:06.0990 1036 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\windows\system32\DRIVERS\rimspe64.sys
00:45:06.0990 1036 rimspci - ok
00:45:07.0005 1036 risdpcie (7dda2e5cf452dad24b1be704225c18ee) C:\windows\system32\DRIVERS\risdpe64.sys
00:45:07.0005 1036 risdpcie - ok
00:45:07.0021 1036 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\windows\system32\DRIVERS\rixdpe64.sys
00:45:07.0021 1036 rixdpcie - ok
00:45:07.0068 1036 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
00:45:07.0068 1036 RpcEptMapper - ok
00:45:07.0083 1036 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
00:45:07.0083 1036 RpcLocator - ok
00:45:07.0146 1036 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
00:45:07.0146 1036 RpcSs - ok
00:45:07.0192 1036 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
00:45:07.0192 1036 rspndr - ok
00:45:07.0239 1036 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
00:45:07.0239 1036 RTL8167 - ok
00:45:07.0551 1036 rtl8192se (7475548b0ba58eba4d12414fc9e9dfe6) C:\windows\system32\DRIVERS\rtl8192se.sys
00:45:07.0551 1036 rtl8192se - ok
00:45:07.0738 1036 RTL8192su (4ce333ac701c4bd2e3eff721c0db2526) C:\windows\system32\DRIVERS\RTL8192su.sys
00:45:07.0738 1036 RTL8192su - ok
00:45:07.0785 1036 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:45:07.0785 1036 SamSs - ok
00:45:07.0832 1036 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
00:45:07.0832 1036 sbp2port - ok
00:45:07.0863 1036 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
00:45:07.0879 1036 SCardSvr - ok
00:45:07.0910 1036 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
00:45:07.0910 1036 scfilter - ok
00:45:07.0988 1036 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
00:45:08.0004 1036 Schedule - ok
00:45:08.0035 1036 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
00:45:08.0050 1036 SCPolicySvc - ok
00:45:08.0175 1036 ScrybeUpdater (b60e9769655ddee8368e3abb6668e076) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
00:45:08.0191 1036 ScrybeUpdater - ok
00:45:08.0347 1036 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\drivers\sdbus.sys
00:45:08.0347 1036 sdbus - ok
00:45:08.0394 1036 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
00:45:08.0394 1036 SDRSVC - ok
00:45:08.0409 1036 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
00:45:08.0409 1036 secdrv - ok
00:45:08.0456 1036 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
00:45:08.0456 1036 seclogon - ok
00:45:08.0643 1036 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
00:45:08.0659 1036 Secunia PSI Agent - ok
00:45:08.0706 1036 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe
00:45:08.0706 1036 Secunia Update Agent - ok
00:45:08.0862 1036 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
00:45:08.0877 1036 SENS - ok
00:45:08.0893 1036 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
00:45:08.0893 1036 SensrSvc - ok
00:45:08.0955 1036 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
00:45:08.0955 1036 Serenum - ok
00:45:08.0986 1036 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
00:45:08.0986 1036 Serial - ok
00:45:09.0018 1036 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
00:45:09.0018 1036 sermouse - ok
00:45:09.0064 1036 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
00:45:09.0064 1036 SessionEnv - ok
00:45:09.0096 1036 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
00:45:09.0111 1036 sffdisk - ok
00:45:09.0111 1036 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
00:45:09.0111 1036 sffp_mmc - ok
00:45:09.0127 1036 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
00:45:09.0142 1036 sffp_sd - ok
00:45:09.0174 1036 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
00:45:09.0174 1036 sfloppy - ok
00:45:09.0408 1036 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
00:45:09.0408 1036 SharedAccess - ok
00:45:09.0486 1036 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
00:45:09.0486 1036 ShellHWDetection - ok
00:45:09.0532 1036 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
00:45:09.0532 1036 SiSRaid2 - ok
00:45:09.0548 1036 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
00:45:09.0548 1036 SiSRaid4 - ok
00:45:09.0610 1036 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
00:45:09.0610 1036 SkypeUpdate - ok
00:45:09.0657 1036 SmartDefragDriver (dd0443bc6cc78a19fd399817f8c51401) C:\windows\system32\Drivers\SmartDefragDriver.sys
00:45:09.0657 1036 SmartDefragDriver - ok
00:45:09.0688 1036 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
00:45:09.0688 1036 Smb - ok
00:45:09.0720 1036 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
00:45:09.0720 1036 SNMPTRAP - ok
00:45:09.0766 1036 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
00:45:09.0766 1036 spldr - ok
00:45:09.0829 1036 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
00:45:09.0829 1036 Spooler - ok
00:45:10.0000 1036 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
00:45:10.0063 1036 sppsvc - ok
00:45:10.0219 1036 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
00:45:10.0219 1036 sppuinotify - ok
00:45:10.0266 1036 sptd - ok
00:45:10.0359 1036 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:45:10.0359 1036 SQLBrowser - ok
00:45:10.0422 1036 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:45:10.0422 1036 SQLWriter - ok
00:45:10.0468 1036 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
00:45:10.0484 1036 srv - ok
00:45:10.0515 1036 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
00:45:10.0515 1036 srv2 - ok
00:45:10.0531 1036 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
00:45:10.0546 1036 srvnet - ok
00:45:10.0593 1036 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
00:45:10.0609 1036 SSDPSRV - ok
00:45:10.0624 1036 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
00:45:10.0624 1036 SstpSvc - ok
00:45:10.0656 1036 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
00:45:10.0656 1036 stexstor - ok
00:45:10.0734 1036 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
00:45:10.0734 1036 stisvc - ok
00:45:10.0765 1036 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
00:45:10.0765 1036 swenum - ok
00:45:10.0812 1036 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
00:45:10.0827 1036 swprv - ok
00:45:10.0936 1036 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
00:45:10.0952 1036 SysMain - ok
00:45:11.0124 1036 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
00:45:11.0124 1036 TabletInputService - ok
00:45:11.0170 1036 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\windows\system32\DRIVERS\taphss.sys
00:45:11.0170 1036 taphss - ok
00:45:11.0202 1036 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
00:45:11.0217 1036 TapiSrv - ok
00:45:11.0248 1036 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
00:45:11.0248 1036 TBS - ok
00:45:11.0607 1036 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
00:45:11.0638 1036 Tcpip - ok
00:45:11.0888 1036 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
00:45:11.0888 1036 TCPIP6 - ok
00:45:12.0075 1036 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
00:45:12.0075 1036 tcpipreg - ok
00:45:12.0106 1036 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
00:45:12.0106 1036 tdcmdpst - ok
00:45:12.0138 1036 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
00:45:12.0138 1036 TDPIPE - ok
00:45:12.0169 1036 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
00:45:12.0169 1036 TDTCP - ok
00:45:12.0216 1036 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
00:45:12.0216 1036 tdx - ok
00:45:12.0262 1036 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
00:45:12.0262 1036 TermDD - ok
00:45:12.0309 1036 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
00:45:12.0325 1036 TermService - ok
00:45:12.0356 1036 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
00:45:12.0356 1036 Themes - ok
00:45:12.0387 1036 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
00:45:12.0387 1036 Thpdrv - ok
00:45:12.0403 1036 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
00:45:12.0403 1036 Thpevm - ok
00:45:12.0465 1036 Thpsrv (6146eac71ae3c9da17b0e33632082b7b) C:\windows\system32\ThpSrv.exe
00:45:12.0465 1036 Thpsrv - ok
00:45:12.0496 1036 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
00:45:12.0496 1036 THREADORDER - ok
00:45:12.0590 1036 TMachInfo (32577b987ae5401038451bb392cb8d89) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
00:45:12.0590 1036 TMachInfo - ok
00:45:12.0621 1036 TODDSrv (ed32035bdfeced1ad66d459fd9cc1140) C:\Windows\system32\TODDSrv.exe
00:45:12.0621 1036 TODDSrv - ok
00:45:12.0715 1036 TosCoSrv (06c61275adc64f1e36240a2287998a5e) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
00:45:12.0715 1036 TosCoSrv - ok
00:45:12.0777 1036 TOSHIBA eco Utility Service (707800855afbd7648375efb1519b8d6d) C:\Program Files\TOSHIBA\TECO\TecoService.exe
00:45:12.0777 1036 TOSHIBA eco Utility Service - ok
00:45:12.0793 1036 TOSHIBA HDD SSD Alert Service (eda12e9bc9a0f104c24101720eec4785) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
00:45:12.0808 1036 TOSHIBA HDD SSD Alert Service - ok
00:45:12.0871 1036 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
00:45:12.0871 1036 tos_sps64 - ok
00:45:12.0964 1036 TPCHSrv (de64c52bd0671165cf2eebf2a728a3e2) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
00:45:12.0964 1036 TPCHSrv - ok
00:45:13.0120 1036 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
00:45:13.0120 1036 TrkWks - ok
00:45:13.0183 1036 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
00:45:13.0183 1036 TrustedInstaller - ok
00:45:13.0245 1036 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
00:45:13.0245 1036 tssecsrv - ok
00:45:13.0542 1036 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
00:45:13.0542 1036 TsUsbFlt - ok
00:45:13.0588 1036 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
00:45:13.0588 1036 tunnel - ok
00:45:13.0620 1036 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
00:45:13.0620 1036 TVALZ - ok
00:45:13.0651 1036 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
00:45:13.0651 1036 TVALZFL - ok
00:45:13.0682 1036 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
00:45:13.0682 1036 uagp35 - ok
00:45:13.0729 1036 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
00:45:13.0729 1036 udfs - ok
00:45:13.0885 1036 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
00:45:13.0885 1036 UI0Detect - ok
00:45:13.0916 1036 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
00:45:13.0916 1036 uliagpkx - ok
00:45:13.0947 1036 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys
00:45:13.0947 1036 umbus - ok
00:45:13.0978 1036 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
00:45:13.0978 1036 UmPass - ok
00:45:14.0025 1036 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
00:45:14.0025 1036 upnphost - ok
00:45:14.0072 1036 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\windows\system32\drivers\usbaudio.sys
00:45:14.0072 1036 usbaudio - ok
00:45:14.0103 1036 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
00:45:14.0103 1036 usbccgp - ok
00:45:14.0150 1036 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
00:45:14.0150 1036 usbcir - ok
00:45:14.0181 1036 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
00:45:14.0181 1036 usbehci - ok
00:45:14.0212 1036 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
00:45:14.0212 1036 usbhub - ok
00:45:14.0259 1036 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
00:45:14.0259 1036 usbohci - ok
00:45:14.0290 1036 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
00:45:14.0290 1036 usbprint - ok
00:45:14.0322 1036 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
00:45:14.0322 1036 USBSTOR - ok
00:45:14.0353 1036 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys
00:45:14.0353 1036 usbuhci - ok
00:45:14.0400 1036 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys
00:45:14.0400 1036 usbvideo - ok
00:45:14.0415 1036 USB_RNDIS (d0fe8cb5f84303e73ff0754437fad3d1) C:\windows\system32\DRIVERS\usb8023.sys
00:45:14.0415 1036 USB_RNDIS - ok
00:45:14.0446 1036 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
00:45:14.0446 1036 UxSms - ok
00:45:14.0493 1036 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
00:45:14.0493 1036 VaultSvc - ok
00:45:14.0540 1036 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
00:45:14.0540 1036 vdrvroot - ok
00:45:14.0587 1036 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
00:45:14.0602 1036 vds - ok
00:45:14.0634 1036 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
00:45:14.0634 1036 vga - ok
00:45:14.0649 1036 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
00:45:14.0649 1036 VgaSave - ok
00:45:14.0696 1036 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
00:45:14.0696 1036 vhdmp - ok
00:45:14.0712 1036 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
00:45:14.0712 1036 viaide - ok
00:45:14.0759 1036 VideoAcceleratorService - ok
00:45:14.0805 1036 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
00:45:14.0805 1036 volmgr - ok
00:45:14.0868 1036 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
00:45:14.0868 1036 volmgrx - ok
00:45:14.0883 1036 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
00:45:14.0899 1036 volsnap - ok
00:45:14.0930 1036 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
00:45:14.0930 1036 vsmraid - ok
00:45:15.0024 1036 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
00:45:15.0039 1036 VSS - ok
00:45:15.0211 1036 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
00:45:15.0211 1036 vwifibus - ok
00:45:15.0227 1036 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
00:45:15.0227 1036 vwififlt - ok
00:45:15.0242 1036 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
00:45:15.0242 1036 vwifimp - ok
00:45:15.0570 1036 VX3000 (c366ae91d2cc2c1c25380061d235c36b) C:\windows\system32\DRIVERS\VX3000.sys
00:45:15.0585 1036 VX3000 - ok
00:45:15.0757 1036 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
00:45:15.0757 1036 W32Time - ok
00:45:15.0835 1036 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
00:45:15.0835 1036 WacomPen - ok
00:45:15.0866 1036 WajamUpdater - ok
00:45:15.0913 1036 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:45:15.0913 1036 WANARP - ok
00:45:15.0929 1036 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
00:45:15.0929 1036 Wanarpv6 - ok
00:45:16.0007 1036 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
00:45:16.0022 1036 WatAdminSvc - ok
00:45:16.0116 1036 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
00:45:16.0131 1036 wbengine - ok
00:45:16.0303 1036 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
00:45:16.0319 1036 WbioSrvc - ok
00:45:16.0350 1036 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
00:45:16.0365 1036 wcncsvc - ok
00:45:16.0381 1036 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
00:45:16.0381 1036 WcsPlugInService - ok
00:45:16.0443 1036 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
00:45:16.0443 1036 Wd - ok
00:45:16.0490 1036 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
00:45:16.0506 1036 Wdf01000 - ok
00:45:16.0537 1036 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:45:16.0537 1036 WdiServiceHost - ok
00:45:16.0553 1036 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
00:45:16.0553 1036 WdiSystemHost - ok
00:45:16.0599 1036 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
00:45:16.0599 1036 WebClient - ok
00:45:16.0631 1036 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
00:45:16.0631 1036 Wecsvc - ok
00:45:16.0677 1036 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
00:45:16.0677 1036 wercplsupport - ok
00:45:16.0693 1036 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
00:45:16.0693 1036 WerSvc - ok
00:45:16.0755 1036 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
00:45:16.0755 1036 WfpLwf - ok
00:45:16.0787 1036 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
00:45:16.0787 1036 WIMMount - ok
00:45:16.0896 1036 WinDefend - ok
00:45:16.0911 1036 WinHttpAutoProxySvc - ok
00:45:16.0974 1036 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
00:45:16.0989 1036 Winmgmt - ok
00:45:17.0067 1036 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys
00:45:17.0067 1036 WinRing0_1_2_0 - ok
00:45:17.0192 1036 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
00:45:17.0223 1036 WinRM - ok
00:45:17.0676 1036 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
00:45:17.0676 1036 WinUsb - ok
00:45:17.0738 1036 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
00:45:17.0738 1036 Wlansvc - ok
00:45:17.0816 1036 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:45:17.0816 1036 wlcrasvc - ok
00:45:17.0957 1036 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:45:17.0972 1036 wlidsvc - ok
00:45:18.0159 1036 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
00:45:18.0159 1036 WmiAcpi - ok
00:45:18.0222 1036 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
00:45:18.0222 1036 wmiApSrv - ok
00:45:18.0300 1036 WMPNetworkSvc - ok
00:45:18.0347 1036 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
00:45:18.0347 1036 WPCSvc - ok
00:45:18.0378 1036 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
00:45:18.0378 1036 WPDBusEnum - ok
00:45:18.0409 1036 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
00:45:18.0425 1036 ws2ifsl - ok
00:45:18.0471 1036 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
00:45:18.0487 1036 wscsvc - ok
00:45:18.0487 1036 WSearch - ok
00:45:18.0612 1036 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
00:45:18.0643 1036 wuauserv - ok
00:45:18.0815 1036 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
00:45:18.0830 1036 WudfPf - ok
00:45:18.0861 1036 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
00:45:18.0861 1036 WUDFRd - ok
00:45:18.0908 1036 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
00:45:18.0908 1036 wudfsvc - ok
00:45:18.0955 1036 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
00:45:18.0955 1036 WwanSvc - ok
00:45:19.0142 1036 X6va001 - ok
00:45:19.0142 1036 X6va003 - ok
00:45:19.0158 1036 X6va005 - ok
00:45:19.0173 1036 X6va006 - ok
00:45:19.0173 1036 X6va008 - ok
00:45:19.0236 1036 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
00:45:20.0016 1036 \Device\Harddisk0\DR0 - ok
00:45:20.0016 1036 Boot (0x1200) (3fb1b0611f0ade735f8f7c028eda41ce) \Device\Harddisk0\DR0\Partition0
00:45:20.0031 1036 \Device\Harddisk0\DR0\Partition0 - ok
00:45:20.0031 1036 ============================================================
00:45:20.0031 1036 Scan finished
00:45:20.0031 1036 ============================================================
00:45:20.0031 1812 Detected object count: 0
00:45:20.0031 1812 Actual detected object count: 0

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-27 00:54:48
-----------------------------
00:54:48.302 OS Version: Windows x64 6.1.7601 Service Pack 1
00:54:48.302 Number of processors: 2 586 0x170A
00:54:48.302 ComputerName: LAPTOP1 UserName: Sean P
00:54:49.659 Initialize success
00:56:09.178 AVAST engine defs: 12072602
00:57:28.075 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
00:57:28.090 Disk 0 Vendor: TOSHIBA_ FG01 Size: 381554MB BusType: 3
00:57:28.106 Disk 0 MBR read successfully
00:57:28.106 Disk 0 MBR scan
00:57:28.106 Disk 0 Windows VISTA default MBR code
00:57:28.106 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
00:57:28.121 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 369109 MB offset 3074048
00:57:28.168 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 10941 MB offset 759009280
00:57:28.215 Disk 0 scanning C:\windows\system32\drivers
00:57:40.009 Service scanning
00:58:25.966 Modules scanning
00:58:25.966 Disk 0 trace - called modules:
00:58:26.013 ntoskrnl.exe CLASSPNP.SYS disk.sys thpdrv.sys iaStor.sys hal.dll
00:58:26.013 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80057c6060]
00:58:26.044 3 CLASSPNP.SYS[fffff8800162b43f] -> nt!IofCallDriver -> \Device\THPDRV1[0xfffffa80057c33a0]
00:58:26.060 5 thpdrv.sys[fffff8800187ecc0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80047fd050]
00:58:27.901 AVAST engine scan C:\windows
00:58:31.536 AVAST engine scan C:\windows\system32
01:02:40.746 AVAST engine scan C:\windows\system32\drivers
01:02:57.220 AVAST engine scan C:\Users\Sean P
02:30:46.744 AVAST engine scan C:\ProgramData
02:35:57.339 Scan finished successfully
02:37:27.072 Disk 0 MBR has been saved successfully to "C:\Users\Sean P\Documents\Desktop\MBR.dat"
02:37:27.072 The log file has been saved successfully to "C:\Users\Sean P\Documents\Desktop\aswMBR.txt"

Edited by slick1190, 27 July 2012 - 01:40 AM.


#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 27 July 2012 - 01:44 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files (x86)\ConduitEngine

FireFox::
FF - ProfilePath - c:\users\Karanbir\AppData\Roaming\Mozilla\Firefox\Profiles\vydyowc8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 July 2012 - 02:21 AM

The only issue that still remains is my System Restore is still not functioning.

I did have an issue with Security Certificate popups on internet explorer after the first combofix scan.

I have ticked the box to not show them anymore within the window itself (not internet explorer options)

I am not to concerned about this as long as my file sharing programs arent sharing anything,

and i can avoid having another virus like this.

I belive the virus came from utorrent as i was downloading files from many torrent sites.

Here is my report:

ComboFix 12-07-27.02 - Sean P 07/27/2012 2:51.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2178 [GMT -4:00]
Running from: c:\users\Sean P\Documents\Desktop\ComboFix.exe
Command switches used :: c:\users\Sean P\Documents\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ConduitEngine
c:\program files (x86)\ConduitEngine\appContextMenu.xml
c:\program files (x86)\ConduitEngine\ConduitEngine.dll
c:\program files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\program files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\program files (x86)\ConduitEngine\engineContextMenu.xml
c:\program files (x86)\ConduitEngine\EngineSettings.json
c:\program files (x86)\ConduitEngine\toolbar.cfg
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 07:06 . 2012-07-27 07:06 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-27 07:06 . 2012-07-27 07:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 05:02 . 2012-07-27 05:02 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55B184B6-8EAA-419D-8628-204D4B8F2A31}\offreg.dll
2012-07-27 04:50 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55B184B6-8EAA-419D-8628-204D4B8F2A31}\mpengine.dll
2012-07-26 21:30 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A569287F-8063-47F3-AE69-A2ECE5539888}\mpengine.dll
2012-07-24 23:14 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA737E2-4B30-482B-959F-94D5E653DD19}\gapaengine.dll
2012-07-24 23:13 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-24 23:11 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 23:06 . 2012-07-24 23:06 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-24 23:06 . 2012-07-24 23:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\users\Sean P\AppData\Roaming\Malwarebytes
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 09:53 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 23:36 . 2012-07-24 03:49 -------- d-----w- c:\programdata\Windows Codecs
2012-07-22 22:25 . 2012-07-22 22:28 -------- d-----w- c:\program files (x86)\OApps
2012-07-22 22:25 . 2012-07-22 22:26 -------- d-----w- c:\program files (x86)\smartdl
2012-07-22 21:20 . 2012-07-22 21:20 -------- d-----w- c:\programdata\Premium
2012-07-22 21:20 . 2012-07-22 21:20 -------- d-----w- c:\programdata\InstallMate
2012-07-22 01:29 . 2012-07-22 02:57 -------- d-----w- c:\users\Sean P\AppData\Local\WiredRed
2012-07-20 08:14 . 2012-07-20 08:14 -------- d-----w- c:\users\Sean P\AppData\Roaming\UltraVNC
2012-07-20 07:36 . 2012-07-20 08:24 -------- d-----w- c:\users\Sean P\AppData\Local\CrossLoop
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2012-07-11 15:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:17 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 23:31 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-16 16:55 . 2012-05-24 09:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 16:55 . 2011-10-29 03:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 15:29 . 2010-02-27 11:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 19:43 . 2012-05-28 02:03 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-19 19:43 . 2011-06-02 03:14 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 00:50 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:50 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:50 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 00:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 00:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 14:47 . 2012-01-11 07:48 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-08 22:34 . 2012-05-24 02:28 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-05-04 11:06 . 2012-06-19 01:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-19 02:45 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-19 01:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-19 01:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-19 02:45 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-19 02:44 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_23.40.04 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-02-27 00:00 . 2012-07-26 05:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 00:00 . 2012-07-27 05:16 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-27 00:00 . 2012-07-26 05:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-27 00:00 . 2012-07-27 05:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 05:16 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-26 05:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-27 04:31 . 2012-07-27 04:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-26 23:37 . 2012-07-26 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-27 04:31 . 2012-07-27 04:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-26 23:37 . 2012-07-26 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-24 23:07 673248 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-26 23:42 673248 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-26 23:42 125306 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-24 23:07 125306 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-07-26 23:36 458164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-27 04:30 458164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-30 06:42 . 2012-07-27 04:30 13392583 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-111063060-1555190575-2033751331-1003-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AddSearchInternetLinkInStartMenu"= 1 (0x1)
"AlwaysShowClassicMenu"= 1 (0x1)
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [x]
R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R3 AVFSFilter;AVFSFilter; [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-06-11 35840]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 X6va001;X6va001;c:\users\SEANP~1\AppData\Local\Temp\0013DCF.tmp [x]
R3 X6va003;X6va003;c:\users\SEANP~1\AppData\Local\Temp\003C4BB.tmp [x]
R3 X6va005;X6va005;c:\users\SEANP~1\AppData\Local\Temp\0054AF9.tmp [x]
R3 X6va006;X6va006;c:\users\SEANP~1\AppData\Local\Temp\0065C26.tmp [x]
R3 X6va008;X6va008;c:\users\SEANP~1\AppData\Local\Temp\0084A29.tmp [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R4 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 sptd;sptd; [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-07-28 16448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 05038397
*NewlyCreated* - ASWMBR
*Deregistered* - 05038397
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 04:51]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 04:51]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-111063060-1555190575-2033751331-1003Core.job
- c:\users\Sean P\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 03:31]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-111063060-1555190575-2033751331-1003UA.job
- c:\users\Sean P\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 03:31]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://store.outspark.com/fiesta/minigames/video
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_exclude
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_report
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Sean P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files (x86)\SpeedBit Video Accelerator\LSP3.2.2.4\SBLSP.dll
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E6564713233343: NameServer = 74.79.109.170,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E656471323337657563747: NameServer = 74.79.109.170,208.67.220.220
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0931BD3F-547E-45C1-B133-D0E995645DBA} - (no file)
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
BHO-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{D3359117-2C75-4100-866A-E59D86B5D3D3} - (no file)
Toolbar-Locked - (no file)
Toolbar-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files (x86)\ConduitEngine\ConduitEngine.dll
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
AddRemove-conduitEngine - c:\progra~2\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0013DCF.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\003C4BB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0054AF9.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0065C26.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0084A29.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\02\12\13!\1du"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-27 03:14:17
ComboFix-quarantined-files.txt 2012-07-27 07:14
ComboFix2.txt 2012-07-26 23:50
.
Pre-Run: 318,131,499,008 bytes free
Post-Run: 321,334,943,744 bytes free
.
- - End Of File - - FB58E863E3FAE53E50BC37BAD1AC79F4

Edited by slick1190, 27 July 2012 - 02:27 AM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 27 July 2012 - 02:03 PM

Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review



Download Windows Repair (all in one) from this site

Install the program then run

Go to step 2 and allow it to run Disc check
Posted Image

Once that is done then go to step 3 and allow it to run SFC
Posted Image

On the start repairs tab select advanced mode and click start
Posted Image

Select the items below (remove the ticks from the rest ) and tick restart system when finished
Reset Registry permisions
reset File permisions
repair WMI
repair windows firewall
repair internet explorer
remove policies set by infection
repair winsock & DNS cache
remove temp files
repair proxy settings
repair windows update




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 July 2012 - 09:17 PM

Thank you for this mighty fine all-in-one fix it solution,

yet my Sytem Restore error still persists,

[System Protection

The restore point could not be created for the following reason:

The specified object was not found. (0x80042308)

Please try again.]

I hate to bother you with this because i think its a very in depth
problem to take care of.

I ran the scans after the tweak.

Here are my logs:

Update for Microsoft Office 2007 (KB2508958)
µTorrent
2007 Microsoft Office system
3D Sound Back Beta0.1
3ivx MPEG-4 5.0.1 Decoder (remove only)
7-Zip 9.22beta
Ad Muncher v4.81 Build 31376
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Advanced SystemCare 5
Amazing Aquaworld 3D Screensaver 1.0
Belarc Advisor 8.1
Business Contact Manager for Outlook 2007 SP2
Cave Story Deluxe
Conduit Engine
CoolNovo
D3DX10
DemonFlyFF v16
Direct DiscRecorder
Download Accelerator Plus (DAP)
DVD MovieFactory for TOSHIBA
Feedback Tool
ffdshow [rev 3154] [2009-12-09]
Fiesta
Fire Screensaver 1.0
Free Fire Screensaver
Game Booster 3
Game Fire
GameXN GO
GIMP 2.6.12
Google Chrome
Google Chrome Frame
Google Earth
Google Update Helper
Hexen II Demo
Horror Of The Night Screensaver 1.0
Internet TV for Windows Media Center
J2SE Runtime Environment 5.0
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 31
Java™ 7 Update 5
JavaFX 2.1.0
Junk Mail filter update
JustCloud Setup
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Corporation
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Setup Support Files (English)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.6)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
MyToshiba
Netflix in Windows Media Center
NVIDIA PhysX
Oblivion
OpenAL
OpenOffice.org 3.3
Pando Media Booster
PCSX2 - Playstation 2 Emulator
PhotoScape
Project64 1.6
Quickbooks Financial Center
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek WLAN Driver
RICOH R5U230 Media Driver ver.2.06.03.02
Riddle of the Sphinx™
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Simple Adblock
Skype Launcher
Skype™ 5.10
Smart Address Bar for IE
Smart Defrag 2
Soldat 1.6.2
Spotify
swMSM
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Online Backup
Toshiba Quality Application
TOSHIBA Service Station
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA USB Sleep and Charge Utility
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VirtuaGirl
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Center Add-in for Flash
Wormhole 2.0

___________________________________________


ComboFix 12-07-27.03 - Sean P 07/27/2012 21:32:18.4.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4093.2906 [GMT -4:00]
Running from: c:\users\Sean P\Documents\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 01:44 . 2012-07-28 01:44 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-07-28 01:44 . 2012-07-28 01:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 22:52 . 2012-07-27 22:53 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2012-07-27 22:50 . 2008-05-08 05:03 303616 ----a-w- C:\SetACL.exe
2012-07-27 22:16 . 2004-06-11 23:33 290304 ----a-w- C:\subinacl.exe
2012-07-27 22:10 . 2012-07-27 22:13 -------- d-----w- C:\Reg_Backup
2012-07-27 21:32 . 2012-07-27 23:04 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-07-27 21:32 . 2012-07-27 23:08 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-07-27 21:32 . 2012-07-27 21:32 -------- d-----w- c:\program files (x86)\Tweaking.com
2012-07-26 21:30 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A569287F-8063-47F3-AE69-A2ECE5539888}\mpengine.dll
2012-07-24 23:14 . 2012-02-09 18:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BBA737E2-4B30-482B-959F-94D5E653DD19}\gapaengine.dll
2012-07-24 23:13 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-07-24 23:11 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-24 23:06 . 2012-07-24 23:06 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-07-24 23:06 . 2012-07-24 23:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\users\Sean P\AppData\Roaming\Malwarebytes
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-24 09:53 . 2012-07-24 09:53 -------- d-----w- c:\programdata\Malwarebytes
2012-07-24 09:53 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-23 23:36 . 2012-07-24 03:49 -------- d-----w- c:\programdata\Windows Codecs
2012-07-22 22:25 . 2012-07-22 22:28 -------- d-----w- c:\program files (x86)\OApps
2012-07-22 22:25 . 2012-07-22 22:26 -------- d-----w- c:\program files (x86)\smartdl
2012-07-22 21:20 . 2012-07-22 21:20 -------- d-----w- c:\programdata\Premium
2012-07-22 21:20 . 2012-07-22 21:20 -------- d-----w- c:\programdata\InstallMate
2012-07-22 01:29 . 2012-07-22 02:57 -------- d-----w- c:\users\Sean P\AppData\Local\WiredRed
2012-07-20 08:14 . 2012-07-20 08:14 -------- d-----w- c:\users\Sean P\AppData\Roaming\UltraVNC
2012-07-20 07:36 . 2012-07-20 08:24 -------- d-----w- c:\users\Sean P\AppData\Local\CrossLoop
2012-07-16 01:03 . 2012-07-16 01:03 184891 ----a-w- C:\torrent.exe
2012-07-11 15:34 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 13:17 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 23:31 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe
2012-07-16 16:55 . 2012-05-24 09:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-16 16:55 . 2011-10-29 03:14 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-16 06:40 . 2012-07-27 04:50 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{55B184B6-8EAA-419D-8628-204D4B8F2A31}\mpengine.dll
2012-07-11 15:29 . 2010-02-27 11:08 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-19 19:43 . 2012-05-28 02:03 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-19 19:43 . 2011-06-02 03:14 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-02 22:19 . 2012-06-19 00:50 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:50 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:50 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:50 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:50 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:50 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:50 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-19 00:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-19 00:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-24 14:47 . 2012-01-11 07:48 24448 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-05-08 22:34 . 2012-05-24 02:28 32600 ----a-w- c:\windows\system32\SmartDefragBootTime.exe
2012-05-04 11:06 . 2012-06-19 01:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 11:00 . 2012-06-19 02:45 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-05-04 10:03 . 2012-06-19 01:01 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-19 01:01 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-04 09:59 . 2012-06-19 02:45 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-05-01 05:40 . 2012-06-19 02:44 209920 ----a-w- c:\windows\system32\profsvc.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-26_23.40.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-05 06:55 . 2012-07-28 01:49 89478 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-28 01:49 57210 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-27 02:16 . 2012-07-28 01:49 29854 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-111063060-1555190575-2033751331-1003_UserData.bin
- 2010-02-27 00:00 . 2012-07-26 05:52 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 00:00 . 2012-07-27 23:19 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-27 00:00 . 2012-07-27 23:19 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-27 00:00 . 2012-07-26 05:52 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-26 05:52 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 23:19 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-07-26 23:37 . 2012-07-26 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 01:45 . 2012-07-28 01:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-26 23:37 . 2012-07-26 23:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-28 01:45 . 2012-07-28 01:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-26 00:25 . 2012-07-20 13:55 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-26 00:25 . 2012-07-27 22:50 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-07-27 22:50 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-07-24 23:23 196608 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 02:36 . 2012-07-24 23:07 673248 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-27 23:16 673248 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-07-24 23:07 125306 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-27 23:16 125306 c:\windows\system32\perfc009.dat
- 2009-07-14 04:45 . 2012-07-11 17:47 475624 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 04:45 . 2012-07-27 23:10 475624 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 05:12 . 2012-07-25 21:06 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-07-27 22:50 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-07-26 23:36 458164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-28 01:44 458164 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-07-24 23:23 2195456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 22:50 2195456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 22:50 6012928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-24 23:23 6012928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-30 06:42 . 2012-07-28 01:44 14682352 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-111063060-1555190575-2033751331-1003-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
c:\program files (x86)\ConduitEngine\ConduitEngine.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2012-05-28 288128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 3 (0x3)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"AddSearchInternetLinkInStartMenu"= 1 (0x1)
"AlwaysShowClassicMenu"= 1 (0x1)
"MaxRecentDocs"= 30 (0x1e)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~1\VideoAcceleratorService.exe [x]
R2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [x]
R3 AVFSFilter;AVFSFilter; [x]
R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [2009-06-11 35840]
R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-07-08 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]
R3 X6va001;X6va001;c:\users\SEANP~1\AppData\Local\Temp\0013DCF.tmp [x]
R3 X6va003;X6va003;c:\users\SEANP~1\AppData\Local\Temp\003C4BB.tmp [x]
R3 X6va005;X6va005;c:\users\SEANP~1\AppData\Local\Temp\0054AF9.tmp [x]
R3 X6va006;X6va006;c:\users\SEANP~1\AppData\Local\Temp\0065C26.tmp [x]
R3 X6va008;X6va008;c:\users\SEANP~1\AppData\Local\Temp\0082635.tmp [x]
R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R4 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R4 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-11 248688]
R4 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-15 42368]
R4 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-20 136176]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 ScrybeUpdater;Scrybe Updater;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
R4 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2011-10-14 994360]
R4 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2011-10-14 399416]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R4 sptd;sptd; [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-08-27 251760]
R4 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-09-17 137560]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2009-08-04 826224]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 PMCF;PMCF;c:\windows\system32\drivers\PMCF.sys [2009-07-28 16448]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-07-02 60416]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-07-29 81408]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-07-05 55808]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2009-08-22 84512]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-23 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{01250B8F-D947-4F8A-9408-FE8E3EE2EC92}]
2009-08-06 16:15 264048 ----a-w- c:\program files (x86)\TOSHIBA\My Toshiba\MyToshiba.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 04:51]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-28 04:51]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-111063060-1555190575-2033751331-1003Core.job
- c:\users\Sean P\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 03:31]
.
2012-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-111063060-1555190575-2033751331-1003UA.job
- c:\users\Sean P\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-28 03:31]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://store.outspark.com/fiesta/minigames/video
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE: &Clean Traces - c:\program files (x86)\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files (x86)\DAP\dapextie.htm
IE: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_frame
IE: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_image
IE: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_link
IE: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_exclude
IE: Download &all with DAP - c:\program files (x86)\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_report
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Sean P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E6564713233343: NameServer = 74.79.109.170,208.67.220.220
TCP: Interfaces\{252C53A8-72CE-402E-8035-09E36D360F25}\E656471323337657563747: NameServer = 74.79.109.170,208.67.220.220
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{0931BD3F-547E-45C1-B133-D0E995645DBA} - (no file)
BHO-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
BHO-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
BHO-{D3359117-2C75-4100-866A-E59D86B5D3D3} - (no file)
Toolbar-Locked - (no file)
Toolbar-{b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
Toolbar-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
ShellIconOverlayIdentifiers-{04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0013DCF.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\003C4BB.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0054AF9.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0065C26.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\users\SEANP~1\AppData\Local\Temp\0082635.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\02\12\13!\1du"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\IObit\Game Booster 3\gbtray.exe
.
**************************************************************************
.
Completion time: 2012-07-27 22:01:22 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-28 02:01
ComboFix2.txt 2012-07-27 07:14
ComboFix3.txt 2012-07-26 23:50
.
Pre-Run: 318,383,366,144 bytes free
Post-Run: 321,571,573,760 bytes free
.
- - End Of File - - 1E1A68735A20F92547BAF1760B9C8B6E

Edited by slick1190, 27 July 2012 - 09:19 PM.


#12 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 27 July 2012 - 09:51 PM

UPDATE:

I have now disabled turbo boost from advanced system care, i was unaware of this running.

It disables a bunch of features, some of which are system services.

Would this require an additional combofix scan?

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 27 July 2012 - 10:22 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

µTorrent
Conduit Engine
Download Accelerator Plus (DAP)
J2SE Runtime Environment 5.0
Java™ 6 Update 22
Java™ 6 Update 31
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 slick1190

slick1190
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 28 July 2012 - 06:07 AM

Everything is working well, no more viruses (to my knowledge).

I have decided I will try to reboot my toshiba to factory settings.

Not that everything you did hasnt helped me,

Its just I would like to get rid of all these programs...

I have way to many, and I will most definately download all these

handy tools you have assisted me with, and perhaps a few that I have already.

I have saved this page in bookmarks and applied to notepad and will be applying that note to an external flash drive for future reference.

-Thanks so much, I will now wait for a reply from you before taking action.

Logs:


Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Sean P :: LAPTOP1 [administrator]

Protection: Disabled

7/28/2012 6:37:10 AM
mbam-log-2012-07-28 (06-37-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219202
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

__________________________________________________________

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:49:54 AM, on 7/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Users\Sean P\Downloads\HijackThis.exe
C:\windows\SysWOW64\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.outspark.com/fiesta/minigames/video
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: BHO_PROJECT - {0931BD3F-547E-45C1-B133-D0E995645DBA} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (file missing)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - (no file)
O2 - BHO: (no name) - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
O2 - BHO: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O2 - BHO: Smart Address Bar - {D3359117-2C75-4100-866A-E59D86B5D3D3} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: (no name) - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - (no file)
O3 - Toolbar: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (file missing)
O4 - HKUS\S-1-5-18\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart (User 'Default user')
O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm
O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_frame
O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_image
O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_link
O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_exclude
O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=48R66F61&id=menu_ie_report
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Sean P\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{252C53A8-72CE-402E-8035-09E36D360F25}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{252C53A8-72CE-402E-8035-09E36D360F25}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{252C53A8-72CE-402E-8035-09E36D360F25}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\18.0.1025.168\npchrome_frame.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS64.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Netlogon - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: VideoAcceleratorService - Unknown owner - C:\PROGRA~2\SPEEDB~1\VideoAcceleratorService.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: WajamUpdater - Unknown owner - C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10388 bytes

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:58 AM

Posted 28 July 2012 - 12:25 PM

Greetings


lets run this to make sure nothing is hiding and then I will gives you some more tips for the future



Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users